Trojan-virus

formatere den

Win98, ME, W2000, XP, Vista, Win7, ..., ?

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

------------------

FØR du formaterer den, skal du lige overveje at downloade TDC's sikkerhedspakke (demoen) gratis. Den virker vist nok i tredive dage og kører baseret på F-Secure.

AVG har problemer med installeren, har selv haft problemer, og jeg er ikke meget for avast!

http://kundeservice.tdc.dk/privat/internet/faq.php?id=20890

@maimou Jeg ville bruge #3

Tak for det - har brugt cclean og er nu ved at køre malwarebytes - det tager lige lidt tid

Og det er forresten windows XP

Malwarebytes' Anti-Malware 1.37
Database version: 2220
Windows 5.1.2600 Service Pack 3

03-06-2009 16:04:40
mbam-log-2009-06-03 (16-04-40).txt

Skan type: Fuldstændig skanning (C:\|S:\|)
Objekter skannet: 398423
Tid tilbagelagt: 3 hour(s), 52 minute(s), 22 second(s)

Inficerede Hukommelses Processer: 4
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 3
Inficerede Registeringsdatabase Værdier: 4
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 1
Inficerede Filer: 14

Inficerede Hukommelses Processer:
C:\WINDOWS\pp10.exe (Worm.KoobFace) -> Unloaded process successfully.
C:\WINDOWS\system32\SYSDLL.exe (Trojan.Proxy) -> Failed to unload process.
C:\WINDOWS\freddy45.exe (Worm.KoobFace) -> Failed to unload process.
C:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Failed to unload process.

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c875948-9c60-4381-9248-0df180542d53} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdll (Worm.Autorun) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\WINDOWS\system32\sysloc (Trojan.BHO) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\WINDOWS\pp10.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SYSDLL.exe (Trojan.Proxy) -> Delete on reboot.
c:\WINDOWS\system32\sysloc\sysloc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
s:\WINDOWS\pp10.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
s:\WINDOWS\system32\SYSDLL.exe (Trojan.Proxy) -> Delete on reboot.
s:\WINDOWS\system32\sysloc\sysloc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\freddy44.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\freddy45.exe (Worm.KoobFace) -> Delete on reboot.
C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Delete on reboot.
c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122713.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122739.dat (Worm.KoobFace) -> Quarantined and deleted successfully.


HiJackThis-log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:34, on 03-06-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\netmaps.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Logitech\QuickCam\Quickcam.exe
C:\Programmer\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\WINDOWS\Printkey2000.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Mobile Partner\Mobile Partner.exe
C:\Documents and Settings\sejr\Skrivebord\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmer\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Genvej til Printkey2000.lnk = C:\WINDOWS\Printkey2000.exe
O4 - Startup: Genvej til SISUBST.lnk = C:\WINDOWS\SISUBST.CMD
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} - http://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.aarhus.dk/Mapguide%20viewer/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.125.138.27/activex/AxisCamControl.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/digitalsignatur-csp.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{736F9346-A097-43DB-ABC0-C883D8EF2213}: NameServer = 194.255.56.79 194.255.56.78
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NetMaps (netmaps1) - Unknown owner - C:\WINDOWS\netmaps.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10737 bytes

hvad skal jeg så nu?

<f-arn>: Du maa gerne ta' over - jeg er ikke paa de naeste dage...

Hent og gem combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Kør så combofix.exe og følg anvisningerne.
Vigtigt--> Deaktiver dit antivirusprogram da det kan forstyrrer combofix
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her:  C:\Combofix.txt

Hvordan deaktiverer man AVG?

Højreklik på ikonet nede ved uret - > så må der være mulighed for at afbryde det der…

HojreMusseTast paa [AVG] Icon nederst hojre ? Se hvad der staar ?

Tak tak - så går jeg i gang med combo

Åååh - AVG er åbenbart ikke deaktiveret ved at klikke "exit" nede i hjørnet - det siger combofix. Jeg har så prøvet at uninstall programmet, men der melder den fejl, så det kan jeg heller ikke ... pres! Så forsøger jeg at at køre combofix alligevel og den kører det fint indtil "afsluttet stage 50" så sker der ikke mere? har prøvet 3 gange nu - også efter genstart.

Prøv det her:
Åbn AVG Control Center, dobbeltklik på - AVG Resident Shield - Fjern flueben ved - Turn on AVG Resident Shield, og gem ændringerne.
Det er godt nok på engelsk, men forhåbentlig forståeligt?

Tak!


her er logfilen:




ComboFix 09-06-04.09 - sejr 05-06-2009 17:30.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.503.294 [GMT 2:00]
Kører fra: c:\documents and settings\sejr\Dokumenter\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige Kørsel -------
.
C:\autorun.inf
S:\Autorun.inf

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-05-05 til 2009-06-05  )))))))))))))))))))))))))))))))))))
.

2009-06-03 20:11 . 2009-06-03 20:11    --------    d--h--w-    C:\$AVG8.VAULT$
2009-06-03 18:06 . 2009-06-03 18:06    11952    ----a-w-    c:\windows\system32\avgrsstx.dll
2009-06-03 18:06 . 2009-06-03 18:06    108552    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2009-06-03 18:06 . 2009-06-03 18:06    325896    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2009-06-03 18:06 . 2009-06-03 18:06    27784    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-06-03 18:06 . 2009-06-05 12:39    --------    d-----w-    c:\windows\system32\drivers\Avg
2009-06-03 18:05 . 2009-06-03 18:05    --------    d-----w-    c:\programmer\AVG
2009-06-03 18:05 . 2009-06-05 14:40    --------    d-----w-    c:\documents and settings\All Users\Application Data\avg8
2009-06-03 17:47 . 2008-11-20 19:19    9200    ------w-    c:\windows\system32\drivers\cdralw2k.sys
2009-06-03 17:47 . 2008-11-20 19:19    9072    ------w-    c:\windows\system32\drivers\cdr4_xp.sys
2009-06-03 17:46 . 2009-06-03 17:46    --------    d-----w-    c:\windows\system32\IOSUBSYS
2009-06-03 17:11 . 2009-06-03 17:11    0    ----a-w-    c:\windows\nsreg.dat
2009-06-03 17:11 . 2009-06-03 17:11    --------    d-----w-    c:\documents and settings\sejr\Lokale indstillinger\Application Data\Mozilla
2009-06-03 17:10 . 2009-06-05 14:53    --------    d-----w-    c:\programmer\Mozilla Firefox 3.5 Beta 4
2009-06-03 15:18 . 2008-04-14 15:05    152064    ----a-w-    c:\windows\system32\irftp.exe
2009-06-03 15:18 . 2008-04-14 15:05    152064    ----a-w-    c:\windows\system32\dllcache\irftp.exe
2009-06-03 15:18 . 2008-04-14 15:05    8192    ----a-w-    c:\windows\system32\wshirda.dll
2009-06-03 15:18 . 2008-04-14 15:05    8192    ----a-w-    c:\windows\system32\dllcache\wshirda.dll
2009-06-03 15:18 . 2008-04-14 15:05    28160    ----a-w-    c:\windows\system32\irmon.dll
2009-06-03 15:18 . 2008-04-14 15:05    28160    ----a-w-    c:\windows\system32\dllcache\irmon.dll
2009-06-03 09:46 . 2009-06-03 09:46    --------    d-----w-    c:\documents and settings\sejr\Application Data\Malwarebytes
2009-06-03 09:46 . 2009-05-26 11:20    40160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 09:46 . 2009-06-03 09:46    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-03 09:46 . 2009-06-03 09:46    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-06-03 09:46 . 2009-05-26 11:19    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-06-03 09:05 . 2009-06-03 09:05    --------    d-----w-    c:\programmer\CCleaner
2009-06-03 05:38 . 2007-08-24 17:45    101120    ----a-r-    c:\windows\system32\drivers\ewusbmdm.sys
2009-06-03 05:38 . 2007-08-24 17:45    24448    ----a-r-    c:\windows\system32\drivers\ewdcsc.sys
2009-06-03 05:38 . 2009-06-03 05:39    --------    d-----w-    c:\programmer\Mobile Partner
2009-05-31 14:51 . 2003-03-18 19:20    1060864    ----a-w-    c:\windows\system32\MFC71.dll
2009-05-31 14:51 . 2009-05-31 14:51    --------    d-----w-    c:\programmer\Alwil Software
2009-05-29 10:20 . 2007-10-23 07:27    110592    ----a-w-    c:\documents and settings\sejr\Application Data\U3\temp\cleanup.exe
2009-05-29 10:15 . 2008-02-25 11:47    3489792    ---ha-w-    c:\documents and settings\sejr\Application Data\U3\temp\Launchpad Removal.exe
2009-05-29 10:14 . 2009-05-29 10:20    --------    d-----w-    c:\documents and settings\sejr\Application Data\U3
2009-05-27 20:53 . 2009-02-06 10:10    227840    ------w-    c:\windows\system32\dllcache\wmiprvse.exe
2009-05-27 20:53 . 2009-02-09 11:25    110592    ------w-    c:\windows\system32\dllcache\services.exe
2009-05-27 20:53 . 2009-02-09 10:53    401408    ------w-    c:\windows\system32\dllcache\rpcss.dll
2009-05-27 20:53 . 2009-02-09 10:53    473600    ------w-    c:\windows\system32\dllcache\fastprox.dll
2009-05-27 20:53 . 2009-02-06 10:39    35328    ------w-    c:\windows\system32\dllcache\sc.exe
2009-05-27 20:53 . 2009-02-09 10:53    730624    ------w-    c:\windows\system32\dllcache\lsasrv.dll
2009-05-27 20:53 . 2009-02-09 10:53    719360    ------w-    c:\windows\system32\dllcache\ntdll.dll
2009-05-27 20:53 . 2009-02-09 10:53    682496    ------w-    c:\windows\system32\dllcache\advapi32.dll
2009-05-27 20:53 . 2009-02-09 10:53    453120    ------w-    c:\windows\system32\dllcache\wmiprvsd.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 17:46 . 2005-10-23 11:08    --------    d-----w-    c:\programmer\Google
2009-06-03 15:19 . 2004-09-16 15:38    76978    ----a-w-    c:\windows\system32\perfc006.dat
2009-06-03 15:19 . 2004-09-16 15:38    425946    ----a-w-    c:\windows\system32\perfh006.dat
2009-05-31 21:47 . 2007-12-10 12:22    --------    d-----w-    c:\programmer\Brother
2009-05-31 21:46 . 2005-06-29 07:40    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2009-05-31 21:37 . 2007-01-31 21:00    --------    d-----w-    c:\documents and settings\sejr\Application Data\SoftMaker
2009-05-31 14:07 . 2005-06-29 07:44    --------    d-----w-    c:\programmer\Sonic
2009-05-31 14:05 . 2006-01-23 23:03    --------    d-----w-    c:\documents and settings\sejr\Application Data\Lavasoft
2009-05-29 14:19 . 2005-08-16 07:56    71496    -c--a-w-    c:\documents and settings\sejr\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 18:30 . 2009-05-01 18:30    3366912    ----a-w-    c:\windows\system32\GPhotos.scr
2009-03-18 09:07 . 2008-11-28 09:52    0    ----a-w-    c:\documents and settings\sejr\temp.dat
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 413775]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
"ccleaner"="c:\programmer\CCleaner\CCleaner.exe" [2009-05-27 1573104]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmer\Apoint\Apoint.exe" [2004-09-13 155648]
"Dell QuickSet"="c:\programmer\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"SunJavaUpdateSched"="c:\programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IntelZeroConfig"="c:\programmer\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-02 802816]
"IntelWireless"="c:\programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-02 700416]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"LogitechCommunicationsManager"="c:\programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\programmer\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-03 1947928]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\sejr\Menuen Start\Programmer\Start\
Genvej til Printkey2000.lnk - c:\windows\Printkey2000.exe [2005-8-12 869376]
Genvej til SISUBST.lnk - c:\windows\SISUBST.CMD [2005-8-12 47]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2005-6-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-03 18:06    11952    ----a-w-    c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk *\0aswBoot.exe /M:ec3690cc6

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Programmer\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03-06-2009 20:06 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03-06-2009 20:06 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03-06-2009 20:05 298776]
R2 netmaps1;NetMaps;c:\windows\netmaps.exe [08-03-2006 09:39 452096]
.
Indhold af mappen 'Planlagte Opgaver'

2009-06-05 c:\windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- c:\programmer\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - TOMME GENVEJE FJERNET - - - -

SafeBoot-procexp90.Sys


.
------- Yderligere scanning -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\programmer\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmer\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} - hxxp://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/digitalsignatur-csp.exe
FF - ProfilePath - c:\documents and settings\sejr\Application Data\Mozilla\Firefox\Profiles\eqc43a46.default\
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1244049408&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1030&id=64855&mkt=da-DK
FF - plugin: c:\programmer\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmer\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmer\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmer\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmer\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmer\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmer\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmer\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\programmer\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmer\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmer\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmer\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmer\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmer\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmer\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmer\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmer\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmer\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmer\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 17:37
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\igfxdev.dll
.
Gennemført tid: 2009-06-05 17:40

Pre-Kørsel: 23.969.247.232 byte ledig
Post-Kørsel: 24.027.443.200 byte ledig

191    --- E O F ---    2009-05-27 22:31

Det ser da fint ud. Hvordan kører computeren nu? Jeg vil iøvrigt anbefale at i skifter AVG free ud med noget andet. Den er simpelt hen for dårlig.
http://www.spywarefri.dk/sikkerhedspakken/
http://www.spywarefri.dk/software/avg-anti-virus-free-edition/

Jamen der kommer ikke de pop ups mere og den kører egentlig fint. Den fryser bare ofte og kører pludselig meget langsomt.

Tak for hjælpen! Jeg skifter AVG ud med det samme, hvis jeg ellers kan afinstallere det.

Prøv at køre CCleaner igen, særligt punktet [register] Det er den blå terning.

Tak for det

Hjalp det?

Ja, det synes jeg, der har i hvert fald ikke været noget siden - har installeret Avast! på computeren indtil vi får købt et bedre program