CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede louisek Mester
30. oktober 2010 - 15:40 Der er 40 kommentarer og
1 løsning

Nieces computer i åndenød

Kære alle,

Jeg sidder med min nieces computer som er nææææsten død. Hun har rodet sig ud i en masse virus mv.

Når jeg starter computeren op er der ikke andet på skærmen end skrivebordets baggrundsbillede - ingen ikoner eller rammer eller startmenu. Jeg kan ikke højreklikke mig til en menu eller noget.

Jeg kan komme igennem til taskmanageren og derigennem få kontakt til internettet. Jeg har downloadet avast og spybot som har fundet og slettet en del ting.

... og en hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:32:56, on 30-10-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Melissa\Dokumenter\Hentede filer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0A6A344B-F48D-4175-9274-2CC1D0846480} - c:\windows\system32\dlo212.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmer\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmer\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmer\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avast5] "C:\Programmer\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Programmer\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmer\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [mediarealease70x700hh.exe] C:\Documents and Settings\Melissa\Application Data\8F7C6F19DF9055DA7C4FE342751D275F\mediarealease70x700hh.exe
O4 - HKCU\..\Run: [IJKUK66HMN] C:\DOCUME~1\Melissa\LOKALE~1\Temp\Sqq.exe
O4 - HKCU\..\Run: [COM+ Manager] "C:\Documents and Settings\Melissa\.COMMgr\complmgr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmer\Fælles filer\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmer\Fælles filer\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: SYSOGP32.0XE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://fubar.com/js/ImageUploader/ImageUploader6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10085 bytes
Avatar billede f-arn Guru
30. oktober 2010 - 15:46 #1
Hent "Malwarebytes' Anti-Malware" her

Eller her

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Hurtig skan" under fanebladet "skanner"
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her

ellerher

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet

NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.
Avatar billede Computer Hjælp (Gratis) Mester
30. oktober 2010 - 15:47 #2
Der er også et par 'sjove' elementer... Derfor gennemfør denne 'pakke' så vidt muligt ->

---

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...
Avatar billede f-arn Guru
30. oktober 2010 - 15:48 #3
Drop fildeling ->
http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
http://www.spywarefri.dk/forum/viewthread/40284/
Avatar billede Computer Hjælp (Gratis) Mester
30. oktober 2010 - 15:48 #4
~1 min... *S*
Avatar billede f-arn Guru
30. oktober 2010 - 15:49 #5
*G*
Avatar billede louisek Mester
30. oktober 2010 - 16:10 #6
malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4997

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30-10-2010 16:09:29
mbam-log-2010-10-30 (16-09-29).txt

Skanningstype: Hurtig skanning
Objekter skannet: 162795
Tid gået: 11 minut(ter), 19 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 10
Registreringsdatabaseværdier Inficeret: 6
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 2
Inficerede Filer: 13

