Avatar billede pawelpc Nybegynder
07. august 2008 - 14:02 Der er 9 kommentarer

Den her vil gøre dig sindsyg - Det gør den mig

Hej Eksperters!

Jeg har indenfor de seneste par dage modtaget et noget så grusomt irriterende Virus/Trojansk Spy/Ad-ware shit på min blærbare. Har hele tiden lagt inde med AVG 8.0 som har fejlet i at forhindre vira'en at bosætte sig på mine harddiske. Den lagt stort ud med at poppe Vinduer om virus beskyttelse fra PCprivacycleaner samt en masse andet lort, hver 10ende minut. Jeg har adskillige gange scannet min PC, og fundet en helt del og fået det fixet/slettet.

Lige da jeg skulle glæde mig, efter et kort genstart, måtte jeg se mig selv slået af denne AI. Jeg hentede så Spyhunter 3 og betalte prisen, uden held tyede jeg til SpyDocter også registreret.

3 Anti-Vira programmer senere og ca 3 dage med scanninger og søgninger er der stadig massere at finde, men når slettet har det alligevel gemt sig i de fjerneste kroge til atter genopstandelse.

Kan kun komme ind i mit C: drev fra stifinder, og mit :D drev er taget på ferie i, jaa kun ms-dos ved hvor.. :S

Hva gør jeg lige ?

Skal jeg hente endnu et program ?

Vil gøre alt for at undgå re-install af windows.

Tak så langt. Pawelpc
Avatar billede nva Praktikant
07. august 2008 - 14:27 #1
Prøv at følge denne vejledning http://www.eksperten.dk/artikler/1123
07. august 2008 - 17:07 #2
PS: Brug dog denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe i ovenstående artikel ...
07. august 2008 - 17:08 #3
Velkommen til Eksperten.dk
generelt -> http://expfaq.dk/
Avatar billede pawelpc Nybegynder
08. august 2008 - 10:16 #4
Er ny herpå sitet, undskylder for ubekvemligheder. Men tak for den respons!
Avatar billede razorblade101 Nybegynder
08. august 2008 - 12:30 #5
Prøv at sætte AVG til langsom scanning. der plejer den at finde nogle af de mere stanhaftige ting. Det er også være at prøve Spybot S&D, den er rimelig god.
08. august 2008 - 16:02 #6
... men vi skal se loggen/reslutatet fra nævnte http://www.eksperten.dk/artikler/1123
Avatar billede pawelpc Nybegynder
11. august 2008 - 17:30 #7
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25: VIRUS ALERT!, on 11-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Programmer\Launch Manager\QtZgAcer.EXE
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmer\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Spyware Doctor\pctsTray.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Creative\Shared Files\CamTray.exe
C:\Programmer\acer\eRecovery\Monitor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Java\jre1.6.0_05\bin\jucheck.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Magdalena Zawadzka\Skrivebord\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17C24E63-9A2C-4C50-BF01-86212B497BC7} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {65742936-8079-408B-9F3C-874B78030A72} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programmer\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programmer\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmer\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Magdalena Zawadzka\Menuen Start\Programmer\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparnord.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://magdalenazawadzka.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: tfnslopk - {E5B3003A-E09E-4476-B1AE-9ECD2628FB1A} - (no file)
O22 - SharedTaskScheduler: enation - {629340b5-8df6-4211-9245-a86563a35792} - (no file)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13815 bytes

ComboFix 08-08-10.01 - Magdalena Zawadzka 2008-08-11 16:37:46.1 - FAT32x86
Running from: C:\Documents and Settings\Magdalena Zawadzka\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Magdalena Zawadzka\Dokumenter\My Documents.url
C:\WINDOWS\system32\actskn43.ocx

.
(((((((((((((((((((((((((  Files Created from 2008-07-11 to 2008-08-11  )))))))))))))))))))))))))))))))
.

2008-08-10 23:28 . 2008-08-10 23:28    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-08-10 23:19 . 2005-03-14 13:40    <DIR>    d--------    C:\Documents and Settings\Administrator\Skrivebord
2008-08-10 23:19 . 2005-03-14 13:40    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Skabeloner
2008-08-10 23:19 . 2005-03-14 13:40    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Printere
2008-08-10 23:19 . 2005-03-14 13:40    <DIR>    dr-------    C:\Documents and Settings\Administrator\Menuen Start
2008-08-10 23:19 . 2005-03-14 13:40    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Lokale indstillinger
2008-08-10 23:19 . 2006-06-13 10:30    <DIR>    dr-------    C:\Documents and Settings\Administrator\Foretrukne
2008-08-10 23:19 . 2006-06-13 10:30    <DIR>    dr-------    C:\Documents and Settings\Administrator\Dokumenter
2008-08-10 23:19 . 2005-03-14 13:40    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Andre computere
2008-08-10 23:19 . 2008-08-10 23:19    <DIR>    d--------    C:\Documents and Settings\Administrator
2008-08-10 23:19 . 2006-12-07 20:59    0    --ah-----    C:\Documents and Settings\Administrator\hpothb07.dat
2008-08-10 23:06 . 2008-08-10 23:06    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-08-10 23:06 . 2008-08-10 23:06    <DIR>    d--------    C:\Documents and Settings\Magdalena Zawadzka\Application Data\SUPERAntiSpyware.com
2008-08-10 23:06 . 2008-08-10 23:06    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-10 23:05 . 2008-08-10 23:05    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-08-10 22:52 . 2008-08-10 22:52    <DIR>    d--------    C:\Programmer\CCleaner
2008-08-10 12:27 . 2008-08-10 12:27    <DIR>    d--hs----    C:\FOUND.008
2008-08-07 00:46 . 2008-08-07 00:46    <DIR>    d--------    C:\Programmer\Spyware Doctor
2008-08-07 00:46 . 2008-08-07 00:46    <DIR>    d--------    C:\Documents and Settings\Magdalena Zawadzka\Application Data\PC Tools
2008-08-07 00:46 . 2008-06-10 21:22    81,288    --a------    C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-07 00:46 . 2008-06-02 15:19    66,952    --a------    C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-07 00:46 . 2008-06-02 15:19    42,376    --a------    C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-07 00:46 . 2008-06-02 15:19    29,576    --a------    C:\WINDOWS\system32\drivers\kcom.sys
2008-08-06 17:21 . 2008-08-06 17:21    <DIR>    d--------    C:\Programmer\FreeRandomPasswordGenerator
2008-08-06 15:58 . 2008-08-06 15:58    <DIR>    d--------    C:\Programmer\Enigma Software Group
2008-08-05 14:55 . 2008-08-05 14:55    <DIR>    d--h-----    C:\$AVG8.VAULT$
2008-08-05 14:33 . 2008-08-05 14:33    <DIR>    d--------    C:\WINDOWS\system32\drivers\Avg
2008-08-05 14:33 . 2008-08-05 14:33    97,928    --a------    C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-05 14:33 . 2008-08-05 14:33    76,040    --a------    C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-05 14:33 . 2008-08-05 14:33    12,936    --a------    C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-08-05 14:33 . 2008-08-05 14:33    10,520    --a------    C:\WINDOWS\system32\avgrsstx.dll
2008-08-05 14:30 . 2008-08-05 14:30    45,568    --a------    C:\WINDOWS\system32\avgfwdx.dll
2008-08-05 14:30 . 2008-08-05 14:30    23,296    --a------    C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-08-05 14:10 . 2008-08-05 14:10    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-02 10:31 . 2008-08-02 10:31    <DIR>    d--------    C:\Programmer\Lemonade Tycoon 2
2008-08-02 10:16 . 2005-04-25 10:43    159,616    --a------    C:\WINDOWS\system32\drivers\Vax347b.sys
2008-08-02 10:16 . 2004-04-30 09:33    5,248    --a------    C:\WINDOWS\system32\drivers\Vax347s.sys
2008-08-02 10:15 . 2008-08-02 10:15    <DIR>    d--------    C:\Programmer\Alcohol Soft
2008-07-30 22:06 . 2008-07-30 22:06    <DIR>    d--------    C:\WINDOWS\system32\Adobe
2008-07-30 22:06 . 2008-07-30 22:06    <DIR>    d--------    C:\Programmer\Norton Security Scan
2008-07-29 13:20 . 2008-08-11 12:55    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-07-29 13:20 . 2008-07-29 13:20    1,409    --a------    C:\WINDOWS\QTFont.for
2008-07-12 22:56 . 2008-07-12 22:56    <DIR>    d--------    C:\Programmer\AVG
2008-07-12 22:41 . 2008-07-12 22:41    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 22:40 . 2008-07-12 22:40    <DIR>    d--------    C:\WINDOWS\system32\750623
2008-07-12 22:40 . 2008-07-12 22:40    <DIR>    d--------    C:\Programmer\ASC 2.1
2008-07-12 19:34 . 2008-07-12 19:34    <DIR>    d--------    C:\Programmer\ReflexiveArcade
2008-07-12 19:24 . 2008-07-12 19:24    <DIR>    d--------    C:\Programmer\BitLord

