Oprettet lør. d. 30. oktober 2010 kl. 15:40:19

200 point uddelt | 41 kommentarer
louisek
louisek (12.303 point. Point ude: 90)

Nieces computer i åndenød

Kære alle,

Jeg sidder med min nieces computer som er nææææsten død. Hun har rodet sig ud i en masse virus mv.

Når jeg starter computeren op er der ikke andet på skærmen end skrivebordets baggrundsbillede - ingen ikoner eller rammer eller startmenu. Jeg kan ikke højreklikke mig til en menu eller noget.

Jeg kan komme igennem til taskmanageren og derigennem få kontakt til internettet. Jeg har downloadet avast og spybot som har fundet og slettet en del ting.

... og en hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:32:56, on 30-10-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Melissa\Dokumenter\Hentede filer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0A6A344B-F48D-4175-9274-2CC1D0846480} - c:\windows\system32\dlo212.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmer\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmer\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmer\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avast5] "C:\Programmer\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Programmer\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmer\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [mediarealease70x700hh.exe] C:\Documents and Settings\Melissa\Application Data\8F7C6F19DF9055DA7C4FE342751D275F\mediarealease70x700hh.exe
O4 - HKCU\..\Run: [IJKUK66HMN] C:\DOCUME~1\Melissa\LOKALE~1\Temp\Sqq.exe
O4 - HKCU\..\Run: [COM+ Manager] "C:\Documents and Settings\Melissa\.COMMgr\complmgr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmer\Fælles filer\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmer\Fælles filer\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: SYSOGP32.0XE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/ (...)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://fubar.com/ (...)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ (...)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/ (...)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10085 bytes
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 30. oktober 2010 kl. 15:46:45| #1

f-arn
f-arn (18.550 point)
Hent "Malwarebytes' Anti-Malware" her

Eller her

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Hurtig skan" under fanebladet "skanner"
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her

ellerher

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet

NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 30. oktober 2010 kl. 15:47:54| #2

karise_larry
karise_larry (263.204 point)
www.ballade.dk
Der er også et par 'sjove' elementer... Derfor gennemfør denne 'pakke' så vidt muligt ->

---

Hent og instalér CCleaner http://www.ccleaner.com/ (...)
http://vistaguide.dk/ (...)
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/ (...)

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 30. oktober 2010 kl. 15:48:15| #3

Skrevet lør. d. 30. oktober 2010 kl. 15:48:23| #4

Skrevet lør. d. 30. oktober 2010 kl. 15:49:17| #5

Skrevet lør. d. 30. oktober 2010 kl. 16:10:02| #6

louisek
louisek (12.303 point)
malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4997

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30-10-2010 16:09:29
mbam-log-2010-10-30 (16-09-29).txt

Skanningstype: Hurtig skanning
Objekter skannet: 162795
Tid gået: 11 minut(ter), 19 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 10
Registreringsdatabaseværdier Inficeret: 6
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 2
Inficerede Filer: 13

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IJKUK66HMN (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\X3EKEPXJP2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ijkuk66hmn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediarealease70x700hh.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
C:\Programmer\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menuen Start\Programmer\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Documents and Settings\Melissa\.COMMgr\complmgr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Melissa\Menuen Start\Programmer\Start\SYSOGP32.0XE (Trojan.Bredolab) -> Quarantined and deleted successfully.
C:\Documents and Settings\Melissa\Lokale indstillinger\Temp\tmp_172447527.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Programmer\RelevantKnowledge\msvcp71.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmer\RelevantKnowledge\msvcr71.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmer\RelevantKnowledge\rlls64.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmer\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmer\RelevantKnowledge\rlvknlg64.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menuen Start\Programmer\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menuen Start\Programmer\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menuen Start\Programmer\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Melissa\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> Quarantined and deleted successfully.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 30. oktober 2010 kl. 16:19:51| #7

louisek
louisek (12.303 point)
DDS (Ver_10-10-21.02) - NTFSx86 
Run by Melissa at 16:10:56,90 on 30-10-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1022.493 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated)  {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Mozilla Firefox\plugin-container.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Melissa\Dokumenter\Hentede filer\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\programmer\vuze_remote\tbVuz1.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: : {0a6a344b-f48d-4175-9274-2cc1d0846480} - c:\windows\system32\dlo212.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\programmer\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programmer\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\programmer\vuze_remote\tbVuz1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programmer\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programmer\windows live\toolbar\wltcore.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\programmer\vuze_remote\tbVuz1.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\programmer\superantispyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "c:\programmer\windows live\messenger\msnmsgr.exe" /background
uRun: [Creative Live! Cam Manager] "c:\programmer\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [Skype] "c:\programmer\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\programmer\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NVRotateSysTray] rundll32.exe c:\windows\system32\nvsysrot.dll,Enable
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\programmer\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [fssui] "c:\programmer\windows live\family safety\fsui.exe" -autorun
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
mRun: [V0400Mon.exe] c:\windows\V0400Mon.exe
mRun: [DivXUpdate] "c:\programmer\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [avast5] "c:\programmer\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\programmer\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
mRunOnce: [SpybotSnD] "c:\programmer\spybot - search & destroy\SpybotSD.exe" /autocheck
mRunOnce: [Malwarebytes' Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [WUAppSetup] c:\programmer\fælles filer\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://fubar.com/js/ImageUploader/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fllesf~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\programmer\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmer\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\melissa\applic~1\mozilla\firefox\profiles\xoxacg3f.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\programmer\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\melissa\application data\mozilla\firefox\profiles\xoxacg3f.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\melissa\lokale indstillinger\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programmer\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programmer\microsoft\office live\npOLW.dll
FF - plugin: c:\programmer\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\programmer\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\programmer\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-30 165584]
R1 SASDIFSV;SASDIFSV;c:\programmer\superantispyware\SASDIFSV.SYS [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\superantispyware\SASKUTIL.SYS [2008-2-29 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-30 17744]
R2 avast! Antivirus;avast! Antivirus;c:\programmer\alwil software\avast5\AvastSvc.exe [2010-10-30 40384]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-20 54752]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\programmer\alwil software\avast5\AvastSvc.exe [2010-10-30 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\programmer\alwil software\avast5\AvastSvc.exe [2010-10-30 40384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-30 38224]
S0 wlihvkc;wlihvkc;c:\windows\system32\drivers\wlihvkc.sys [2010-10-20 842240]
S2 bsczbyri;USB to IEEE-1284.4 Translation  HPZius12Controller;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 pujpuh;System Support;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 ADM8511;ADMtek ADM8511/AN986 USB til Fast Ethernet-converter;c:\windows\system32\drivers\adm8511.sys [2009-2-9 20160]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmer\lavalys\everest ultimate edition\kerneld.wnt [2009-1-30 23152]
S3 F5D5055;Belkin F5D5055 Gigabit USB 2.0 Network Adapter;c:\windows\system32\drivers\F5D5055.sys [2009-6-24 30336]
S3 fsssvc;Windows Live-tjenesten Family Safety;c:\programmer\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SASENUM;SASENUM;c:\programmer\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SVRPEDRV;SVRPEDRV;c:\docume~1\n\lokale~1\temp\rarsfx0\s10vwf\PEDrv.sys [2009-1-30 6656]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-9-29 32000]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2010-2-8 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2010-2-8 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2010-2-8 166720]
SUnknown SPService;SPService; [x]

=============== Created Last 30 ================

2010-10-30 13:48:48    --------    d-----w-    c:\docume~1\melissa\applic~1\Malwarebytes
2010-10-30 13:48:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 13:48:38    --------    d-----w-    c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-30 13:48:37    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-10-30 13:48:37    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-10-30 11:05:01    --------    d-----w-    c:\docume~1\alluse~1\applic~1\F-Secure
2010-10-30 08:07:16    --------    d-----w-    c:\docume~1\melissa\applic~1\Office Genuine Advantage
2010-10-29 22:28:13    28880    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2010-10-29 22:27:55    38848    ----a-w-    c:\windows\avastSS.scr
2010-10-29 22:27:30    --------    d-----w-    c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-29 21:29:18    --------    d-----w-    c:\docume~1\alluse~1\applic~1\MFAData
2010-10-29 18:05:51    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2010-10-29 18:05:51    --------    d-----w-    c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-20 15:06:33    0    ----a-w-    c:\windows\system32\dlo212.tmp
2010-10-20 15:05:53    --------    d-sh--w-    c:\documents and settings\melissa\IECompatCache
2010-10-20 08:40:59    --------    d-sh--w-    c:\documents and settings\melissa\.COMMgr
2010-10-20 08:40:09    196    ----a-w-    c:\docume~1\melissa\applic~1\24679.bat
2010-10-20 08:39:42    842240    ----a-w-    c:\windows\system32\drivers\wlihvkc.sys
2010-10-20 08:38:48    --------    d-----w-    c:\docume~1\melissa\applic~1\8F7C6F19DF9055DA7C4FE342751D275F

==================== Find3M  ====================

2010-09-18 10:23:40    974848    ----a-w-    c:\windows\system32\mfc42u.dll
2010-09-18 06:53:39    974848    ----a-w-    c:\windows\system32\mfc42.dll
2010-09-18 06:53:39    953856    ----a-w-    c:\windows\system32\mfc40u.dll
2010-09-18 06:53:38    954368    ----a-w-    c:\windows\system32\mfc40.dll
2010-09-10 05:51:36    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-09-10 05:51:33    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2010-09-10 05:51:33    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2010-09-01 11:52:04    285824    ----a-w-    c:\windows\system32\atmfd.dll
2010-09-01 07:57:39    1852800    ----a-w-    c:\windows\system32\win32k.sys
2010-08-27 08:03:32    119808    ----a-w-    c:\windows\system32\t2embed.dll
2010-08-27 05:53:18    99840    ----a-w-    c:\windows\system32\srvsvc.dll
2010-08-27 01:43:50    5120    ----a-w-    c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:33    617472    ----a-w-    c:\windows\system32\comctl32.dll
2010-08-17 13:17:06    58880    ----a-w-    c:\windows\system32\spoolsv.exe
2010-08-16 08:45:02    590848    ----a-w-    c:\windows\system32\rpcrt4.dll

============= FINISH: 16:12:41,31 ===============
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 30. oktober 2010 kl. 16:35:07| #8

f-arn
f-arn (18.550 point)
Vil du godt (midlertidigt) afinstallere Spybot - Search & Destroy. Den gør det meget vanskeligt at få ComboFix til at virke.