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IJKUK66HMN (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\X3EKEPXJP2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ijkuk66hmn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediarealease70x700hh.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
C:\Programmer\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menuen Start\Programmer\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Documents and Settings\Melissa\.COMMgr\complmgr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Melissa\Menuen Start\Programmer\Start\SYSOGP32.0XE (Trojan.Bredolab) -> Quarantined and deleted successfully.
C:\Documents and Settings\Melissa\Lokale indstillinger\Temp\tmp_172447527.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Programmer\RelevantKnowledge\msvcp71.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmer\RelevantKnowledge\msvcr71.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmer\RelevantKnowledge\rlls64.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmer\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmer\RelevantKnowledge\rlvknlg64.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menuen Start\Programmer\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menuen Start\Programmer\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menuen Start\Programmer\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Melissa\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> Quarantined and deleted successfully.
Avatar billede louisek Mester
30. oktober 2010 - 16:19 #7
DDS (Ver_10-10-21.02) - NTFSx86 
Run by Melissa at 16:10:56,90 on 30-10-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1022.493 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated)  {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Mozilla Firefox\plugin-container.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Melissa\Dokumenter\Hentede filer\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\programmer\vuze_remote\tbVuz1.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: : {0a6a344b-f48d-4175-9274-2cc1d0846480} - c:\windows\system32\dlo212.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\programmer\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programmer\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\programmer\vuze_remote\tbVuz1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programmer\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programmer\windows live\toolbar\wltcore.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\programmer\vuze_remote\tbVuz1.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\programmer\superantispyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "c:\programmer\windows live\messenger\msnmsgr.exe" /background
uRun: [Creative Live! Cam Manager] "c:\programmer\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [Skype] "c:\programmer\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\programmer\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NVRotateSysTray] rundll32.exe c:\windows\system32\nvsysrot.dll,Enable
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\programmer\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [fssui] "c:\programmer\windows live\family safety\fsui.exe" -autorun
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
mRun: [V0400Mon.exe] c:\windows\V0400Mon.exe
mRun: [DivXUpdate] "c:\programmer\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [avast5] "c:\programmer\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\programmer\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
mRunOnce: [SpybotSnD] "c:\programmer\spybot - search & destroy\SpybotSD.exe" /autocheck
mRunOnce: [Malwarebytes' Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [WUAppSetup] c:\programmer\fælles filer\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://fubar.com/js/ImageUploader/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fllesf~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\programmer\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmer\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\melissa\applic~1\mozilla\firefox\profiles\xoxacg3f.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\programmer\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\melissa\application data\mozilla\firefox\profiles\xoxacg3f.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\melissa\lokale indstillinger\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programmer\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programmer\microsoft\office live\npOLW.dll
FF - plugin: c:\programmer\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\programmer\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-30 165584]
R1 SASDIFSV;SASDIFSV;c:\programmer\superantispyware\SASDIFSV.SYS [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\superantispyware\SASKUTIL.SYS [2008-2-29 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-30 17744]
R2 avast! Antivirus;avast! Antivirus;c:\programmer\alwil software\avast5\AvastSvc.exe [2010-10-30 40384]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-20 54752]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\programmer\alwil software\avast5\AvastSvc.exe [2010-10-30 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\programmer\alwil software\avast5\AvastSvc.exe [2010-10-30 40384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-30 38224]
S0 wlihvkc;wlihvkc;c:\windows\system32\drivers\wlihvkc.sys [2010-10-20 842240]
S2 bsczbyri;USB to IEEE-1284.4 Translation  HPZius12Controller;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 pujpuh;System Support;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 ADM8511;ADMtek ADM8511/AN986 USB til Fast Ethernet-converter;c:\windows\system32\drivers\adm8511.sys [2009-2-9 20160]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmer\lavalys\everest ultimate edition\kerneld.wnt [2009-1-30 23152]
S3 F5D5055;Belkin F5D5055 Gigabit USB 2.0 Network Adapter;c:\windows\system32\drivers\F5D5055.sys [2009-6-24 30336]
S3 fsssvc;Windows Live-tjenesten Family Safety;c:\programmer\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SASENUM;SASENUM;c:\programmer\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SVRPEDRV;SVRPEDRV;c:\docume~1\n\lokale~1\temp\rarsfx0\s10vwf\PEDrv.sys [2009-1-30 6656]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-9-29 32000]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2010-2-8 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2010-2-8 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2010-2-8 166720]
SUnknown SPService;SPService; [x]

=============== Created Last 30 ================

2010-10-30 13:48:48    --------    d-----w-    c:\docume~1\melissa\applic~1\Malwarebytes
2010-10-30 13:48:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 13:48:38    --------    d-----w-    c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-30 13:48:37    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-10-30 13:48:37    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-10-30 11:05:01    --------    d-----w-    c:\docume~1\alluse~1\applic~1\F-Secure
2010-10-30 08:07:16    --------    d-----w-    c:\docume~1\melissa\applic~1\Office Genuine Advantage
2010-10-29 22:28:13    28880    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2010-10-29 22:27:55    38848    ----a-w-    c:\windows\avastSS.scr
2010-10-29 22:27:30    --------    d-----w-    c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-29 21:29:18    --------    d-----w-    c:\docume~1\alluse~1\applic~1\MFAData
2010-10-29 18:05:51    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2010-10-29 18:05:51    --------    d-----w-    c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-20 15:06:33    0    ----a-w-    c:\windows\system32\dlo212.tmp
2010-10-20 15:05:53    --------    d-sh--w-    c:\documents and settings\melissa\IECompatCache
2010-10-20 08:40:59    --------    d-sh--w-    c:\documents and settings\melissa\.COMMgr
2010-10-20 08:40:09    196    ----a-w-    c:\docume~1\melissa\applic~1\24679.bat
2010-10-20 08:39:42    842240    ----a-w-    c:\windows\system32\drivers\wlihvkc.sys
2010-10-20 08:38:48    --------    d-----w-    c:\docume~1\melissa\applic~1\8F7C6F19DF9055DA7C4FE342751D275F

==================== Find3M  ====================

2010-09-18 10:23:40    974848    ----a-w-    c:\windows\system32\mfc42u.dll
2010-09-18 06:53:39    974848    ----a-w-    c:\windows\system32\mfc42.dll
2010-09-18 06:53:39    953856    ----a-w-    c:\windows\system32\mfc40u.dll
2010-09-18 06:53:38    954368    ----a-w-    c:\windows\system32\mfc40.dll
2010-09-10 05:51:36    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-09-10 05:51:33    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2010-09-10 05:51:33    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2010-09-01 11:52:04    285824    ----a-w-    c:\windows\system32\atmfd.dll
2010-09-01 07:57:39    1852800    ----a-w-    c:\windows\system32\win32k.sys
2010-08-27 08:03:32    119808    ----a-w-    c:\windows\system32\t2embed.dll
2010-08-27 05:53:18    99840    ----a-w-    c:\windows\system32\srvsvc.dll
2010-08-27 01:43:50    5120    ----a-w-    c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:33    617472    ----a-w-    c:\windows\system32\comctl32.dll
2010-08-17 13:17:06    58880    ----a-w-    c:\windows\system32\spoolsv.exe
2010-08-16 08:45:02    590848    ----a-w-    c:\windows\system32\rpcrt4.dll

============= FINISH: 16:12:41,31 ===============
Avatar billede f-arn Guru
30. oktober 2010 - 16:35 #8
Vil du godt (midlertidigt) afinstallere Spybot - Search & Destroy. Den gør det meget vanskeligt at få ComboFix til at virke.