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 22:48    ---------    d-----w    C:\Programmer\DivX
2008-06-22 14:28    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-06-20 17:42    246,784    ----a-w    C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:42    246,784    ----a-w    C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:42    148,992    ----a-w    C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45    360,320    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45    360,320    ----a-w    C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44    138,368    ----a-w    C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44    138,368    ----a-w    C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52    225,920    ----a-w    C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52    225,920    ----a-w    C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 18:00    272,256    ------w    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 18:00    272,256    ------w    C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 17:40    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
2008-06-11 00:04    200,704    ----a-w    C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04    1,044,480    ----a-w    C:\WINDOWS\system32\libdivx.dll
2007-09-24 21:24    0    ---ha-w    C:\Documents and Settings\Jerry Smolarz\hpothb07.dat
2007-09-24 21:23    0    ---ha-w    C:\Documents and Settings\Magdalena Zawadzka\hpothb07.dat
2007-09-24 21:23    0    ---ha-w    C:\Documents and Settings\Magdalena Zawadzka\Application Data\hpothb07.dat
2007-09-24 21:23    0    ---ha-w    C:\Documents and Settings\LocalService\hpothb07.dat
2007-09-24 21:23    0    ---ha-w    C:\Documents and Settings\Jerry Smolarz\Application Data\hpothb07.dat
2006-12-07 18:59    0    ---ha-w    C:\Documents and Settings\Default User\hpothb07.dat
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Gadu-Gadu"="C:\Programmer\Gadu-Gadu\gg.exe" [2006-02-17 15:03 2396160]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Creative WebCam Tray"="C:\Programmer\Creative\Shared Files\CamTray.exe" [2005-10-27 18:00 299008]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 05:00 15360]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-07-02 17:10 23237416]
"Sony Ericsson PC Suite"="C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:20 360448]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"PCMService"="C:\Programmer\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-27 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 05:00 455168]
"LManager"="C:\Programmer\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30 315392]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01 245760]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NAV Agent"="C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" [2001-07-21 09:09 50256]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]
"LogitechQuickCamRibbon"="C:\Programmer\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"LogitechCommunicationsManager"="C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-05 14:32 1235736]
"ISTray"="C:\Programmer\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16 1166216]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 05:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-03-14 14:08:40 331776]
hpoddt01.exe.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]
hp psc 1000 series.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Gadu-Gadu\\GG.EXE"=
"C:\\Programmer\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Programmer\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-05 14:33]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-05 14:33]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-05 14:32]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-05 14:32]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-08-05 14:32]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-05 14:33]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-05 14:30]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-15 00:18]
R3 int15.sys;int15.sys;C:\Programmer\acer\eRecovery\int15.sys [2005-01-13 14:46]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-05 14:30]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 12:23]

2008-08-08 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Programmer\F []

2008-08-08 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe [2001-07-21 09:14]

2008-08-08 C:\WINDOWS\Tasks\WebReg 20080808210923.job
- C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-09 18:06]

2008-08-09 C:\WINDOWS\Tasks\WebReg 20080809091246.job
- C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-09 18:06]

2008-08-05 C:\WINDOWS\Tasks\WebReg 20080805233214.job
- C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-09 18:06]

2008-08-10 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Programmer\Norton Security Scan\Nss.exe [2008-01-09 04:08]

2008-02-04 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1164211964.job
- C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]

2008-08-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
SharedTaskScheduler-{629340b5-8df6-4211-9245-a86563a35792} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Magdalena Zawadzka\Application Data\Mozilla\Firefox\Profiles\ursf6yaw.default\
FF -: plugin - C:\Programmer\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programmer\iTunes\Mozilla Plugins\npitunes.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 16:53:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-08-11 16:56:10
ComboFix-quarantined-files.txt  2008-08-11 14:55:52

Pre-Run: 1,840,316,416 byte ledig
Post-Run: 1,870,954,496 byte ledig

210    --- E O F ---    2008-07-22 16:37:41
Avatar billede pawelpc Nybegynder
11. august 2008 - 17:34 #8
SUPERantispyware gemte dog ingen log.

Logindstillingen var sat til men ^_^ Håber det ovenover er tilstrækkeligt, ellers gir jeg den en skan til. Umiddelbart virker den fint nu, dog tror jeg lige den skal Diskfragmenteres engang eller to.
11. august 2008 - 19:07 #9
Afinstaller

* Bitlord

Grrrrr... Det er jo lige meget hvor meget folk har på af sikkerhed/opdateringer. Hvis de først begynder at 'lege' med P2P programmer - eller retterer relutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=47308

* SweetIM

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Der er en del 'snavs' tilbage !!!
(Der står sansynligvis [VIRUS ALERT!] i teksten ved uret nederst højre...)

For at også få de foreløbig usynlige Uønskede elementer mm. væk så følgende ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester