Spywarefri Forum | Mulig inficeret computer.

Mulig inficeret computer.

[ Ignorer ] Freed
06.07.2012 16:25:34 Antal indlæg: 19	Hej! Jeg har prøvet at kører en rensning efter jeres vejledning, og er nået til at oprette denne tråd. Min kærestes mormor kom her forleden til at åbne en mail som hun ikke skulle åbne, og nu er hun meget mistænkelig for at hendes computer har fået noget som den ikke skal have. Men som sagt så har vi div. logs som I lige kunne kigge på og se om der noget som skal fjernes. På forhånd tak. Avira Free Antivirus Report file date: 5. juli 2012 17:45 Scanning for 3841399 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available. Licensee : Avira AntiVir Personal - Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 Ultimate Windows version : (Service Pack 1) [6.1.7601] Boot mode : Normally booted Username : Grethe Nancy Lip Computer name : GRETHENANCYLIP Version information: BUILD.DAT : 12.0.0.1125 41829 Bytes 02-05-2012 17:40:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 01-05-2012 22:48:51 AVSCAN.DLL : 12.3.0.15 54736 Bytes 02-05-2012 13:31:39 LUKE.DLL : 12.3.0.15 68304 Bytes 01-05-2012 23:31:47 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01-05-2012 22:13:36 AVREG.DLL : 12.3.0.17 232200 Bytes 05-07-2012 15:43:45 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06-11-2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14-12-2010 23:23:21 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20-12-2011 23:32:24 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01-02-2012 09:58:50 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28-03-2012 10:43:53 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29-06-2012 15:40:27 VBASE006.VDF : 7.11.34.117 2048 Bytes 29-06-2012 15:40:27 VBASE007.VDF : 7.11.34.118 2048 Bytes 29-06-2012 15:40:28 VBASE008.VDF : 7.11.34.119 2048 Bytes 29-06-2012 15:40:28 VBASE009.VDF : 7.11.34.120 2048 Bytes 29-06-2012 15:40:28 VBASE010.VDF : 7.11.34.121 2048 Bytes 29-06-2012 15:40:28 VBASE011.VDF : 7.11.34.122 2048 Bytes 29-06-2012 15:40:28 VBASE012.VDF : 7.11.34.123 2048 Bytes 29-06-2012 15:40:29 VBASE013.VDF : 7.11.34.124 2048 Bytes 29-06-2012 15:40:29 VBASE014.VDF : 7.11.34.201 169472 Bytes 02-07-2012 15:40:31 VBASE015.VDF : 7.11.35.19 122368 Bytes 04-07-2012 15:40:31 VBASE016.VDF : 7.11.35.20 2048 Bytes 04-07-2012 15:40:31 VBASE017.VDF : 7.11.35.21 2048 Bytes 04-07-2012 15:40:31 VBASE018.VDF : 7.11.35.22 2048 Bytes 04-07-2012 15:40:31 VBASE019.VDF : 7.11.35.23 2048 Bytes 04-07-2012 15:40:32 VBASE020.VDF : 7.11.35.24 2048 Bytes 04-07-2012 15:40:32 VBASE021.VDF : 7.11.35.25 2048 Bytes 04-07-2012 15:40:32 VBASE022.VDF : 7.11.35.26 2048 Bytes 04-07-2012 15:40:32 VBASE023.VDF : 7.11.35.27 2048 Bytes 04-07-2012 15:40:32 VBASE024.VDF : 7.11.35.28 2048 Bytes 04-07-2012 15:40:32 VBASE025.VDF : 7.11.35.29 2048 Bytes 04-07-2012 15:40:32 VBASE026.VDF : 7.11.35.30 2048 Bytes 04-07-2012 15:40:32 VBASE027.VDF : 7.11.35.31 2048 Bytes 04-07-2012 15:40:33 VBASE028.VDF : 7.11.35.32 2048 Bytes 04-07-2012 15:40:36 VBASE029.VDF : 7.11.35.33 2048 Bytes 04-07-2012 15:40:36 VBASE030.VDF : 7.11.35.34 2048 Bytes 04-07-2012 15:40:36 VBASE031.VDF : 7.11.35.64 93696 Bytes 05-07-2012 15:40:40 Engine version : 8.2.10.104 AEVDF.DLL : 8.1.2.8 106867 Bytes 05-07-2012 15:43:31 AESCRIPT.DLL : 8.1.4.32 455034 Bytes 05-07-2012 15:43:28 AESCN.DLL : 8.1.8.2 131444 Bytes 16-02-2012 16:11:36 AESBX.DLL : 8.2.5.12 606578 Bytes 05-07-2012 15:43:39 AERDL.DLL : 8.1.9.15 639348 Bytes 20-01-2012 23:22:40 AEPACK.DLL : 8.2.16.22 807288 Bytes 05-07-2012 15:43:23 AEOFFICE.DLL : 8.1.2.40 201082 Bytes 05-07-2012 15:43:11 