------

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede louisek Mester
30. oktober 2010 - 16:43 #9
Frisk Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:42:25, on 30-10-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Melissa\Dokumenter\Hentede filer\HijackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0A6A344B-F48D-4175-9274-2CC1D0846480} - c:\windows\system32\dlo212.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmer\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmer\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmer\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avast5] "C:\Programmer\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Programmer\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmer\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmer\Fælles filer\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmer\Fælles filer\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://fubar.com/js/ImageUploader/ImageUploader6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10019 bytes
Avatar billede louisek Mester
30. oktober 2010 - 17:39 #10
@ f-arn

Jeg ved ikke hvordan jeg kan afinstallere spybot når jeg alene har adgang til computeren via min taskmanager
Avatar billede f-arn Guru
30. oktober 2010 - 17:55 #11
Under filer -> Ny Opgave (kør...)
appwiz.cpl
Klik OK.
Avatar billede louisek Mester
31. oktober 2010 - 00:48 #12
Hvordan kommer jeg til skrivebordet fra taskmanageren?
Avatar billede louisek Mester
31. oktober 2010 - 09:55 #13
... og hvordan får jeg den normale opstart til skrivebordet tilbage? :o)
Avatar billede f-arn Guru
31. oktober 2010 - 10:12 #14
Når du i "job liste" har skrevet "Explorer.Exe" bør du ha' et normalt Skrivebord.

Derefter vil jeg lave et Rsgfix.
Avatar billede louisek Mester
31. oktober 2010 - 10:23 #15
explorer.exe ->

"windows kunne ikke få adgang til den navngivne enhed, sti eller fil. Du har muligvis ikke de nødvendige rettigheder til at få adgang til elementet"

øv

... hvordan laver jeg et rgsfix?
Avatar billede f-arn Guru
31. oktober 2010 - 14:06 #16
Hent Swandog46' Avenger2 her:
http://swandog46.geekstogo.com/avenger2/avenger.zip

Pak Avenger-programmet ud og dobbeltklik på avenger.exe. Nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------

Drivers to delete:
wlihvkc
Files to delete:
c:\windows\system32\drivers\wlihvkc.sys

-----------------------------

Klik på knappen Execute. Følg vejledningen og svar ja på spørgsmålene - programmet vil opfordre dig til at genstarte computeren, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den skal du kopiere herind i forum i dit næste svar.  Log'en kan også findes her: C:\avenger.txt.
Avatar billede louisek Mester
31. oktober 2010 - 20:37 #17
Kære f-arn ... her er logfilen:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "wlihvkc" deleted successfully.
File "c:\windows\system32\drivers\wlihvkc.sys" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Avatar billede louisek Mester
01. november 2010 - 18:02 #18
... jeg har stadig ingen desktop ... men det lader umiddelbart til at jeg er sluppet af med div virus heriblandt antimalware doctor og thinkpoint
Avatar billede f-arn Guru
01. november 2010 - 21:09 #19
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
Avatar billede f-arn Guru
01. november 2010 - 21:25 #20
Det der atåer ovenoner skal kopieres og gemmes som [regfix.reg]
Kør den, og si' ja til at flette.
Avatar billede louisek Mester
01. november 2010 - 21:29 #21
skal det kopieres ind i en notepad fil?
Avatar billede f-arn Guru
01. november 2010 - 21:47 #22
Ja, og gemmes som regfix.reg
Avatar billede louisek Mester
01. november 2010 - 23:50 #23
... nix ... stadig ingen adgang til explorer ... jeg får den samme besked som tidligere.
Avatar billede f-arn Guru
02. november 2010 - 10:54 #24
1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

[]:filefind
Exwplorer.exe[/]

3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.
Avatar billede louisek Mester
02. november 2010 - 19:27 #25
jeg går ud fra at den tekst der skal sættes ind i vinduet er:

:filefind
Explorer.exe


... uden w? er det rigtigt?
Avatar billede louisek Mester
02. november 2010 - 19:28 #26
SystemLook 04.09.10 by jpshortstuff
Log created at 19:28 on 02/11/2010 by Melissa
Administrator - Elevation successful

========== filefind ==========

Searching for "Explorer.exe"
C:\WINDOWS\explorer.exe    --a---- 1034752 bytes    [07:05 14/04/2008]    [07:05 14/04/2008] (Unable to calculate MD5)

-= EOF =-
Avatar billede louisek Mester
02. november 2010 - 22:30 #27
Jeg kan godt finde explorer.exe ved at trykke "nyt job" fra taskmanageren, men den dialogboks med rettighederne kommer frem:

"windows kunne ikke få adgang til den navngivne enhed, sti eller fil. Du har muligvis ikke de nødvendige rettigheder til at få adgang til elementet"
Avatar billede f-arn Guru
03. november 2010 - 13:23 #28
Har du en Windows CD ?

