Virus: Trojan.Win32.Jorik.Fraud.un(v)

Hent "Malwarebytes' Anti-Malware" her

eller her

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Hurtig skan" under fanebladet "skanner"
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med logs fra DDS som du finder her

eller her

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af begge  herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet.

Mht.: Vista og Windows 7 - højreklik på filen - Kør som Administrator.

NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.

Tak for svaret! Et par afklarende spørgsmål:

1) Hvordan sender jeg loggen herind? (Jeg er helt ny bruger her på siden.)

2) Hvorfor skal jeg sende loggen herind?

Mens loggen er åben, markeres al teksten med tastekombinationen CTRL + A.
For at kopiere den markerede tekst bruges tastekombinationen CTRL + C, som "fastgør" det i udklipsholderen i Windows. Gå så ind i dit spørgsmål.  Her indsættes det kopierede i det hvide felt med tastekombinationen CTRL + V.

Hvis du ikke kopierer det ind, kan vi ikke se hvad der sker på PCen!

Okay, sådan! Så når jeg har kopieret loggen ind, så er der en herinde, som giver mig feedback på, hvad jeg så skal gøre?

Ja :-)

Hej igen,

Nu har jeg kørt både Malvarebytes og DDS og har fået nedenstående tre log-filer; én fra Malvarebytes og to fra DDS.

Endvidere har jeg genstartet computeren, som Malvarebytes skrev, jeg skulle, men computeren er præcis, som inden jeg kørte Malvarebytes :-(

Håber en af jer kan give mig yderligere instrukser.

Pft. og mvh.
Hjemmemekkeren.

***** FIL NR 1 *****

mbam-log-2011-07-03 (17-09-18).txt:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7011

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

03-07-2011 17:09:18
mbam-log-2011-07-03 (17-09-18).txt

Skanningstype: Hurtig skanning
Objekter skannet: 151565
Tid gået: 6 minut(ter), 45 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
c:\programdata\44424952.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.




***** FIL NR 2 *****

DDS.txt

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Per Jensen at 17:24:04 on 2011-07-03
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.45.1030.18.1976.581 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.dk/advanced_search?hl=da
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&s=2&o=vb32&d=0609&m=easynote_mh36
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&s=2&o=vb32&d=0609&m=easynote_mh36
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&s=2&o=vb32&d=0609&m=easynote_mh36
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IE Privacy Keeper] "c:\program files\unh solutions\ie privacy keeper\IEPrivacyKeeper.exe" -startup
uRun: [UwnJktuMvX] c:\programdata\UwnJktuMvX.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [eRecoveryService]
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\cyberlink\playmovie\PMVService.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UpdTjek] c:\program files\gigasoft denmark\pc protector 2009\UpdTjek.exe
mRun: [Protector] c:\program files\gigasoft denmark\pc protector 2009\Protector.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Skytel] Skytel.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
TCP: DhcpNameServer = 212.242.40.3 212.242.40.51
TCP: Interfaces\{503E91A8-78E7-4012-948F-38856388046E} : DhcpNameServer = 212.242.40.3 212.242.40.51
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-19 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-3 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-20 307928]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\cyberlink\playmovie\000.fcl [2009-6-20 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-20 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-20 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-30 42184]
R2 ETService;Empowering Technology Service;c:\program files\packard bell\packard bell recovery management\service\ETService.exe [2009-6-20 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Tjenesten Windows-skrifttypecache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-16 2151128]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-1-11 288768]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-6-20 65576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-13 136176]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S2 PCF2009;PCF2009;c:\program files\gigasoft denmark\pc protector 2009\PC Finder 2009 WinServices.exe [2009-11-5 98304]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 GoogleDesktopManager-051210-111108;Google Desktop-administrator 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-10 30192]
S3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-13 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-7-11 103040]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-16 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-3 39984]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver til Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-1-11 3658752]
S3 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2009-6-20 110576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-03 15:23:33    607017    ------r-    C:\dds.scr
2011-07-03 15:20:08    54016    ----a-w-    c:\windows\system32\drivers\gbsaeof.sys
2011-07-03 15:00:38    --------    d-----w-    c:\users\per jensen\appdata\roaming\Malwarebytes
2011-07-03 15:00:08    39984    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-03 15:00:06    --------    d-----w-    c:\programdata\Malwarebytes
2011-07-03 15:00:00    22712    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-07-03 15:00:00    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-07-03 14:38:11    441176    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2011-06-24 15:31:14    7074640    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{56a9895d-d749-4c2f-99f2-3e0cd3efce22}\mpengine.dll
2011-06-19 10:23:56    --------    d--h--w-    c:\users\per jensen\appdata\local\{144DBC1F-B71C-4F2D-8CEE-89785E9C8C6B}
2011-06-19 08:21:27    146432    ----a-w-    c:\windows\system32\drivers\srv2.sys
2011-06-19 08:21:27    102400    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2011-06-17 21:04:18    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2011-06-17 21:04:18    141104    ----a-w-    c:\program files\internet explorer\sqmapi.dll
2011-06-17 21:04:15    1797632    ----a-w-    c:\windows\system32\jscript9.dll
2011-06-17 20:35:35    563712    ----a-w-    c:\windows\system32\oleaut32.dll
2011-06-17 20:35:32    75264    ----a-w-    c:\windows\system32\drivers\dfsc.sys
2011-06-17 20:35:27    273408    ----a-w-    c:\windows\system32\drivers\afd.sys
2011-06-17 20:35:14    739328    ----a-w-    c:\windows\system32\inetcomm.dll
2011-06-17 20:35:07    214016    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 20:35:06    79872    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 20:35:06    106496    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2011-06-17 20:34:30    2409784    ----a-w-    c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M  ====================
.
2011-05-24 17:14:10    222080    ------w-    c:\windows\system32\MpSigStub.exe
2011-05-10 12:10:59    40112    ----a-w-    c:\windows\avastSS.scr
2011-05-10 11:59:44    53592    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2011-04-07 07:59:03    16432    ----a-w-    c:\windows\system32\lsdelete.exe
.
============= FINISH: 17:26:20,77 ===============

***** FIL NR 3 *****

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 20-06-2009 07:09:31
System Uptime: 03-07-2011 16:41:22 (1 hours ago)
.
Motherboard: PACKARD BELL BV |  | PE2L
Processor: Pentium(R) Dual-Core CPU      T4200  @ 2.00GHz | U2E1 | 1200/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 77,114 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader 9.3 - Dansk
Adobe Shockwave Player 11.5
avast! Free Antivirus
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CDDRV_Installer
CyberLink PowerCinema
D3DX10
EasyBits Magic Desktop
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
HDRegDK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IE Privacy Keeper
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
KhalInstallWrapper
Kompatibilitetspakke til Office 2007-systemet
Logitech QuickCam-software
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 3.5 Language Pack SP1 - dan
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2000 Premium
Microsoft Office PowerPoint Viewer 2007 (Danish)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft Works 9.0
Mobile Partner
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
OGA Notifier 2.0.0048.0
OVT Scanner X86
Packard Bell ImageWriter
Packard Bell Recovery Management
Packard Bell Updator
PC Protector 2009
PIXresizer 2.0.4
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Segoe UI
Setup My PC
Smart Bro v2.7
Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
Sunbelt Personal Firewall
Synaptics Pointing Device Driver
Uninstall OVT Scanner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wisdom-soft Set up ScreenHunter 5.1 Free
.
==== End Of File ===========================

Hent og gem ComboFix på dit skrivebord.

Kør så ComboFix.exe og følg anvisningerne.

Vigtigt--> Da ComboFix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her:  C:\ComboFix.txt

Hej f-arn,

Tak for dine seneste råd. Det er helt kanon!! :-)

Jeg har kørt ComboFix.exe, og har fået nedenstående indkopierede log-fil.

Efter at have kørt ComboFix og have genstartet, er min computer blevet meget bedre. Bl.a. kan jeg nu igen se mine billed- og dokument-filer, men fx mit baggrundsbillede til skrivebordet er stadig væk (skrivebordet er sort), og en del ikoner på skrivebordet er også væk.

En hel masse af mine filer har i forbindelse med virusangrebet - gætter jeg på - fået teksten "ProtectEncrypt" lang til filendelsen - så fx en txt-fil nu hedder ".txtProtectEncrypt". Det er stadig tilfældet, efter jeg har kørt de forskellige programmer, du har anbefalet. Hvis jeg sletter "ProtectEncrypt" fra fil-endelsen, så der kun står fx txt tilbage, så kan jeg åbne filen igen, men der er så kun en masse volapyk i dokumentet :-((( Nogen idé om, hvordan jeg fikser det problem?

Endnu engang tak for den kæmpe store hjælp, og på forhånd tak for evt. fortsat hjælp.

Mvh.
Hjemmemekkeren.


****** Dette er log-filen fra ComboFix *****

ComboFix 11-07-02.03 - Per Jensen 03-07-2011  23:21:45.2.2 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.45.1030.18.1976.841 [GMT 2:00]
Kører fra: c:\users\Per Jensen\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Per Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair
c:\users\Per Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair\Uninstall Windows Vista Repair.lnk
c:\users\Per Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair\Windows Vista Repair.lnk
c:\windows\system32\Install.cmd
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-06-03 til 2011-07-03  )))))))))))))))))))))))))))))))))))
.
.
2011-07-03 21:38 . 2011-07-03 21:38    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-07-03 15:23 . 2011-07-03 15:04    607017    ------r-    C:\dds.scr
2011-07-03 15:00 . 2011-07-03 15:00    --------    d-----w-    c:\users\Per Jensen\AppData\Roaming\Malwarebytes
2011-07-03 15:00 . 2011-05-29 07:11    39984    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-03 15:00 . 2011-07-03 15:00    --------    d-----w-    c:\programdata\Malwarebytes
2011-07-03 15:00 . 2011-07-03 15:00    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-07-03 15:00 . 2011-05-29 07:11    22712    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-07-03 14:38 . 2011-05-10 12:03    441176    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2011-06-27 22:42 . 2011-06-27 22:42    --------    d--h--w-    c:\programdata\WindowsSearch
2011-06-24 15:31 . 2011-06-07 15:55    7074640    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{56A9895D-D749-4C2F-99F2-3E0CD3EFCE22}\mpengine.dll
2011-06-19 10:23 . 2011-06-19 10:24    --------    d--h--w-    c:\users\Per Jensen\AppData\Local\{144DBC1F-B71C-4F2D-8CEE-89785E9C8C6B}
2011-06-19 08:21 . 2011-04-29 13:25    146432    ----a-w-    c:\windows\system32\drivers\srv2.sys
2011-06-19 08:21 . 2011-04-29 13:25    102400    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2011-06-17 21:04 . 2011-04-25 15:29    141104    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2011-06-17 21:04 . 2011-04-22 23:25    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2011-06-17 21:04 . 2011-04-22 23:35    1797632    ----a-w-    c:\windows\system32\jscript9.dll
2011-06-17 20:35 . 2010-12-20 16:35    563712    ----a-w-    c:\windows\system32\oleaut32.dll
2011-06-17 20:35 . 2011-04-14 14:59    75264    ----a-w-    c:\windows\system32\drivers\dfsc.sys
2011-06-17 20:35 . 2011-04-21 13:58    273408    ----a-w-    c:\windows\system32\drivers\afd.sys
2011-06-17 20:35 . 2011-05-02 17:16    739328    ----a-w-    c:\windows\system32\inetcomm.dll
2011-06-17 20:35 . 2011-04-29 13:24    214016    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 20:35 . 2011-04-29 13:24    79872    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 20:35 . 2011-04-29 13:24    106496    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2011-06-17 20:34 . 2011-05-02 12:02    2409784    ----a-w-    c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-03 10:23    222080    ------w-    c:\windows\system32\MpSigStub.exe
2011-05-10 12:10 . 2010-09-30 19:41    40112    ----a-w-    c:\windows\avastSS.scr
2011-05-10 12:10 . 2009-06-20 09:43    199304    ----a-w-    c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2009-06-20 09:43    307928    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2009-06-20 09:43    49240    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2009-06-20 09:43    25432    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2009-06-20 09:43    53592    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2009-06-20 09:43    19544    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2011-05-01 17:39 . 2010-06-24 09:33    18328    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-01 17:10 . 2011-05-01 17:10    161792    ----a-w-    c:\windows\system32\msls31.dll
2011-05-01 17:10 . 2011-05-01 17:10    1126912    ----a-w-    c:\windows\system32\wininet.dll
2011-05-01 17:10 . 2011-05-01 17:10    86528    ----a-w-    c:\windows\system32\iesysprep.dll
2011-05-01 17:10 . 2011-05-01 17:10    76800    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2011-05-01 17:10 . 2011-05-01 17:10    74752    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2011-05-01 17:10 . 2011-05-01 17:10    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2011-05-01 17:10 . 2011-05-01 17:10    63488    ----a-w-    c:\windows\system32\tdc.ocx
2011-05-01 17:10 . 2011-05-01 17:10    367104    ----a-w-    c:\windows\system32\html.iec
2011-05-01 17:10 . 2011-05-01 17:10    74752    ----a-w-    c:\windows\system32\iesetup.dll
2011-05-01 17:10 . 2011-05-01 17:10    1427456    ----a-w-    c:\windows\system32\inetcpl.cpl
2011-05-01 17:10 . 2011-05-01 17:10    23552    ----a-w-    c:\windows\system32\licmgr10.dll
2011-05-01 17:10 . 2011-05-01 17:10    152064    ----a-w-    c:\windows\system32\wextract.exe
2011-05-01 17:10 . 2011-05-01 17:10    150528    ----a-w-    c:\windows\system32\iexpress.exe
2011-05-01 17:10 . 2011-05-01 17:10    420864    ----a-w-    c:\windows\system32\vbscript.dll
2011-05-01 17:10 . 2011-05-01 17:10    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2011-05-01 17:10 . 2011-05-01 17:10    35840    ----a-w-    c:\windows\system32\imgutil.dll
2011-05-01 17:10 . 2011-05-01 17:10    11776    ----a-w-    c:\windows\system32\mshta.exe
2011-05-01 17:10 . 2011-05-01 17:10    101888    ----a-w-    c:\windows\system32\admparse.dll
2011-05-01 17:10 . 2011-05-01 17:10    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2011-04-07 07:59 . 2009-08-20 14:56    16432    ----a-w-    c:\windows\system32\lsdelete.exe
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-06-20 05:15    157168    ----a-w-    c:\programdata\Partner\partner.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10    122512    ----a-w-    c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-20 68856]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-04-25 2253112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IE Privacy Keeper"="c:\program files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-12-03 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-04 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-18 30192]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608]
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-05-13 1191216]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"UpdTjek"="c:\program files\Gigasoft Denmark\PC Protector 2009\UpdTjek.exe" [2009-10-31 31744]
"Protector"="c:\program files\Gigasoft Denmark\PC Protector 2009\Protector.exe" [2009-11-05 67584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Skytel"="Skytel.exe" [2008-08-04 1833504]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-8 692224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992]
R3 GoogleDesktopManager-051210-111108;Google Desktop-administrator 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-18 30192]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-03-16 15232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver til Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2009-06-20 110576]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-03-16 64512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
S2 PCF2009;PCF2009;c:\program files\Gigasoft Denmark\PC Protector 2009\PC Finder 2009 WinServices.exe [2009-11-05 98304]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-11-08 288768]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-07-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-03-16 09:11]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 19:42]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 19:42]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/advanced_search?hl=da
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&s=2&o=vb32&d=0609&m=easynote_mh36
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.242.40.3 212.242.40.51
.
- - - - TOMME GENVEJE FJERNET - - - -
.
URLSearchHooks-{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - (no file)
WebBrowser-{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-UwnJktuMvX - c:\programdata\UwnJktuMvX.exe
HKLM-Run-eRecoveryService - (no file)
AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 23:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
.
c:\users\PERJEN~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scanning gennemført med succes
skjulte filer: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2011-07-03  23:56:03
ComboFix-quarantined-files.txt  2011-07-03 21:55
.
Pre-Kørsel: 82.663.972.864 byte ledig
Post-Kørsel: 82.609.586.176 byte ledig
.
- - End Of File - - A3F3A730B1B7DFF78B5C1A50AA8B0D39

Jeg kan se du har haft Vista Repair, så hent og kør unhide.exe af Grinler.
Jeg skal nok kommentere ComboFix loggen senere.

Jeg vil gerne høre om Unhide virker, før vi fortsætter. ComboFix kan ha' flyttet det, så Unhide ikke virker.

Hej igen f-arn,

Tusind tak for også de seneste instruktioner. Det er helt kanon :-)

Jeg har nu kørt unhide.exe to gange. Første gang, hvor jeg ikke havde slået firewall og antivirus fra, og derefter endnu en gang, hvor jeg - som anbefalet af programmet efter den første

kørsel - havde slået antivirus (avast og ad-aware) og firewall (Sunbelt) fra - men ikke Windows Defender, som jeg ikke kunne finde ud af at slå fra. Ingen af de to kørsler gav noget

synligt resultat. Bl.a. er Start-menuen stadig helt tom.

I øvrigt:

1) På mit skrivebord har jeg ikonet for Windows Vista Repair. Er dette en virus? Hvis ja, så skal jeg vel have fjernet både ikonet og den dertil hørende fil?

2) Efter at have kørt ComboFix blev et par håndfulde underlige tekstfiler igen synlige på mit skrivebord. Disse filer havde jeg også, inden min pc gik helt i sort for en uges tid

siden, og jeg efterfølgende skrev herind for at få hjælp. Den ældste af disse filer er knapt en måned gammel, men jeg har inden da slettet nogle lignende filer, som var genereret for vel

et par måneder siden. Filerne er alle af formatet "hs_err_pidXXXX.log", hvor XXXX er et tre- eller firecifret tal, fx 879 eller 5756. Nedenfor har jeg indkopieret indholdet af filen

hs_err_pid5756.log. Hvad er årsagen til disse filer, og hvad skal jeg gøre ved filerne og årsagen til dem?

Endnu engang mange gange tak for hjælpen hertil. Jeg håber meget, du kan og vil hjælpe mig videre frem.

På forhånd tak og mvh.
Hjemmemekkeren.


****** Indholdet af filen hs_err_pid5756.log ******

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d413f5f, pid=5756, tid=4520
#
# JRE version: 6.0_21-b07
# Java VM: Java HotSpot(TM) Client VM (17.0-b17 mixed mode, sharing windows-x86 )
# Problematic frame:
# C  [jp2iexp.dll+0x3f5f]
#
# If you would like to submit a bug report, please visit:
#  http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

---------------  T H R E A D  ---------------

Current thread (0x0a588800):  JavaThread "main" [_thread_in_native, id=4520, stack(0x034b0000,0x036b0000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x00000001

Registers:
EAX=0x00000001, EBX=0x3420a278, ECX=0x004e3338, EDX=0x036ad68c
ESP=0x036ad66c, EBP=0x036ad678, ESI=0x00000000, EDI=0x0a588800
EIP=0x6d413f5f, EFLAGS=0x00010246

Top of Stack: (sp=0x036ad66c)
0x036ad66c:  036ad68c 3420a278 00000001 036ad6b8
0x036ad67c:  0af39f47 0a588918 036ad6c0 09816868
0x036ad68c:  00000000 0a589228 fffffffe 036ad698
0x036ad69c:  3420a278 036ad6cc 34213080 00000000
0x036ad6ac:  3420a278 00000000 036ad6c8 036ad6f4
0x036ad6bc:  0af32f07 34212a90 0af38286 09816868
0x036ad6cc:  00000000 32291528 036ad6d4 3420a1e7
0x036ad6dc:  036ad6fc 34213080 00000000 3420a1f8

Instructions: (pc=0x6d413f5f)
0x6d413f4f:  33 f6 85 c0 7c 3a 8b 45 fc 8d 55 14 52 89 75 14
0x6d413f5f:  8b 08 50 ff 91 a0 00 00 00 85 c0 7c 1a 8b 75 14


Stack: [0x034b0000,0x036b0000],  sp=0x036ad66c,  free space=7f5036ad1a0k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  [jp2iexp.dll+0x3f5f]
j  sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j  sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j  sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j  sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j  sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
j  sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j  sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j  sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
j  sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v  ~StubRoutines::call_stub
V  [jvm.dll+0xf3abc]
V  [jvm.dll+0x1865b1]
V  [jvm.dll+0xf3b3d]
V  [jvm.dll+0xfd5cf]
V  [jvm.dll+0x1003c7]
C  [jp2iexp.dll+0x17a5]
C  [jp2iexp.dll+0x8647]
C  [jp2iexp.dll+0x7b19]
C  [USER32.dll+0x1fd72]
C  [USER32.dll+0x1fe4a]
C  [USER32.dll+0x2018d]
C  [USER32.dll+0x2022b]
C  [IEFRAME.dll+0xf1b83]
C  [IEFRAME.dll+0x111ac6]
C  [iertutil.dll+0x140150]
C  [IEFRAME.dll+0xffe03]
C  [kernel32.dll+0x4d0e9]
C  [ntdll.dll+0x416c3]
C  [ntdll.dll+0x41696]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j  sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j  sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j  sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j  sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j  sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
j  sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j  sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j  sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
j  sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v  ~StubRoutines::call_stub