AEHEUR.DLL : 8.1.4.64 5009782 Bytes 05-07-2012 15:43:09 AEHELP.DLL : 8.1.23.2 258422 Bytes 05-07-2012 15:41:12 AEGEN.DLL : 8.1.5.30 422261 Bytes 05-07-2012 15:41:06 AEEXP.DLL : 8.1.0.60 86388 Bytes 05-07-2012 15:43:40 AEEMU.DLL : 8.1.3.0 393589 Bytes 20-01-2012 23:22:36 AECORE.DLL : 8.1.25.10 201080 Bytes 05-07-2012 15:40:56 AEBB.DLL : 8.1.1.0 53618 Bytes 20-01-2012 23:22:35 AVWINLL.DLL : 12.3.0.15 27344 Bytes 01-05-2012 22:59:21 AVPREF.DLL : 12.3.0.15 51920 Bytes 01-05-2012 22:44:31 AVREP.DLL : 12.3.0.15 179208 Bytes 01-05-2012 22:13:35 AVARKT.DLL : 12.3.0.15 211408 Bytes 01-05-2012 22:21:32 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01-05-2012 22:28:49 SQLITE3.DLL : 3.7.0.1 398288 Bytes 16-04-2012 21:11:02 AVSMTP.DLL : 12.3.0.15 63440 Bytes 01-05-2012 22:51:35 NETNT.DLL : 12.3.0.15 17104 Bytes 01-05-2012 23:33:29 RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 02-05-2012 00:03:52 RCTEXT.DLL : 12.3.0.15 96720 Bytes 02-05-2012 13:40:44 Configuration settings for the scan: Jobname…..........................: Short system scan after installation Configuration file…...............: c:\program files\avira\antivir desktop\setupprf.dat Logging…..........................: default Primary action…...................: Interactive Secondary action….................: Ignore Scan master boot sector…..........: on Scan boot sector….................: on Process scan….....................: on Scan registry…....................: on Search for rootkits…..............: off Integrity checking of system files..: off Scan all files…...................: Intelligent file selection Scan archives…....................: on Recursion depth…..................: 20 Smart extensions….................: on Macro heuristic…..................: on File heuristic…...................: extended Start of the scan: 5. juli 2012 17:45 Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: The scan of running processes will be started Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned Scan process ‘conhost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘avshadow.exe’ - ‘1’ Module(s) have been scanned Scan process ‘avguard.exe’ - ‘1’ Module(s) have been scanned Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned Scan process ‘avconfig.exe’ - ‘1’ Module(s) have been scanned Scan process ‘avgnt.exe’ - ‘1’ Module(s) have been scanned Scan process ‘sched.exe’ - ‘1’ Module(s) have been scanned Scan process ‘setup.exe’ - ‘1’ Module(s) have been scanned Scan process ‘presetup.exe’ - ‘1’ Module(s) have been scanned Scan process ‘avira_free_antivirus_en.exe’ - ‘1’ Module(s) have been scanned Module is OK -> <C:\Users\Grethe Nancy Lip\Downloads\avira_free_antivirus_en.exe> [WARNING] The file is password protected Scan process ‘MobileConnect.EXE’ - ‘1’ Module(s) have been scanned Scan process ‘wmiprvse.exe’ - ‘1’ Module(s) have been scanned Scan process ‘chrome.exe’ - ‘1’ Module(s) have been scanned Scan process ‘chrome.exe’ - ‘1’ Module(s) have been scanned Scan process ‘chrome.exe’ - ‘1’ Module(s) have been scanned Scan process ‘chrome.exe’ - ‘1’ Module(s) have been scanned Scan process ‘taskeng.exe’ - ‘1’ Module(s) have been scanned Scan process ‘wmpnetwk.exe’ - ‘1’ Module(s) have been scanned Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘SynTPHelper.exe’ - ‘1’ Module(s) have been scanned Scan process ‘COCIManager.exe’ - ‘1’ Module(s) have been scanned Scan process ‘SearchIndexer.exe’ - ‘1’ Module(s) have been scanned Scan process ‘CameraHelperShell.exe’ - ‘1’ Module(s) have been scanned Scan process ‘ONENOTEM.EXE’ - ‘1’ Module(s) have been scanned Scan process ‘jusched.exe’ - ‘1’ Module(s) have been scanned Scan process ‘msseces.exe’ - ‘1’ Module(s) have been scanned Scan process ‘LWS.exe’ - ‘1’ Module(s) have been scanned Scan process ‘Updater.exe’ - ‘1’ Module(s) have been scanned Scan process ‘sttray.exe’ - ‘1’ Module(s) have been scanned Scan process ‘SynTPEnh.exe’ - ‘1’ Module(s) have been scanned Scan process ‘GrooveMonitor.exe’ - ‘1’ Module(s) have been scanned Scan process ‘igfxpers.exe’ - ‘1’ Module(s) have been scanned Scan process ‘igfxsrvc.exe’ - ‘1’ Module(s) have been scanned Scan process ‘hkcmd.exe’ - ‘1’ Module(s) have been scanned Scan process ‘igfxtray.exe’ - ‘1’ Module(s) have been scanned Scan process ‘VMCService.exe’ - ‘1’ Module(s) have been scanned Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘aestsrv.exe’ - ‘1’ Module(s) have been scanned Scan process ‘Explorer.EXE’ - ‘1’ Module(s) have been scanned Scan process ‘Dwm.exe’ - ‘1’ Module(s) have been scanned Scan process ‘taskhost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘spoolsv.exe’ - ‘1’ Module(s) have been scanned Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘UMVPFSrv.exe’ - ‘1’ Module(s) have been scanned Scan process ‘STacSV.exe’ - ‘1’ Module(s) have been scanned Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘MsMpEng.exe’ - ‘1’ Module(s) have been scanned Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned Scan process ‘lsm.exe’ - ‘1’ Module(s) have been scanned Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned Scan process ‘wininit.exe’ - ‘1’ Module(s) have been scanned Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned Starting to scan executable files (registry). The registry was scanned ( ‘1383’ files ). End of the scan: 5. juli 2012 17:48 Used time: 02:28 Minute(s) The scan has been done completely. 0 Scanned directories 2116 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 2116 Files not concerned 18 Archives were scanned 1 Warnings 0 Notes ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=4b98604fe41d064fa1c865944e6deee6 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-07-05 10:15:06 # local_time=2012-07-06 12:15:06 (+0100, Rom, sommertid) # country=“Denmark” # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 16752 16752 0 0 # compatibility_mode=5893 16776574 100 94 22976862 93150557 0 0 # compatibility_mode=8192 67108863 100 0 8375 8375 0 0 # scanned=96425 # found=0 # cleaned=0 # scan_time=7140 Malwarebytes’ Anti-Malware 1.46 http://www.malwarebytes.org Database version: 912070605 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 06-07-2012 13:29:44 mbam-log-2012-07-06 (13-29-44).txt Skanningstype: Fuldstændig skanning (C:\\|) Objekter skannet: 296671 Tid gået: 1 time(e), 47 minut(ter), 50 sekund(er) Hukommelses Processorer Inficeret: 0 Hukommelses Moduler Inficeret: 0 Registreringsdatabasenøgler Inficeret: 1 Registreringsdatabaseværdier Inficeret: 0 Registreringsdatabasedata Objekter Inficeret: 0 Inficerede Mapper: 0 Inficerede Filer: 3 Hukommelses Processorer Inficeret: (Ingen skadelige objekter blev fundet) Hukommelses Moduler Inficeret: (Ingen skadelige objekter blev fundet) Registreringsdatabasenøgler Inficeret: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\csc (Spyware.Password) -> Quarantined and deleted successfully. Registreringsdatabaseværdier Inficeret: (Ingen skadelige objekter blev fundet) Registreringsdatabasedata Objekter Inficeret: (Ingen skadelige objekter blev fundet) Inficerede Mapper: (Ingen skadelige objekter blev fundet) Inficerede Filer: C:\Windows\System32\drivers\csc.sys (Spyware.Password) -> Quarantined and deleted successfully. C:\Windows\winsxs\Backup\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_a04fb2d2ba296321_csc.sys_06be9334 (Spyware.Password) -> Quarantined and deleted successfully. C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_a04fb2d2ba296321\csc.sys (Spyware.Password) -> Quarantined and deleted successfully. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/06/2012 at 03:25 PM Application Version : 5.5.1006 Core Rules Database Version : 8854 Trace Rules Database Version: 6666 Scan type : Complete Scan Total Scan Time : 01:09:07 Operating System Information Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 676 Memory threats detected : 0 Registry items scanned : 35974 Registry threats detected : 0 File items scanned : 28917 File threats detected : 15 Adware.Tracking Cookie C:\USERS\GRETHE NANCY LIP\AppData\Roaming\Microsoft\Windows\Cookies\Low\7FLRDYD2.txt [ Cookie:grethe nancy ./accounts/ ] C:\USERS\GRETHE NANCY LIP\AppData\Roaming\Microsoft\Windows\Cookies\Low\SE7UEFEF.txt [ Cookie:grethe nancy ./accounts ] e2.emediate.se [ C:\USERS\GRETHE NANCY LIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\GRETHE NANCY LIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\GRETHE NANCY LIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] e2.emediate.se [ C:\USERS\GRETHE NANCY LIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] server.adformdsp.net [ C:\USERS\GRETHE NANCY LIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adformdsp.net [ C:\USERS\GRETHE NANCY LIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adform.net [ C:\USERS\GRETHE NANCY LIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .specificclick.net [ C:\USERS\GRETHE NANCY LIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] e2.emediate.se [ C:\USERS\GRETHE NANCY LIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adform.net [ C:\USERS\GRETHE NANCY LIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\GRETHE NANCY LIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adform.net [ C:\USERS\GRETHE NANCY LIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] oddcast.com [ C:\USERS\GRETHE NANCY LIP\DOCUMENTS\ALLE BILLEDER\GRETHES BILLEDER\GRETHE LIP.GRETHE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KL8XU9MK ]
[ Ignorer ] [ # 1 ] Magic Spyhunter
06.07.2012 22:14:22 Administrator Supporter Emeritus Antal indlæg: 32083	Hej Hent Combofix, og gem den på dit skrivebord: Her NB -> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse. Kør så combofix.exe, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt Indholdet af denne fil må du gerne lægge herind. Den kan også findes her - > C: combofix txt Signatur Sund Computer fornuft
[ Ignorer ] [ # 2 ] Freed
10.07.2012 17:21:15 Antal indlæg: 19	her er loggen fra combofix. ComboFix 12-07-10.01 - Grethe Nancy Lip 10-07-2012 16:51:45.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.45.1033.18.1015.322 [GMT 2:00] Kører fra: c:\users\Grethe Nancy Lip\Downloads\ComboFix.exe AV: Avira Desktop Disabled/Updated {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Microsoft Security Essentials Enabled/Updated {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Avira Desktop Disabled/Updated {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Microsoft Security Essentials Enabled/Updated {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-06-10 til 2012-07-10 ))))))))))))))))))))))))))))))))))) . . 2012-07-10 15:05 . 2012-07-10 15:05 ———— d——-w- c:\users\Default\AppData\Local\temp 2012-07-10 14:45 . 2012-05-31 03:41 6762896 ——a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BE8B17F-11E7-486B-9D5A-13810A194594}\mpengine.dll 2012-07-06 12:15 . 