Oprettet fre. d. 08. maj 2009 kl. 14:42:36

60 point uddelt | 66 kommentarer
jpi
jpi (16.900 point. Point ude: 0)

Win32 Cryptor

Jeg har en PC, hvor AVG rapporterer at den har Win32 Cryptor virus i bl.a. c:\windows\system32\svchost.exe og c:\windows\explorer.exe
Den kan ikke fjerne virussen eller slette filerne.

Jeg har forsøgt at installere Malwarebytes, men uden held. I første omgang ville installatione slet ikke starte og efer en omdøbning af install-filen installerede den, men vil ikke efterfølgende starte.

Jeg har forsøgt at starte i fejlsikret tilstand, og AVG rapporterer at filen er flyttet til virus vault, men den er der efter en genstart. Det ser ud til at den finder virussen i de kørende processer, da der er en parantes med et nummer i efter filnavnet, men ikke i selve filen.

Jeg har forsøgt at lave en systemgendannelse, men når jeg når til det sidste punkt i guiden og trykker på "næste >" sker der ingenting; som om virussen har blokeret det ??

Er der nogen der har prøvet dette og kender en "kur" ?

Eller er det nemmere med en "format c:" ?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 15:27:35| #1

karise_larry
karise_larry (263.204 point)
www.ballade.dk
For 13'ende gang - skal vi gætte:
Win98, W2000, XP, Vista, Win7, ... ?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 15:28:07| #2

karise_larry
karise_larry (263.204 point)
www.ballade.dk
... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/ (...)

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/ (...)

(Jooo - jeg har 'virus' på hjernen...)
Ikke nødvendigvis pga virus ell. lign. men så ka' jeg se hvad der er i din opstart mm.

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

------------------
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 16:30:37| #3

jpi
jpi (16.900 point)
Undskyld... Det er Win XP Home

Her er loggen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:55, on 08-05-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Dell\AccessDirect\dadapp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\logtool.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gurredam.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: 456131 helper - {E2931DF0-B740-44B6-8104-4A7AE9562E88} - C:\WINDOWS\system32\456131\456131.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DadApp] C:\Programmer\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [dll32] dll32
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/ (...)
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/ (...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/ (...)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ (...)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/ (...)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7829 bytes
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 16:41:36| #4

john_stigers (nedlagt brugerprofil) (nedlagt brugerprofil)
john_stigers (nedlagt brugerprofil) (nedlagt brugerprofil) (197.505 point)
Windows 7 32 bit
Der er flere uønskede elementer...

Hent Ccleaner her > Klik ude til højre på "Download Latest Version".
http://www.filehippo.com/ (...)
Der er en manual her > http://www.spywarefri.dk/ (...)
Der er en lille forskel "Problemer" er udskiftet med "Register".
Sæt de flueben som vist i manualen punkt 11 inden du kører "Renser".
PS.: Dette program vil  jeg anbefale dig at beholde, det er fremragende til at rydde op med.

Under installationen får du tilbudt [Yahoo Toolbar]. Sig "Nej"  til den.
Lad programmer foretage en oprydning i Renser og Register, og lad den slette det den finder.
Jeg skal ikke se log fra Ccleaner.



Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/ (...)
Eller herfra ->
http://www.majorgeeks.com/ (...)

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Manual for HiJackThis ->
http://www.spywareinfo.dk/ (...)

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

Hent Hijackthis her: http://www.trendsecure.com/ (...)

PS: (Vistabrugere skal klikke med højre-musetast på filen og vælge (Kør som administrator)
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 16:47:37| #5

karise_larry
karise_larry (263.204 point)
www.ballade.dk
<john_stigers>: Bemærk at <jpi> skriver at [Malwarebytes] ikke vil starte...

<jpi>: Det ka' være at du så skal gennemføre denne først ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/ (...)
http://download.bleepingcomputer.com/ (...)

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 16:52:26| #6

f-arn
f-arn (18.550 point)
Combofix virker ikke lige pt. Rapporterer ustandseligt om mulig virut!
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 16:56:29| #7

f-arn
f-arn (18.550 point)
Prøv det her:
Download Lop S&D by Eric_71 og gem det på dit Skrivebord.
http://eric.71.mespages.googlepages.com/ (...)
Klik på - Download knappen til venstre

-- Kør LopSD. Tast e - for Engelsk. Tryk Enter.
Tast så 2 = (Fix + Hosts)
Tryk Enter. Så kører scanningen.
Lad programmet gennemføre en rensning.

Når scanningen er færdig, ligger der en log fil her C:lopR txt, som du godt må kopiere ind i dit næste svar.


Og nej - den fjerner ikke noget, men den kan måske fortælle hvad der blokerer Malwarebytes
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 16:58:35| #8

jpi
jpi (16.900 point)
Jeg har lagt combofix på, men når jeg starter exe-filen sker der ikke noget.
Der kommer et timeglas i et par sekunder og så ikke mere.
I task-manager kan jeg se under processer at den kører, men der vises intet skærmbillede eller noget. Ligesom med Malwarebytes...
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 16:59:25| #9

f-arn
f-arn (18.550 point)
Rettelse, selvfølgelig fjerner den det der ligger i host filen. Dårligt formuleret!
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 17:01:36| #10

john_stigers (nedlagt brugerprofil) (nedlagt brugerprofil)
john_stigers (nedlagt brugerprofil) (nedlagt brugerprofil) (197.505 point)
Windows 7 32 bit
Så prøv at fjern snavs på denne måde:
Kør Hijackthis, klik på "do a systemscan only", sæt vinge ved disse og klik på "fix checked":

O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: 456131 helper - {E2931DF0-B740-44B6-8104-4A7AE9562E88} - C:\WINDOWS\system32\456131\456131.dll

Genstart PC, scan igen med hijackthis og smid loggen herind.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 17:09:08| #11

karise_larry
karise_larry (263.204 point)
www.ballade.dk
O4 - HKCU\..\Run: [dll32] dll32

bør også 'fixes' i HiJackThis ...
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 17:23:13| #12

jpi
jpi (16.900 point)
Her er logfil fra lopR.txt:


  --------------------\\  Lop S&D 4.2.5-0  XP/Vista

  Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
  X86-based PC ( Multiprocessor Free :        Mobile Intel(R) Pentium(R) 4 CPU 2.80GHz )
  BIOS : Phoenix ROM BIOS PLUS Version 1.10 A07
  USER : Heribert ( Administrator )
  BOOT : Normal boot
  Antivirus : AVG Anti-Virus Free 8.0 (Activated)
  A:\ (USB)
  C:\ (Local Disk) - NTFS - Total:33 Go (Free:20 Go)
  D:\ (CD or DVD)

  "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
  Option : [2] ( 08-05-2009|17:02 )


  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3AB.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3B0.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse86.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsg550.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsjE.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsk6.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsl3.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsn6.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso3.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso4EB.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsp8.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsq169.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr3AC.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr4E9.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr8.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nst3AD.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsu10.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsv552.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsvA.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsw5.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsx1AA.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsy84.tmp
  Deleted! - C:\DOCUME~1\Heribert\Cookies\heribert@imagevenue.advertserve[2].txt
  Deleted! - C:\DOCUME~1\Heribert\Cookies\heribert@adultfriendfinder[2].txt
  Deleted! - C:\DOCUME~1\Heribert\Cookies\heribert@www.adultadvertising[1].txt
  Deleted! - C:\DOCUME~1\Heribert\Cookies\heribert@partypoker[2].txt

  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SECOND PASS

  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3AB.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3B0.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse86.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsg550.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsjE.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsk6.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsl3.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsn6.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso3.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso4EB.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsp8.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsq169.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr3AC.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr4E9.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr8.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nst3AD.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsu10.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsv552.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsvA.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsw5.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsx1AA.tmp
  Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsy84.tmp

  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

  Deleted! - C:\Programmer\Viewpoint
  Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


  --------------------\\  Listing folders in APPLIC~1

  [28-09-2006|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
  [29-04-2009|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
  [26-11-2004|13:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
  [11-02-2005|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\e-Safekey
  [17-12-2004|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
  [08-05-2009|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
  [21-03-2008|13:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
  [01-02-2007|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
  [17-12-2004|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
  [17-09-2006|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
  [17-09-2006|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
  [17-09-2006|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
  [17-12-2004|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
  [24-12-2005|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
  [0|fil(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte
  [16|mappe(r)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte ledig

  [26-11-2004|13:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
  [26-11-2004|13:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
  [26-11-2004|13:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
  [26-11-2004|13:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
  [26-11-2004|13:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
  [0|fil(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte
  [7|mappe(r)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte ledig

  [23-09-2008|19:15] C:\DOCUME~1\Heribert\APPLIC~1\Adobe
  [12-01-2007|18:09] C:\DOCUME~1\Heribert\APPLIC~1\AdobeUM
  [05-12-2004|12:40] C:\DOCUME~1\Heribert\APPLIC~1\CyberLink
  [13-02-2006|08:13] C:\DOCUME~1\Heribert\APPLIC~1\Help
  [26-11-2004|13:00] C:\DOCUME~1\Heribert\APPLIC~1\Identities
  [01-02-2007|18:17] C:\DOCUME~1\Heribert\APPLIC~1\Lavasoft
  [05-12-2004|12:39] C:\DOCUME~1\Heribert\APPLIC~1\Leadertech
  [21-01-2006|10:54] C:\DOCUME~1\Heribert\APPLIC~1\Macromedia
  [26-12-2008|12:28] C:\DOCUME~1\Heribert\APPLIC~1\Microsoft
  [17-09-2006|20:11] C:\DOCUME~1\Heribert\APPLIC~1\ScanSoft
  [05-12-2004|12:39] C:\DOCUME~1\Heribert\APPLIC~1\Sonic
  [26-11-2004|13:28] C:\DOCUME~1\Heribert\APPLIC~1\Sun
  [26-11-2004|13:34] C:\DOCUME~1\Heribert\APPLIC~1\Symantec
  [04-05-2009|13:03] C:\DOCUME~1\Heribert\APPLIC~1\TeamViewer
  [25-12-2008|20:54] C:\DOCUME~1\Heribert\APPLIC~1\U3
  [0|fil(er)] C:\DOCUME~1\Heribert\APPLIC~1\byte
  [17|mappe(r)] C:\DOCUME~1\Heribert\APPLIC~1\byte ledig

  [21-03-2008|13:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
  [0|fil(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte
  [3|mappe(r)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte ledig

  [21-03-2008|13:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
  [0|fil(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte
  [3|mappe(r)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte ledig

  --------------------\\  Scheduled Tasks located in C:\WINDOWS\Tasks

  [08-05-2009 16:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
  [16-09-2002 08:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

  --------------------\\  Listing Folders in C:\Programmer

  [26-01-2006|18:02] C:\Programmer\Adobe
  [01-03-2005|15:53] C:\Programmer\AGFEO
  [25-12-2008|21:00] C:\Programmer\AVG
  [26-11-2004|13:29] C:\Programmer\Broadcom
  [26-11-2004|13:37] C:\Programmer\Common Files
  [26-11-2004|13:00] C:\Programmer\ComPlus Applications
  [26-11-2004|13:33] C:\Programmer\CyberLink
  [26-11-2004|13:32] C:\Programmer\Dell
  [17-12-2004|22:50] C:\Programmer\Dell Computer Corporation
  [17-09-2006|20:11] C:\Programmer\F‘lles filer
  [21-03-2008|13:12] C:\Programmer\Grisoft
  [17-12-2004|22:00] C:\Programmer\Hewlett-Packard
  [17-12-2004|22:06] C:\Programmer\HP
  [17-12-2004|21:26] C:\Programmer\InstallShield Installation Information
  [15-04-2009|16:20] C:\Programmer\Internet Explorer
  [26-11-2004|13:28] C:\Programmer\Java
  [01-02-2007|18:17] C:\Programmer\Lavasoft
  [17-12-2004|21:26] C:\Programmer\Logitech
  [08-05-2009|16:52] C:\Programmer\Malwarebytes' Anti-Malware
  [08-05-2009|14:06] C:\Programmer\Messenger
  [11-06-2006|22:55] C:\Programmer\Microsoft ActiveSync
  [14-05-2007|12:43] C:\Programmer\Microsoft CAPICOM 2.1.0.2
  [26-11-2004|13:00] C:\Programmer\microsoft frontpage
  [17-12-2004|23:35] C:\Programmer\Microsoft Office
  [17-12-2004|20:31] C:\Programmer\Microsoft Works
  [17-12-2004|23:35] C:\Programmer\Microsoft.NET
  [08-05-2009|14:01] C:\Programmer\Movie Maker
  [25-12-2008|21:01] C:\Programmer\MSECache
  [26-11-2004|13:00] C:\Programmer\MSN Gaming Zone
  [30-11-2006|12:09] C:\Programmer\MSXML 4.0
  [08-05-2009|13:59] C:\Programmer\NetMeeting
  [17-03-2006|20:24] C:\Programmer\OfficeUpdate11
  [26-11-2004|13:00] C:\Programmer\Onlinetjenester
  [08-05-2009|13:59] C:\Programmer\Outlook Express
  [26-11-2004|13:33] C:\Programmer\r
  [25-03-2005|19:00] C:\Programmer\RealVNC
  [17-09-2006|20:11] C:\Programmer\ScanSoft
  [26-11-2004|13:32] C:\Programmer\Sonic
  [26-11-2004|13:31] C:\Programmer\Synaptics
  [26-11-2004|13:37] C:\Programmer\Uninstall Information
  [08-05-2009|13:59] C:\Programmer\Windows Media Player
  [08-05-2009|13:59] C:\Programmer\Windows NT
  [26-11-2004|13:00] C:\Programmer\WindowsUpdate
  [26-11-2004|13:00] C:\Programmer\XEROX
  [0|fil(er)] C:\Programmer\byte
  [46|mappe(r)] C:\Programmer\byte ledig

  --------------------\\  Listing Folders in C:\Programmer\F‘lles filer

  [05-12-2004|12:21] C:\Programmer\F‘lles filer\Adobe
  [17-12-2004|23:35] C:\Programmer\F‘lles filer\DESIGNER
  [17-12-2004|21:58] C:\Programmer\F‘lles filer\Hewlett-Packard
  [17-12-2004|22:02] C:\Programmer\F‘lles filer\HP
  [17-12-2004|22:50] C:\Programmer\F‘lles filer\InstallShield
  [26-11-2004|13:27] C:\Programmer\F‘lles filer\Java
  [11-06-2006|22:55] C:\Programmer\F‘lles filer\L&H
  [17-12-2004|21:25] C:\Programmer\F‘lles filer\Logitech
  [08-08-2008|15:42] C:\Programmer\F‘lles filer\Microsoft Shared
  [26-11-2004|13:00] C:\Programmer\F‘lles filer\MSSoap
  [26-11-2004|13:00] C:\Programmer\F‘lles filer\ODBC
  [17-09-2006|20:11] C:\Programmer\F‘lles filer\ScanSoft Shared
  [26-11-2004|13:32] C:\Programmer\F‘lles filer\Sonic
  [26-11-2004|13:00] C:\Programmer\F‘lles filer\SpeechEngines
  [17-12-2004|19:58] C:\Programmer\F‘lles filer\Symantec Shared
  [08-05-2009|13:59] C:\Programmer\F‘lles filer\System
  [26-11-2004|13:00] C:\Programmer\F‘lles filer\Tjenester
  [0|fil(er)] C:\Programmer\F‘lles filer\byte
  [19|mappe(r)] C:\Programmer\F‘lles filer\byte ledig

  --------------------\\  Process

  ( 42 Processes )

  ... OK !

  --------------------\\  Searching with S_Lop

  No Lop folder found !

  --------------------\\  Searching for Lop Files - Folders

  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3AB.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3B0.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse86.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsg550.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsj3B6.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsjE.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsk6.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsl3.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsn6.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso3.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso4EB.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsp8.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsq169.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr3AC.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr4E9.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr8.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nst3AD.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsu10.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsv552.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsvA.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsw5.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsx1AA.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsy84.tmp

  --------------------\\  Searching within the Registry

  ..... OK !

  --------------------\\  Checking the Hosts file

  Hosts file CLEAN


  --------------------\\  Searching for hidden files with Catchme


  --------------------\\  Searching for other infections


  No other infections found !

  [F:1992][D:87]-> C:\DOCUME~1\Heribert\LOKALE~1\Temp
  [F:1479][D:0]-> C:\DOCUME~1\Heribert\Cookies
  [F:4639][D:14]-> C:\DOCUME~1\Heribert\LOKALE~1\TEMPOR~1\content.IE5

  1 - "C:\Lop SD\LopR_1.txt" - 08-05-2009|17:20 - Option : [2]

  --------------------\\  Scan completed at 17:20:14
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 17:35:03| #13

Skrevet fre. d. 08. maj 2009 kl. 18:58:46| #14

jpi
jpi (16.900 point)
HiJack-log efter fjernelse af de ting beskrevet i #10 og #11:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:28, on 08-05-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Dell\AccessDirect\dadapp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\hijak_log.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gurredam.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DadApp] C:\Programmer\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/ (...)
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/ (...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/ (...)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ (...)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/ (...)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 7627 bytes
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 19:26:37| #15

karise_larry
karise_larry (263.204 point)
www.ballade.dk
Bingo... i den retning...

Kan [Malwarebytes] eller [ComboFix] få rulle uden brok ?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 19:58:57| #16

jpi
jpi (16.900 point)
CombiFix melder tilbage at filen er blevet ændret
"You may be infected with a file patching virus (virut)"

Jeg overfører filen fra mine egen PC via TeamViewer til den "syge" PC. Har prøvet at overføre igen, men samme resultat.
Hvis jeg ikke omdøber filen vil den slet ikke starte...
Malwarebytes kan stadig ikke starte...
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 20:10:51| #17

jpi
jpi (16.900 point)
Til info kan jeg fortælle at man ikke kan gå på nettet via en browser fra den PC.
Der er vist ikke hul igennem via http
Dette er vist virussens skyld...
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 20:17:46| #18

Skrevet fre. d. 08. maj 2009 kl. 20:19:02| #19

john_stigers (nedlagt brugerprofil) (nedlagt brugerprofil)
john_stigers (nedlagt brugerprofil) (nedlagt brugerprofil) (197.505 point)
Windows 7 32 bit
Når spywarefri ikke kan hjælpe der, så er der desværre ingen anden udvej, end at gøre som i link :(
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 20:20:40| #20

Skrevet fre. d. 08. maj 2009 kl. 20:28:36| #21

Skrevet fre. d. 08. maj 2009 kl. 20:40:05| #22

jpi
jpi (16.900 point)
OK, virut-advarsel er muligvis ikke til at stole på...
Har du fået noget ud af den logfil jeg har postet ?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 20:40:25| #23

Skrevet fre. d. 08. maj 2009 kl. 20:45:13| #24

f-arn
f-arn (18.550 point)
Hent ProcessExplorer: http://download.sysinternals.com/ (...)

Pak den ud og start den, lad den skanne, når den er færdig så klik "file" "save" og kopier indholdet herind.

Nu kender jeg ikke AVG men kan du ikke lige lave en log fra den (hurtig skan?)
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 20:47:21| #25

Skrevet fre. d. 08. maj 2009 kl. 20:52:11| #26

jpi
jpi (16.900 point)
Fra processExplorer:

Process    PID    CPU    Description    Company Name
System Idle Process    0    97.73       
Interrupts    n/a        Hardware Interrupts   
DPCs    n/a        Deferred Procedure Calls   
System    4           
  smss.exe    552        Windows NT-sessionsstyring    Microsoft Corporation
  csrss.exe    600        Client Server Runtime Process    Microsoft Corporation
  winlogon.exe    624        Windows NT-logonprogram    Microsoft Corporation
    services.exe    672    0.76    Tjenester og controllerprogrammer    Microsoft Corporation
    svchost.exe    880        Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe    952        Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe    1052        Generic Host Process for Win32 Services    Microsoft Corporation
      wuauclt.exe    3772        Windows Update Automatic Updates    Microsoft Corporation
    svchost.exe    1152        Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe    1256        Generic Host Process for Win32 Services    Microsoft Corporation
    spoolsv.exe    1464        Spooler SubSystem App    Microsoft Corporation
    svchost.exe    456        Generic Host Process for Win32 Services    Microsoft Corporation
    avgwdsvc.exe    364        AVG Watchdog Service    AVG Technologies CZ, s.r.o.
      avgrsx.exe    1636        AVG Resident Shield Service    AVG Technologies CZ, s.r.o.
    nvsvc32.exe    108        NVIDIA Driver Helper Service, Version 66.10    NVIDIA Corporation
    svchost.exe    1204        Generic Host Process for Win32 Services    Microsoft Corporation
    TeamViewer_Service.exe    1576        TeamViewer Service    TeamViewer GmbH
      TeamViewer.exe    3220    0.76    TeamViewer fjernstyringsprogram    TeamViewer GmbH
    wdfmgr.exe    2140        Windows User Mode Driver Manager    Microsoft Corporation
    alg.exe    2824        Application Layer Gateway Service    Microsoft Corporation
    lsass.exe    684        LSA Shell (Export Version)    Microsoft Corporation
explorer.exe    1752        Windows Stifinder    Microsoft Corporation
BCMSMMSG.exe    1920        Modem Messaging Applet    Broadcom Corporation
jusched.exe    1928           
DadApp.exe    1936           
SynTPLpr.exe    1944        TouchPad Driver Helper Application    Synaptics, Inc.
SynTPEnh.exe    1952        Synaptics TouchPad Enhancements    Synaptics, Inc.
tfswctrl.exe    2004        Drive Letter Access Component    Sonic Solutions
PCMService.exe    2024        PowerCinema Resident Program for Dell    CyberLink Corp.
DVDLauncher.exe    2032        CyberLink PowerCinema Resident Program    CyberLink Corp.
iTouch.exe    132        iTouch Application    Logitech Inc.
hpwuSchd2.exe    180        hpwuSchd    Hewlett-Packard Company
hpcmpmgr.exe    196        HP Framework Component Manager Service    Hewlett-Packard Company
opware32.exe    308        OCR Aware (32-bit)    ScanSoft, Inc
avgtray.exe    320        AVG Tray Monitor    AVG Technologies CZ, s.r.o.
ctfmon.exe    396        CTF Loader    Microsoft Corporation
hpqtra08.exe    1080        HP Digital Imaging Monitor (CUE)    Hewlett-Packard Co.
procexp.exe    488    0.76    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
EM_EXEC.EXE    324        Logitech Events Handler Application    Logitech Inc.
hpqgalry.exe    3668            Hewlett-Packard Co.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 20:56:00| #27

jpi
jpi (16.900 point)
Log fra AVG:
"Scan ""Scan whole computer"" was finished."
"Infections";"14";"9";"5"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"4. maj 2009, 13:35:09"
"Scan finished:";"4. maj 2009, 13:36:31 (1 minute(s) 21 second(s))"
"Total object scanned:";"16652"
"User who launched the scan:";"Heribert"

"Infections"
"File";"Infection";"Result"
"\\?\globalroot\systemroot\system32\UACodainadv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACodainadv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACodainadv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACodainadv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACqtoiqhkl.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACqtoiqhkl.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACqtoiqhkl.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACqtoiqhkl.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\explorer.exe (1804)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\SYSTEM32\svchost.exe (1048)";"Virus identified Win32/Cryptor";""
"\\?\globalroot\systemroot\system32\UACqtoiqhkl.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\SYSTEM32\svchost.exe (1328)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\SYSTEM32\svchost.exe (1792)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\SYSTEM32\svchost.exe (876)";"Virus identified Win32/Cryptor";""
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 21:08:17| #28

f-arn
f-arn (18.550 point)
Hent og pak RootRepeal ud.

http://rootrepeal.googlepages.com/ (...)

Start og vælg "files" skan og lad den søge
Når den er færdig viser den en liste over filer.
Tryk på "save report" og send den herind.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 21:08:31| #29

jpi
jpi (16.900 point)
På min egen PX, der ikke er inficeret melder ComboFix også at der er virut på, så der er vist rigtig nok noget galt.. Heldigvis :-)
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 21:20:23| #30

jpi
jpi (16.900 point)
RootRepeal-og:

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time:            2009/05/08 21:19
Program Version:        Version 1.2.3.0
Windows Version:        Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACcdsmxfmm.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACcplnraux.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACodainadv.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACqfrfqomu.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACqlosewef.db
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACqtoiqhkl.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACsjnxukal.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACtebmskgu.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\uactmp.db
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACubowtnwa.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\DRIVERS\UACccfifipb.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\UAC63cf.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Dokumenter\Billeder\Russland2005\CAYNYFE5.:Zone.Identifier
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Dokumenter\Billeder\Russland2005\CAYNYFE5.
Status: Allocation size mismatch (API: 1683456, Raw: 0)

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nse3AB.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nse3B0.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nse86.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsg550.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsj3B6.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsjE.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsk6.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsl3.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsn6.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nso3.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nso4EB.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsp8.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsq169.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsr3AC.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsr3BB.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsr4E9.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsr8.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nst3AD.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nst3BE.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsu10.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsv552.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsvA.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsw5.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsx1AA.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsy84.tmp\UAC.dll
Status: Invisible to the Windows API!
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 21:41:40| #31

f-arn
f-arn (18.550 point)
Start RootRepeal igen og find denne: UACccfifipb.sys
Højreklik på den og vælg "wipe file"

Genstart straks og prøv om du ikke kan installere og køre malwarebytes. Husk opdatering og at lade den fjerne hvad den finder Jeg vil gerne se logs fra Malwarebytes og DDS som du finder her:  http://download.bleepingcomputer.com/ (...)
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 21:48:10| #32

f-arn
f-arn (18.550 point)
Hvis det lykkes at installere så start hijackthis klik på "do a system skan only" og sæt flueben i disse:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

luk alle andre vinduer og klik "fix checked"

Elles kan du ikke opdatere
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 22:00:44| #33

f-arn
f-arn (18.550 point)
Og jeg mente selvfølgelig at du ikke kunne bruge nettet med din IE 7
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 22:03:58| #34

jpi
jpi (16.900 point)
Malwarebytes virker igen, og med det sidste trick i #32 virker opgraderingen også.
Vil IE nu også virke igen ?
Indtil videre har jeg sat Malwarebytes til at scanne.
Skal jeg scanne med AVG også eller vente til senere ?

I hvart faæd ser det bedre ud, for under opstarten kom AVG og og havde fundet alle de dll-filer der startede med UAC.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 23:02:25| #35

f-arn
f-arn (18.550 point)
Vent til senere, vi skal under alle omstændigheder finde en bedre antivirus til dig!

http://www.spywarefri.dk/ (...)

Prøv lige combofix igen, den er tilsyneladende blevet "fixet". Hvis den virker så vil jeg gerne se en log fra den istedet for DDS.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 23:03:20| #36

jpi
jpi (16.900 point)
Logfil fra malwarebytes:

Malwarebytes' Anti-Malware 1.36
Database version: 2096
Windows 5.1.2600 Service Pack 3

08-05-2009 22:59:25
mbam-log-2009-05-08 (22-59-12).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 133140
Tid tilbagelagt: 45 minute(s), 1 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 8
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 0
Inficerede Filer: 15

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\o675.o675mgr (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\o675.o675mgr.1 (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> No action taken.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\hijackthis\backups\backup-20090508-172508-158.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243839.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243840.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243841.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243842.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243856.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\SYSTEM32\UACcdsmxfmm.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\SYSTEM32\UACqfrfqomu.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\SYSTEM32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\ie3.tmp (Trojan.Agent) -> No action taken.
C:\svchost.exe (Trojan.Agent) -> No action taken.
C:\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\WINDOWS\SYSTEM32\UACsjnxukal.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\UACubowtnwa.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\DRIVERS\UACccfifipb.sys (Trojan.Agent) -> No action taken.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 23:14:24| #37

jpi
jpi (16.900 point)
Har lige hentet GData til min anden PC. Er det OK ?

Ang comboFix, så vil jeg gerne vente til imorgen, da man åbenbart mister netværket osv., hvilket ikke er så smart når jeg sidder remote ift maskinen. Imorgen er der nogen onsite, der kan genskabe forbindelsen osv.
Men jeg kører lige en DDS.scr...
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 08. maj 2009 kl. 23:21:26| #38

jpi
jpi (16.900 point)
DDS.log:


DDS (Ver_09-03-16.01) - NTFSx86 
Run by Heribert at 23:19:32,59 on 08-05-2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.511.156 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Dell\AccessDirect\dadapp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\hijackthis\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.euro.dell.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gurredam.dk/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmer\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sonic RecordNow!]
uRun: [updateMgr] "c:\programmer\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SunJavaUpdateSched] c:\programmer\java\j2re1.4.2_03\bin\jusched.exe
mRun: [<NO NAME>]
mRun: [DadApp] c:\programmer\dell\accessdirect\dadapp.exe
mRun: [SynTPLpr] c:\programmer\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programmer\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\programmer\fælles filer\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\programmer\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\programmer\r\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [zBrowser Launcher] c:\programmer\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [HP Software Update] "c:\programmer\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\programmer\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Omnipage] c:\programmer\scansoft\omnipagese\opware32.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\adober~1.lnk - c:\programmer\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpdigi~1.lnk - c:\programmer\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpimag~1.lnk - c:\programmer\hp\digital imaging\bin\hpqthb08.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.danskebank.dk/html/activex/DB/Menu.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150058542093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programmer\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmer\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-25 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-21 27656]
R2 agfwmp;AGFEO NDISWAN Miniport Driver;c:\windows\system32\drivers\AGFWMP.sys [2005-3-1 70144]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-25 298264]
R2 TeamViewer4;TeamViewer 4;c:\documents and settings\heribert\temp\teamviewer\version4\TeamViewer_Service.exe [2009-4-29 185640]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2004-12-17 14092]
S2 agfucapi;AGFEO ISDN PC-Adapter;c:\windows\system32\drivers\AGFUCAPI.sys [2005-3-1 268288]

=============== Created Last 30 ================

2009-05-08 21:53    <DIR>    --d-----    c:\docume~1\heribert\applic~1\Malwarebytes
2009-05-08 19:47    <DIR>    --d-----    C:\32788R22FWJFW.0.tmp
2009-05-08 17:01    <DIR>    --d-----    C:\Lop SD
2009-05-08 16:52    15,504    a-------    c:\windows\system32\drivers\mbam.sys
2009-05-08 16:52    38,496    a-------    c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 16:52    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-08 16:27    <DIR>    --d-----    C:\hijackthis
2009-05-08 14:01    <DIR>    --d-----    c:\windows\system32\da
2009-05-08 14:01    <DIR>    --d-----    c:\windows\l2schemas
2009-05-08 14:01    <DIR>    --d-----    c:\windows\system32\bits
2009-05-08 13:22    <DIR>    --d-----    c:\programmer\Malwarebytes' Anti-Malware
2009-05-08 11:35    2,967,800    a-------    C:\tool.exe
2009-05-04 13:09    3,496    a-------    C:\virusresults.csv
2009-05-04 13:03    <DIR>    --d-----    c:\docume~1\heribert\applic~1\TeamViewer
2009-05-04 13:03    <DIR>    --d-----    c:\documents and settings\heribert\temp
2009-04-29 17:38    <DIR>    --d-----    c:\windows\system32\456131
2009-04-29 17:08    24,576    a-------    c:\windows\system32\stu2.exe
2009-04-17 13:08    5,632    a-------    c:\windows\system32\ptpusb.dll
2009-04-17 13:08    159,232    a-------    c:\windows\system32\ptpusd.dll
2009-04-15 15:39    1,203,922    --------    c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 15:39    217,088    --------    c:\windows\system32\dllcache\wordpad.exe

==================== Find3M  ====================

2009-05-08 23:01    22,122    a-------    c:\windows\system32\nvModes.dat
2009-05-08 16:26    399,716    a-------    c:\windows\system32\PERFH006.DAT
2009-05-08 16:26    64,610    a-------    c:\windows\system32\PERFC006.DAT
2009-05-08 14:03    79,183    a-------    c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 16:08    1,006,080    --------    c:\windows\system32\dllcache\kernel32.dll
2009-03-06 16:20    284,672    a-------    c:\windows\system32\pdh.dll
2009-03-06 16:20    284,672    --------    c:\windows\system32\dllcache\pdh.dll
2009-03-03 02:11    826,368    a-------    c:\windows\system32\wininet.dll
2009-03-03 02:11    826,368    a-------    c:\windows\system32\dllcache\wininet.dll
2009-02-28 06:54    636,072    --------    c:\windows\system32\dllcache\iexplore.exe
2009-02-20 12:20    70,656    --------    c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 12:20    13,824    --------    c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 07:14    161,792    --------    c:\windows\system32\dllcache\ieakui.dll
2009-02-10 19:08    2,068,608    --------    c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 16:07    1,846,784    a-------    c:\windows\system32\win32k.sys
2009-02-09 16:07    1,846,784    --------    c:\windows\system32\dllcache\win32k.sys
2009-02-09 13:26    2,191,616    --------    c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 13:26    2,026,496    a-------    c:\windows\system32\ntkrnlpa.exe
2009-02-09 13:26    2,026,496    --------    c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 13:25    2,147,840    a-------    c:\windows\system32\ntoskrnl.exe
2009-02-09 13:25    2,147,840    --------    c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 13:25    110,592    a-------    c:\windows\system32\services.exe
2009-02-09 13:25    110,592    --------    c:\windows\system32\dllcache\services.exe
2009-02-09 12:53    730,624    a-------    c:\windows\system32\lsasrv.dll
2009-02-09 12:53    730,624    --------    c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 12:53    719,360    a-------    c:\windows\system32\ntdll.dll
2009-02-09 12:53    682,496    a-------    c:\windows\system32\advapi32.dll
2009-02-09 12:53    401,408    a-------    c:\windows\system32\rpcss.dll
2009-02-09 12:53    719,360    --------    c:\windows\system32\dllcache\ntdll.dll
2009-02-09 12:53    682,496    --------    c:\windows\system32\dllcache\advapi32.dll
2009-02-09 12:53    473,600    --------    c:\windows\system32\dllcache\fastprox.dll
2009-02-09 12:53    401,408    --------    c:\windows\system32\dllcache\rpcss.dll
2009-02-09 12:53    453,120    --------    c:\windows\system32\dllcache\wmiprvsd.dll
2008-03-19 12:13    32,768    a--sh---    c:\windows\temp\history\history.ie5\index.dat

============= FINISH: 23:19:54,59 ===============
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 09. maj 2009 kl. 09:33:06| #39

karise_larry
karise_larry (263.204 point)
www.ballade.dk
<jpi>: Indtil <f-arn> kommer tilbage: Du skal lige gennemføre [malwarebytes] igen - du har nemlig IKKE fjernet noget -> No action taken. .
Efter scanning - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 09. maj 2009 kl. 11:23:42| #40

jpi
jpi (16.900 point)
<karise_larry> Jeg fik vist gemt logfilen inden den selv gemte den og fik kun sendt den "forkerte" herind.
Her er den der blev autogenereret efter den var helt færdig:

Malwarebytes' Anti-Malware 1.36
Database version: 2096
Windows 5.1.2600 Service Pack 3

08-05-2009 22:59:31
mbam-log-2009-05-08 (22-59-31).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 133140
Tid tilbagelagt: 45 minute(s), 1 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 8
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 0
Inficerede Filer: 15

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\o675.o675mgr (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\o675.o675mgr.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\hijackthis\backups\backup-20090508-172508-158.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243839.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243840.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243841.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243842.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243856.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACcdsmxfmm.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACqfrfqomu.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\ie3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACsjnxukal.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACubowtnwa.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\UACccfifipb.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 09. maj 2009 kl. 12:18:27| #41

f-arn
f-arn (18.550 point)
Jeg ved ikke rigtigt hvad du mener med GData?

Det her?
http://www.spywarefri.dk/ (...)

Find og upload disse filer hos Jotti eller Virustotal:

c:\windows\system32\drivers\AGFWMP.sys
c:\windows\system32\drivers\AGFUCAPI.sys

http://virusscan.jotti.org/ (...)

Hvis du ikke ved hvordan så se her:
http://www.it-artikler.dk/ (...)

Kopier resultatet herind
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 09. maj 2009 kl. 12:37:09| #42

jpi
jpi (16.900 point)
De to filer er ikke på PC'en længere (og jeg har kigget i skjulte filer)
Ud fra DDS-loggen kan jeg se at de tilhørte en ISDN-adapter der var tilsluttet PC'en indtil for nyligt, og da jeg har ryddet op og afinstalleret AGFEO-adapteren og tilhørende software er den blevet fjernet. Så de var vist gode nok.

Ang. valg af anti-virus, så synes jeg at alle de tests man læser peger i forskellige retninger...
Så jeg så at GData havde en god detection-rate og installerede det. Lige nu kører den og scanner PC'en og har fundet en del trojanske heste som AVG og Malwarebytes ikke havde fundet.



Men er der et antivirus program der er det bedste ? Jeg har en fornemmelse af at det er lidt en religions-sag :-)
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 09. maj 2009 kl. 12:45:21| #43

f-arn
f-arn (18.550 point)
Ja, det er lidt en religions-sag ;-)

Jeg var bare lidt i tvivl om de 2 filer da der er lidt modstridende oplysninger.

Combofix må vi vist vente på :-(
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 09. maj 2009 kl. 12:52:40| #44

jpi
jpi (16.900 point)
Ja, jeg startede combofix op, og den viste stadig den samme fejl :-(

Hvilke modstridende oplysninger fandt du ? på nettet ?

Hvilken antivirussoftware ville du anbefale ?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 10. maj 2009 kl. 01:45:36| #45

jpi
jpi (16.900 point)
Jeg har scannet PC en med malwarebytes, GData og Ad-Aware og alle 3 viser ingen infectioner.

Jeg har lavet nogle kørsler med deforegående tools, og her er logfilerne:
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 10. maj 2009 kl. 01:45:54| #46

jpi
jpi (16.900 point)
Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:15, on 09-05-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Dell\AccessDirect\dadapp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Fælles filer\G DATA\AVKProxy\AVKProxy.exe
C:\Programmer\G Data\AntiVirus\AVK\AVKService.exe
C:\Programmer\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Fælles filer\G DATA\GDScan\GDScan.exe
C:\hijackthis\hijak_log.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gurredam.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: ::1 localhost
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programmer\G Data\AntiVirus\Webfilter\AvkWebIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programmer\G Data\AntiVirus\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DadApp] C:\Programmer\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Programmer\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/ (...)
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/ (...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/ (...)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ (...)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/ (...)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Programmer\Fælles filer\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Programmer\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Filesystem Monitor (AVKWCtl) - G Data Software AG - C:\Programmer\G Data\AntiVirus\AVK\AVKWCtl.exe
O23 - Service: G Data Scanner (GDScan) - G DATA Software AG - C:\Programmer\Fælles filer\G DATA\GDScan\GDScan.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 8230 bytes
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 10. maj 2009 kl. 01:46:15| #47

jpi
jpi (16.900 point)
lopR:


  --------------------\\  Lop S&D 4.2.5-0  XP/Vista

  Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
  X86-based PC ( Multiprocessor Free :        Mobile Intel(R) Pentium(R) 4 CPU 2.80GHz )
  BIOS : Phoenix ROM BIOS PLUS Version 1.10 A07
  USER : Heribert ( Administrator )
  BOOT : Normal boot
  Antivirus : G Data AntiVirus 2010 18.0 (Activated)
  A:\ (USB)
  C:\ (Local Disk) - NTFS - Total:33 Go (Free:20 Go)
  D:\ (CD or DVD)

  "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
  Option : [2] ( 09-05-2009|23:22 )


  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3AB.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3B0.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse86.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsg550.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsj3B6.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsjE.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsk6.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsl3.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsn6.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso3.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso4EB.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsp8.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsq169.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr3AC.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr4E9.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr8.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nst3AD.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsu10.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsv552.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsvA.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsw5.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsx1AA.tmp
  Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsy84.tmp

  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


  --------------------\\  Listing folders in APPLIC~1

  [09-05-2009|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
  [28-09-2006|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
  [09-05-2009|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
  [26-11-2004|13:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
  [11-02-2005|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\e-Safekey
  [09-05-2009|02:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\G DATA
  [17-12-2004|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
  [09-05-2009|01:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
  [08-05-2009|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
  [21-03-2008|13:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
  [01-02-2007|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
  [17-12-2004|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
  [17-09-2006|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
  [17-09-2006|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
  [17-09-2006|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
  [17-12-2004|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
  [24-12-2005|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
  [0|fil(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte
  [19|mappe(r)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte ledig

  [26-11-2004|13:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
  [26-11-2004|13:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
  [26-11-2004|13:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
  [26-11-2004|13:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
  [26-11-2004|13:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
  [0|fil(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte
  [7|mappe(r)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte ledig

  [23-09-2008|19:15] C:\DOCUME~1\Heribert\APPLIC~1\Adobe
  [12-01-2007|18:09] C:\DOCUME~1\Heribert\APPLIC~1\AdobeUM
  [05-12-2004|12:40] C:\DOCUME~1\Heribert\APPLIC~1\CyberLink
  [13-02-2006|08:13] C:\DOCUME~1\Heribert\APPLIC~1\Help
  [26-11-2004|13:00] C:\DOCUME~1\Heribert\APPLIC~1\Identities
  [09-05-2009|00:03] C:\DOCUME~1\Heribert\APPLIC~1\Lavasoft
  [05-12-2004|12:39] C:\DOCUME~1\Heribert\APPLIC~1\Leadertech
  [21-01-2006|10:54] C:\DOCUME~1\Heribert\APPLIC~1\Macromedia
  [08-05-2009|21:53] C:\DOCUME~1\Heribert\APPLIC~1\Malwarebytes
  [26-12-2008|12:28] C:\DOCUME~1\Heribert\APPLIC~1\Microsoft
  [17-09-2006|20:11] C:\DOCUME~1\Heribert\APPLIC~1\ScanSoft
  [05-12-2004|12:39] C:\DOCUME~1\Heribert\APPLIC~1\Sonic
  [26-11-2004|13:28] C:\DOCUME~1\Heribert\APPLIC~1\Sun
  [26-11-2004|13:34] C:\DOCUME~1\Heribert\APPLIC~1\Symantec
  [04-05-2009|13:03] C:\DOCUME~1\Heribert\APPLIC~1\TeamViewer
  [25-12-2008|20:54] C:\DOCUME~1\Heribert\APPLIC~1\U3
  [0|fil(er)] C:\DOCUME~1\Heribert\APPLIC~1\byte
  [18|mappe(r)] C:\DOCUME~1\Heribert\APPLIC~1\byte ledig

  [09-05-2009|01:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
  [08-05-2009|21:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\TeamViewer
  [0|fil(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte
  [4|mappe(r)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte ledig

  [09-05-2009|01:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
  [0|fil(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte
  [3|mappe(r)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte ledig

  --------------------\\  Scheduled Tasks located in C:\WINDOWS\Tasks

  [09-05-2009 01:16][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
  [09-05-2009 21:32][--ah-----] C:\WINDOWS\tasks\SA.DAT
  [16-09-2002 08:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

  --------------------\\  Listing Folders in C:\Programmer

  [26-01-2006|18:02] C:\Programmer\Adobe
  [09-05-2009|00:04] C:\Programmer\AGFEO
  [25-12-2008|21:00] C:\Programmer\AVG
  [26-11-2004|13:29] C:\Programmer\Broadcom
  [26-11-2004|13:37] C:\Programmer\Common Files
  [26-11-2004|13:00] C:\Programmer\ComPlus Applications
  [26-11-2004|13:33] C:\Programmer\CyberLink
  [26-11-2004|13:32] C:\Programmer\Dell
  [17-12-2004|22:50] C:\Programmer\Dell Computer Corporation
  [09-05-2009|01:46] C:\Programmer\F‘lles filer
  [09-05-2009|01:46] C:\Programmer\G Data
  [21-03-2008|13:12] C:\Programmer\Grisoft
  [17-12-2004|22:00] C:\Programmer\Hewlett-Packard
  [17-12-2004|22:06] C:\Programmer\HP
  [17-12-2004|21:26] C:\Programmer\InstallShield Installation Information
  [15-04-2009|16:20] C:\Programmer\Internet Explorer
  [26-11-2004|13:28] C:\Programmer\Java
  [09-05-2009|01:13] C:\Programmer\Lavasoft
  [17-12-2004|21:26] C:\Programmer\Logitech
  [08-05-2009|21:53] C:\Programmer\Malwarebytes' Anti-Malware
  [08-05-2009|14:06] C:\Programmer\Messenger
  [11-06-2006|22:55] C:\Programmer\Microsoft ActiveSync
  [14-05-2007|12:43] C:\Programmer\Microsoft CAPICOM 2.1.0.2
  [26-11-2004|13:00] C:\Programmer\microsoft frontpage
  [17-12-2004|23:35] C:\Programmer\Microsoft Office
  [17-12-2004|20:31] C:\Programmer\Microsoft Works
  [17-12-2004|23:35] C:\Programmer\Microsoft.NET
  [08-05-2009|14:01] C:\Programmer\Movie Maker
  [25-12-2008|21:01] C:\Programmer\MSECache
  [26-11-2004|13:00] C:\Programmer\MSN Gaming Zone
  [30-11-2006|12:09] C:\Programmer\MSXML 4.0
  [08-05-2009|13:59] C:\Programmer\NetMeeting
  [17-03-2006|20:24] C:\Programmer\OfficeUpdate11
  [26-11-2004|13:00] C:\Programmer\Onlinetjenester
  [08-05-2009|13:59] C:\Programmer\Outlook Express
  [26-11-2004|13:33] C:\Programmer\r
  [17-09-2006|20:11] C:\Programmer\ScanSoft
  [26-11-2004|13:32] C:\Programmer\Sonic
  [26-11-2004|13:31] C:\Programmer\Synaptics
  [26-11-2004|13:37] C:\Programmer\Uninstall Information
  [08-05-2009|13:59] C:\Programmer\Windows Media Player
  [08-05-2009|13:59] C:\Programmer\Windows NT
  [26-11-2004|13:00] C:\Programmer\WindowsUpdate
  [26-11-2004|13:00] C:\Programmer\XEROX
  [0|fil(er)] C:\Programmer\byte
  [46|mappe(r)] C:\Programmer\byte ledig

  --------------------\\  Listing Folders in C:\Programmer\F‘lles filer

  [05-12-2004|12:21] C:\Programmer\F‘lles filer\Adobe
  [17-12-2004|23:35] C:\Programmer\F‘lles filer\DESIGNER
  [09-05-2009|01:48] C:\Programmer\F‘lles filer\G DATA
  [17-12-2004|21:58] C:\Programmer\F‘lles filer\Hewlett-Packard
  [17-12-2004|22:02] C:\Programmer\F‘lles filer\HP
  [17-12-2004|22:50] C:\Programmer\F‘lles filer\InstallShield
  [26-11-2004|13:27] C:\Programmer\F‘lles filer\Java
  [11-06-2006|22:55] C:\Programmer\F‘lles filer\L&H
  [17-12-2004|21:25] C:\Programmer\F‘lles filer\Logitech
  [08-08-2008|15:42] C:\Programmer\F‘lles filer\Microsoft Shared
  [26-11-2004|13:00] C:\Programmer\F‘lles filer\MSSoap
  [26-11-2004|13:00] C:\Programmer\F‘lles filer\ODBC
  [17-09-2006|20:11] C:\Programmer\F‘lles filer\ScanSoft Shared
  [26-11-2004|13:32] C:\Programmer\F‘lles filer\Sonic
  [26-11-2004|13:00] C:\Programmer\F‘lles filer\SpeechEngines
  [17-12-2004|19:58] C:\Programmer\F‘lles filer\Symantec Shared
  [08-05-2009|13:59] C:\Programmer\F‘lles filer\System
  [26-11-2004|13:00] C:\Programmer\F‘lles filer\Tjenester
  [0|fil(er)] C:\Programmer\F‘lles filer\byte
  [20|mappe(r)] C:\Programmer\F‘lles filer\byte ledig

  --------------------\\  Process

  ( 46 Processes )

  ... OK !

  --------------------\\  Searching with S_Lop

  No Lop folder found !

  --------------------\\  Searching for Lop Files - Folders

  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr3BB.tmp
  C:\DOCUME~1\Heribert\LOKALE~1\Temp\nst3BE.tmp

  --------------------\\  Searching within the Registry

  ..... OK !

  --------------------\\  Checking the Hosts file

  Hosts file CLEAN


  --------------------\\  Searching for hidden files with Catchme

  catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2009-05-09 23:23:45
  Windows 5.1.2600 Service Pack 3 NTFS
  scanning hidden processes ...
  scanning hidden files ...
  scan completed successfully
  hidden processes: 0
  hidden files: 0

  --------------------\\  Searching for other infections


  No other infections found !

  [F:2136][D:190]-> C:\DOCUME~1\Heribert\LOKALE~1\Temp
  [F:2][D:0]-> C:\DOCUME~1\Heribert\Cookies
  [F:10][D:4]-> C:\DOCUME~1\Heribert\LOKALE~1\TEMPOR~1\content.IE5

  1 - "C:\Lop SD\LopR_1.txt" - 08-05-2009|17:20 - Option : [2]
  2 - "C:\Lop SD\LopR_2.txt" - 09-05-2009|23:24 - Option : [2]

  --------------------\\  Scan completed at 23:24:40
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 10. maj 2009 kl. 01:46:42| #48

jpi
jpi (16.900 point)
DDS:


DDS (Ver_09-03-16.01) - NTFSx86 
Run by Heribert at 21:56:29,60 on 09-05-2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.511.223 [GMT 2:00]

AV: G Data AntiVirus 2010 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Dell\AccessDirect\dadapp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
svchost.exe
C:\Programmer\Fælles filer\G DATA\AVKProxy\AVKProxy.exe
C:\Programmer\G Data\AntiVirus\AVK\AVKService.exe
C:\Programmer\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Fælles filer\G DATA\GDScan\GDScan.exe
C:\hijackthis\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.euro.dell.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gurredam.dk/
BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\programmer\g data\antivirus\webfilter\AvkWebIE.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\programmer\g data\antivirus\webfilter\AvkWebIE.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sonic RecordNow!]
uRun: [updateMgr] "c:\programmer\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SunJavaUpdateSched] c:\programmer\java\j2re1.4.2_03\bin\jusched.exe
mRun: [<NO NAME>]
mRun: [DadApp] c:\programmer\dell\accessdirect\dadapp.exe
mRun: [SynTPLpr] c:\programmer\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programmer\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\programmer\fælles filer\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\programmer\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\programmer\r\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [zBrowser Launcher] c:\programmer\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [HP Software Update] "c:\programmer\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\programmer\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Omnipage] c:\programmer\scansoft\omnipagese\opware32.exe
mRun: [Ad-Watch] c:\programmer\lavasoft\ad-aware\AAWTray.exe
mRun: [G DATA AntiVirus Trayapplication] c:\programmer\g data\antivirus\avktray\AVKTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\adober~1.lnk - c:\programmer\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpdigi~1.lnk - c:\programmer\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpimag~1.lnk - c:\programmer\hp\digital imaging\bin\hpqthb08.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.danskebank.dk/html/activex/DB/Menu.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150058542093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programmer\hp\hpcoretech\comp\hpuiprot.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-9 64160]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-5-9 68424]
R2 AVKProxy;G Data AntiVirus Proxy;c:\programmer\fælles filer\g data\avkproxy\AVKProxy.exe [2009-4-9 1043528]
R2 AVKService;G Data Scheduler;c:\programmer\g data\antivirus\avk\AVKService.exe [2009-4-9 388168]
R2 AVKWCtl;G Data Filesystem Monitor;c:\programmer\g data\antivirus\avk\AVKWCtl.exe [2009-2-25 1206096]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-5-9 51016]
R2 TeamViewer4;TeamViewer 4;c:\documents and settings\heribert\temp\teamviewer\version4\TeamViewer_Service.exe [2009-4-29 185640]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-5-9 50632]
R3 GDScan;G Data Scanner;c:\programmer\fælles filer\g data\gdscan\GDScan.exe [2009-3-10 298568]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-5-9 32328]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2004-12-17 14092]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmer\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]

=============== Created Last 30 ================

2009-05-09 14:33    15,688    a-------    c:\windows\system32\lsdelete.exe
2009-05-09 02:34    68,424    a-------    c:\windows\system32\drivers\GRD.sys
2009-05-09 01:50    50,632    a-------    c:\windows\system32\drivers\MiniIcpt.sys
2009-05-09 01:49    51,016    a-------    c:\windows\system32\drivers\GDTdiIcpt.sys
2009-05-09 01:49    32,328    a-------    c:\windows\system32\drivers\HookCentre.sys
2009-05-09 01:48    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\G DATA
2009-05-09 01:46    <DIR>    --d-----    c:\programmer\G Data
2009-05-09 01:46    <DIR>    --d-----    c:\programmer\fælles filer\G DATA
2009-05-09 01:16    64,160    a-------    c:\windows\system32\drivers\Lbd.sys
2009-05-09 01:13    <DIR>    -cd-h---    c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-09 01:13    <DIR>    --d-----    c:\programmer\Lavasoft
2009-05-08 21:53    <DIR>    --d-----    c:\docume~1\heribert\applic~1\Malwarebytes
2009-05-08 19:47    <DIR>    --d-----    C:\32788R22FWJFW.0.tmp
2009-05-08 17:01    <DIR>    --d-----    C:\Lop SD
2009-05-08 16:52    15,504    a-------    c:\windows\system32\drivers\mbam.sys
2009-05-08 16:52    38,496    a-------    c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 16:52    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-08 16:27    <DIR>    --d-----    C:\hijackthis
2009-05-08 14:01    <DIR>    --d-----    c:\windows\system32\da
2009-05-08 14:01    <DIR>    --d-----    c:\windows\l2schemas
2009-05-08 14:01    <DIR>    --d-----    c:\windows\system32\bits
2009-05-08 13:22    <DIR>    --d-----    c:\programmer\Malwarebytes' Anti-Malware
2009-05-08 11:35    2,967,800    a-------    C:\tool.exe
2009-05-04 13:09    3,496    a-------    C:\virusresults.csv
2009-05-04 13:03    <DIR>    --d-----    c:\docume~1\heribert\applic~1\TeamViewer
2009-05-04 13:03    <DIR>    --d-----    c:\documents and settings\heribert\temp
2009-04-29 17:38    <DIR>    --d-----    c:\windows\system32\456131
2009-04-29 17:08    24,576    a-------    c:\windows\system32\stu2.exe
2009-04-17 13:08    5,632    a-------    c:\windows\system32\ptpusb.dll
2009-04-17 13:08    159,232    a-------    c:\windows\system32\ptpusd.dll
2009-04-15 15:39    1,203,922    --------    c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 15:39    217,088    --------    c:\windows\system32\dllcache\wordpad.exe

==================== Find3M  ====================

2009-05-09 21:32    22,122    a-------    c:\windows\system32\nvModes.dat
2009-05-08 16:26    399,716    a-------    c:\windows\system32\PERFH006.DAT
2009-05-08 16:26    64,610    a-------    c:\windows\system32\PERFC006.DAT
2009-05-08 14:03    79,183    a-------    c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 16:08    1,006,080    --------    c:\windows\system32\dllcache\kernel32.dll
2009-03-06 16:20    284,672    a-------    c:\windows\system32\pdh.dll
2009-03-06 16:20    284,672    --------    c:\windows\system32\dllcache\pdh.dll
2009-03-03 02:11    826,368    a-------    c:\windows\system32\wininet.dll
2009-03-03 02:11    826,368    a-------    c:\windows\system32\dllcache\wininet.dll
2009-02-28 06:54    636,072    --------    c:\windows\system32\dllcache\iexplore.exe
2009-02-20 12:20    70,656    --------    c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 12:20    13,824    --------    c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 07:14    161,792    --------    c:\windows\system32\dllcache\ieakui.dll
2009-02-10 19:08    2,068,608    --------    c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 16:07    1,846,784    a-------    c:\windows\system32\win32k.sys
2009-02-09 16:07    1,846,784    --------    c:\windows\system32\dllcache\win32k.sys
2009-02-09 13:26    2,191,616    --------    c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 13:26    2,026,496    a-------    c:\windows\system32\ntkrnlpa.exe
2009-02-09 13:26    2,026,496    --------    c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 13:25    2,147,840    a-------    c:\windows\system32\ntoskrnl.exe
2009-02-09 13:25    2,147,840    --------    c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 13:25    110,592    a-------    c:\windows\system32\services.exe
2009-02-09 13:25    110,592    --------    c:\windows\system32\dllcache\services.exe
2009-02-09 12:53    730,624    a-------    c:\windows\system32\lsasrv.dll
2009-02-09 12:53    730,624    --------    c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 12:53    719,360    a-------    c:\windows\system32\ntdll.dll
2009-02-09 12:53    682,496    a-------    c:\windows\system32\advapi32.dll
2009-02-09 12:53    401,408    a-------    c:\windows\system32\rpcss.dll
2009-02-09 12:53    719,360    --------    c:\windows\system32\dllcache\ntdll.dll
2009-02-09 12:53    682,496    --------    c:\windows\system32\dllcache\advapi32.dll
2009-02-09 12:53    473,600    --------    c:\windows\system32\dllcache\fastprox.dll
2009-02-09 12:53    401,408    --------    c:\windows\system32\dllcache\rpcss.dll
2009-02-09 12:53    453,120    --------    c:\windows\system32\dllcache\wmiprvsd.dll
2008-03-19 12:13    32,768    a--sh---    c:\windows\temp\history\history.ie5\index.dat

============= FINISH: 21:57:15,01 ===============
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 10. maj 2009 kl. 01:47:04| #49

jpi
jpi (16.900 point)
ProcessExplorer:

Process    PID    CPU    Description    Company Name
System Idle Process    0    90.30       
Interrupts    n/a        Hardware Interrupts   
DPCs    n/a    0.75    Deferred Procedure Calls   
System    4           
  smss.exe    548        Windows NT-sessionsstyring    Microsoft Corporation
  csrss.exe    604        Client Server Runtime Process    Microsoft Corporation
  winlogon.exe    628        Windows NT-logonprogram    Microsoft Corporation
    services.exe    672    1.49    Tjenester og controllerprogrammer    Microsoft Corporation
    svchost.exe    876        Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe    944        Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe    1040        Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe    1148        Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe    1236        Generic Host Process for Win32 Services    Microsoft Corporation
    spoolsv.exe    1392        Spooler SubSystem App    Microsoft Corporation
    svchost.exe    732        Generic Host Process for Win32 Services    Microsoft Corporation
    AVKProxy.exe    908        G Data AntiVirus Proxy Service    G Data Software AG
    AVKService.exe    984        G Data InternetSecurity Scheduler Service    G Data Software AG
    AVKWCtl.exe    1012        G Data Filesystem Monitor Service    G Data Software AG
    nvsvc32.exe    1140        NVIDIA Driver Helper Service, Version 66.10    NVIDIA Corporation
    svchost.exe    1292        Generic Host Process for Win32 Services    Microsoft Corporation
    TeamViewer_Service.exe    1620        TeamViewer Service    TeamViewer GmbH
      TeamViewer.exe    2056    5.97    TeamViewer fjernstyringsprogram    TeamViewer GmbH
    wdfmgr.exe    1744        Windows User Mode Driver Manager    Microsoft Corporation
    HPZipm12.exe    2624        PML Driver    HP
    GDScan.exe    2704        G DATA AntiVirus Scan Server    G DATA Software AG
    alg.exe    2992        Application Layer Gateway Service    Microsoft Corporation
    lsass.exe    684        LSA Shell (Export Version)    Microsoft Corporation
explorer.exe    1652        Windows Stifinder    Microsoft Corporation
BCMSMMSG.exe    1804        Modem Messaging Applet    Broadcom Corporation
jusched.exe    1812           
DadApp.exe    1820           
SynTPLpr.exe    1844        TouchPad Driver Helper Application    Synaptics, Inc.
SynTPEnh.exe    1852        Synaptics TouchPad Enhancements    Synaptics, Inc.
tfswctrl.exe    1860        Drive Letter Access Component    Sonic Solutions
PCMService.exe    1876        PowerCinema Resident Program for Dell    CyberLink Corp.
DVDLauncher.exe    1884        CyberLink PowerCinema Resident Program    CyberLink Corp.
iTouch.exe    1892        iTouch Application    Logitech Inc.
hpwuSchd2.exe    1908        hpwuSchd    Hewlett-Packard Company
hpcmpmgr.exe    1920        HP Framework Component Manager Service    Hewlett-Packard Company
opware32.exe    1952        OCR Aware (32-bit)    ScanSoft, Inc
AVKTray.exe    1984        G Data InternetSecurity Tray Application    G Data Software AG
ctfmon.exe    1992        CTF Loader    Microsoft Corporation
hpqtra08.exe    188        HP Digital Imaging Monitor (CUE)    Hewlett-Packard Co.
procexp.exe    1304    1.49    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
EM_EXEC.EXE    136        Logitech Events Handler Application    Logitech Inc.
hpqgalry.exe    380            Hewlett-Packard Co.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 10. maj 2009 kl. 01:47:54| #50

jpi
jpi (16.900 point)
Rootpeal:
ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time:            2009/05/10 00:09
Program Version:        Version 1.2.3.0
Windows Version:        Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\hijackthis\settings.dat
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Heribert\Dokumenter\Billeder\Russland2005\CAYNYFE5.:Zone.Identifier
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Dokumenter\Billeder\Russland2005\CAYNYFE5.
Status: Allocation size mismatch (API: 1683456, Raw: 0)



Rootpeal 2:
ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time:            2009/05/10 00:09
Program Version:        Version 1.2.3.0
Windows Version:        Windows XP SP3
==================================================

Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACccfifipb.sys
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 10. maj 2009 kl. 01:48:32| #51

jpi
jpi (16.900 point)
Hvordan ser det ud men maskinen ?
Kan den erklæres "rask" ?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 10. maj 2009 kl. 12:10:45| #52

f-arn
f-arn (18.550 point)
Det er jeg ikke helt sikker på. Rootpeal 2, er den lavet med drivers skan eller? Det kan godt være det kun er en rest men jeg vil gerne vide det.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 10. maj 2009 kl. 14:00:57| #53

jpi
jpi (16.900 point)
Rootpeel 2 er med "Hidden Services"

(Kaspersky Online Scan viser ingen infectioner.)
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 10. maj 2009 kl. 15:31:48| #54

f-arn
f-arn (18.550 point)
Hent random's system information tool (RSIT) af random/random

http://images.malwareremoval.com/ (...)

Den laver to log filer log.txt og info.txt
Jeg vil gerne se begge to
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 10. maj 2009 kl. 21:41:21| #55

jpi
jpi (16.900 point)
info.txt logfile of random's system information tool 1.06 2009-05-10 21:38:23

======Uninstall list======

-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AccessDirect-->RunDll32 C:\PROGRA~1\FÆLLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{417B79C9-CDB4-477F-952D-840CEFC57A6C}\setup.exe" -l0x9
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Broadcom Management Programs-->C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A6282FF-B75B-463F-90F5-0A43732F690D} /l1030
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0406-0000-0000000FF1CE}
Dell Media Experience-->RunDll32 C:\PROGRA~1\FÆLLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe"  -uninstall
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
EWE TEL-Installationsdateien entfernen-->C:\WINDOWS\ISW\ewetel\iswdel.exe
G Data AntiVirus-->MsiExec.exe /I{0FDB2D25-D880-4E10-868F-8C64EFE155F1}
HijackThis 2.0.2-->"C:\hijackthis\HijackThis.exe" /uninstall
Hotfix til Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix til Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.2-->C:\Programmer\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Programmer\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Logitech iTouch-program-->RunDll32 C:\PROGRA~1\FÆLLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x6  UNINSTALL
Logitech MouseWare 9.79 -->RunDll32 C:\PROGRA~1\FÆLLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x6 -l0006 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Programmer\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Danish Language Pack-->MsiExec.exe /X{973F8409-F8DA-4A40-ACB4-12B02F3399D7}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Proofing Tools-->MsiExec.exe /I{901F0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120406-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper-->RunDll32 C:\PROGRA~1\FÆLLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x6 ControlPanel
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
Opdatering til Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\FÆLLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sikkerhedsopdatering til Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spelling Dictionaries For Adobe Reader Package-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7E8A450000A7}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programmer\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format Runtime-->"C:\Programmer\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programmer\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost
::1 localhost

======Security center information======

AV: G Data AntiVirus 2010

======System event log======

Computer Name: HP
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 skiftede tilstand til stoppet.

Record Number: 39756
Source Name: Service Control Manager
Time Written: 20090224150210.000000+060
Event Type: oplysninger
User:

Computer Name: HP
Event Code: 7035
Message: Tjenesten Pml Driver HPZ12 modtog en start-kontrol.

Record Number: 39755
Source Name: Service Control Manager
Time Written: 20090224142527.000000+060
Event Type: oplysninger
User: HP\Heribert

Computer Name: HP
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 skiftede tilstand til kører.

Record Number: 39754
Source Name: Service Control Manager
Time Written: 20090224142527.000000+060
Event Type: oplysninger
User:

Computer Name: HP
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 skiftede tilstand til stoppet.

Record Number: 39753
Source Name: Service Control Manager
Time Written: 20090224142524.000000+060
Event Type: oplysninger
User:

Computer Name: HP
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 skiftede tilstand til kører.

Record Number: 39752
Source Name: Service Control Manager
Time Written: 20090224142523.000000+060
Event Type: oplysninger
User:

=====Application event log=====

Computer Name: HP
Event Code: 5028
Message:
Record Number: 1975
Source Name: McLogEvent
Time Written: 20051224145157.000000+060
Event Type: advarsel
User: NT AUTHORITY\SYSTEM

Computer Name: HP
Event Code: 5000
Message:
Record Number: 1974
Source Name: McLogEvent
Time Written: 20051224144619.000000+060
Event Type: oplysninger
User: NT AUTHORITY\SYSTEM

Computer Name: HP
Event Code: 5000
Message:
Record Number: 1973
Source Name: McLogEvent
Time Written: 20051224101744.000000+060
Event Type: oplysninger
User: NT AUTHORITY\SYSTEM

Computer Name: HP
Event Code: 5028
Message:
Record Number: 1972
Source Name: McLogEvent
Time Written: 20051223142454.000000+060
Event Type: advarsel
User: NT AUTHORITY\SYSTEM

Computer Name: HP
Event Code: 5000
Message:
Record Number: 1971
Source Name: McLogEvent
Time Written: 20051223141519.000000+060
Event Type: oplysninger
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------





Logfile of random's system information tool 1.06 (written by random/random)
Run by Heribert at 2009-05-10 21:37:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (59%) free of 34 GB
Total RAM: 511 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:15, on 10-05-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Dell\AccessDirect\dadapp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Fælles filer\G DATA\AVKProxy\AVKProxy.exe
C:\Programmer\G Data\AntiVirus\AVK\AVKService.exe
C:\Programmer\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe
C:\Programmer\Fælles filer\G DATA\GDScan\GDScan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\G Data\AntiVirus\GUI\GDSC.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\RSIT.exe
C:\Programmer\trend micro\Heribert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gurredam.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: ::1 localhost
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programmer\G Data\AntiVirus\Webfilter\AvkWebIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programmer\G Data\AntiVirus\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DadApp] C:\Programmer\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Programmer\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/ (...)
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/ (...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/ (...)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ (...)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/ (...)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Programmer\Fælles filer\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Programmer\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Filesystem Monitor (AVKWCtl) - G Data Software AG - C:\Programmer\G Data\AntiVirus\AVK\AVKWCtl.exe
O23 - Service: G Data Scanner (GDScan) - G DATA Software AG - C:\Programmer\Fælles filer\G DATA\GDScan\GDScan.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 8556 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G Data WebFilter - C:\Programmer\G Data\AntiVirus\Webfilter\AvkWebIE.dll [2009-04-09 590920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programmer\Java\jre6\bin\jp2ssv.dll [2009-05-10 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G Data WebFilter - C:\Programmer\G Data\AntiVirus\Webfilter\AvkWebIE.dll [2009-04-09 590920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-08-19 4554752]
"nwiz"=nwiz.exe /installquiet []
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"SunJavaUpdateSched"=C:\Programmer\Java\jre6\bin\jusched.exe [2009-05-10 148888]
""= []
"DadApp"=C:\Programmer\Dell\AccessDirect\dadapp.exe [2004-03-04 211828]
"SynTPLpr"=C:\Programmer\Synaptics\SynTP\SynTPLpr.exe [2004-05-13 98304]
"SynTPEnh"=C:\Programmer\Synaptics\SynTP\SynTPEnh.exe [2004-05-14 536576]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]
"UpdateManager"=C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"PCMService"=C:\Programmer\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"DVDLauncher"=C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
"zBrowser Launcher"=C:\Programmer\Logitech\iTouch\iTouch.exe [2003-12-01 892928]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-11-07 19968]
"HP Software Update"=C:\Programmer\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Programmer\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"Omnipage"=C:\Programmer\ScanSoft\OmniPageSE\opware32.exe [2002-02-20 49152]
"Ad-Watch"=C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-09 516440]
"G DATA AntiVirus Trayapplication"=C:\Programmer\G Data\AntiVirus\AVKTray\AVKTray.exe [2009-04-09 918600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Sonic RecordNow!"= []
"updateMgr"=C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
Adobe Reader Speed Launch.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Hurtig start.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmer\AGFEO\Tk-Suite-Basic-2\tkserver\tksock.exe"="C:\Programmer\AGFEO\Tk-Suite-Basic-2\tkserver\tksock.exe:*:Enabled:tksock"
"C:\Programmer\AGFEO\Tk-Suite-Basic-2\tkserver\tkmedia.exe"="C:\Programmer\AGFEO\Tk-Suite-Basic-2\tkserver\tkmedia.exe:*:Enabled:tkmedia"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmer\Grisoft\AVG7\avginet.exe"="C:\Programmer\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Programmer\Grisoft\AVG7\avgamsvr.exe"="C:\Programmer\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Programmer\Grisoft\AVG7\avgcc.exe"="C:\Programmer\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Programmer\AVG\AVG8\avgupd.exe"="C:\Programmer\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer fjernstyringsprogram"
"C:\Programmer\RealVNC\VNC4\winvnc4.exe"="C:\Programmer\RealVNC\VNC4\winvnc4.exe:*:Disabled:VNC Server Free Edition for Win32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-05-10 21:37:49 ----D---- C:\Programmer\trend micro
2009-05-10 21:37:44 ----D---- C:\rsit
2009-05-10 01:00:47 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-10 01:00:46 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-10 01:00:46 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-10 01:00:46 ----A---- C:\WINDOWS\system32\java.exe
2009-05-09 14:33:31 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-05-09 01:48:04 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA
2009-05-09 01:46:56 ----D---- C:\Programmer\G Data
2009-05-09 01:46:56 ----D---- C:\Programmer\Fælles filer\G DATA
2009-05-09 01:16:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-09 01:13:39 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-09 01:13:17 ----D---- C:\Programmer\Lavasoft
2009-05-09 01:13:17 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-05-08 21:53:08 ----D---- C:\Documents and Settings\Heribert\Application Data\Malwarebytes
2009-05-08 20:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-08 19:48:24 ----D---- C:\Qoobox
2009-05-08 19:48:13 ----A---- C:\Bug.txt
2009-05-08 19:47:58 ----D---- C:\32788R22FWJFW.0.tmp
2009-05-08 17:02:35 ----A---- C:\lopR.txt
2009-05-08 17:01:56 ----D---- C:\Lop SD
2009-05-08 16:52:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-08 16:27:10 ----D---- C:\hijackthis
2009-05-08 16:23:35 ----D---- C:\WINDOWS\Prefetch
2009-05-08 14:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-08 14:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-08 14:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-08 14:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-08 14:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-08 14:09:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-08 14:09:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-08 14:08:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-08 14:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-08 14:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-05-08 14:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-05-08 14:08:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-08 14:08:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-08 14:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-08 14:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-08 14:07:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-08 14:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-05-08 14:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-08 14:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-08 14:07:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-08 14:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-08 14:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-05-08 14:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-08 14:06:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-05-08 14:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-08 14:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-08 14:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-08 14:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-08 14:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-05-08 14:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-08 14:01:27 ----D---- C:\WINDOWS\system32\da
2009-05-08 14:01:27 ----D---- C:\WINDOWS\l2schemas
2009-05-08 14:01:26 ----D---- C:\WINDOWS\system32\bits
2009-05-08 13:22:14 ----D---- C:\Programmer\Malwarebytes' Anti-Malware
2009-05-08 12:40:16 ----A---- C:\avgrep.txt
2009-05-08 11:45:51 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-08 11:35:57 ----A---- C:\tool.exe
2009-05-04 13:03:44 ----D---- C:\Documents and Settings\Heribert\Application Data\TeamViewer
2009-04-29 17:38:49 ----D---- C:\WINDOWS\system32\456131
2009-04-29 17:08:36 ----A---- C:\WINDOWS\system32\stu2.exe
2009-04-17 13:08:09 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-04-17 13:08:08 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-04-15 16:21:08 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-04-15 16:21:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-04-15 16:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-04-15 16:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-04-15 16:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-04-15 16:16:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$

======List of files/folders modified in the last 1 months======

2009-05-10 21:37:49 ----RD---- C:\Programmer
2009-05-10 20:49:16 ----D---- C:\WINDOWS\Temp
2009-05-10 14:00:05 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-10 01:02:34 ----SHD---- C:\WINDOWS\Installer
2009-05-10 01:00:47 ----D---- C:\WINDOWS\SYSTEM32
2009-05-10 01:00:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-10 00:58:56 ----D---- C:\Programmer\Java
2009-05-10 00:21:19 ----A---- C:\WINDOWS\iTouch.ini
2009-05-10 00:21:18 ----D---- C:\WINDOWS
2009-05-10 00:20:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-09 05:04:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-09 05:02:46 ----HD---- C:\WINDOWS\INF
2009-05-09 05:02:34 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-09 01:47:53 ----D---- C:\WINDOWS\WinSxS
2009-05-09 01:46:56 ----D---- C:\Programmer\Fælles filer
2009-05-09 01:35:10 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-09 01:16:49 ----SD---- C:\WINDOWS\Tasks
2009-05-09 00:09:02 ----A---- C:\WINDOWS\wininit.ini
2009-05-09 00:04:17 ----D---- C:\WINDOWS\SYSTEM
2009-05-09 00:04:16 ----AD---- C:\Programmer\AGFEO
2009-05-09 00:03:21 ----D---- C:\Documents and Settings\Heribert\Application Data\Lavasoft
2009-05-08 23:23:04 ----HD---- C:\$AVG8.VAULT$
2009-05-08 22:41:55 ----SHD---- C:\System Volume Information
2009-05-08 22:41:55 ----D---- C:\WINDOWS\system32\Restore
2009-05-08 20:06:44 ----D---- C:\WINDOWS\network diagnostic
2009-05-08 16:26:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-08 16:24:16 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-08 14:14:10 ----A---- C:\WINDOWS\SETUPLOG.TXT
2009-05-08 14:13:41 ----D---- C:\WINDOWS\system32\Setup
2009-05-08 14:13:41 ----D---- C:\WINDOWS\AppPatch
2009-05-08 14:13:40 ----RSD---- C:\WINDOWS\Fonts
2009-05-08 14:13:40 ----D---- C:\WINDOWS\system32\WBEM
2009-05-08 14:12:48 ----D---- C:\WINDOWS\SECURITY
2009-05-08 14:10:08 ----A---- C:\WINDOWS\imsins.BAK
2009-05-08 14:10:04 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-05-08 14:06:07 ----D---- C:\Programmer\Messenger
2009-05-08 14:01:41 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-08 14:01:40 ----D---- C:\WINDOWS\IME
2009-05-08 14:01:40 ----D---- C:\WINDOWS\Help
2009-05-08 14:01:28 ----D---- C:\WINDOWS\system32\USMT
2009-05-08 14:01:28 ----D---- C:\WINDOWS\system32\da-dk
2009-05-08 14:01:26 ----D---- C:\WINDOWS\peernet
2009-05-08 14:01:26 ----D---- C:\Programmer\Movie Maker
2009-05-08 13:59:13 ----D---- C:\WINDOWS\system32\NPP
2009-05-08 13:59:12 ----D---- C:\WINDOWS\MSAGENT
2009-05-08 13:59:11 ----D---- C:\WINDOWS\SRCHASST
2009-05-08 13:59:11 ----D---- C:\Programmer\NetMeeting
2009-05-08 13:59:09 ----D---- C:\WINDOWS\system32\Com
2009-05-08 13:59:07 ----D---- C:\Programmer\Windows NT
2009-05-08 13:59:07 ----D---- C:\Programmer\Windows Media Player
2009-05-08 13:59:06 ----D---- C:\Programmer\Outlook Express
2009-05-08 13:59:03 ----D---- C:\Programmer\Fælles filer\System
2009-05-08 13:58:50 ----D---- C:\WINDOWS\system32\OOBE
2009-05-08 13:56:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-08 13:55:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-08 13:51:27 ----D---- C:\WINDOWS\EHome
2009-04-29 18:26:50 ----A---- C:\itouch_crash_info.txt
2009-04-15 16:20:47 ----D---- C:\Programmer\Internet Explorer
2009-04-15 16:17:16 ----A---- C:\WINDOWS\WIN.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 GRD;G Data Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []
R1 intelppm;Driver til Intel-processor; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;HID-tastaturdriver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2004-04-23 44032]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 CmBatt;Microsoft ACPI Control Method-batteri; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2003-11-09 12953]
R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2003-11-07 14092]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-11-07 25502]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-11-07 37884]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798]
R3 mouhid;HID-driver til mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-04 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-19 2973568]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-07-20 258160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-05-13 182688]
R3 usbccgp;Overordnet Microsoft USB-standarddriver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniportdriver til Microsoft USB 2.0-udvidet værtscontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver til Microsoft USB-standardhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER-klasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB-scannerdriver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Driver til USB-lagerenhed; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB-universel værtscontroller miniportdriver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Driver til Intel PentiumIII-processor; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
S3 Arp1394;1394 ARP-klientprotokol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2002-05-13 4272]
S3 EL90XBC;Driver til 3Com EtherLink XL 90XB/C-netværkskort; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NIC1394;1394-netværksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S4 agpCPQ;Compaq AGP-busfilter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-busfilter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Filterdriver til AMD AGP-bus; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP-busfilter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;Filterdriver til Systemgendannelse; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73344]
S4 viaagp;VIA AGP-busfilter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVKProxy;G Data AntiVirus Proxy; C:\Programmer\Fælles filer\G DATA\AVKProxy\AVKProxy.exe [2009-04-09 1043528]
R2 AVKService;G Data Scheduler; C:\Programmer\G Data\AntiVirus\AVK\AVKService.exe [2009-04-09 388168]
R2 AVKWCtl;G Data Filesystem Monitor; C:\Programmer\G Data\AntiVirus\AVK\AVKWCtl.exe [2009-02-25 1206096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmer\Java\jre6\bin\jqs.exe [2009-05-10 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-08-19 127042]
R2 TeamViewer4;TeamViewer 4; C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe [2009-04-29 185640]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 GDScan;G Data Scanner; C:\Programmer\Fælles filer\G DATA\GDScan\GDScan.exe [2009-03-10 298568]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 aspnet_state;ASP.NET-tilstandstjeneste; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe [2009-05-09 953168]
S3 ose;Office Source Engine; C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 11. maj 2009 kl. 14:49:35| #56

f-arn
f-arn (18.550 point)
Det var bare en rest. Højreklik på den og fjern den. Hvis maskinen kører ok må den betragtes som helbredt :-)
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 11. maj 2009 kl. 14:53:52| #57

jpi
jpi (16.900 point)
Det lyder godt.
Læg et svar, så får du point

Mange tak for hjælpen !!
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 11. maj 2009 kl. 15:03:37| #58

Accepteret svar!60 point tildelt
f-arn
f-arn (18.550 point)
Kommer her ;-)
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 11. maj 2009 kl. 15:44:16| #59

f-arn
f-arn (18.550 point)
Du bør nok også tømme gendannelsen så du ikke gendanner infektionen ved et uheld. Jeg kan også se spor af programmer der har været på pc'en. så du kan prøve at køre CCleaner. særligt punktet [register].
http://www.ccleaner.com/ (...)
Under installationen får du tilbudt [Yahoo Toolbar]. Den bør du sige nej til.
Lad programmer foretage en oprydning.

  http://vistaguide.dk/ (...)
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 11. maj 2009 kl. 18:09:25| #60

jpi
jpi (16.900 point)
OK, det vil jeg gøre.

Forresten, hvilket antivirus vil du anbefale ?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 11. maj 2009 kl. 19:30:19| #61

jpi
jpi (16.900 point)
Ang. den sidste rest, så kan jeg ikke fjerne den, da filen ikke er der. Der er åbenbart en reference som jeg ikke ved hvordan jeg fjerner...
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 11. maj 2009 kl. 19:47:10| #62

f-arn
f-arn (18.550 point)
Jeg tænkte på rootrepeal. At du der skulle højreklikke på den. Selve filen blev fjernet af malwarebytes.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 11. maj 2009 kl. 21:45:48| #63

jpi
jpi (16.900 point)
Filen blev fjernet af mig efter dine anvisninger i #31.
Men der er åbenbart stadig en henvisning et sted...
i RootPeal kan jeg kun vælge "Wipe file" og "Force delete" og ingen af delene virker, da filen ikke er der mere. Men hvor kommer henvisningen fra ?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 11. maj 2009 kl. 22:04:16| #64

f-arn
f-arn (18.550 point)
Fra #36

C:\WINDOWS\SYSTEM32\DRIVERS\UACccfifipb.sys (Trojan.Agent) -> Quarantined and deleted successfully.


Jeg ved ikke helt hvor den henvisnig står men den er ikke vigtig længere. Filen og infektionen er væk.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 11. maj 2009 kl. 22:34:38| #65

f-arn
f-arn (18.550 point)
Klik start-> kør og skriv devmgmt.msc.
klik på vis - vis skjulte enheder og find 'ikke plug and play drivere'
Så er den nok der.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 11. maj 2009 kl. 23:13:57| #66

jpi
jpi (16.900 point)
Der kan jeg ikke finde den, men som du elv skriver, så er det jo ikke sp vigtigt.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skriv et indlæg




Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] [img]link til billede[/img]
Web- og emailadresser omdannes automatisk til links
Se preview
Opret

Log ind

   
Opret bruger | Glemt adgangskode
   

Seneste spørgsmål

har jeg fået virus

Oprettet den 25. maj 2012 kl. 13.22
moabou88 giver 60 point for svar | Giv et svar »

AVG + Opdatering ...

Oprettet den 21. maj 2012 kl. 21.09
Ikke-ekspert giver 60 point for svar | Giv et svar »

Smart fortress - har jeg mon fået ryddet op

Oprettet den 21. maj 2012 kl. 19.35
ravnk giver 30 point for svar | Giv et svar »

Seneste guides

Hjælp til opsætning af IP-cam samt alm. netværks...
22. maj 2012 kl. 00.07 | Læs »
See Kessler vs. Green fight in your living room on pc
19. maj 2012 kl. 21.11 | Læs »
Ny god bærbar til tunge programmer
17. maj 2012 kl. 17.23 | Læs »
PSA-diagnosticering og -fejlkoder (Pre-Boot System...
9. maj 2012 kl. 11.12 | Læs »
Dell pc-diagnosticering - Problemer med din Dell...
7. maj 2012 kl. 14.38 | Læs »
   

Seneste nyheder

Galleri: De fedeste håndholdte gennem 40 år
25. maj 2012 kl. 16.04 | Læs »
Min Mac er under angreb - Apple skal tage det alvorligt
25. maj 2012 kl. 14.30 | Læs »
Landmænd låst fast til konkursramt bredbånds-firma
25. maj 2012 kl. 14.04 | Læs »
Her er din næste digitale gadget: En "Phablet"
25. maj 2012 kl. 13.40 | Læs »
Læserne: Her er vores værste it-indkøb
25. maj 2012 kl. 13.31 | Læs »

Tips & Tricks fra PC World

Teaser billede

Læserne: Her er vores værste it-indkøb

Det er ikke al it-udstyr, som er det rene guld. Her er nogle af læsernes skrækhistorier.

Læs mere »

Anmeldelser fra PC World

Teaser billede

Test: Mobil med Ferrari-design - og en Trabant-motor

Motorola har begået endnu en smartphone med lækkert design og potentiale til at være blandt de bedste. Men den når ikke i mål. Se her hvorfor.

Læs mere »

Seneste blogindlæg

Teaser billede

Tvangslukke spørgsmål: Hvad er den bedste løsning?

Hej Vi har mange åbne spørgsmål på Eksperten. Vi ville gerne tvangslukke dem - så et spørgsmål efter f.eks. 6 måneder lukkes. Men der er et par uklarheder som ville være gode at få lidt input til:...

Læs mere »

Nyheder fra PC World

Teaser billede

Sådan siger du farvel til Facebook

Læs her, hvordan du dropper Facebook og i stedet anvender nogle brugervenlige alternativer, så du stadig kan være social på nettet.

Læs mere »

Nyheder fra Computerworld

Teaser billede

Galleri: De fedeste håndholdte gennem 40 år

Her har du de mest banebrydende håndholdte computere gennem alle tider.

Læs mere »

Kurser
Visio 2007 Udvidet
Lær at bruge Office 2010 - kursus i opgradering til 2010 versionen
Securing Cisco Routers and Switches
iPhone programmering - lav din egen app.
Microsoft SharePoint 2010 Udvidet
Microsoft SharePoint 2010 Application Development Kursusnr.: 10175
JavaScript Grundlæggende kursus
Excel for nørder
Opgradering til MS Office 2010 (dette er en 3 timers gennemgang af nyhederne)
Deploying, Configuring, and Administering Microsoft Lync Server 2010 Kursusnr.: 10533 afholdes i Kbh
Alle kurser »
Samarbejdspartnere
Ferienhäuser in Dänemark.
Webhotel
Digital TV fra Viasat
VM fodbold
Udgiver · © 2012 IDG Danmark A/S · Hørkær 18 · 2730 Herlev · Tlf.: 77 300 300 · Fax: 77 300 301 · Brug af personoplysninger