---------------  P R O C E S S  ---------------

Java Threads: ( => current thread )
  0x0dbadc00 JavaThread "JRE 1.6.0.21 Worker Thread" [_thread_blocked, id=2084, stack(0x10cf0000,0x10df0000)]
  0x0dbad400 JavaThread "JRE 1.6.0.21 Output Reader Thread" [_thread_in_native, id=4296, stack(0x0f410000,0x0f510000)]
  0x0dbabc00 JavaThread "JRE 1.6.0.21 Output Reader Thread" [_thread_in_native, id=416, stack(0x109c0000,0x10ac0000)]
  0x0dbab400 JavaThread "Thread-0" [_thread_in_native, id=5116, stack(0x10ac0000,0x10bc0000)]
  0x0dbaa000 JavaThread "Java Plug-In Pipe Worker Thread (Server-Side)" daemon [_thread_in_native, id=4664, stack(0x10820000,0x10920000)]
  0x0aea9400 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=6008, stack(0x0d6c0000,0x0d7c0000)]
  0x0ae79800 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=1072, stack(0x0d910000,0x0da10000)]
  0x0ae6b000 JavaThread "CompilerThread0" daemon [_thread_blocked, id=3224, stack(0x0d800000,0x0d900000)]
  0x0ae69c00 JavaThread "Attach Listener" daemon [_thread_blocked, id=6088, stack(0x0d5b0000,0x0d6b0000)]
  0x0ae67c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=5208, stack(0x0d350000,0x0d450000)]
  0x0ae61400 JavaThread "Finalizer" daemon [_thread_blocked, id=4588, stack(0x0d050000,0x0d150000)]
  0x0ae5fc00 JavaThread "Reference Handler" daemon [_thread_blocked, id=4372, stack(0x0d1d0000,0x0d2d0000)]
=>0x0a588800 JavaThread "main" [_thread_in_native, id=4520, stack(0x034b0000,0x036b0000)]

Other Threads:
  0x0ae5e400 VMThread [stack: 0x0cf30000,0x0d030000] [id=3176]
  0x0ae90800 WatcherThread [stack: 0x0da80000,0x0db80000] [id=5840]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation  total 4928K, used 1220K [0x32200000, 0x32750000, 0x32ca0000)
  eden space 4416K,  27% used [0x32200000, 0x32331370, 0x32650000)
  from space 512K,  0% used [0x32650000, 0x32650000, 0x326d0000)
  to  space 512K,  0% used [0x326d0000, 0x326d0000, 0x32750000)
tenured generation  total 10944K, used 0K [0x32ca0000, 0x33750000, 0x34200000)
  the space 10944K,  0% used [0x32ca0000, 0x32ca0000, 0x32ca0200, 0x33750000)
compacting perm gen  total 12288K, used 710K [0x34200000, 0x34e00000, 0x38200000)
  the space 12288K,  5% used [0x34200000, 0x342b19c0, 0x342b1a00, 0x34e00000)
    ro space 10240K,  51% used [0x38200000, 0x3872b700, 0x3872b800, 0x38c00000)
    rw space 12288K,  54% used [0x38c00000, 0x392976c0, 0x39297800, 0x39800000)

Dynamic libraries:
0x00850000 - 0x00908000     C:\Program Files\Internet Explorer\iexplore.exe
0x776d0000 - 0x777f8000     C:\Windows\system32\ntdll.dll
0x773d0000 - 0x774ac000     C:\Windows\system32\kernel32.dll
0x75f70000 - 0x76036000     C:\Windows\system32\ADVAPI32.dll
0x77180000 - 0x77243000     C:\Windows\system32\RPCRT4.dll
0x76e50000 - 0x76eed000     C:\Windows\system32\USER32.dll
0x778e0000 - 0x7792b000     C:\Windows\system32\GDI32.dll
0x76b60000 - 0x76c0a000     C:\Windows\system32\msvcrt.dll
0x77250000 - 0x772a9000     C:\Windows\system32\SHLWAPI.dll
0x76040000 - 0x76b51000     C:\Windows\system32\SHELL32.dll
0x75e20000 - 0x75f65000     C:\Windows\system32\ole32.dll
0x774b0000 - 0x775c0000     C:\Windows\system32\urlmon.dll
0x75d90000 - 0x75e1d000     C:\Windows\system32\OLEAUT32.dll
0x76c10000 - 0x76dc6000     C:\Windows\system32\iertutil.dll
0x772b0000 - 0x773ca000     C:\Windows\system32\WININET.dll
0x77810000 - 0x77813000     C:\Windows\system32\Normaliz.dll
0x77830000 - 0x7784e000     C:\Windows\system32\IMM32.DLL
0x770b0000 - 0x77178000     C:\Windows\system32\MSCTF.dll
0x77850000 - 0x77859000     C:\Windows\system32\LPK.DLL
0x775c0000 - 0x7763d000     C:\Windows\system32\USP10.dll
0x72070000 - 0x72093000     C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
0x77860000 - 0x7788d000     C:\Windows\system32\WS2_32.dll
0x77820000 - 0x77826000     C:\Windows\system32\NSI.dll
0x74af0000 - 0x74c8e000     C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x6af50000 - 0x6af97000     C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll
0x6a6f0000 - 0x6a77d000     C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_da.dll
0x72050000 - 0x7206c000     C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
0x711a0000 - 0x71ae5000     C:\Windows\system32\IEFRAME.dll
0x77800000 - 0x77807000     C:\Windows\system32\PSAPI.DLL
0x74840000 - 0x7487d000     C:\Windows\system32\OLEACC.dll
0x76dd0000 - 0x76e43000     C:\Windows\system32\comdlg32.dll
0x753d0000 - 0x7540b000     C:\Windows\system32\mswsock.dll
0x69440000 - 0x69471000     C:\Program Files\Internet Explorer\IEShims.dll
0x74df0000 - 0x74e2f000     C:\Windows\system32\uxtheme.dll
0x10100000 - 0x1010f000     C:\Program Files\Logitech\SetPoint\lgscroll.dll
0x70120000 - 0x701bb000     C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\MSVCR80.dll
0x71b60000 - 0x71be7000     C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\MSVCP80.dll
0x750c0000 - 0x750e1000     C:\Windows\system32\NTMARTA.DLL
0x77890000 - 0x778d9000     C:\Windows\system32\WLDAP32.dll
0x75820000 - 0x75831000     C:\Windows\system32\SAMLIB.dll
0x75c30000 - 0x75c44000     C:\Windows\system32\Secur32.dll
0x75600000 - 0x75619000     C:\Windows\system32\iphlpapi.dll
0x755c0000 - 0x755f5000     C:\Windows\system32\dhcpcsvc.DLL
0x75840000 - 0x7586c000     C:\Windows\system32\DNSAPI.dll
0x755b0000 - 0x755b7000     C:\Windows\system32\WINNSI.DLL
0x75580000 - 0x755a2000     C:\Windows\system32\dhcpcsvc6.DLL
0x65f60000 - 0x66b18000     C:\Windows\system32\MSHTML.dll
0x75880000 - 0x75888000     C:\Windows\system32\VERSION.dll
0x685d0000 - 0x6867b000     C:\Windows\system32\d2d1.dll
0x690d0000 - 0x691d8000     C:\Windows\system32\DWrite.dll
0x68550000 - 0x685d0000     C:\Windows\system32\dxgi.dll
0x72dc0000 - 0x72dcc000     C:\Windows\system32\dwmapi.dll
0x75190000 - 0x751cb000     C:\Windows\system32\rsaenh.dll
0x74ef0000 - 0x74f1d000     C:\Windows\system32\WINTRUST.dll
0x756a0000 - 0x75792000     C:\Windows\system32\CRYPT32.dll
0x75800000 - 0x75812000     C:\Windows\system32\MSASN1.dll
0x75c50000 - 0x75c6e000     C:\Windows\system32\USERENV.dll
0x77080000 - 0x770a9000     C:\Windows\system32\imagehlp.dll
0x77640000 - 0x776c4000     C:\Windows\system32\CLBCatQ.DLL
0x69400000 - 0x69432000     C:\Program Files\Internet Explorer\ieproxy.dll
0x72140000 - 0x72193000     C:\Windows\system32\ACTXPRXY.DLL
0x69530000 - 0x695ab000     C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll
0x75bd0000 - 0x75bfc000     C:\Windows\system32\apphelp.dll
0x75b10000 - 0x75b6f000     C:\Windows\system32\SXS.DLL
0x70200000 - 0x7024a000     C:\Windows\system32\RASAPI32.dll
0x70970000 - 0x70984000     C:\Windows\system32\rasman.dll
0x75950000 - 0x759c6000     C:\Windows\system32\NETAPI32.dll
0x701c0000 - 0x701f1000     C:\Windows\system32\TAPI32.dll
0x70390000 - 0x7039c000     C:\Windows\system32\rtutils.dll
0x74880000 - 0x748b2000     C:\Windows\system32\WINMM.dll
0x754d0000 - 0x754d7000     C:\Windows\system32\credssp.dll
0x75200000 - 0x75246000     C:\Windows\system32\schannel.dll
0x75410000 - 0x75448000     C:\Windows\system32\msv1_0.dll
0x758a0000 - 0x758b1000     C:\Windows\system32\cryptdll.dll
0x74d20000 - 0x74d26000     C:\Windows\system32\sensapi.dll
0x75080000 - 0x75085000     C:\Windows\System32\wshtcpip.dll
0x74d90000 - 0x74dc0000     C:\Windows\system32\MLANG.dll
0x74160000 - 0x7416f000     C:\Windows\system32\NLAapi.dll
0x748f0000 - 0x748f6000     C:\Windows\system32\rasadhlp.dll
0x75870000 - 0x75875000     C:\Windows\System32\wship6.dll
0x74ce0000 - 0x74cef000     C:\Windows\system32\napinsp.dll
0x748c0000 - 0x748d2000     C:\Windows\system32\pnrpnsp.dll
0x748e0000 - 0x748e8000     C:\Windows\System32\winrnr.dll
0x67050000 - 0x670bc000     C:\Windows\system32\ieapfltr.dll
0x68300000 - 0x684bb000     C:\Windows\System32\jscript9.dll
0x70320000 - 0x7032b000     C:\Windows\system32\msimtf.dll
0x73e10000 - 0x73f04000     C:\Windows\system32\windowscodecs.dll
0x743e0000 - 0x7449b000     C:\Windows\system32\PROPSYS.dll
0x76ef0000 - 0x7707a000     C:\Windows\system32\setupapi.dll
0x69500000 - 0x6952c000     C:\Windows\system32\d3d10_1.dll
0x68510000 - 0x6854a000     C:\Windows\system32\d3d10_1core.dll
0x68100000 - 0x6822c000     C:\Windows\system32\D3D10Warp.dll
0x65430000 - 0x658d4000     C:\Windows\system32\Macromed\Flash\Flash10d.ocx
0x67450000 - 0x674b2000     C:\Windows\system32\mscms.dll
0x70d90000 - 0x70dd2000     C:\Windows\system32\WINSPOOL.DRV
0x742f0000 - 0x7431f000     C:\Windows\system32\wdmaud.drv
0x74820000 - 0x74824000     C:\Windows\system32\ksuser.dll
0x74750000 - 0x74778000     C:\Windows\system32\MMDevAPI.DLL
0x74830000 - 0x74837000     C:\Windows\system32\AVRT.dll
0x742c0000 - 0x742e1000     C:\Windows\system32\AUDIOSES.DLL
0x74170000 - 0x741d6000     C:\Windows\system32\audioeng.dll
0x742b0000 - 0x742b9000     C:\Windows\system32\msacm32.drv
0x74290000 - 0x742a4000     C:\Windows\system32\MSACM32.dll
0x74280000 - 0x74287000     C:\Windows\system32\midimap.dll
0x674c0000 - 0x675c2000     C:\Windows\system32\d3d10.dll
0x69210000 - 0x69243000     C:\Windows\system32\d3d10core.dll
0x72c60000 - 0x72dbb000     C:\Windows\System32\msxml6.dll
0x6d410000 - 0x6d42e000     C:\Program Files\Java\jre6\bin\jp2iexp.dll
0x7c340000 - 0x7c396000     C:\Program Files\Java\jre6\bin\MSVCR71.dll
0x72dd0000 - 0x72dd7000     C:\Windows\system32\wsock32.dll
0x72e80000 - 0x72f05000     C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
0x6d800000 - 0x6daa7000     C:\PROGRA~1\Java\jre6\bin\client\jvm.dll
0x6d7b0000 - 0x6d7bc000     C:\PROGRA~1\Java\jre6\bin\verify.dll
0x6d330000 - 0x6d34f000     C:\PROGRA~1\Java\jre6\bin\java.dll
0x6d290000 - 0x6d298000     C:\PROGRA~1\Java\jre6\bin\hpi.dll
0x6d7f0000 - 0x6d7ff000     C:\PROGRA~1\Java\jre6\bin\zip.dll
0x6d430000 - 0x6d436000     C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000     C:\Program Files\Java\jre6\bin\deploy.dll
0x6d610000 - 0x6d623000     C:\Program Files\Java\jre6\bin\net.dll
0x6d630000 - 0x6d639000     C:\Program Files\Java\jre6\bin\nio.dll
0x6d6b0000 - 0x6d6f6000     C:\Program Files\Java\jre6\bin\regutils.dll
0x6d000000 - 0x6d14a000     C:\Program Files\Java\jre6\bin\awt.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Xmx32m

-Djava.awt.headless=true -Dkernel.background.download=false -Dkernel.download.dialog=false -XX:MaxDirectMemorySize=64m
java_command: <unknown>
Launcher Type: generic

Environment Variables:
PATH=C:\Program Files\Internet Explorer;;C:\Program Files\Common Files\Microsoft Shared\Windows

Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared
USERNAME=Per Jensen
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 10, GenuineIntel



---------------  S Y S T E M  ---------------

OS: Windows Vista Build 6002 Service Pack 2

CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 23 stepping 10, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

Memory: 4k page, physical 2023596k(388780k free), swap 4300396k(2531736k free)

vm_info: Java HotSpot(TM) Client VM (17.0-b17) for windows-x86 JRE (1.6.0_21-b07), built on Jul 17 2010 01:10:15 by "java_re" with MS VC++ 7.1 (VS2003)

time: Wed Jun 15 19:50:49 2011
elapsed time: 1 seconds

Det er egentlig ikke en virus, men et såkaldt "Rogue" program. Du skal bare slette Ikon og fil. (Hvis den er der.)


Det er en fejl rapport fra Java - den kan du bare slette.

------

Jeg håber ikke du har kørt nogen form for temp rensere, for så kan dit baggrundsbillede osv. være væk.

---

1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:dir
C:\Qoobox /s
%Temp%

3. Luk så alle andre vinduer og klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste indlæg. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Hej f-arn,

Tusind tak for din seneste instruks. Jeg er meget glad for, at du fortsætter med at give din super kvalificerede hjælp.

Desværre har jeg ikke i dag/aften mulighed for at arbejde med min computer, men jeg vil fortsætte jagten på virus / oprydningen i morgen efter dine seneste instrukser og så vende tilbage.

Mvh.
Hjemmemekkeren.

Hej f-arn,

Jeg har nu kørt systemlook.exe med fed tekst skrevet af dig indkopieret. Resultatet af kørslen blev ledenstående log.

På forhånd mange gange tak for yderligere instrukser fra dig om, hvad jeg nu skal foretage mig.

Mvh.
Hjemmemekkeren.

************* loggen fra kørsel af systemlook.exe *************



SystemLook 04.09.10 by jpshortstuff
Log created at 12:15 on 11/07/2011 by Per Jensen
Administrator - Elevation successful

========== dir ==========

C:\Qoobox - Parameters: "/s "

---Files---
Add-Remove Programs.txt    --a---- 3480 bytes    [21:44 03/07/2011]    [21:44 03/07/2011]
ComboFix-quarantined-files.txt    --a---- 1703 bytes    [21:55 03/07/2011]    [21:55 03/07/2011]
SnapShot@2011-07-03_21.39.06.dat    --a---- 0 bytes    [21:42 03/07/2011]    [21:42 03/07/2011]

C:\Qoobox\BackEnv    d------    [20:55 03/07/2011]

C:\Qoobox\Quarantine    d------    [20:53 03/07/2011]
catchme.log    --a---- 124 bytes    [20:55 03/07/2011]    [21:21 03/07/2011]

C:\Qoobox\Quarantine\C    d------    [20:58 03/07/2011]

C:\Qoobox\Quarantine\C\Users    d------    [21:37 03/07/2011]

C:\Qoobox\Quarantine\C\Users\Per Jensen    d------    [21:37 03/07/2011]

C:\Qoobox\Quarantine\C\Users\Per Jensen\AppData    d------    [21:37 03/07/2011]

C:\Qoobox\Quarantine\C\Users\Per Jensen\AppData\Roaming    d------    [21:37 03/07/2011]

C:\Qoobox\Quarantine\C\Users\Per Jensen\AppData\Roaming\Microsoft    d------    [21:37 03/07/2011]

C:\Qoobox\Quarantine\C\Users\Per Jensen\AppData\Roaming\Microsoft\Windows    d------    [21:37 03/07/2011]

C:\Qoobox\Quarantine\C\Users\Per Jensen\AppData\Roaming\Microsoft\Windows\Start Menu    d------    [21:37 03/07/2011]

C:\Qoobox\Quarantine\C\Users\Per Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs    d------    [21:37 03/07/2011]

C:\Qoobox\Quarantine\C\Users\Per Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair    d------    [21:37 03/07/2011]
Uninstall Windows Vista Repair.lnk.vir    --a---- 701 bytes    [22:06 27/06/2011]    [22:06 27/06/2011]
Windows Vista Repair.lnk.vir    --a---- 629 bytes    [22:06 27/06/2011]    [22:06 27/06/2011]

C:\Qoobox\Quarantine\C\Windows    d------    [21:37 03/07/2011]

C:\Qoobox\Quarantine\C\Windows\System32    d------    [21:37 03/07/2011]
Install.cmd.vir    --a---- 42 bytes    [04:29 11/01/2009]    [01:50 01/08/2008]

C:\Qoobox\Quarantine\Registry_backups    d------    [20:53 03/07/2011]
AddRemove-OVT Scanner.reg.dat    --a---- 498 bytes    [21:44 03/07/2011]    [21:44 03/07/2011]
HKCU-Run-UwnJktuMvX.reg.dat    --a---- 79 bytes    [21:42 03/07/2011]    [21:42 03/07/2011]
HKLM-Run-eRecoveryService.reg.dat    --a---- 80 bytes    [21:42 03/07/2011]    [21:42 03/07/2011]
tcpip.reg    --a---- 5818 bytes    [21:31 03/07/2011]    [21:31 03/07/2011]
URLSearchHooks-{e8de9422-3b2c-4243-bf6f-235da84d8ef8}.reg.dat    --a---- 118 bytes    [21:42 03/07/2011]    [21:42 03/07/2011]
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D}.reg.dat    --a---- 171 bytes    [21:42 03/07/2011]    [21:42 03/07/2011]
WebBrowser-{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}.reg.dat    --a---- 171 bytes    [21:42 03/07/2011]    [21:42 03/07/2011]

C:\Users\PERJEN~1\AppData\Local\Temp - Parameters: "(none)"

---Files---
~DF4A2A.tmp    ------- 16384 bytes    [09:38 11/07/2011]    [09:38 11/07/2011]
~DFD04.tmp    --a---- 32768 bytes    [09:47 11/07/2011]    [09:47 11/07/2011]

---Folders---
None found.

-= EOF =-

Det du mangler, burde ligge i C:\Qoobox eller i en %Temp%\smtmp mappe. Hvad har du selv brugt?
Hvis det var min PC, blev Windows og programmer geninstalleret!

Hej F-arn,

Jeg vil kigge i den sti, du har skrevet ovenfor. Desuden vil jeg hurtigst muligt geninstallere Windows og programmer, som du anbefaler.

Tusind tak for hjælpen med alt! Det har været helt kanon.

Mvh.
Hjemmemekkeren.

Til F-arn,

Denne tråd er godtnok læææææænge siden, men jeg har aldrig fået tildelt dig points for dit svar. Jeg har forsøgt at skrive en intern besked til dig ang. dette, men af en eller anden årsag kan jeg ikke det :-( Jeg håber så, at du i stedet ser denne kommentar.

Så altså; skriv et svar her i tråden, så jeg kan acceptere, og du kan få dine points.

- Og endnu engang tak for hjælpen.

Mvh.
Hjemmemekkeren.

F-arn forbliver tavs... For at få lukket tråden, returnerer jeg points'ne til mig selv... F-arn kan henvende sig, når/hvis det passer ham...