Glem Spybot lige nu og kør ComboFix.

------

Hent og gem ComboFix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede louisek Mester
03. november 2010 - 19:43 #29
ComboFix 10-11-02.06 - Melissa 03-11-2010  19:14:12.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1022.743 [GMT 1:00]
Kører fra: C:\Documents and Settings\Melissa\Skrivebord\ComboFix.exe
Kommandoer benyttet :: C:\Documents and Settings\Melissa\Skrivebord\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
Avatar billede louisek Mester
03. november 2010 - 22:37 #30
så fik jeg vist det hele med :o) .....



ComboFix 10-11-02.06 - Melissa 03-11-2010  22:26:55.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1022.654 [GMT 1:00]
Kører fra: c:\documents and settings\Melissa\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Melissa\Skrivebord\CFScript.txt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige Kørsel -------
.
c:\documents and settings\All Users\Dokumenter\Server\admin.txt
c:\documents and settings\All Users\Dokumenter\Server\server.dat
c:\documents and settings\Melissa\Application Data\8F7C6F19DF9055DA7C4FE342751D275F\enemies-names.txt
c:\documents and settings\Melissa\Application Data\8F7C6F19DF9055DA7C4FE342751D275F\local.ini
c:\documents and settings\Melissa\Application Data\8F7C6F19DF9055DA7C4FE342751D275F\lsrslt.ini
c:\documents and settings\Melissa\Application Data\completescan
c:\documents and settings\Melissa\Application Data\install
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\ptxmlmce.sys

c:\windows\explorer.exe . . . er inficeret!!

c:\windows\system32\winlogon.exe . . . er inficeret!!

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


(((((((((((((((((((((((((((((  Filer skabt fra 2010-10-03 til 2010-11-03  )))))))))))))))))))))))))))))))))))
.

2010-11-03 21:19 . 2010-11-03 21:19    --------    d-----w-    c:\programmer\Fælles filer\Java
2010-11-03 21:18 . 2010-09-15 03:50    472808    ----a-w-    c:\programmer\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-03 21:18 . 2010-09-15 03:50    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2010-11-03 20:16 . 2010-11-03 20:16    --------    d-----w-    c:\documents and settings\Melissa\Application Data\AVG10
2010-11-03 20:15 . 2010-11-03 20:15    --------    d--h--w-    c:\documents and settings\All Users\Application Data\Common Files
2010-11-03 20:13 . 2010-11-03 21:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG10
2010-11-03 20:12 . 2010-11-03 20:12    --------    d-----w-    c:\programmer\AVG
2010-10-31 19:27 . 2010-10-31 19:27    --------    d-----w-    c:\documents and settings\Melissa\Application Data\PeaZip
2010-10-31 19:27 . 2010-10-31 19:27    --------    d-----w-    c:\programmer\PeaZip
2010-10-30 14:22 . 2010-10-30 14:22    --------    d-----w-    c:\programmer\CCleaner
2010-10-30 13:48 . 2010-10-30 13:48    --------    d-----w-    c:\documents and settings\Melissa\Application Data\Malwarebytes
2010-10-30 13:48 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 13:48 . 2010-10-30 13:48    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-30 13:48 . 2010-10-30 13:48    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-10-30 13:48 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-10-30 11:05 . 2010-10-30 11:05    --------    d-----w-    c:\documents and settings\All Users\Application Data\F-Secure
2010-10-30 08:07 . 2010-10-30 08:07    --------    d-----w-    c:\documents and settings\Melissa\Application Data\Office Genuine Advantage
2010-10-30 08:04 . 2010-10-30 08:04    --------    d-----w-    c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-10-29 22:27 . 2010-10-29 22:27    --------    d-----w-    c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-29 21:29 . 2010-11-03 20:12    --------    d-----w-    c:\documents and settings\All Users\Application Data\MFAData
2010-10-29 18:05 . 2010-10-30 16:19    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2010-10-29 18:05 . 2010-10-30 16:19    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-20 15:56 . 2010-10-20 15:56    --------    d-----r-    c:\documents and settings\NetworkService\Foretrukne
2010-10-20 15:06 . 2010-10-20 15:06    0    ----a-w-    c:\windows\system32\dlo212.tmp
2010-10-20 15:05 . 2010-10-20 15:05    --------    d-sh--w-    c:\documents and settings\Melissa\IECompatCache
2010-10-20 14:42 . 2010-10-20 14:42    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
2010-10-20 08:40 . 2010-10-20 08:40    196    ----a-w-    c:\documents and settings\Melissa\Application Data\24679.bat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2007-04-02 18:14    974848    ----a-w-    c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 07:05    974848    ----a-w-    c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 07:05    953856    ----a-w-    c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-10-09 12:00    954368    ----a-w-    c:\windows\system32\mfc40.dll
2010-09-15 01:29 . 2009-09-04 15:26    73728    ----a-w-    c:\windows\system32\javacpl.cpl
2010-09-10 05:51 . 2008-04-14 07:05    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-09-10 05:51 . 2008-04-14 07:06    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2010-09-10 05:51 . 2008-04-14 07:05    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2010-09-01 11:52 . 2008-04-14 07:03    285824    ----a-w-    c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 06:38    1852800    ----a-w-    c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 07:05    119808    ----a-w-    c:\windows\system32\t2embed.dll
2010-08-27 05:53 . 2008-04-14 07:05    99840    ----a-w-    c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25    5120    ----a-w-    c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-13 10:15    357248    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-04-14 07:05    617472    ----a-w-    c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 07:06    58880    ----a-w-    c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 07:05    590848    ----a-w-    c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

