Oprettet ons. d. 25. august 2010 kl. 14:04:40

Tjen 30 point | 6 kommentarer

Anders_Lie (3.585 point. Point ude: 60)

Facebook virus - Hijackthis, Combofix og Mbam-log

Hej alle.

Tror jeg har fået den berygtede facebook-virus. Der bliver sendt underlige beskeder rundt med chatten og mit internet er blevet langsomt. Jeg håber der er nogen der kan hjælpe.

Det skal siges at jeg havde nogle problemer med combofix, men jeg tror at jeg fik det til at virke til sidst.

HJT-log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:55, on 25-08-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Anders\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/ (...)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/ (...)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/ (...)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/ (...)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/ (...)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA8E6B0E-6C04-4D3A-A2AD-24C470DDE077}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Tjenesten Google Update (gupdate1ca88cf60b876b0) (gupdate1ca88cf60b876b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 8667 bytes

Combofix-log:
ComboFix 10-08-24.0A - Anders 25-08-2010 11:13:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.3062.1572 [GMT 2:00]
Kører fra: c:\users\Anders\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\users\Anders\Desktop\combofix\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\ie3sh.exe
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWB3SH.dll
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\SGPSA
c:\program files\SGPSA\ie3sh.exe
c:\program files\SGPSA\mtwb3sh.dll
c:\users\Public\RemoveSGP.exe

c:\windows\system32\wininit.exe . . . er inficeret!!

.
((((((((((((((((((((((((((((( Filer skabt fra 2010-07-25 til 2010-08-25 )))))))))))))))))))))))))))))))))))
.

2010-08-25 09:27 . 2010-08-25 09:36 -------- d-----w- c:\users\Anders\AppData\Local\temp
2010-08-25 09:27 . 2010-08-25 09:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-25 07:55 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-25 07:55 . 2010-08-25 07:55 -------- d-----w- c:\programdata\Alwil Software
2010-08-13 09:59 . 2010-08-13 09:59 -------- d-----w- C:\found.000
2010-08-09 14:08 . 2010-08-09 14:08 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-02 09:03 . 2010-08-06 16:15 -------- d-----w- c:\program files\StarCraft II
2010-08-01 18:04 . 2010-08-02 07:58 -------- d-----w- c:\users\Anders\SC2-WingsOfLiberty-enGB-Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 09:03 . 2010-04-09 12:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 08:59 . 2010-05-26 10:43 -------- d-----w- c:\program files\Verbix2008
2010-08-25 08:59 . 2010-05-26 10:43 -------- d-----w- c:\users\Anders\AppData\Roaming\verbix2008
2010-08-25 08:41 . 2009-01-10 21:41 -------- d-----w- c:\program files\uTorrent
2010-08-25 08:41 . 2009-01-10 21:41 -------- d-----w- c:\users\Anders\AppData\Roaming\uTorrent
2010-08-25 08:01 . 2010-04-08 08:15 -------- d-----w- c:\program files\Steam
2010-08-25 08:00 . 2009-03-27 11:11 -------- d-----w- c:\program files\Alwil Software
2010-08-17 08:58 . 2009-02-12 18:59 680 ----a-w- c:\users\Anders\AppData\Local\d3d9caps.dat
2010-08-15 20:07 . 2009-02-12 18:31 4182 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-08-14 13:10 . 2008-04-24 09:31 -------- d-----w- c:\program files\Microsoft Works
2010-08-14 13:07 . 2008-04-24 09:37 -------- d-----w- c:\programdata\Microsoft Help
2010-08-14 13:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-11 19:47 . 2010-06-02 19:20 -------- d-----w- c:\users\Anders\AppData\Roaming\Azureus
2010-08-09 14:09 . 2008-04-24 08:53 -------- d-----w- c:\program files\Common Files\Java
2010-08-09 14:08 . 2008-04-24 08:53 -------- d-----w- c:\program files\Java
2010-08-07 11:31 . 2010-04-08 08:15 -------- d-----w- c:\program files\Common Files\Steam
2010-08-06 16:13 . 2008-12-25 13:25 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-02 09:21 . 2009-11-29 13:52 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-26 15:48 . 2008-01-21 05:51 77202 ----a-w- c:\windows\system32\perfc006.dat
2010-07-26 15:48 . 2008-01-21 05:51 463344 ----a-w- c:\windows\system32\perfh006.dat
2010-07-24 19:05 . 2010-07-19 13:59 -------- d-----w- c:\programdata\Symantec
2010-07-19 13:59 . 2010-07-19 13:59 -------- d-----w- c:\programdata\Norton
2010-07-19 13:59 . 2010-07-19 13:59 -------- d-----w- c:\program files\Norton Security Scan
2010-07-19 13:59 . 2010-07-19 13:59 -------- d-----w- c:\programdata\NortonInstaller
2010-07-19 13:59 . 2010-07-19 13:59 -------- d-----w- c:\program files\NortonInstaller
2010-07-18 12:24 . 2010-07-17 20:06 -------- d-----w- c:\users\Anders\AppData\Roaming\DivX
2010-07-17 20:08 . 2010-07-17 20:00 -------- d-----w- c:\programdata\DivX
2010-07-17 20:07 . 2009-12-29 21:39 -------- d-----w- c:\program files\DivX
2010-07-17 20:06 . 2008-05-17 10:11 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-17 20:06 . 2009-12-29 21:39 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-28 20:57 . 2009-03-27 11:11 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-03-27 11:11 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-03-27 11:11 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-03-27 11:11 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-03-27 11:11 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2009-03-27 11:11 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-13 13:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 13:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-13 13:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-13 13:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-13 13:54 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-13 13:54 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-13 13:54 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-13 13:54 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-13 13:54 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-13 13:54 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-13 13:54 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-13 13:54 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-13 13:54 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-01 09:05 . 2008-12-25 11:57 116616 ----a-w- c:\users\Anders\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-31 20:22 . 2010-05-31 20:22 104688 ----a-w- c:\windows\~GLC0001.TMP
2010-05-27 20:08 . 2010-08-13 13:54 81920 ----a-w- c:\windows\system32\iccvid.dll
2009-02-12 18:31 . 2009-02-12 18:31 8 --sh--r- c:\windows\System32\90B197C536.sys
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-25 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-17 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\Anders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4a,a6,6f,f4,dc,d7,ca,01