2012-07-06 12:15 ———— d——-w- c:\users\Grethe Nancy Lip\AppData\Roaming\SUPERAntiSpyware.com 2012-07-06 12:14 . 2012-07-06 12:15 ———— d——-w- c:\program files\SUPERAntiSpyware 2012-07-06 12:14 . 2012-07-06 12:14 ———— d——-w- c:\programdata\SUPERAntiSpyware.com 2012-07-06 11:43 . 2012-05-31 03:41 6762896 ——a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-06 09:39 . 2012-07-06 09:39 ———— d——-w- c:\users\Grethe Nancy Lip\AppData\Roaming\Malwarebytes 2012-07-06 09:39 . 2010-04-29 13:39 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-07-06 09:39 . 2012-07-06 09:39 ———— d——-w- c:\programdata\Malwarebytes 2012-07-06 09:39 . 2012-07-06 09:39 ———— d——-w- c:\program files\Malwarebytes’ Anti-Malware 2012-07-06 09:39 . 2010-04-29 13:39 20952 ——a-w- c:\windows\system32\drivers\mbam.sys 2012-07-05 17:56 . 2012-07-05 17:56 ———— d——-w- c:\program files\ESET 2012-07-05 16:44 . 2012-07-05 16:44 ———— d——-w- c:\users\Grethe Nancy Lip\AppData\Roaming\Avira 2012-07-05 15:37 . 2012-04-27 08:20 137928 ——a-w- c:\windows\system32\drivers\avipbb.sys 2012-07-05 15:37 . 2012-04-24 22:32 83392 ——a-w- c:\windows\system32\drivers\avgntflt.sys 2012-07-05 15:37 . 2012-04-16 19:18 36000 ——a-w- c:\windows\system32\drivers\avkmgr.sys 2012-07-05 15:36 . 2012-07-05 15:36 ———— d——-w- c:\programdata\Avira 2012-07-05 15:36 . 2012-07-05 15:36 ———— d——-w- c:\program files\Avira 2012-07-05 08:44 . 2012-04-04 19:13 713784 ———w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E6CFB49-79F2-4D43-8130-6F9001819ABA}\gapaengine.dll 2012-07-05 08:39 . 2012-07-05 08:39 ———— d——-w- c:\program files\CCleaner 2012-07-01 09:51 . 2012-07-01 09:51 ———— d——-w- c:\program files\Common Files\Java 2012-07-01 09:47 . 2012-07-01 09:47 ———— d——-w- c:\program files\Oracle 2012-07-01 09:47 . 2012-05-04 17:29 772504 ——a-w- c:\windows\system32\npDeployJava1.dll 2012-07-01 09:46 . 2012-07-01 09:46 ———— d——-w- c:\program files\Java 2012-06-29 15:57 . 2012-06-29 15:57 ———— d——-w- C:\Ny mappe 2012-06-21 07:53 . 2012-06-02 22:19 53784 ——a-w- c:\windows\system32\wuauclt.exe 2012-06-21 07:53 . 2012-06-02 22:19 45080 ——a-w- c:\windows\system32\wups2.dll 2012-06-21 07:53 . 2012-06-02 22:19 1933848 ——a-w- c:\windows\system32\wuaueng.dll 2012-06-21 07:53 . 2012-06-02 22:12 2422272 ——a-w- c:\windows\system32\wucltux.dll 2012-06-21 07:53 . 2012-06-02 22:19 35864 ——a-w- c:\windows\system32\wups.dll 2012-06-21 07:53 . 2012-06-02 22:19 577048 ——a-w- c:\windows\system32\wuapi.dll 2012-06-21 07:53 . 2012-06-02 22:12 88576 ——a-w- c:\windows\system32\wudriver.dll 2012-06-21 07:52 . 2012-06-02 13:19 171904 ——a-w- c:\windows\system32\wuwebv.dll 2012-06-21 07:52 . 2012-06-02 13:12 33792 ——a-w- c:\windows\system32\wuapp.exe 2012-06-14 09:06 . 2012-05-15 01:05 2343936 ——a-w- c:\windows\system32\win32k.sys 2012-06-14 09:06 . 2012-04-26 04:45 129536 ——a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 09:06 . 2012-04-26 04:45 58880 ——a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 09:06 . 2012-04-26 04:41 8192 ——a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 09:06 . 2012-05-01 04:44 164352 ——a-w- c:\windows\system32\profsvc.dll 2012-06-14 09:06 . 2012-04-24 04:36 1158656 ——a-w- c:\windows\system32\crypt32.dll 2012-06-14 09:06 . 2012-04-24 04:36 140288 ——a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 09:06 . 2012-04-24 04:36 103936 ——a-w- c:\windows\system32\cryptnet.dll 2012-06-12 17:38 . 2012-04-04 19:13 713784 ———w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-04 17:29 . 2010-09-05 05:31 687504 ——a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] “{00000000-6E41-4FD3-8538-502F5495E5FC}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2012-01-04 1514152] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-04 00:31 1514152 ——a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2012-01-04 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] “{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2012-01-04 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2012-06-26 3906432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IgfxTray”=“c:\windows\system32\igfxtray.exe” [2009-09-24 141848] “HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2009-09-24 173592] “Persistence”=“c:\windows\system32\igfxpers.exe” [2009-09-24 150552] “GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2009-02-26 30040] “SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2010-05-28 1721640] “SysTrayApp”=“c:\program files\IDT\WDM\sttray.exe” [2009-09-22 495708] “MobileConnect”=“c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe” [2008-11-04 2087424] “ApnUpdater”=“c:\program files\Ask.com\Updater\Updater.exe” [2012-01-04 1391272] “LWS”=“c:\program files\Logitech\LWS\Webcam Software\LWS.exe” [2011-08-12 205336] “Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2012-03-27 37296] “Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-02 843712] “MSC”=“c:\program files\Microsoft Security Client\msseces.exe” [2012-03-26 931200] “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2012-01-17 252296] “avgnt”=“c:\program files\Avira\AntiVir Desktop\avgnt.exe” [2012-05-01 348624] “Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2010-04-29 1090952] . c:\users\Grethe Nancy Lip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-27 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 5 (0x5) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableUIADesktopToggle”= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “mixer”=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @=”“ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @=“Service” . S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d5cfa0b8f21ea198\aestsrv.exe [x] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] . . Indhold af mappen ‘Planlagte Opgaver’ . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898698603-2077109307-4022701215-1000Core.job - c:\users\Grethe Nancy Lip\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 17:59] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898698603-2077109307-4022701215-1000UA.job - c:\users\Grethe Nancy Lip\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 17:59] . . ———- Yderligere scanning———- . uStart Page = hxxp://www.ni.dk/ IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: nordea.dk\www.netbank TCP: DhcpNameServer = 192.168.1.1 . - - - - TOMME GENVEJE FJERNET - - - - . AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe . . . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) “BlindDial”=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) “BlindDial”=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Gennemført tid: 2012-07-10 17:13:04 ComboFix-quarantined-files.txt 2012-07-10 15:13 . Pre-Kørsel: 53.969.444.864 byte ledig Post-Kørsel: 53.768.392.704 byte ledig . - - End Of File - - DFD910C9E8A9DC22101E9AB211EC69E5
[ Ignorer ] [ # 3 ] Magic Spyhunter
11.07.2012 14:08:39 Administrator Supporter Emeritus Antal indlæg: 32083	Du har 2 aktive antivirus programmer kørende, det duer ikke, da de vil konflikte. Afinstaller -> Microsoft Security Client Eller: Avira\AntiVir Genstart, send en ny combofix log herind. Signatur Sund Computer fornuft