  • 2008-04-14 . 026612781A4599A2355F8C0DDC44C706 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

  • 2008-04-14 . 1B926C0405A89FC158B56D52D8D8BA47 . 1034752 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programmer\Vuze_Remote\tbVuz1.dll" [2010-09-10 2735200]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-09-10 16:50    2735200    ----a-w-    c:\programmer\Vuze_Remote\tbVuz1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programmer\Vuze_Remote\tbVuz1.dll" [2010-09-10 2735200]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\programmer\Vuze_Remote\tbVuz1.dll" [2010-09-10 2735200]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Creative Live! Cam Manager"="c:\programmer\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-04 7340032]
"nwiz"="nwiz.exe" [2005-12-04 1519616]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2005-12-04 49152]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"fssui"="c:\programmer\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-05-14 248552]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-06-04 32768]
"DivXUpdate"="c:\programmer\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\programmer\Fælles filer\logishrd\WUApp32.exe" [2007-02-03 430080]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5950:TCP"= 5950:TCP:spport
"5603:TCP"= 5603:TCP:zpgpl

S2 bsczbyri;USB to IEEE-1284.4 Translation  HPZius12Controller;c:\windows\System32\svchost.exe -k netsvcs [14-04-2008 08:06 14336]
S2 pujpuh;System Support;c:\windows\system32\svchost.exe -k netsvcs [14-04-2008 08:06 14336]
S3 ADM8511;ADMtek ADM8511/AN986 USB til Fast Ethernet-converter;c:\windows\system32\drivers\adm8511.sys [09-02-2009 18:31 20160]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmer\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [30-01-2009 18:02 23152]
S3 F5D5055;Belkin F5D5055 Gigabit USB 2.0 Network Adapter;c:\windows\system32\drivers\F5D5055.sys [24-06-2009 20:38 30336]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\N\LOKALE~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\N\LOKALE~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [29-09-2008 17:44 32000]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [08-02-2010 17:02 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [08-02-2010 17:02 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [08-02-2010 17:02 166720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
bsczbyri
pujpuh
.
Indhold af mappen 'Planlagte Opgaver'

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-11-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Yderligere scanning -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://fubar.com/js/ImageUploader/ImageUploader6.cab
FF - ProfilePath - c:\documents and settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xoxacg3f.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\programmer\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Melissa\Lokale indstillinger\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\programmer\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmer\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{0A6A344B-F48D-4175-9274-2CC1D0846480} - c:\windows\system32\dlo212.dll
HKLM-Run-Tvs - c:\program files\Toshiba\Tvs\TvsTray.exe
AddRemove-Musicnotes Combined Installer_is1 - c:\programmer\Musicnotes\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\programmer\DivX\DivXCodecUninstall.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Melissa\Lokale indstillinger\Application Data\Unity\WebPlayer\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-03 22:33
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programmer\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pujpuh]
"ServiceDll"="c:\windows\system32\qznebvm.dll"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(208)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSDA.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\programmer\iPod\bin\iPodService.exe
c:\programmer\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Gennemført tid: 2010-11-03  22:36:16 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-11-03 21:36

Pre-Kørsel: 15.460.151.296 byte ledig
Post-Kørsel: 15.436.861.440 byte ledig

- - End Of File - - 883757E7BAACA7BB6C755D5FB575BB5C
Avatar billede louisek Mester
03. november 2010 - 22:43 #31
... og desktoppen er tilbage :o)

... du styrer!!! tusind tak for hjælpen!!!!!
Avatar billede f-arn Guru
04. november 2010 - 16:48 #32
Har du en Windows CD ?

Vi skal ha' erstattet to Windows filer der er inficeret.

Hvad er det for en PC ?
Avatar billede louisek Mester
04. november 2010 - 22:16 #33
Nej ingen CD -
det er en Toshiba Sattelite A100-301
Model no PSAA9E-0PR043N5
Avatar billede f-arn Guru
05. november 2010 - 12:05 #34
Har du eventuelt mulighed for at låne en Windows XP Professional CD ?

Inden vi prøver at finde erstatninger, vil jeg gerne ha' du gør dette.

------

Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe.

Kør TDSSKiller.exe -> Klik på "Start Scan"

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind I denne tråd.
Avatar billede louisek Mester
14. november 2010 - 01:04 #35
jeg har fået fat i en cd nu ... skal jeg stadig gøre det du skrev i indlæg #34 ?
Avatar billede f-arn Guru
14. november 2010 - 01:24 #36
Kort svar, ja  :)
Avatar billede louisek Mester
14. november 2010 - 19:23 #37
2010/11/14 19:17:01.0125    TDSS rootkit removing tool 2.4.7.0 Nov  8 2010 10:52:22
2010/11/14 19:17:01.0125    ================================================================================
2010/11/14 19:17:01.0125    SystemInfo:
2010/11/14 19:17:01.0125   
2010/11/14 19:17:01.0125    OS Version: 5.1.2600 ServicePack: 3.0
2010/11/14 19:17:01.0125    Product type: Workstation
2010/11/14 19:17:01.0125    ComputerName: MELISSA-F46FC52
2010/11/14 19:17:01.0125    UserName: Melissa
2010/11/14 19:17:01.0125    Windows directory: C:\WINDOWS
2010/11/14 19:17:01.0125    System windows directory: C:\WINDOWS
2010/11/14 19:17:01.0125    Processor architecture: Intel x86
2010/11/14 19:17:01.0125    Number of processors: 2
2010/11/14 19:17:01.0125    Page size: 0x1000
2010/11/14 19:17:01.0125    Boot type: Normal boot
2010/11/14 19:17:01.0125    ================================================================================
2010/11/14 19:17:01.0390    Initialize success
2010/11/14 19:17:07.0500    ================================================================================
2010/11/14 19:17:07.0500    Scan started
2010/11/14 19:17:07.0500    Mode: Manual;
2010/11/14 19:17:07.0500    ================================================================================
2010/11/14 19:17:08.0687    ACPI            (991b6d6fe2a4d70caf76c41334e60926) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/14 19:17:08.0859    ACPIEC          (6f99fe216de8c4875dbb12937620da0c) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/14 19:17:09.0187    ADM8511        (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
2010/11/14 19:17:09.0593    aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/14 19:17:09.0812    AFD            (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/14 19:17:10.0828    Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/14 19:17:11.0484    AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/14 19:17:11.0703    atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/14 19:17:11.0859    Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/14 19:17:11.0921    audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/14 19:17:12.0031    AVGIDSDriver    (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/14 19:17:12.0093    AVGIDSEH        (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/11/14 19:17:12.0109    AVGIDSFilter    (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/14 19:17:12.0125    AVGIDSShim      (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/11/14 19:17:12.0187    Avgldx86        (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/11/14 19:17:12.0234    Avgmfx86        (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/11/14 19:17:12.0265    Avgrkx86        (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/11/14 19:17:12.0328    Avgtdix        (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/11/14 19:17:12.0437    Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/14 19:17:12.0578    CamDrL          (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
2010/11/14 19:17:12.0750    cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/14 19:17:12.0796    CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/14 19:17:12.0859    Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/14 19:17:12.0906    Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/14 19:17:12.0984    Cdr4_xp        (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/11/14 19:17:13.0078    Cdralw2k        (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/11/14 19:17:13.0125    Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/14 19:17:13.0203    CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/14 19:17:13.0281    Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/14 19:17:13.0421    Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/14 19:17:13.0546    dmboot          (8a3088f97b2caa3340bbb068f314e596) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/14 19:17:13.0625    dmio            (6d152a2781ffbd6a63a1e58801240e8e) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/14 19:17:13.0640    dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/14 19:17:13.0687    DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/14 19:17:13.0765    drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/14 19:17:13.0796    E100B          (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/14 19:17:14.0000    F5D5055        (59d783ff1b4ed5b39bfc3c3b7376e7f0) C:\WINDOWS\system32\DRIVERS\F5D5055.sys
2010/11/14 19:17:14.0046    Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/14 19:17:14.0078    Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/14 19:17:14.0109    Fips            (bb52a20854cf3e8e0474ee7167c7a3a5) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/14 19:17:14.0125    Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/14 19:17:14.0187    FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/14 19:17:14.0234    fssfltr        (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/11/14 19:17:14.0343    Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/14 19:17:14.0390    Ftdisk          (0a58505b5d0aba661d2ff59cd8cf79b9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/14 19:17:14.0453    GEARAspiWDM    (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/11/14 19:17:14.0500    Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/14 19:17:14.0546    HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/14 19:17:14.0687    HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/14 19:17:14.0781    HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/14 19:17:14.0828    HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/14 19:17:14.0843    HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/14 19:17:14.0906    HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/14 19:17:15.0109    i8042prt        (42f890598efb480076558ca3cc151107) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/14 19:17:15.0187    Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/14 19:17:15.0453    IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/14 19:17:15.0640    intelppm        (d1cd31b6cd4a99f3b82aec84cfdd4cba) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/14 19:17:15.0687    Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/14 19:17:15.0734    IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/14 19:17:15.0750    IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/14 19:17:15.0796    IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/14 19:17:15.0968    IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/14 19:17:16.0015    IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/14 19:17:16.0062    isapnp          (3ce6ec5903c59223b61f6a0b9b84b022) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/14 19:17:16.0093    Kbdclass        (32e823dfd0a7f18cf3b024f78c7aa7dd) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/14 19:17:16.0140    kbdhid          (530d40f58095397b6b8aa5a0fdd074a5) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/14 19:17:16.0281    kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/14 19:17:16.0343    KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/14 19:17:16.0453    LVUSBSta        (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/11/14 19:17:16.0484    mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/14 19:17:16.0546    Modem          (67ac997db66fdfd07738df58b45cd1b9) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/14 19:17:16.0718    Mouclass        (22774a2ab832972eca2ce227819f5af0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/14 19:17:16.0781    mouhid          (39f0a46109b167707018e8889d5fec93) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/14 19:17:16.0812    MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/14 19:17:16.0906    MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/14 19:17:17.0015    MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/14 19:17:17.0171    Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/14 19:17:17.0281    MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/14 19:17:17.0328    MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/14 19:17:17.0375    MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/14 19:17:17.0468    mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/14 19:17:17.0531    MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/14 19:17:17.0562    Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/14 19:17:17.0609    NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/14 19:17:17.0640    NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/14 19:17:17.0671    NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/14 19:17:17.0703    NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/14 19:17:17.0828    Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/14 19:17:17.0859    NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/14 19:17:17.0906    NDProxy        (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/14 19:17:17.0937    NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/14 19:17:17.0968    NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/14 19:17:18.0218    NETw4x32        (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2010/11/14 19:17:18.0375    NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/14 19:17:18.0421    Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/14 19:17:18.0484    Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/14 19:17:18.0562    Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/14 19:17:18.0796    nv              (7d504e6fd9a69efd4bc8f8f4db66a01b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/14 19:17:18.0968    NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/14 19:17:19.0000    NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/14 19:17:19.0046    ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/14 19:17:19.0109    Parport        (9e048790f33fe5f4fa9d27b5650a1dd5) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/14 19:17:19.0140    PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/14 19:17:19.0187    ParVdm          (48e97af5b876301131e9d1b0c43212c3) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/14 19:17:19.0281    PCI            (5d756da95bd1e2f6e495704715532fdc) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/14 19:17:19.0359    PCIIde          (69ce0d409c11347196147ea4c6c02364) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/14 19:17:19.0390    Pcmcia          (e980b6d0ca6acba679a0ac810ab9a57c) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/14 19:17:19.0531    PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/14 19:17:19.0546    PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/14 19:17:19.0593    Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/14 19:17:19.0593    Suspicious service (NoAccess): pujpuh
2010/11/14 19:17:19.0640    PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/14 19:17:19.0765    RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/14 19:17:19.0859    Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/14 19:17:19.0890    RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/14 19:17:19.0906    Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/14 19:17:19.0921    Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/14 19:17:19.0984    RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/14 19:17:20.0015    rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/14 19:17:20.0125    RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/14 19:17:20.0203    redbook        (d2ea9dae9a9f1bf40c0ea1d1d7c5592c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/14 19:17:20.0281    sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/14 19:17:20.0312    Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/14 19:17:20.0359    Serial          (680ed46039ebd4c23eb708f1af6b9e5d) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/14 19:17:20.0390    Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/14 19:17:20.0625    SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/14 19:17:20.0703    splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/14 19:17:20.0765    sr              (b3ecb8b07f7991132c71c1b16a82ffe3) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/14 19:17:20.0828    Srv            (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/14 19:17:20.0984    streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/14 19:17:21.0109    swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/14 19:17:21.0156    swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/14 19:17:21.0343    sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/14 19:17:21.0421    Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/14 19:17:21.0484    TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/14 19:17:21.0562    TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/14 19:17:21.0625    TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/14 19:17:21.0703    tifm21          (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2010/11/14 19:17:21.0765    TVICHW32        (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2010/11/14 19:17:21.0812    Tvs            (558aff1d1ca5d88497ddc0129af2f7c0) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2010/11/14 19:17:21.0921    Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/14 19:17:22.0218    Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/14 19:17:22.0453    USBAAPL        (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/14 19:17:22.0703    usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/14 19:17:22.0859    usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/14 19:17:23.0000    usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/14 19:17:23.0265    usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/14 19:17:23.0468    usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/14 19:17:23.0875    usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/14 19:17:24.0000    USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/14 19:17:24.0062    usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/14 19:17:24.0156    VF0400Afx      (e8532ccc886588219bceb3ea6f9f5339) C:\WINDOWS\system32\Drivers\V0400Afx.sys
2010/11/14 19:17:24.0218    VF0400Vfx      (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\V0400VFx.sys
2010/11/14 19:17:24.0265    VF0400Vid      (53b99223a4d7c958fb82f6c989e9d98f) C:\WINDOWS\system32\DRIVERS\V0400Vid.sys
2010/11/14 19:17:24.0375    VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/14 19:17:24.0453    VolSnap        (69d9e1de5f897580f8b1d1957528b0b2) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/14 19:17:24.0593    Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/14 19:17:24.0640    wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/14 19:17:24.0734    WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/14 19:17:24.0781    xnacc          (a668f64fe42b3b0d8d87ecad14963b00) C:\WINDOWS\system32\DRIVERS\xnacc.sys
2010/11/14 19:17:25.0015    ================================================================================
2010/11/14 19:17:25.0015    Scan finished
2010/11/14 19:17:25.0015    ================================================================================
Avatar billede f-arn Guru
17. november 2010 - 08:10 #38
Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
Filelook::
c:\windows\system32\drivers\V0400Afx.sys
Folder::
c:\programmer\Vuze_Remote
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
Driver::
bsczbyri
pujpuh
Mia::
c:\windows\system32\winlogon.exe
c:\windows\explorer.exe
SRPeek::
c:\windows\system32\winlogon.exe
c:\windows\explorer.exe