R2 gupdate1ca88cf60b876b0;Tjenesten Google Update (gupdate1ca88cf60b876b0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Indhold af mappen 'Planlagte Opgaver'

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:39]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:39]

2010-08-24 c:\windows\Tasks\Norton Security Scan for Anders.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-19 07:48]

2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{51328AA6-AB21-4BE7-9E7D-F849CA1BF4C6}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: danskebank.dk
Trusted Zone: dr.dk
TCP: {EA8E6B0E-6C04-4D3A-A2AD-24C470DDE077} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 11:38
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

MBAM-log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

25-08-2010 12:48:28
mbam-log-2010-08-25 (12-48-28).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 270155
Tid gået: 59 minut(ter), 47 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)

På forhånd tak :)
Anders Lie

Anmeld misbrug

Skriv et svar | Skriv en kommentar

Skrevet ons. d. 25. august 2010 kl. 18:49:20| #1

sullep (5.590 point)

Drop fildeling >> http://spywarefri.dk/ (...)

Åbn Notesblok og kopier teksten med fed skrift ind, gem den som CFScript.txt samme sted som Combofix.

Killall::
Snapshot::
File::
c:\windows\~GLC0001.TMP
Folder::
c:\program files\uTorrent
c:\users\Anders\AppData\Roaming\uTorrent
c:\users\Anders\AppData\Roaming\Azureus
Filelook::
c:\windows\System32\90B197C536.sys
Mia::
c:\windows\system32\wininit.exe
Srpeek::
c:\windows\system32\wininit.exe
Restore::
c:\windows\system32\wininit.exe

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/ (...)
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Anmeld misbrug

Skriv et svar | Skriv en kommentar

Skrevet ons. d. 25. august 2010 kl. 20:13:21| #2

Anders_Lie (3.585 point)

Så er det gjort. Det skal siges at jeg afinstallerede alle fildelingsprogrammer da virus'en kom.
Mit internet virker stadig langsomt.

Combfix-log:

ComboFix 10-08-24.0C - Anders 25-08-2010 19:37:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.3062.1900 [GMT 2:00]
Kører fra: c:\users\Anders\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\users\Anders\Desktop\combofix\CFScript.txt.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\~GLC0001.TMP"
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\uTorrent
c:\users\Anders\AppData\Roaming\Azureus
c:\users\Anders\AppData\Roaming\Azureus\.certs
c:\users\Anders\AppData\Roaming\Azureus\.keystore
c:\users\Anders\AppData\Roaming\Azureus\.lock
c:\users\Anders\AppData\Roaming\Azureus\active\2E921EAE6596BBEE285511CA331F8E4CDD9A08A6.dat
c:\users\Anders\AppData\Roaming\Azureus\active\2E921EAE6596BBEE285511CA331F8E4CDD9A08A6.dat.bak
c:\users\Anders\AppData\Roaming\Azureus\active\cache.dat
c:\users\Anders\AppData\Roaming\Azureus\azureus.config
c:\users\Anders\AppData\Roaming\Azureus\azureus.config.bak
c:\users\Anders\AppData\Roaming\Azureus\azureus.statistics
c:\users\Anders\AppData\Roaming\Azureus\azureus.statistics.bak
c:\users\Anders\AppData\Roaming\Azureus\banips.config
c:\users\Anders\AppData\Roaming\Azureus\banips.config.bak
c:\users\Anders\AppData\Roaming\Azureus\devices.config
c:\users\Anders\AppData\Roaming\Azureus\devices.config.bak
c:\users\Anders\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\general.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\version.dat
c:\users\Anders\AppData\Roaming\Azureus\downloads.config
c:\users\Anders\AppData\Roaming\Azureus\downloads.config.bak
c:\users\Anders\AppData\Roaming\Azureus\filters.config
c:\users\Anders\AppData\Roaming\Azureus\ipfilter.cache
c:\users\Anders\AppData\Roaming\Azureus\logs\debug_1.log
c:\users\Anders\AppData\Roaming\Azureus\logs\debug_2.log
c:\users\Anders\AppData\Roaming\Azureus\metasearch.config
c:\users\Anders\AppData\Roaming\Azureus\metasearch.config.bak
c:\users\Anders\AppData\Roaming\Azureus\net\pm_5603.dat
c:\users\Anders\AppData\Roaming\Azureus\net\pm_6785.dat
c:\users\Anders\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.jar
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.zip
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.0.2
c:\users\Anders\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
c:\users\Anders\AppData\Roaming\Azureus\rcm.config
c:\users\Anders\AppData\Roaming\Azureus\rcm.config.bak
c:\users\Anders\AppData\Roaming\Azureus\sidebarauto.config
c:\users\Anders\AppData\Roaming\Azureus\sidebarauto.config.bak
c:\users\Anders\AppData\Roaming\Azureus\subs\0CA501254A05880D39A5.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\151DF88A4BCFE63CC930.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\1BBB966397F44E660A50.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\2266987B15E8D0C3682C.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\3581EC08AE75A905F431.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\41B5BA8E964DADE2D58B.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\444CF4E0A0C1E20CB67C.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\4AC562DF938A934FD9C3.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\59F63F3137ADD26E919F.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\6E02FAF0A7F9C5DEFF7B.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\723EF567A591C3D6FEFF.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\90BC3DD49F302F52E17A.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\9B684245C8D0EA3A3680.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\A467A4E601BA7AF7C487.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\BD293EA13C5D3A8EA4BC.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\C1181DBAB72DD16EB649.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\CE22771EC242C845C71A.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\D4B8F08F30791F2ED969.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\E7802205543398D89EBB.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\EC1EA4CD184D3EC77C1F.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\F07B8AF9D6B5E0604903.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\AA36395F0C99E87D7BD3.vuze
c:\users\Anders\AppData\Roaming\Azureus\subscriptions.config
c:\users\Anders\AppData\Roaming\Azureus\subscriptions.config.bak
c:\users\Anders\AppData\Roaming\Azureus\tables.config
c:\users\Anders\AppData\Roaming\Azureus\tables.config.bak
c:\users\Anders\AppData\Roaming\Azureus\tmp\AZU6281417575236052886.tmp
c:\users\Anders\AppData\Roaming\Azureus\tmp\speedTestTorrent.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\(500)Days_of_Summer.[2009].RETAIL.DVDRIP.XVID.[Eng]-DUQA.5153829.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\AZU1314353998155512781.tmp
c:\users\Anders\AppData\Roaming\Azureus\torrents\AZU48453.tmp
c:\users\Anders\AppData\Roaming\Azureus\torrents\Clinton_Sparks_Presents_Mike_Posner-One_Foot_Out_the_Door-2009-D.5139541.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Complete_Supernatural_Season_4.4910270.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Grown_Ups_2010_DVDSCR-XViD-IMAGiNE.5688934.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Mike_Posner_-_31_Minutes_To_Takeoff_CDRip_[MP3-320][MJN].5735910.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Mike_Posner_-_A_Matter_of_Time_(2009).5630693.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Repo.Men.UNRATED.2010.DVDRip.XviD-Larceny.5680375.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Supernatural_-_Season_2.4156071.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Supernatural_Season_1.5169500.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Supernatural_Season_3.4256547.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\VuzeActivities.config
c:\users\Anders\AppData\Roaming\Azureus\VuzeActivities.config.bak
c:\users\Anders\AppData\Roaming\uTorrent
c:\users\Anders\AppData\Roaming\uTorrent\05-T.I.-Live Your Life _Ft. Rihanna_.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Alors on danse.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Britney Spears - Womanizer [Uncensored][2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Bruno.TS.XviD-Lynks.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Burn.After.Reading[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Coldplay- viva la vida.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Coldplay - Viva La Vida [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Crank.High.Voltage.2009.DVDRip.XviD-BeStDivX.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Crank[2006]DvDrip[Eng]-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\David Guetta - One Love [2009].torrent
c:\users\Anders\AppData\Roaming\uTorrent\dht.dat
c:\users\Anders\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Eagle.Eye[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Enya - A Day Without Rain.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Enya - Only Time.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Guru Josh Project - Infinity 2008 [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Guru Josh Project - Infinity 2008.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Heroes Season 1 Complete-Xvid-MFG.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Heroes Season 2.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Heroes Season 3 Complete [HDTV][XVID].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ice Age 3 Dawn Of The Dinosaurs (2009) DVDRip XviD-MAXSPEED.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Katy Perry - Hot N Cold [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Katy Perry - I Kissed A Girl [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Kid Rock - All Summer Long [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\King Of Leon - Sex On Fire.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Kings Of Leon - Use Somebody.avi.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Kings_Of_Leon-Use_Somebody-(CDS)-2008-WRE.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady GaGa- Poker Face.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady GaGa - Poker Face [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady Gaga ft. Colby O Donis - Just Dance.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady.Gaga.-.Just.Dance.PDTV.XviD-Regenzy.avi.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Maskinen - Alla som inte dansar.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Microsoft Office 2007 Enterprise Edition [blaze69].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Mirrors[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ne Yo - Miss Independent [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Pineapple.Express[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\resume.dat
c:\users\Anders\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Rihanna - Disturbia [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\rss.dat
c:\users\Anders\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Season 4.torrent
c:\users\Anders\AppData\Roaming\uTorrent\settings.dat
c:\users\Anders\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Seven.Pounds[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Shutter Island (2010) R5 DVDRip XviD-MAXSPEED.1.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Shutter Island (2010) R5 DVDRip XviD-MAXSPEED.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The Hangover (2009) DVDSCR-MAXSPEED.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The Killers - Human.mkv.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The Killers - When You Were Young.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The.Last.House.On.The.Left.UNRATED.DvDRip-FxM.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The.Librarian.The.Curse.Of.The.Judas.Chalice.2008.STV.DVDRip-GAYGAY.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The.Pursuit.Of.Happyness[2006]DvDrip[Eng]-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Timbaland Ft. OneRepublic - Apologize [2007][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ting Tings - Shut Up And Let Me Go [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ting Tings - Thats Not My Name [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Transformers-2 Revenge of the Fallen 2009 English [DivX].torrent
c:\users\Anders\AppData\Roaming\uTorrent\utorrent.lng
c:\users\Anders\AppData\Roaming\uTorrent\Zack.And.Miri.Make.A.Porno.2008.R5.DVDRiP.XViD.torrent
c:\windows\~GLC0001.TMP

Inficeret kopi af c:\windows\system32\wininit.exe blev fundet og desinficeret
Genskabt kopi fra - c:\windows\ERDNT\cache\wininit.exe

.
((((((((((((((((((((((((((((( Filer skabt fra 2010-07-25 til 2010-08-25 )))))))))))))))))))))))))))))))))))
.

2010-08-25 17:44 . 2010-08-25 17:49 -------- d-----w- c:\users\Anders\AppData\Local\temp
2010-08-25 17:44 . 2010-08-25 17:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-25 17:44 . 2010-08-25 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-25 15:06 . 2010-08-25 15:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-25 07:55 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-25 07:55 . 2010-08-25 07:55 -------- d-----w- c:\programdata\Alwil Software
2010-08-13 09:59 . 2010-08-13 09:59 -------- d-----w- C:\found.000
2010-08-09 14:08 . 2010-08-09 14:08 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-02 09:03 . 2010-08-06 16:15 -------- d-----w- c:\program files\StarCraft II
2010-08-01 18:04 . 2010-08-02 07:58 -------- d-----w- c:\users\Anders\SC2-WingsOfLiberty-enGB-Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 17:22 . 2010-04-08 08:15 -------- d-----w- c:\program files\Steam
2010-08-25 09:03 . 2010-04-09 12:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 08:59 . 2010-05-26 10:43 -------- d-----w- c:\program files\Verbix2008
2010-08-25 08:59 . 2010-05-26 10:43 -------- d-----w- c:\users\Anders\AppData\Roaming\verbix2008
2010-08-25 08:00 . 2009-03-27 11:11 -------- d-----w- c:\program files\Alwil Software
2010-08-17 08:58 . 2009-02-12 18:59 680 ----a-w- c:\users\Anders\AppData\Local\d3d9caps.dat
2010-08-15 20:07 . 2009-02-12 18:31 4182 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-08-14 13:10 . 2008-04-24 09:31 -------- d-----w- c:\program files\Microsoft Works
2010-08-14 13:07 . 2008-04-24 09:37 -------- d-----w- c:\programdata\Microsoft Help
2010-08-14 13:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-09 14:09 . 2008-04-24 08:53 -------- d-----w- c:\program files\Common Files\Java
2010-08-09 14:08 . 2008-04-24 08:53 -------- d-----w- c:\program files\Java
2010-08-07 11:31 . 2010-04-08 08:15 -------- d-----w- c:\program files\Common Files\Steam
2010-08-06 16:16 . 2010-08-06 16:16 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-06 16:13 . 2008-12-25 13:25 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-02 09:21 . 2009-11-29 13:52 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-26 15:48 . 2008-01-21 05:51 77202 ----a-w- c:\windows\system32\perfc006.dat
2010-07-26 15:48 . 2008-01-21 05:51 463344 ----a-w- c:\windows\system32\perfh006.dat
2010-07-24 19:05 . 2010-07-19 13:59 -------- d-----w- c:\programdata\Symantec
2010-07-19 13:59 . 2010-07-19 13:59 -------- d-----w- c:\programdata\Norton
2010-07-19 13:59 . 2010-07-19 13:59 -------- d-----w- c:\program files\Norton Security Scan
2010-07-19 13:59 . 2010-07-19 13:59 -------- d-----w- c:\programdata\NortonInstaller
2010-07-19 13:59 . 2010-07-19 13:59 -------- d-----w- c:\program files\NortonInstaller
2010-07-18 12:24 . 2010-07-17 20:06 -------- d-----w- c:\users\Anders\AppData\Roaming\DivX
2010-07-17 20:08 . 2010-07-17 20:00 -------- d-----w- c:\programdata\DivX
2010-07-17 20:08 . 2010-07-17 20:08 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-17 20:07 . 2010-07-17 20:07 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-17 20:07 . 2010-07-17 20:07 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-17 20:07 . 2009-12-29 21:39 -------- d-----w- c:\program files\DivX
2010-07-17 20:07 . 2010-07-17 20:07 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-17 20:07 . 2010-07-17 20:07 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-17 20:00 . 2010-07-17 20:07 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-17 20:00 . 2010-07-17 20:07 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-28 20:57 . 2009-03-27 11:11 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-03-27 11:11 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-03-27 11:11 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-03-27 11:11 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-03-27 11:11 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2009-03-27 11:11 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-13 13:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 13:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-13 13:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-13 13:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-13 13:54 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-13 13:54 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-13 13:54 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-13 13:54 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-13 13:54 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-13 13:54 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-13 13:54 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-13 13:54 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-13 13:54 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-01 09:05 . 2008-12-25 11:57 116616 ----a-w- c:\users\Anders\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-27 20:08 . 2010-08-13 13:54 81920 ----a-w- c:\windows\system32\iccvid.dll
2009-02-12 18:31 . 2009-02-12 18:31 8 --sh--r- c:\windows\System32\90B197C536.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\System32\90B197C536.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 8
Created time: 2009-02-12 18:31
Modified time: 2009-02-12 18:31
MD5: 0641A46F1E58529A42EAD4573A3A0861
SHA1: 2FA91927668FB0B3A4DA32722825E15080CB5C21

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-25 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-17 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\Anders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4a,a6,6f,f4,dc,d7,ca,01

R2 gupdate1ca88cf60b876b0;Tjenesten Google Update (gupdate1ca88cf60b876b0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Indhold af mappen 'Planlagte Opgaver'

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:39]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:39]

2010-08-25 c:\windows\Tasks\Norton Security Scan for Anders.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-19 07:48]

2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{51328AA6-AB21-4BE7-9E7D-F849CA1BF4C6}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: danskebank.dk
Trusted Zone: dr.dk
TCP: {EA8E6B0E-6C04-4D3A-A2AD-24C470DDE077} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 19:49
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2010-08-25 19:57:17 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-08-25 17:57
ComboFix2.txt 2010-08-25 09:47

Pre-Kørsel: 115.447.328.768 byte ledig
Post-Kørsel: 115.438.571.520 byte ledig

- - End Of File - - 6614150F1E5D578FF0BEAF7443734D34

Anmeld misbrug

Skriv et svar | Skriv en kommentar

Skrevet ons. d. 25. august 2010 kl. 20:18:09| #3

Anders_Lie (3.585 point)

Så er det gjort. Det skal siges at jeg afinstallerede alle fildelingsprogrammer da virus'en kom.
Mit internet virker stadig meget langsomt.

Combfix-log:

ComboFix 10-08-24.0C - Anders 25-08-2010 19:37:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.3062.1900 [GMT 2:00]
Kører fra: c:\users\Anders\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\users\Anders\Desktop\combofix\CFScript.txt.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\~GLC0001.TMP"
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\uTorrent
c:\users\Anders\AppData\Roaming\Azureus
c:\users\Anders\AppData\Roaming\Azureus\.certs
c:\users\Anders\AppData\Roaming\Azureus\.keystore
c:\users\Anders\AppData\Roaming\Azureus\.lock
c:\users\Anders\AppData\Roaming\Azureus\active\2E921EAE6596BBEE285511CA331F8E4CDD9A08A6.dat
c:\users\Anders\AppData\Roaming\Azureus\active\2E921EAE6596BBEE285511CA331F8E4CDD9A08A6.dat.bak
c:\users\Anders\AppData\Roaming\Azureus\active\cache.dat
c:\users\Anders\AppData\Roaming\Azureus\azureus.config
c:\users\Anders\AppData\Roaming\Azureus\azureus.config.bak
c:\users\Anders\AppData\Roaming\Azureus\azureus.statistics
c:\users\Anders\AppData\Roaming\Azureus\azureus.statistics.bak
c:\users\Anders\AppData\Roaming\Azureus\banips.config
c:\users\Anders\AppData\Roaming\Azureus\banips.config.bak
c:\users\Anders\AppData\Roaming\Azureus\devices.config
c:\users\Anders\AppData\Roaming\Azureus\devices.config.bak
c:\users\Anders\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\general.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\version.dat
c:\users\Anders\AppData\Roaming\Azureus\downloads.config
c:\users\Anders\AppData\Roaming\Azureus\downloads.config.bak
c:\users\Anders\AppData\Roaming\Azureus\filters.config
c:\users\Anders\AppData\Roaming\Azureus\ipfilter.cache
c:\users\Anders\AppData\Roaming\Azureus\logs\debug_1.log
c:\users\Anders\AppData\Roaming\Azureus\logs\debug_2.log
c:\users\Anders\AppData\Roaming\Azureus\metasearch.config
c:\users\Anders\AppData\Roaming\Azureus\metasearch.config.bak
c:\users\Anders\AppData\Roaming\Azureus\net\pm_5603.dat
c:\users\Anders\AppData\Roaming\Azureus\net\pm_6785.dat
c:\users\Anders\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.jar
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.zip
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.0.2
c:\users\Anders\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
c:\users\Anders\AppData\Roaming\Azureus\rcm.config
c:\users\Anders\AppData\Roaming\Azureus\rcm.config.bak
c:\users\Anders\AppData\Roaming\Azureus\sidebarauto.config
c:\users\Anders\AppData\Roaming\Azureus\sidebarauto.config.bak
c:\users\Anders\AppData\Roaming\Azureus\subs\0CA501254A05880D39A5.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\151DF88A4BCFE63CC930.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\1BBB966397F44E660A50.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\2266987B15E8D0C3682C.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\3581EC08AE75A905F431.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\41B5BA8E964DADE2D58B.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\444CF4E0A0C1E20CB67C.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\4AC562DF938A934FD9C3.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\59F63F3137ADD26E919F.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\6E02FAF0A7F9C5DEFF7B.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\723EF567A591C3D6FEFF.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\90BC3DD49F302F52E17A.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\9B684245C8D0EA3A3680.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\A467A4E601BA7AF7C487.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\BD293EA13C5D3A8EA4BC.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\C1181DBAB72DD16EB649.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\CE22771EC242C845C71A.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\D4B8F08F30791F2ED969.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\E7802205543398D89EBB.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\EC1EA4CD184D3EC77C1F.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\F07B8AF9D6B5E0604903.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\AA36395F0C99E87D7BD3.vuze
c:\users\Anders\AppData\Roaming\Azureus\subscriptions.config
c:\users\Anders\AppData\Roaming\Azureus\subscriptions.config.bak
c:\users\Anders\AppData\Roaming\Azureus\tables.config
c:\users\Anders\AppData\Roaming\Azureus\tables.config.bak
c:\users\Anders\AppData\Roaming\Azureus\tmp\AZU6281417575236052886.tmp
c:\users\Anders\AppData\Roaming\Azureus\tmp\speedTestTorrent.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\(500)Days_of_Summer.[2009].RETAIL.DVDRIP.XVID.[Eng]-DUQA.5153829.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\AZU1314353998155512781.tmp
c:\users\Anders\AppData\Roaming\Azureus\torrents\AZU48453.tmp
c:\users\Anders\AppData\Roaming\Azureus\torrents\Clinton_Sparks_Presents_Mike_Posner-One_Foot_Out_the_Door-2009-D.5139541.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Complete_Supernatural_Season_4.4910270.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Grown_Ups_2010_DVDSCR-XViD-IMAGiNE.5688934.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Mike_Posner_-_31_Minutes_To_Takeoff_CDRip_[MP3-320][MJN].5735910.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Mike_Posner_-_A_Matter_of_Time_(2009).5630693.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Repo.Men.UNRATED.2010.DVDRip.XviD-Larceny.5680375.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Supernatural_-_Season_2.4156071.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Supernatural_Season_1.5169500.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Supernatural_Season_3.4256547.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\VuzeActivities.config
c:\users\Anders\AppData\Roaming\Azureus\VuzeActivities.config.bak
c:\users\Anders\AppData\Roaming\uTorrent
c:\users\Anders\AppData\Roaming\uTorrent\05-T.I.-Live Your Life _Ft. Rihanna_.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Alors on danse.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Britney Spears - Womanizer [Uncensored][2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Bruno.TS.XviD-Lynks.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Burn.After.Reading[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Coldplay- viva la vida.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Coldplay - Viva La Vida [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Crank.High.Voltage.2009.DVDRip.XviD-BeStDivX.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Crank[2006]DvDrip[Eng]-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\David Guetta - One Love [2009].torrent
c:\users\Anders\AppData\Roaming\uTorrent\dht.dat
c:\users\Anders\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Eagle.Eye[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Enya - A Day Without Rain.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Enya - Only Time.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Guru Josh Project - Infinity 2008 [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Guru Josh Project - Infinity 2008.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Heroes Season 1 Complete-Xvid-MFG.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Heroes Season 2.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Heroes Season 3 Complete [HDTV][XVID].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ice Age 3 Dawn Of The Dinosaurs (2009) DVDRip XviD-MAXSPEED.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Katy Perry - Hot N Cold [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Katy Perry - I Kissed A Girl [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Kid Rock - All Summer Long [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\King Of Leon - Sex On Fire.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Kings Of Leon - Use Somebody.avi.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Kings_Of_Leon-Use_Somebody-(CDS)-2008-WRE.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady GaGa- Poker Face.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady GaGa - Poker Face [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady Gaga ft. Colby O Donis - Just Dance.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady.Gaga.-.Just.Dance.PDTV.XviD-Regenzy.avi.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Maskinen - Alla som inte dansar.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Microsoft Office 2007 Enterprise Edition [blaze69].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Mirrors[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ne Yo - Miss Independent [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Pineapple.Express[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\resume.dat
c:\users\Anders\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Rihanna - Disturbia [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\rss.dat
c:\users\Anders\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Season 4.torrent
c:\users\Anders\AppData\Roaming\uTorrent\settings.dat
c:\users\Anders\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Seven.Pounds[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Shutter Island (2010) R5 DVDRip XviD-MAXSPEED.1.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Shutter Island (2010) R5 DVDRip XviD-MAXSPEED.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The Hangover (2009) DVDSCR-MAXSPEED.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The Killers - Human.mkv.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The Killers - When You Were Young.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The.Last.House.On.The.Left.UNRATED.DvDRip-FxM.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The.Librarian.The.Curse.Of.The.Judas.Chalice.2008.STV.DVDRip-GAYGAY.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The.Pursuit.Of.Happyness[2006]DvDrip[Eng]-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Timbaland Ft. OneRepublic - Apologize [2007][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ting Tings - Shut Up And Let Me Go [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ting Tings - Thats Not My Name [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Transformers-2 Revenge of the Fallen 2009 English [DivX].torrent
c:\users\Anders\AppData\Roaming\uTorrent\utorrent.lng
c:\users\Anders\AppData\Roaming\uTorrent\Zack.And.Miri.Make.A.Porno.2008.R5.DVDRiP.XViD.torrent
c:\windows\~GLC0001.TMP

Inficeret kopi af c:\windows\system32\wininit.exe blev fundet og desinficeret
Genskabt kopi fra - c:\windows\ERDNT\cache\wininit.exe

.
((((((((((((((((((((((((((((( Filer skabt fra 2010-07-25 til 2010-08-25 )))))))))))))))))))))))))))))))))))
.

2010-08-25 17:44 . 2010-08-25 17:49 -------- d-----w- c:\users\Anders\AppData\Local\temp
2010-08-25 17:44 . 2010-08-25 17:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-25 17:44 . 2010-08-25 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-25 15:06 . 2010-08-25 15:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-25 07:55 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-25 07:55 . 2010-08-25 07:55 -------- d-----w- c:\programdata\Alwil Software
2010-08-13 09:59 . 2010-08-13 09:59 -------- d-----w- C:\found.000
2010-08-09 14:08 . 2010-08-09 14:08 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-02 09:03 . 2010-08-06 16:15 -------- d-----w- c:\program files\StarCraft II
2010-08-01 18:04 . 2010-08-02 07:58 -------- d-----w- c:\users\Anders\SC2-WingsOfLiberty-enGB-Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 17:22 . 2010-04-08 08:15 -------- d-----w- c:\program files\Steam
2010-08-25 09:03 . 2010-04-09 12:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 08:59 . 2010-05-26 10:43 -------- d-----w- c:\program files\Verbix2008
2010-08-25 08:59 . 2010-05-26 10:43 -------- d-----w- c:\users\Anders\AppData\Roaming\verbix2008
2010-08-25 08:00 . 2009-03-27 11:11 -------- d-----w- c:\program files\Alwil Software
2010-08-17 08:58 . 2009-02-12 18:59 680 ----a-w- c:\users\Anders\AppData\Local\d3d9caps.dat
2010-08-15 20:07 . 2009-02-12 18:31 4182 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-08-14 13:10 . 2008-04-24 09:31 -------- d-----w- c:\program files\Microsoft Works
2010-08-14 13:07 . 2008-04-24 09:37 -------- d-----w- c:\programdata\Microsoft Help
2010-08-14 13:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-09 14:09 . 2008-04-24 08:53 -------- d-----w- c:\program files\Common Files\Java
2010-08-09 14:08 . 2008-04-24 08:53 -------- d-----w- c:\program files\Java
2010-08-07 11:31 . 2010-04-08 08:15 -------- d-----w- c:\program files\Common Files\Steam
2010-08-06 16:16 . 2010-08-06 16:16 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-06 16:13 . 2008-12-25 13:25 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-02 09:21 . 2009-11-29 13:52 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-26 15:48 . 2008-01-21 05:51 77202 ----a-w- c:\windows\system32\perfc006.dat
2010-07-26 15:48 . 2008-01-21 05:51 463344 ----a-w- c:\windows\system32\perfh006.dat
2010-07-24 19:05 . 2010-07-19 13:59 -------- d-----w- c:\programdata\Symantec
2010-07-19 13:59 . 2010-07-19 13:59 -------- d-----w- c:\programdata\Norton
2010-07-19 13:59 . 2010-07-19 13:59 -------- d-----w- c:\program files\Norton Security Scan
2010-07-19 13:59 . 2010-07-19 13:59 -------- d-----w- c:\programdata\NortonInstaller
2010-07-19 13:59 . 2010-07-19 13:59 -------- d-----w- c:\program files\NortonInstaller
2010-07-18 12:24 . 2010-07-17 20:06 -------- d-----w- c:\users\Anders\AppData\Roaming\DivX
2010-07-17 20:08 . 2010-07-17 20:00 -------- d-----w- c:\programdata\DivX
2010-07-17 20:08 . 2010-07-17 20:08 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-17 20:07 . 2010-07-17 20:07 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-17 20:07 . 2010-07-17 20:07 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-17 20:07 . 2009-12-29 21:39 -------- d-----w- c:\program files\DivX
2010-07-17 20:07 . 2010-07-17 20:07 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-17 20:07 . 2010-07-17 20:07 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-17 20:00 . 2010-07-17 20:07 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-17 20:00 . 2010-07-17 20:07 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-28 20:57 . 2009-03-27 11:11 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-03-27 11:11 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-03-27 11:11 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-03-27 11:11 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-03-27 11:11 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2009-03-27 11:11 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-13 13:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 13:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-13 13:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-13 13:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-13 13:54 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-13 13:54 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-13 13:54 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-13 13:54 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-13 13:54 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-13 13:54 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-13 13:54 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-13 13:54 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-13 13:54 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-01 09:05 . 2008-12-25 11:57 116616 ----a-w- c:\users\Anders\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-27 20:08 . 2010-08-13 13:54 81920 ----a-w- c:\windows\system32\iccvid.dll
2009-02-12 18:31 . 2009-02-12 18:31 8 --sh--r- c:\windows\System32\90B197C536.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\System32\90B197C536.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 8
Created time: 2009-02-12 18:31
Modified time: 2009-02-12 18:31
MD5: 0641A46F1E58529A42EAD4573A3A0861
SHA1: 2FA91927668FB0B3A4DA32722825E15080CB5C21

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-25 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-17 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\Anders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4a,a6,6f,f4,dc,d7,ca,01

R2 gupdate1ca88cf60b876b0;Tjenesten Google Update (gupdate1ca88cf60b876b0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Indhold af mappen 'Planlagte Opgaver'

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:39]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:39]

2010-08-25 c:\windows\Tasks\Norton Security Scan for Anders.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-19 07:48]

2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{51328AA6-AB21-4BE7-9E7D-F849CA1BF4C6}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: danskebank.dk
Trusted Zone: dr.dk
TCP: {EA8E6B0E-6C04-4D3A-A2AD-24C470DDE077} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 19:49
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2010-08-25 19:57:17 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-08-25 17:57
ComboFix2.txt 2010-08-25 09:47

Pre-Kørsel: 115.447.328.768 byte ledig
Post-Kørsel: 115.438.571.520 byte ledig

- - End Of File - - 6614150F1E5D578FF0BEAF7443734D34

Anmeld misbrug

Skriv et svar | Skriv en kommentar

Skrevet tor. d. 26. august 2010 kl. 10:44:09| #4

sullep (5.590 point)

Vista bruger skal klikke med højre-musetast på HijackThis - vælg "Kør som administrator"
Kør Hijackthis, på menuen der kommer op, klikker du på: Do a system scan only.
Scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/ (...)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/ (...)

Skriv I Søg/Kør services.msc find de tjenester herunder >

Bonjour Service
Apple Mobile Device - Apple Inc
gusvc
iPod Service
ProtexisLicensing

Klik med højre Musetast på dem > Egenskaber > Ret "Starttype" til "Manuelt" > Anvend > OK.

Skriv i Søg/Kør msconfig > Fanen "Start" > Fjern flueben ved denne >

Google Desktop Search > Anvend > OK.

Find denne fil med fed skrift > c:\windows\System32\90B197C536.sys

Omdøb den til dette > 90B197C536.old

Brug dette link til at fjerne rester af norton.

http://pctricks.dk/ (...)

Download filen til din pc og kør den, følg vejledningen.

Hent CCleaner her:
http://www.filehippo.com/ (...)

Installer CCleaner, husk at fjern fluebenet udfor Yahoo Toolbar - ingen grund til at få det skrammel på.

Start > Fjern fluebenet ved cookies.

Klik på kør Cleaner og lad den fjerne hvad den finder. Kør et par gange eller til der ikke er mere og komme efter.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer. Kør et par gange, eller til der ikke er mere og komme efter.
Klik på OK, klik på Luk når den er færdig.
Genstart.

hent Security Check af screen317
http://screen317.spywareinfoforum.org/ (...)
Start den og følg instruktionerne.
Kopier loggen herind.

Hvordan kører din pc nu?

Anmeld misbrug

Skriv et svar | Skriv en kommentar

Skrevet tor. d. 26. august 2010 kl. 15:08:44| #5

Anders_Lie (3.585 point)

Må indrømme at jeg stadig synes at den kører langsomt, især internnet, er der andet jeg kan gøre?
Hvad med virus'en? Er den fjernet?

Her er Security Check-log'en:

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
TuneUp Companion 1.6.9
CCleaner
Java(TM) 6 Update 21
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 8.1.2 - Dansk
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Anmeld misbrug

Skriv et svar | Skriv en kommentar

Skrevet tor. d. 26. august 2010 kl. 17:30:16| #6

Svar

sullep (5.590 point)

Prøv og gå ind på denne test side - den vil kunne fortælle dig om det er den nyeste software du har installeret, og er det ikke tilfældet via link kunne sende dig til de sider hvor du kan hente opdateringerne

http://kundeservice.tdc.dk/ (...)

Du skal også opdater din "Adobe Reader" > Åbn "Adobe Reader" > Fanen "Hjælp" > "Kontroller for opdateringer"

Dine logs er rene

Klik på START derefter Kør
Skriv/kopier: Combofix /Uninstall i boxen, og klik OK.

Bemærk mellemrum mellem X og /U, det skal være der.

Ovennævnte procedure vil:
Slette følgende:
ComboFix og tilhørende filer og mapper.
Nulstille uret indstillinger.
Skjul filtypenavne, hvis det kræves.
Skjule System / Skjulte filer, hvis det kræves.

Du kan lige rydde op i systemgendannelsen, læs her hvordan.
Deaktiver systemgendannelsen - genstart og aktiver den igen.
http://www.ctrlaltdel.dk/ (...)

God fornøjelse

Anmeld misbrug

Skriv et svar | Skriv en kommentar

Log ind

Opret bruger | Glemt adgangskode

Seneste spørgsmål

Malware og website nede

Oprettet den 8. februar 2012 kl. 17.20

magnusf giver 30 point for svar | Giv et svar »

Ubrugelig, uønsket søgebjælke dukker op, når jeg åbner...

Oprettet den 4. februar 2012 kl. 16.54

fbrejl giver 60 point for svar | Giv et svar »

"security shield" har fucket min puter

Oprettet den 31. januar 2012 kl. 18.30

garfieldzx giver 30 point for svar | Giv et svar »

Seneste guides

Installer win 7

9. februar 2012 kl. 14.11 | Læs »

Installation af Apache2, PHP5, MySQL5, Phpmyadmin og...

8. februar 2012 kl. 20.05 | Læs »

Den hurtige og effektive metoder til at knække...

4. februar 2012 kl. 23.16 | Læs »

Guide til usb internet også kaldet mobilt bredbånd

4. februar 2012 kl. 22.33 | Læs »

Den gode bruger

30. januar 2012 kl. 04.45 | Læs »

Se alle guides »

Seneste nyheder

Måske snart slut med Androids helt store problem

10. februar 2012 kl. 13.40 | Læs »

Her er fem sjove danske websider du skal kende

10. februar 2012 kl. 13.31 | Læs »

NemId sprængt: Hackere bryder ind i Danske Bank

10. februar 2012 kl. 13.06 | Læs »

Danmark kigger langt efter musikbranchens guldkalv

10. februar 2012 kl. 12.20 | Læs »

Nu kan du snart hente Windows 8

10. februar 2012 kl. 11.41 | Læs »

Se alle nyheder »

Tips & Tricks fra PC World

Her er fem sjove danske websider du skal kende

Trænger dine lattermuskler til en omgang fitness på dansk? Vi viser vej til fem websider fyldt med humor og vanvittig satire.

Læs mere »

Anmeldelser fra PC World

Test: Denne super-tablet er iPads hårdeste konkurrent

Eee Pad Transformer Prime er frygtindgydende med sin quadcore processor og evne til at trylle sig om til bærbar. Apple bør kigge i bagspejlet, for Asus' tablet-pc kommer buldrende - og gør det...

Læs mere »

Seneste blogindlæg

Tvangslukke spørgsmål: Hvad er den bedste løsning?

Hej Vi har mange åbne spørgsmål på Eksperten. Vi ville gerne tvangslukke dem - så et spørgsmål efter f.eks. 6 måneder lukkes. Men der er et par uklarheder som ville være gode at få lidt input til:...

Læs mere »