------

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/ (...)

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/ (...)

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 30. oktober 2010 kl. 16:43:37| #9

louisek
louisek (12.303 point)
Frisk Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:42:25, on 30-10-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Melissa\Dokumenter\Hentede filer\HijackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0A6A344B-F48D-4175-9274-2CC1D0846480} - c:\windows\system32\dlo212.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmer\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmer\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmer\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avast5] "C:\Programmer\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Programmer\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmer\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmer\Fælles filer\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmer\Fælles filer\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/ (...)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://fubar.com/ (...)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ (...)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/ (...)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10019 bytes
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 30. oktober 2010 kl. 17:39:26| #10

louisek
louisek (12.303 point)
@ f-arn

Jeg ved ikke hvordan jeg kan afinstallere spybot når jeg alene har adgang til computeren via min taskmanager
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 30. oktober 2010 kl. 17:55:51| #11

f-arn
f-arn (18.550 point)
Under filer -> Ny Opgave (kør...)
appwiz.cpl
Klik OK.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 31. oktober 2010 kl. 00:48:50| #12

louisek
louisek (12.303 point)
Hvordan kommer jeg til skrivebordet fra taskmanageren?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 31. oktober 2010 kl. 09:55:33| #13

louisek
louisek (12.303 point)
... og hvordan får jeg den normale opstart til skrivebordet tilbage? :o)
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 31. oktober 2010 kl. 10:12:19| #14

f-arn
f-arn (18.550 point)
Når du i "job liste" har skrevet "Explorer.Exe" bør du ha' et normalt Skrivebord.

Derefter vil jeg lave et Rsgfix.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 31. oktober 2010 kl. 10:23:34| #15

louisek
louisek (12.303 point)
explorer.exe ->

"windows kunne ikke få adgang til den navngivne enhed, sti eller fil. Du har muligvis ikke de nødvendige rettigheder til at få adgang til elementet"

øv

... hvordan laver jeg et rgsfix?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 31. oktober 2010 kl. 14:06:50| #16

f-arn
f-arn (18.550 point)
Hent Swandog46' Avenger2 her:
http://swandog46.geekstogo.com/ (...)

Pak Avenger-programmet ud og dobbeltklik på avenger.exe. Nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------

Drivers to delete:
wlihvkc
Files to delete:
c:\windows\system32\drivers\wlihvkc.sys

-----------------------------

Klik på knappen Execute. Følg vejledningen og svar ja på spørgsmålene - programmet vil opfordre dig til at genstarte computeren, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den skal du kopiere herind i forum i dit næste svar.  Log'en kan også findes her: C:\avenger.txt.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 31. oktober 2010 kl. 20:37:51| #17

louisek
louisek (12.303 point)
Kære f-arn ... her er logfilen:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "wlihvkc" deleted successfully.
File "c:\windows\system32\drivers\wlihvkc.sys" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 01. november 2010 kl. 18:02:06| #18

louisek
louisek (12.303 point)
... jeg har stadig ingen desktop ... men det lader umiddelbart til at jeg er sluppet af med div virus heriblandt antimalware doctor og thinkpoint
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 01. november 2010 kl. 21:09:16| #19

f-arn
f-arn (18.550 point)
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 01. november 2010 kl. 21:25:19| #20

f-arn
f-arn (18.550 point)
Det der atåer ovenoner skal kopieres og gemmes som [regfix.reg]
Kør den, og si' ja til at flette.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 01. november 2010 kl. 21:29:01| #21

louisek
louisek (12.303 point)
skal det kopieres ind i en notepad fil?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 01. november 2010 kl. 21:47:31| #22

f-arn
f-arn (18.550 point)
Ja, og gemmes som regfix.reg
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet man. d. 01. november 2010 kl. 23:50:49| #23

louisek
louisek (12.303 point)
... nix ... stadig ingen adgang til explorer ... jeg får den samme besked som tidligere.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet tir. d. 02. november 2010 kl. 10:54:02| #24

f-arn
f-arn (18.550 point)
1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/ (...)
http://images.malwareremoval.com/ (...) (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

[]:filefind
Exwplorer.exe[/]

3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet tir. d. 02. november 2010 kl. 19:27:49| #25

louisek
louisek (12.303 point)
jeg går ud fra at den tekst der skal sættes ind i vinduet er:

:filefind
Explorer.exe


... uden w? er det rigtigt?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet tir. d. 02. november 2010 kl. 19:28:43| #26

louisek
louisek (12.303 point)
SystemLook 04.09.10 by jpshortstuff
Log created at 19:28 on 02/11/2010 by Melissa
Administrator - Elevation successful

========== filefind ==========

Searching for "Explorer.exe"
C:\WINDOWS\explorer.exe    --a---- 1034752 bytes    [07:05 14/04/2008]    [07:05 14/04/2008] (Unable to calculate MD5)

-= EOF =-
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet tir. d. 02. november 2010 kl. 22:30:06| #27

louisek
louisek (12.303 point)
Jeg kan godt finde explorer.exe ved at trykke "nyt job" fra taskmanageren, men den dialogboks med rettighederne kommer frem:

"windows kunne ikke få adgang til den navngivne enhed, sti eller fil. Du har muligvis ikke de nødvendige rettigheder til at få adgang til elementet"
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet ons. d. 03. november 2010 kl. 13:23:31| #28

f-arn
f-arn (18.550 point)
Har du en Windows CD ?

Glem Spybot lige nu og kør ComboFix.

------

Hent og gem ComboFix på dit skrivebord:

http://download.bleepingcomputer.com/ (...)

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/ (...)

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet ons. d. 03. november 2010 kl. 19:43:07| #29

louisek
louisek (12.303 point)
ComboFix 10-11-02.06 - Melissa 03-11-2010  19:14:12.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1022.743 [GMT 1:00]
Kører fra: C:\Documents and Settings\Melissa\Skrivebord\ComboFix.exe
Kommandoer benyttet :: C:\Documents and Settings\Melissa\Skrivebord\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet ons. d. 03. november 2010 kl. 22:37:52| #30

louisek
louisek (12.303 point)
så fik jeg vist det hele med :o) .....



ComboFix 10-11-02.06 - Melissa 03-11-2010  22:26:55.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1022.654 [GMT 1:00]
Kører fra: c:\documents and settings\Melissa\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Melissa\Skrivebord\CFScript.txt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige Kørsel -------
.
c:\documents and settings\All Users\Dokumenter\Server\admin.txt
c:\documents and settings\All Users\Dokumenter\Server\server.dat
c:\documents and settings\Melissa\Application Data\8F7C6F19DF9055DA7C4FE342751D275F\enemies-names.txt
c:\documents and settings\Melissa\Application Data\8F7C6F19DF9055DA7C4FE342751D275F\local.ini
c:\documents and settings\Melissa\Application Data\8F7C6F19DF9055DA7C4FE342751D275F\lsrslt.ini
c:\documents and settings\Melissa\Application Data\completescan
c:\documents and settings\Melissa\Application Data\install
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\ptxmlmce.sys

c:\windows\explorer.exe . . . er inficeret!!

c:\windows\system32\winlogon.exe . . . er inficeret!!

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


(((((((((((((((((((((((((((((  Filer skabt fra 2010-10-03 til 2010-11-03  )))))))))))))))))))))))))))))))))))
.

2010-11-03 21:19 . 2010-11-03 21:19    --------    d-----w-    c:\programmer\Fælles filer\Java
2010-11-03 21:18 . 2010-09-15 03:50    472808    ----a-w-    c:\programmer\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-03 21:18 . 2010-09-15 03:50    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2010-11-03 20:16 . 2010-11-03 20:16    --------    d-----w-    c:\documents and settings\Melissa\Application Data\AVG10
2010-11-03 20:15 . 2010-11-03 20:15    --------    d--h--w-    c:\documents and settings\All Users\Application Data\Common Files
2010-11-03 20:13 . 2010-11-03 21:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG10
2010-11-03 20:12 . 2010-11-03 20:12    --------    d-----w-    c:\programmer\AVG
2010-10-31 19:27 . 2010-10-31 19:27    --------    d-----w-    c:\documents and settings\Melissa\Application Data\PeaZip
2010-10-31 19:27 . 2010-10-31 19:27    --------    d-----w-    c:\programmer\PeaZip
2010-10-30 14:22 . 2010-10-30 14:22    --------    d-----w-    c:\programmer\CCleaner
2010-10-30 13:48 . 2010-10-30 13:48    --------    d-----w-    c:\documents and settings\Melissa\Application Data\Malwarebytes
2010-10-30 13:48 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 13:48 . 2010-10-30 13:48    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-30 13:48 . 2010-10-30 13:48    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-10-30 13:48 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-10-30 11:05 . 2010-10-30 11:05    --------    d-----w-    c:\documents and settings\All Users\Application Data\F-Secure
2010-10-30 08:07 . 2010-10-30 08:07    --------    d-----w-    c:\documents and settings\Melissa\Application Data\Office Genuine Advantage
2010-10-30 08:04 . 2010-10-30 08:04    --------    d-----w-    c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-10-29 22:27 . 2010-10-29 22:27    --------    d-----w-    c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-29 21:29 . 2010-11-03 20:12    --------    d-----w-    c:\documents and settings\All Users\Application Data\MFAData
2010-10-29 18:05 . 2010-10-30 16:19    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2010-10-29 18:05 . 2010-10-30 16:19    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-20 15:56 . 2010-10-20 15:56    --------    d-----r-    c:\documents and settings\NetworkService\Foretrukne
2010-10-20 15:06 . 2010-10-20 15:06    0    ----a-w-    c:\windows\system32\dlo212.tmp
2010-10-20 15:05 . 2010-10-20 15:05    --------    d-sh--w-    c:\documents and settings\Melissa\IECompatCache
2010-10-20 14:42 . 2010-10-20 14:42    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
2010-10-20 08:40 . 2010-10-20 08:40    196    ----a-w-    c:\documents and settings\Melissa\Application Data\24679.bat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2007-04-02 18:14    974848    ----a-w-    c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 07:05    974848    ----a-w-    c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 07:05    953856    ----a-w-    c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-10-09 12:00    954368    ----a-w-    c:\windows\system32\mfc40.dll
2010-09-15 01:29 . 2009-09-04 15:26    73728    ----a-w-    c:\windows\system32\javacpl.cpl
2010-09-10 05:51 . 2008-04-14 07:05    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-09-10 05:51 . 2008-04-14 07:06    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2010-09-10 05:51 . 2008-04-14 07:05    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2010-09-01 11:52 . 2008-04-14 07:03    285824    ----a-w-    c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 06:38    1852800    ----a-w-    c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 07:05    119808    ----a-w-    c:\windows\system32\t2embed.dll
2010-08-27 05:53 . 2008-04-14 07:05    99840    ----a-w-    c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25    5120    ----a-w-    c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-13 10:15    357248    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-04-14 07:05    617472    ----a-w-    c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 07:06    58880    ----a-w-    c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 07:05    590848    ----a-w-    c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

  • 2008-04-14 . 026612781A4599A2355F8C0DDC44C706 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

  • 2008-04-14 . 1B926C0405A89FC158B56D52D8D8BA47 . 1034752 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programmer\Vuze_Remote\tbVuz1.dll" [2010-09-10 2735200]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-09-10 16:50    2735200    ----a-w-    c:\programmer\Vuze_Remote\tbVuz1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programmer\Vuze_Remote\tbVuz1.dll" [2010-09-10 2735200]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\programmer\Vuze_Remote\tbVuz1.dll" [2010-09-10 2735200]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Creative Live! Cam Manager"="c:\programmer\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-04 7340032]
"nwiz"="nwiz.exe" [2005-12-04 1519616]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2005-12-04 49152]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"fssui"="c:\programmer\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-05-14 248552]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-06-04 32768]
"DivXUpdate"="c:\programmer\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\programmer\Fælles filer\logishrd\WUApp32.exe" [2007-02-03 430080]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5950:TCP"= 5950:TCP:spport
"5603:TCP"= 5603:TCP:zpgpl

S2 bsczbyri;USB to IEEE-1284.4 Translation  HPZius12Controller;c:\windows\System32\svchost.exe -k netsvcs [14-04-2008 08:06 14336]
S2 pujpuh;System Support;c:\windows\system32\svchost.exe -k netsvcs [14-04-2008 08:06 14336]
S3 ADM8511;ADMtek ADM8511/AN986 USB til Fast Ethernet-converter;c:\windows\system32\drivers\adm8511.sys [09-02-2009 18:31 20160]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmer\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [30-01-2009 18:02 23152]
S3 F5D5055;Belkin F5D5055 Gigabit USB 2.0 Network Adapter;c:\windows\system32\drivers\F5D5055.sys [24-06-2009 20:38 30336]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\N\LOKALE~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\N\LOKALE~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [29-09-2008 17:44 32000]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [08-02-2010 17:02 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [08-02-2010 17:02 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [08-02-2010 17:02 166720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
bsczbyri
pujpuh
.
Indhold af mappen 'Planlagte Opgaver'

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-11-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Yderligere scanning -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://fubar.com/js/ImageUploader/ImageUploader6.cab
FF - ProfilePath - c:\documents and settings\Melissa\Application Data\Mozilla\Firefox\Profiles\xoxacg3f.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\programmer\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Melissa\Lokale indstillinger\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\programmer\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmer\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{0A6A344B-F48D-4175-9274-2CC1D0846480} - c:\windows\system32\dlo212.dll
HKLM-Run-Tvs - c:\program files\Toshiba\Tvs\TvsTray.exe
AddRemove-Musicnotes Combined Installer_is1 - c:\programmer\Musicnotes\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\programmer\DivX\DivXCodecUninstall.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Melissa\Lokale indstillinger\Application Data\Unity\WebPlayer\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-03 22:33
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programmer\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pujpuh]
"ServiceDll"="c:\windows\system32\qznebvm.dll"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(208)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSDA.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\programmer\iPod\bin\iPodService.exe
c:\programmer\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Gennemført tid: 2010-11-03  22:36:16 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-11-03 21:36

Pre-Kørsel: 15.460.151.296 byte ledig
Post-Kørsel: 15.436.861.440 byte ledig

- - End Of File - - 883757E7BAACA7BB6C755D5FB575BB5C
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet ons. d. 03. november 2010 kl. 22:43:17| #31

louisek
louisek (12.303 point)
... og desktoppen er tilbage :o)

... du styrer!!! tusind tak for hjælpen!!!!!
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet tor. d. 04. november 2010 kl. 16:48:17| #32

f-arn
f-arn (18.550 point)
Har du en Windows CD ?

Vi skal ha' erstattet to Windows filer der er inficeret.

Hvad er det for en PC ?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet tor. d. 04. november 2010 kl. 22:16:47| #33

louisek
louisek (12.303 point)
Nej ingen CD -
det er en Toshiba Sattelite A100-301
Model no PSAA9E-0PR043N5
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet fre. d. 05. november 2010 kl. 12:05:56| #34

f-arn
f-arn (18.550 point)
Har du eventuelt mulighed for at låne en Windows XP Professional CD ?

Inden vi prøver at finde erstatninger, vil jeg gerne ha' du gør dette.

------

Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe.

Kør TDSSKiller.exe -> Klik på "Start Scan"

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind I denne tråd.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 14. november 2010 kl. 01:04:15| #35

louisek
louisek (12.303 point)
jeg har fået fat i en cd nu ... skal jeg stadig gøre det du skrev i indlæg #34 ?
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 14. november 2010 kl. 01:24:40| #36

f-arn
f-arn (18.550 point)
Kort svar, ja  :)
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet søn. d. 14. november 2010 kl. 19:23:28| #37

louisek
louisek (12.303 point)
2010/11/14 19:17:01.0125    TDSS rootkit removing tool 2.4.7.0 Nov  8 2010 10:52:22
2010/11/14 19:17:01.0125    ================================================================================
2010/11/14 19:17:01.0125    SystemInfo:
2010/11/14 19:17:01.0125   
2010/11/14 19:17:01.0125    OS Version: 5.1.2600 ServicePack: 3.0
2010/11/14 19:17:01.0125    Product type: Workstation
2010/11/14 19:17:01.0125    ComputerName: MELISSA-F46FC52
2010/11/14 19:17:01.0125    UserName: Melissa
2010/11/14 19:17:01.0125    Windows directory: C:\WINDOWS
2010/11/14 19:17:01.0125    System windows directory: C:\WINDOWS
2010/11/14 19:17:01.0125    Processor architecture: Intel x86
2010/11/14 19:17:01.0125    Number of processors: 2
2010/11/14 19:17:01.0125    Page size: 0x1000
2010/11/14 19:17:01.0125    Boot type: Normal boot
2010/11/14 19:17:01.0125    ================================================================================
2010/11/14 19:17:01.0390    Initialize success
2010/11/14 19:17:07.0500    ================================================================================
2010/11/14 19:17:07.0500    Scan started
2010/11/14 19:17:07.0500    Mode: Manual;
2010/11/14 19:17:07.0500    ================================================================================
2010/11/14 19:17:08.0687    ACPI            (991b6d6fe2a4d70caf76c41334e60926) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/14 19:17:08.0859    ACPIEC          (6f99fe216de8c4875dbb12937620da0c) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/14 19:17:09.0187    ADM8511        (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
2010/11/14 19:17:09.0593    aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/14 19:17:09.0812    AFD            (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/14 19:17:10.0828    Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/14 19:17:11.0484    AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/14 19:17:11.0703    atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/14 19:17:11.0859    Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/14 19:17:11.0921    audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/14 19:17:12.0031    AVGIDSDriver    (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/14 19:17:12.0093    AVGIDSEH        (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/11/14 19:17:12.0109    AVGIDSFilter    (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/14 19:17:12.0125    AVGIDSShim      (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/11/14 19:17:12.0187    Avgldx86        (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/11/14 19:17:12.0234    Avgmfx86        (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/11/14 19:17:12.0265    Avgrkx86        (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/11/14 19:17:12.0328    Avgtdix        (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/11/14 19:17:12.0437    Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/14 19:17:12.0578    CamDrL          (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
2010/11/14 19:17:12.0750    cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/14 19:17:12.0796    CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/14 19:17:12.0859    Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/14 19:17:12.0906    Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/14 19:17:12.0984    Cdr4_xp        (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/11/14 19:17:13.0078    Cdralw2k        (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/11/14 19:17:13.0125    Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/14 19:17:13.0203    CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/14 19:17:13.0281    Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/14 19:17:13.0421    Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/14 19:17:13.0546    dmboot          (8a3088f97b2caa3340bbb068f314e596) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/14 19:17:13.0625    dmio            (6d152a2781ffbd6a63a1e58801240e8e) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/14 19:17:13.0640    dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/14 19:17:13.0687    DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/14 19:17:13.0765    drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/14 19:17:13.0796    E100B          (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/14 19:17:14.0000    F5D5055        (59d783ff1b4ed5b39bfc3c3b7376e7f0) C:\WINDOWS\system32\DRIVERS\F5D5055.sys
2010/11/14 19:17:14.0046    Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/14 19:17:14.0078    Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/14 19:17:14.0109    Fips            (bb52a20854cf3e8e0474ee7167c7a3a5) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/14 19:17:14.0125    Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/14 19:17:14.0187    FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/14 19:17:14.0234    fssfltr        (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/11/14 19:17:14.0343    Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/14 19:17:14.0390    Ftdisk          (0a58505b5d0aba661d2ff59cd8cf79b9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/14 19:17:14.0453    GEARAspiWDM    (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/11/14 19:17:14.0500    Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/14 19:17:14.0546    HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/14 19:17:14.0687    HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/14 19:17:14.0781    HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/14 19:17:14.0828    HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/14 19:17:14.0843    HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/14 19:17:14.0906    HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/14 19:17:15.0109    i8042prt        (42f890598efb480076558ca3cc151107) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/14 19:17:15.0187    Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/14 19:17:15.0453    IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/14 19:17:15.0640    intelppm        (d1cd31b6cd4a99f3b82aec84cfdd4cba) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/14 19:17:15.0687    Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/14 19:17:15.0734    IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/14 19:17:15.0750    IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/14 19:17:15.0796    IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/14 19:17:15.0968    IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/14 19:17:16.0015    IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/14 19:17:16.0062    isapnp          (3ce6ec5903c59223b61f6a0b9b84b022) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/14 19:17:16.0093    Kbdclass        (32e823dfd0a7f18cf3b024f78c7aa7dd) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/14 19:17:16.0140    kbdhid          (530d40f58095397b6b8aa5a0fdd074a5) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/14 19:17:16.0281    kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/14 19:17:16.0343    KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/14 19:17:16.0453    LVUSBSta        (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/11/14 19:17:16.0484    mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/14 19:17:16.0546    Modem          (67ac997db66fdfd07738df58b45cd1b9) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/14 19:17:16.0718    Mouclass        (22774a2ab832972eca2ce227819f5af0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/14 19:17:16.0781    mouhid          (39f0a46109b167707018e8889d5fec93) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/14 19:17:16.0812    MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/14 19:17:16.0906    MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/14 19:17:17.0015    MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/14 19:17:17.0171    Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/14 19:17:17.0281    MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/14 19:17:17.0328    MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/14 19:17:17.0375    MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/14 19:17:17.0468    mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/14 19:17:17.0531    MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/14 19:17:17.0562    Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/14 19:17:17.0609    NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/14 19:17:17.0640    NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/14 19:17:17.0671    NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/14 19:17:17.0703    NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/14 19:17:17.0828    Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/14 19:17:17.0859    NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/14 19:17:17.0906    NDProxy        (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/14 19:17:17.0937    NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/14 19:17:17.0968    NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/14 19:17:18.0218    NETw4x32        (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2010/11/14 19:17:18.0375    NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/14 19:17:18.0421    Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/14 19:17:18.0484    Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/14 19:17:18.0562    Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/14 19:17:18.0796    nv              (7d504e6fd9a69efd4bc8f8f4db66a01b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/14 19:17:18.0968    NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/14 19:17:19.0000    NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/14 19:17:19.0046    ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/14 19:17:19.0109    Parport        (9e048790f33fe5f4fa9d27b5650a1dd5) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/14 19:17:19.0140    PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/14 19:17:19.0187    ParVdm          (48e97af5b876301131e9d1b0c43212c3) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/14 19:17:19.0281    PCI            (5d756da95bd1e2f6e495704715532fdc) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/14 19:17:19.0359    PCIIde          (69ce0d409c11347196147ea4c6c02364) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/14 19:17:19.0390    Pcmcia          (e980b6d0ca6acba679a0ac810ab9a57c) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/14 19:17:19.0531    PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/14 19:17:19.0546    PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/14 19:17:19.0593    Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/14 19:17:19.0593    Suspicious service (NoAccess): pujpuh
2010/11/14 19:17:19.0640    PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/14 19:17:19.0765    RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/14 19:17:19.0859    Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/14 19:17:19.0890    RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/14 19:17:19.0906    Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/14 19:17:19.0921    Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/14 19:17:19.0984    RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/14 19:17:20.0015    rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/14 19:17:20.0125    RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/14 19:17:20.0203    redbook        (d2ea9dae9a9f1bf40c0ea1d1d7c5592c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/14 19:17:20.0281    sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/14 19:17:20.0312    Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/14 19:17:20.0359    Serial          (680ed46039ebd4c23eb708f1af6b9e5d) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/14 19:17:20.0390    Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/14 19:17:20.0625    SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/14 19:17:20.0703    splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/14 19:17:20.0765    sr              (b3ecb8b07f7991132c71c1b16a82ffe3) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/14 19:17:20.0828    Srv            (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/14 19:17:20.0984    streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/14 19:17:21.0109    swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/14 19:17:21.0156    swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/14 19:17:21.0343    sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/14 19:17:21.0421    Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/14 19:17:21.0484    TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/14 19:17:21.0562    TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/14 19:17:21.0625    TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/14 19:17:21.0703    tifm21          (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2010/11/14 19:17:21.0765    TVICHW32        (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2010/11/14 19:17:21.0812    Tvs            (558aff1d1ca5d88497ddc0129af2f7c0) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2010/11/14 19:17:21.0921    Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/14 19:17:22.0218    Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/14 19:17:22.0453    USBAAPL        (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/14 19:17:22.0703    usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/14 19:17:22.0859    usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/14 19:17:23.0000    usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/14 19:17:23.0265    usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/14 19:17:23.0468    usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/14 19:17:23.0875    usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/14 19:17:24.0000    USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/14 19:17:24.0062    usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/14 19:17:24.0156    VF0400Afx      (e8532ccc886588219bceb3ea6f9f5339) C:\WINDOWS\system32\Drivers\V0400Afx.sys
2010/11/14 19:17:24.0218    VF0400Vfx      (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\V0400VFx.sys
2010/11/14 19:17:24.0265    VF0400Vid      (53b99223a4d7c958fb82f6c989e9d98f) C:\WINDOWS\system32\DRIVERS\V0400Vid.sys
2010/11/14 19:17:24.0375    VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/14 19:17:24.0453    VolSnap        (69d9e1de5f897580f8b1d1957528b0b2) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/14 19:17:24.0593    Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/14 19:17:24.0640    wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/14 19:17:24.0734    WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/14 19:17:24.0781    xnacc          (a668f64fe42b3b0d8d87ecad14963b00) C:\WINDOWS\system32\DRIVERS\xnacc.sys
2010/11/14 19:17:25.0015    ================================================================================
2010/11/14 19:17:25.0015    Scan finished
2010/11/14 19:17:25.0015    ================================================================================
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet ons. d. 17. november 2010 kl. 08:10:04| #38

f-arn
f-arn (18.550 point)
Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
Filelook::
c:\windows\system32\drivers\V0400Afx.sys
Folder::
c:\programmer\Vuze_Remote
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
Driver::
bsczbyri
pujpuh
Mia::
c:\windows\system32\winlogon.exe
c:\windows\explorer.exe
SRPeek::
c:\windows\system32\winlogon.exe
c:\windows\explorer.exe

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/ (...)

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet lør. d. 04. december 2010 kl. 14:37:50| #39

karise_larry
karise_larry (263.204 point)
www.ballade.dk
<f-arn>: Pls. GoSub http://www.eksperten.dk/ (...) (Du har jo ikke oprettet kontaktinfo i din profil?)
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet ons. d. 29. juni 2011 kl. 16:14:48| #40

louisek
louisek (12.303 point)
f-arn - vil du ikke melde ind med et svar - så får du dine points
Anmeld misbrug
Skriv et svar | Skriv en kommentar

Skrevet ons. d. 29. juni 2011 kl. 16:41:50| #41

Accepteret svar!200 point tildelt

Skriv et indlæg




Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] [img]link til billede[/img]
Web- og emailadresser omdannes automatisk til links
Se preview
Opret

Log ind

   
Opret bruger | Glemt adgangskode
   

Seneste spørgsmål

har jeg fået virus

Oprettet den 25. maj 2012 kl. 13.22
moabou88 giver 60 point for svar | Giv et svar »

AVG + Opdatering ...

Oprettet den 21. maj 2012 kl. 21.09
Ikke-ekspert giver 60 point for svar | Giv et svar »

Smart fortress - har jeg mon fået ryddet op

Oprettet den 21. maj 2012 kl. 19.35
ravnk giver 30 point for svar | Giv et svar »

Seneste guides

Hjælp til opsætning af IP-cam samt alm. netværks...
22. maj 2012 kl. 00.07 | Læs »
See Kessler vs. Green fight in your living room on pc
19. maj 2012 kl. 21.11 | Læs »
Ny god bærbar til tunge programmer
17. maj 2012 kl. 17.23 | Læs »
PSA-diagnosticering og -fejlkoder (Pre-Boot System...
9. maj 2012 kl. 11.12 | Læs »
Dell pc-diagnosticering - Problemer med din Dell...
7. maj 2012 kl. 14.38 | Læs »
   

Seneste nyheder

Galleri: De fedeste håndholdte gennem 40 år
25. maj 2012 kl. 16.04 | Læs »
Min Mac er under angreb - Apple skal tage det alvorligt
25. maj 2012 kl. 14.30 | Læs »
Landmænd låst fast til konkursramt bredbånds-firma
25. maj 2012 kl. 14.04 | Læs »
Her er din næste digitale gadget: En "Phablet"
25. maj 2012 kl. 13.40 | Læs »
Læserne: Her er vores værste it-indkøb
25. maj 2012 kl. 13.31 | Læs »

Tips & Tricks fra PC World

Teaser billede

Læserne: Her er vores værste it-indkøb

Det er ikke al it-udstyr, som er det rene guld. Her er nogle af læsernes skrækhistorier.

Læs mere »

Anmeldelser fra PC World

Teaser billede

Test: Mobil med Ferrari-design - og en Trabant-motor

Motorola har begået endnu en smartphone med lækkert design og potentiale til at være blandt de bedste. Men den når ikke i mål. Se her hvorfor.

Læs mere »

Seneste blogindlæg

Teaser billede

Tvangslukke spørgsmål: Hvad er den bedste løsning?

Hej Vi har mange åbne spørgsmål på Eksperten. Vi ville gerne tvangslukke dem - så et spørgsmål efter f.eks. 6 måneder lukkes. Men der er et par uklarheder som ville være gode at få lidt input til:...

Læs mere »

Nyheder fra PC World

Teaser billede

Sådan siger du farvel til Facebook

Læs her, hvordan du dropper Facebook og i stedet anvender nogle brugervenlige alternativer, så du stadig kan være social på nettet.

Læs mere »

Nyheder fra Computerworld

Teaser billede

Galleri: De fedeste håndholdte gennem 40 år

Her har du de mest banebrydende håndholdte computere gennem alle tider.

Læs mere »

Kurser
Visio 2007 Udvidet
Lær at bruge Office 2010 - kursus i opgradering til 2010 versionen
Securing Cisco Routers and Switches
iPhone programmering - lav din egen app.
Microsoft SharePoint 2010 Udvidet
Microsoft SharePoint 2010 Application Development Kursusnr.: 10175
JavaScript Grundlæggende kursus
Excel for nørder
Opgradering til MS Office 2010 (dette er en 3 timers gennemgang af nyhederne)
Deploying, Configuring, and Administering Microsoft Lync Server 2010 Kursusnr.: 10533 afholdes i Kbh
Alle kurser »
Samarbejdspartnere
Ferienhäuser in Dänemark.
Webhotel
Digital TV fra Viasat
VM fodbold
Udgiver · © 2012 IDG Danmark A/S · Hørkær 18 · 2730 Herlev · Tlf.: 77 300 300 · Fax: 77 300 301 · Brug af personoplysninger