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede Computer Hjælp (Gratis) Mester
04. december 2010 - 14:37 #39
<f-arn>: Pls. GoSub http://www.eksperten.dk/spm/925650 (Du har jo ikke oprettet kontaktinfo i din profil?)
Avatar billede louisek Mester
29. juni 2011 - 16:14 #40
f-arn - vil du ikke melde ind med et svar - så får du dine points
Avatar billede f-arn Guru
29. juni 2011 - 16:41 #41
:)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
10 min siden Flyt af C:\Brugere fra C-drev til D-drev Af Ulrich i Windows
I dag 15:30 HP printer virker ikke sammen med 5G trådløs router Af ejgil703 i Printere
I dag 15:02 Windows 10 eller 11 Af DanishBear i Windows
I går 21:01 Sikring til subwoofer Af Hegonidk i Andet hardware
I går 17:27 Filnavn forslag ved brug af skabelon Af hbl i Excel
White papers
Flere white papers »


Premium
Teaser billede
Hidtil hemmeligholdt rapport viser nu Nokias frygt: Her er, hvad ledelsen tænkte, kort efter Steve Jobs lancerede iPhone
Læs mere »
De vil med Teknologisk Arbejderkooperativ forsøge at forandre it-danmark nedefra: "Tech-giganterne har infiltreret vores samfund"
Minister bakker op om dansk kommunes skifte væk fra amerikansk cloud: Interessant tiltag
Oracle har et særligt våben til at få foden indenfor hos SAP-kunder
Se alle »
Computerworld
Teaser billede
Guide: Er din Google-konto hacket? Sådan finder du svaret
Læs mere »
Elon Musk sælger sit sociale medie X
Toldchok i USA: Apple og Amazon i fald – dansk it kan blive ramt
Prøvekørt: 'Årets bil' er kvadratisk, praktisk og bare god
Se alle »
CIO
Teaser billede
Husk det her, når du skal købe it-løsninger næste gang: Vi er vidner til it-branchens største maskefald nogensinde
Læs mere »
Din it-organisation går store forandringer i møde: Inden længe vil AI have bombet den 25 år tilbage
VMware-kunder rammes af voldsomme prisstigninger: Nu skal du betale for 72 kerner - også hvis du kun bruger otte
Tidligere it-sikkerhedschef i NNIT bliver ny CISO i DSB: Her er hans store opgave
Se alle »
Job & Karriere
Teaser billede
Den danske it-branche er på vagt: Hvad nu hvis Trump lukker for Microsoft 365 og AWS fra på mandag?
Læs mere »
Carsten advarede som it-sikkerhedschef om problemer og blev fyret: "Det endte med voksen-mobning af værste skuffe"
Microsoft fyrer de dårligst performende ansatte: Disse jobtitler bliver ramt
Nørgaard: I de gode gamle dage havde jeg for vane at fyre alle mine medarbejdere jævnligt
Se alle »
White paper
Teaser billede
Tidsbegrænset kampagne: Overvejer du at udskifte eller tilføje printere i din forretning? Vi kan tilbyde én eller flere maskiner gratis
Læs mere »
Udnyt Genesys Cloud CX optimalt og styrk kundeoplevelsen
Revolutionér kundeoplevelsen med AI og automatisering
AI og kunderejsen: Sådan vinder du fremtidens forbrugere
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »