Notifikationer

Markér alle som læst Log ud

mummimor Nybegynder

08. november 2007 - 19:17 Der er 50 kommentarer og
1 løsning

Virus/Smitfraud på min PC

Jeg har fået virus på min pc. Internettet kører utroligt langsomt og der er blå skærm på mit skrivebord.

Min virusscanner har fundet flere vira - blandt andet smitfraud, men har umiddelbart ikke fjernet dem. Hvad gør jeg?

Jeg har Bullguard.

Synes godt om

arlet Juniormester

08. november 2007 - 19:18 #1

1)-- Hent S!Ri's SmitfraudFix.zip og gem det på dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Alternativt herfra:
http://72.232.135.12/siri/SmitfraudFix.exe

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Kør SmitfraudFix. Tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

2)
-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

Husk også loggen fra SmitfraudFix (C:\rapport.txt).

Synes godt om

arlet Juniormester

08. november 2007 - 19:19 #2

Jeg skal også se en hijackthis: Følg denne vejledning:
http://www.malwarecheck.dk/forum/viewtopic.php?t=9

Synes godt om

mummimor Nybegynder

08. november 2007 - 20:01 #3

Internettet driller - det kører så langsomt og det går i stå midt i at den downloader programmerne. Nu prøver jeg lige at hente programmerne på en anden pc og så overføre dem via en pen.

Vender snarest tilbage

Synes godt om

mummimor Nybegynder

08. november 2007 - 20:15 #4

så er programmerne hentet...vender tilbage med logfiler snarest

Synes godt om

arlet Juniormester

08. november 2007 - 20:35 #5

Det lyder godt..

Synes godt om

mummimor Nybegynder

08. november 2007 - 20:37 #6

Hmm...

Jeg kan ikke umiddelbart få Smitfraudfix til at virke rigtigt. Den går fint igang og jeg vælger 2. Derefter kommer der et vindue med diskkomprimering. Så bliver skærmen sort og jeg må genstarte. Det har den gjort flere gange nu???

Her er Hijackthis logfil:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:20, on 08-11-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmer\USB Keyboard Driver\kb_2k.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tdconline.dk/start
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O1 - Hosts: 127.0.0.3 ucleaner.com
O1 - Hosts: 127.0.0.3 www.spywareremovalnews.com
O1 - Hosts: 127.0.0.3 spywareremovalnews.com
O1 - Hosts: 127.0.0.3 www.ucleaner.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmer\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [USB Keyboard] C:\Programmer\USB Keyboard Driver\kb_2k.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [pzwmpyus] C:\WINDOWS\System32\ldxywhfa.exe
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Programmer\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/198/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.beaglekartotek.dk/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramunrising/sis/mjolauncher.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.virustest.se/cod/cabs/cssweb.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Sikkerhedsservice til udstyr (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Rikke/LOKALE~1/Temp/msoclip1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Rikke/Dokumenter/juni%202004%20043.jpg
O24 - Desktop Component 2: (no name) - http://tbn0.google.com/images?q=tbn:PEr8YC4YI1rOaM:http://www.theflowerexpert.com/downloads/wallpapers/flower-expert-stunning-beauty.jpg

--
End of file - 13367 bytes

Synes godt om

arlet Juniormester

08. november 2007 - 20:42 #7

Smithfraudfixet ville ellers gøre en stor forskel her, men lad os så se en combofix..

Synes godt om

mummimor Nybegynder

08. november 2007 - 21:04 #8

ComboFix 07-11-08.1 - Rikke 2007-11-08 20:49:57.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1030.18.172 [GMT 1:00]
Running from: C:\Documents and Settings\Rikke\Skrivebord\Spywarefri\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\winsub.xml

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN

((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 20:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 20:31 <DIR> d-------- C:\Programmer\Trend Micro
2007-11-08 20:24 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-08 20:24 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-08 20:24 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-08 20:24 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-08 20:24 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-29 20:44 3,846 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-10-29 06:51 138,240 --a------ C:\WINDOWS\R.COM
2007-10-29 06:51 129,536 --a------ C:\WINDOWS\system32\T.COM
2007-10-22 18:51 50,896 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2007-10-22 18:51 14,152 --a------ C:\WINDOWS\system32\client_cc.dll
2007-10-17 10:52 <DIR> d-------- C:\Programmer\Real
2007-10-17 10:52 <DIR> C:\Programmer\Fælles filer\Real
2007-10-17 10:52 774,144 --a------ C:\Programmer\RngInterstitial.dll
2007-10-17 10:49 <DIR> d-------- C:\Programmer\OneStepSearch
2007-10-17 10:49 <DIR> d-------- C:\Programmer\Freeze.com
2007-10-17 10:49 <DIR> d-------- C:\Programmer\Free Offers from Freeze.com
2007-10-17 10:48 <DIR> d-------- C:\Programmer\DeliciousDeluxe2_at
2007-10-16 18:58 <DIR> d-------- C:\Programmer\ParadisePetSalon_at
2007-10-12 20:47 <DIR> d--hs---- C:\FOUND.018

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 09:50 118,784 ----a-w C:\WINDOWS\Web\Wallpaper\Living Waterfalls Wallpaper #1 dir\uninstall.exe
2007-09-15 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2007-09-15 13:49 --------- d-----w C:\Programmer\EscapefromParadise_at
2007-09-09 12:44 --------- d-----w C:\Programmer\JackpotMatchup_at
2007-01-09 11:25 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2003-08-27 14:52 461 ----a-w C:\Programmer\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2004-01-13 14:19]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2004-05-02 10:24]
"Lexmark 5200 series"="C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 18:10]
"FaxCenterServer"="C:\Programmer\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 15:33]
"USB Keyboard"="C:\Programmer\USB Keyboard Driver\kb_2k.exe" [2004-03-30 21:57]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38]
"pzwmpyus"="C:\WINDOWS\System32\ldxywhfa.exe" []
"NPCTray"="C:\Programmer\TDCpakke\npc\bin\npc_tray.exe" []
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 14:47]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2001-10-09 11:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-09 11:00]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BitComet"="C:\Programmer\BitComet\BitComet.exe" []
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-28 21:33]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafe]
"C:\Programmer\Error Safe Free\ers.exe" /min

R1 VFILT;BullGuard Firewall Kernel Driver;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\FiltNt.sys
R2 BdFileSpy;BullGuard File Monitor Driver;\??\C:\WINDOWS\System32\drivers\BdFileSpy.sys
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe -k BullGuard
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe -k BullGuardFw
R3 FA312;Driver til NETGEAR FA330/FA312/FA311 Fast Ethernet-netværkskort;C:\WINDOWS\System32\DRIVERS\FA312nd5.sys
R3 PROTECT.DLL;BullGuard Firewall Protection Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\Protect.dll
R3 Reconn;BullGuard Email Monitor;\??\C:\Programmer\BullGuard Software\BullGuard\reconn.sys
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\AdBlock.dll
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard BgMainSvc BsFileScan BsMailProxy
BullGuardFw BsFwall

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 20:58:41
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 21:00:09 - machine was rebooted
.
--- E O F ---

Synes godt om

arlet Juniormester

08. november 2007 - 21:07 #9

Mens jeg tjekker denne her, så prøv lige at køre smithfraud fixet igen

Synes godt om

mummimor Nybegynder

08. november 2007 - 21:09 #10

ok...

Synes godt om

mummimor Nybegynder

08. november 2007 - 21:24 #11

Det vil stadig ikke virke. Her er scannings-loggen:
SmitFraudFix v2.242

Scan done at 21:22:47,34, 08-11-2007
Run from C:\Documents and Settings\Rikke\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmer\USB Keyboard Driver\kb_2k.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\Lexmark 5200 series\lxbtbmon.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rikke

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rikke\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RIKKE\FORETR~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmer

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/Rikke/LOKALE~1/Temp/msoclip1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/Rikke/LOKALE~1/Temp/msoclip1/01/clip_image002.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="file:///C:/Documents%20and%20Settings/Rikke/Dokumenter/juni%202004%20043.jpg"
"SubscribedURL"="file:///C:/Documents%20and%20Settings/Rikke/Dokumenter/juni%202004%20043.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://tbn0.google.com/images?q=tbn:PEr8YC4YI1rOaM:http://www.theflowerexpert.com/downloads/wallpapers/flower-expert-stunning-beauty.jpg"
"SubscribedURL"="http://tbn0.google.com/images?q=tbn:PEr8YC4YI1rOaM:http://www.theflowerexpert.com/downloads/wallpapers/flower-expert-stunning-beauty.jpg"
"FriendlyName"=""

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: National Semiconductor DP83815-baseret PCI Fast Ethernet-netværkskort - Miniport til Packet Scheduler
DNS Server Search Order: 193.162.153.164
DNS Server Search Order: 194.239.134.83

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1C39F06-13A9-4747-8A37-4CC75F19D5EE}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1C39F06-13A9-4747-8A37-4CC75F19D5EE}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E1C39F06-13A9-4747-8A37-4CC75F19D5EE}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Synes godt om

arlet Juniormester

08. november 2007 - 21:26 #12

kører du den i fejlsikret tilstand??

Synes godt om

arlet Juniormester

08. november 2007 - 21:27 #13

Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------
File::
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\systems.txt
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pzwmpyus"=-
-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind sammen med en ny hijackthis log

Synes godt om

mummimor Nybegynder

08. november 2007 - 21:57 #14

ComboFix 07-11-08.1 - Rikke 2007-11-08 21:52:29.2 - FAT32x86
Running from: C:\Documents and Settings\Rikke\Skrivebord\Spywarefri\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rikke\Skrivebord\Spywarefri\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\logo1_.exe
C:\WINDOWS\R.COM
C:\WINDOWS\rundl132.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\system32\systems.txt
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\zts2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM

.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 20:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 20:31 <DIR> d-------- C:\Programmer\Trend Micro
2007-11-08 20:24 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-08 20:24 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-08 20:24 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-08 20:24 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-08 20:24 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-29 20:44 3,846 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-10-22 18:51 50,896 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2007-10-22 18:51 14,152 --a------ C:\WINDOWS\system32\client_cc.dll
2007-10-17 10:52 <DIR> d-------- C:\Programmer\Real
2007-10-17 10:52 <DIR> d-------- C:\Programmer\Fælles filer\Real
2007-10-17 10:52 774,144 --a------ C:\Programmer\RngInterstitial.dll
2007-10-17 10:49 <DIR> d-------- C:\Programmer\OneStepSearch
2007-10-17 10:49 <DIR> d-------- C:\Programmer\Freeze.com
2007-10-17 10:49 <DIR> d-------- C:\Programmer\Free Offers from Freeze.com
2007-10-17 10:48 <DIR> d-------- C:\Programmer\DeliciousDeluxe2_at
2007-10-16 18:58 <DIR> d-------- C:\Programmer\ParadisePetSalon_at
2007-10-12 20:47 <DIR> d--hs---- C:\FOUND.018

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 09:50 118,784 ----a-w C:\WINDOWS\Web\Wallpaper\Living Waterfalls Wallpaper #1 dir\uninstall.exe
2007-09-15 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2007-09-15 13:49 --------- d-----w C:\Programmer\EscapefromParadise_at
2007-09-09 12:44 --------- d-----w C:\Programmer\JackpotMatchup_at
2007-01-09 11:25 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2003-08-27 14:52 461 ----a-w C:\Programmer\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_20.58.38.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
- 2007-11-08 19:49:48 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-11-08 20:52:12 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2007-07-22 20:38:26 68,054 ----a-w C:\WINDOWS\system32\perfc006.dat
+ 2007-11-08 20:00:02 62,664 ----a-w C:\WINDOWS\system32\perfc006.dat
- 2007-07-22 20:38:26 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-08 20:00:02 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-07-22 20:38:26 446,248 ----a-w C:\WINDOWS\system32\perfh006.dat
+ 2007-11-08 20:00:02 395,076 ----a-w C:\WINDOWS\system32\perfh006.dat
- 2007-07-22 20:38:26 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-08 20:00:02 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2004-01-13 14:19]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2004-05-02 10:24]
"Lexmark 5200 series"="C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 18:10]
"FaxCenterServer"="C:\Programmer\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 15:33]
"USB Keyboard"="C:\Programmer\USB Keyboard Driver\kb_2k.exe" [2004-03-30 21:57]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38]
"NPCTray"="C:\Programmer\TDCpakke\npc\bin\npc_tray.exe" []
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 14:47]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2001-10-09 11:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-09 11:00]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BitComet"="C:\Programmer\BitComet\BitComet.exe" []
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-28 21:33]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafe]
"C:\Programmer\Error Safe Free\ers.exe" /min

R1 VFILT;BullGuard Firewall Kernel Driver;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\FiltNt.sys
R2 BdFileSpy;BullGuard File Monitor Driver;\??\C:\WINDOWS\System32\drivers\BdFileSpy.sys
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe -k BullGuard
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe -k BullGuardFw
R3 FA312;Driver til NETGEAR FA330/FA312/FA311 Fast Ethernet-netværkskort;C:\WINDOWS\System32\DRIVERS\FA312nd5.sys
R3 PROTECT.DLL;BullGuard Firewall Protection Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\Protect.dll
R3 Reconn;BullGuard Email Monitor;\??\C:\Programmer\BullGuard Software\BullGuard\reconn.sys
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\AdBlock.dll
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard BgMainSvc BsFileScan BsMailProxy
BullGuardFw BsFwall

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 21:55:09
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 21:55:58
C:\ComboFix2.txt ... 2007-11-08 21:00
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:31, on 08-11-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmer\USB Keyboard Driver\kb_2k.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tdconline.dk/start
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmer\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [USB Keyboard] C:\Programmer\USB Keyboard Driver\kb_2k.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Programmer\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/198/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.beaglekartotek.dk/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramunrising/sis/mjolauncher.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.virustest.se/cod/cabs/cssweb.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Sikkerhedsservice til udstyr (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Rikke/LOKALE~1/Temp/msoclip1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Rikke/Dokumenter/juni%202004%20043.jpg
O24 - Desktop Component 2: (no name) - http://tbn0.google.com/images?q=tbn:PEr8YC4YI1rOaM:http://www.theflowerexpert.com/downloads/wallpapers/flower-expert-stunning-beauty.jpg

--
End of file - 8907 bytes

Synes godt om

arlet Juniormester

08. november 2007 - 22:06 #15

Så prøver vi lige noget andet..

Hent Avenger ned til skrivebordet her fra:
http://swandog46.geekstogo.com/avenger.exe

1. Dobbeltklik på avenger.exe

2. Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
-----------------------------

3. Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

4. Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar, sammen med en ny combofix log

Synes godt om

mummimor Nybegynder

08. november 2007 - 22:38 #16

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bvgvkvce

*******************

Script file located at: \??\C:\WINDOWS\System32\tdfxliks.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Error: C:\WINDOWS\zts2.exe is a folder, not a file!
Deletion of file C:\WINDOWS\zts2.exe failed!

Could not process line:
C:\WINDOWS\zts2.exe
Status: 0xc00000ba

Error: C:\WINDOWS\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\vcmgcd32.dll failed!

Could not process line:
C:\WINDOWS\system32\vcmgcd32.dll
Status: 0xc00000ba

Error: C:\WINDOWS\system32\iifgfgf.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\iifgfgf.dll failed!

Could not process line:
C:\WINDOWS\system32\iifgfgf.dll
Status: 0xc00000ba

Error: C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt is a folder, not a file!
Deletion of file C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt failed!

Could not process line:
C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
Status: 0xc00000ba

Error: C:\WINDOWS\rundll16.exe is a folder, not a file!
Deletion of file C:\WINDOWS\rundll16.exe failed!

Could not process line:
C:\WINDOWS\rundll16.exe
Status: 0xc00000ba

Error: C:\WINDOWS\rundl132.dll is a folder, not a file!
Deletion of file C:\WINDOWS\rundl132.dll failed!

Could not process line:
C:\WINDOWS\rundl132.dll
Status: 0xc00000ba

Error: C:\WINDOWS\logo1_.exe is a folder, not a file!
Deletion of file C:\WINDOWS\logo1_.exe failed!

Could not process line:
C:\WINDOWS\logo1_.exe
Status: 0xc00000ba

Completed script processing.

*******************

Finished! Terminate.

ComboFix 07-11-08.1 - Rikke 2007-11-08 22:34:55.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1030.18.195 [GMT 1:00]
Running from: C:\Documents and Settings\Rikke\Skrivebord\Spywarefri\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 20:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 20:31 <DIR> d-------- C:\Programmer\Trend Micro
2007-11-08 20:24 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-08 20:24 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-08 20:24 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-08 20:24 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-08 20:24 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-29 20:44 3,846 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-10-22 18:51 50,896 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2007-10-22 18:51 14,152 --a------ C:\WINDOWS\system32\client_cc.dll
2007-10-17 10:52 <DIR> d-------- C:\Programmer\Real
2007-10-17 10:52 <DIR> d-------- C:\Programmer\Fælles filer\Real
2007-10-17 10:52 774,144 --a------ C:\Programmer\RngInterstitial.dll
2007-10-17 10:49 <DIR> d-------- C:\Programmer\OneStepSearch
2007-10-17 10:49 <DIR> d-------- C:\Programmer\Freeze.com
2007-10-17 10:49 <DIR> d-------- C:\Programmer\Free Offers from Freeze.com
2007-10-17 10:48 <DIR> d-------- C:\Programmer\DeliciousDeluxe2_at
2007-10-16 18:58 <DIR> d-------- C:\Programmer\ParadisePetSalon_at
2007-10-12 20:47 <DIR> d--hs---- C:\FOUND.018

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 09:50 118,784 ----a-w C:\WINDOWS\Web\Wallpaper\Living Waterfalls Wallpaper #1 dir\uninstall.exe
2007-09-15 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2007-09-15 13:49 --------- d-----w C:\Programmer\EscapefromParadise_at
2007-09-09 12:44 --------- d-----w C:\Programmer\JackpotMatchup_at
2007-01-09 11:25 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2003-08-27 14:52 461 ----a-w C:\Programmer\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_20.58.38.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
- 2007-11-08 19:49:48 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-11-08 21:34:48 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2007-07-22 20:38:26 68,054 ----a-w C:\WINDOWS\system32\perfc006.dat
+ 2007-11-08 20:00:02 62,664 ----a-w C:\WINDOWS\system32\perfc006.dat
- 2007-07-22 20:38:26 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-08 20:00:02 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-07-22 20:38:26 446,248 ----a-w C:\WINDOWS\system32\perfh006.dat
+ 2007-11-08 20:00:02 395,076 ----a-w C:\WINDOWS\system32\perfh006.dat
- 2007-07-22 20:38:26 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-08 20:00:02 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2004-01-13 14:19]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2004-05-02 10:24]
"Lexmark 5200 series"="C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 18:10]
"FaxCenterServer"="C:\Programmer\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 15:33]
"USB Keyboard"="C:\Programmer\USB Keyboard Driver\kb_2k.exe" [2004-03-30 21:57]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38]
"NPCTray"="C:\Programmer\TDCpakke\npc\bin\npc_tray.exe" []
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 14:47]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2001-10-09 11:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-09 11:00]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BitComet"="C:\Programmer\BitComet\BitComet.exe" []
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-28 21:33]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafe]
"C:\Programmer\Error Safe Free\ers.exe" /min

R1 VFILT;BullGuard Firewall Kernel Driver;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\FiltNt.sys
R2 BdFileSpy;BullGuard File Monitor Driver;\??\C:\WINDOWS\System32\drivers\BdFileSpy.sys
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe -k BullGuard
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe -k BullGuardFw
R3 FA312;Driver til NETGEAR FA330/FA312/FA311 Fast Ethernet-netværkskort;C:\WINDOWS\System32\DRIVERS\FA312nd5.sys
R3 PROTECT.DLL;BullGuard Firewall Protection Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\Protect.dll
R3 Reconn;BullGuard Email Monitor;\??\C:\Programmer\BullGuard Software\BullGuard\reconn.sys
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\AdBlock.dll
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard BgMainSvc BsFileScan BsMailProxy
BullGuardFw BsFwall

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 22:36:56
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 22:37:42
C:\ComboFix3.txt ... 2007-11-08 21:00
C:\ComboFix2.txt ... 2007-11-08 21:56
.
--- E O F ---

Synes godt om

mummimor Nybegynder

08. november 2007 - 23:13 #17

Når jeg forsøger at køre smitfraudfix starter den godt nok fint ud. Efter et stykke tid spørger den om jeg vil slette en inficeret fil der hedder noget med catch_me_dummy. Det svarer jeg ja til. Derefter leder den efter en eller anden temp-fil og den kan den ikke finde. Så springer den hurtigt til filoprydning hvorefter den kører det 5 sekunder og så går over til helt sort skærm, og jeg må genstarte.

Synes godt om

mummimor Nybegynder

08. november 2007 - 23:36 #18

jeg vil gå i seng nu - krydser fingre for at du har en ny plan i morgen*gg*

Synes godt om

mummimor Nybegynder

09. november 2007 - 07:04 #19

Så lykkedes det vist alligevel at køre Smitfraudfix. Her er loggen:

SmitFraudFix v2.250

Scan done at 7:00:03,90, 09-11-2007
Run from C:\Documents and Settings\Rikke\Skrivebord\Spywarefri\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmer\USB Keyboard Driver\kb_2k.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rikke

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rikke\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RIKKE\FORETR~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmer

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://tbn0.google.com/images?q=tbn:PEr8YC4YI1rOaM:http://www.theflowerexpert.com/downloads/wallpapers/flower-expert-stunning-beauty.jpg"
"SubscribedURL"="http://tbn0.google.com/images?q=tbn:PEr8YC4YI1rOaM:http://www.theflowerexpert.com/downloads/wallpapers/flower-expert-stunning-beauty.jpg"
"FriendlyName"=""

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: National Semiconductor DP83815-baseret PCI Fast Ethernet-netværkskort - Miniport til Packet Scheduler
DNS Server Search Order: 193.162.153.164
DNS Server Search Order: 194.239.134.83

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1C39F06-13A9-4747-8A37-4CC75F19D5EE}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1C39F06-13A9-4747-8A37-4CC75F19D5EE}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E1C39F06-13A9-4747-8A37-4CC75F19D5EE}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:03:41, on 09-11-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmer\USB Keyboard Driver\kb_2k.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmer\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [USB Keyboard] C:\Programmer\USB Keyboard Driver\kb_2k.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Programmer\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/198/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.beaglekartotek.dk/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramunrising/sis/mjolauncher.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.virustest.se/cod/cabs/cssweb.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Sikkerhedsservice til udstyr (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 2: (no name) - http://tbn0.google.com/images?q=tbn:PEr8YC4YI1rOaM:http://www.theflowerexpert.com/downloads/wallpapers/flower-expert-stunning-beauty.jpg

--
End of file - 8552 bytes

Synes godt om

arlet Juniormester

09. november 2007 - 07:37 #20

Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind

derefter:
Hent og dobbeltklik denne fil. Den pakker sig ud til C:\SDFix:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Genstart i fejlsikret, hvis du ikke ved hvordan så kig her (Scroll ned til "Sådan får du adgang til fejlsikret tilstand") http://kimludvigsen.dk/tips-windows-fejlsikret.html

Gå så ind i mappen SDFix på C drevet. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.

Synes godt om

Computer Hjælp (Gratis) Mester

09. november 2007 - 07:50 #21

At 'lege' med
O4 - HKCU\..\Run: [BitComet] "C:\Programmer\BitComet\BitComet.exe"
på en XP uden nogen som helst Microsoft ServicePack/Windowsupdate = *SUK*
"Ubeskyttede pc’er holder i 20 minutter":
http://www.comon.dk/index.php/news/show/id=18812

http://www.microsoft.com/danmark/athome/security/online/p2p_file_sharing.mspx

Men <arlet> skal nok guide videre...

Synes godt om

mummimor Nybegynder

09. november 2007 - 16:22 #22

tja, jeg er godt klar over det. Det var egentlig det der startede det hele. Jeg ville opdatere windows og dermed få SP2. Men for at gøre det skal man vist være helt sikker på at computeren er "ren". og nå ja - det var den nok ikke*gg*

Synes godt om

mummimor Nybegynder

09. november 2007 - 16:24 #23

SDFix: Version 1.114

Run by Rikke on 09-11-2007 at 16:08

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Rikke\SKRIVE~1\SPYWAR~1\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 16:16:27
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Files with Hidden Attributes:

Wed 16 Nov 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 9 Nov 2007 372,576 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29039681383389cd77078b8bf391a9ab\BIT8.tmp"
Fri 9 Nov 2007 50 A..H. --- "C:\Documents and Settings\All Users\Application Data\BullGuard\Temp\wtslist.tmpp"
Sun 27 Jun 2004 20,480 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2653.tmp"
Wed 14 Apr 2004 39,936 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0004.tmp"
Wed 14 Apr 2004 41,472 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2069.tmp"
Wed 14 Apr 2004 41,984 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2605.tmp"
Wed 14 Apr 2004 39,936 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL1095.tmp"
Tue 2 May 2006 36,352 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0003.tmp"
Tue 2 May 2006 36,864 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0005.tmp"
Tue 2 May 2006 36,352 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2123.tmp"
Sun 27 Jun 2004 22,016 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2487.tmp"
Sun 27 Jun 2004 22,528 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3541.tmp"
Sun 27 Jun 2004 24,576 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0573.tmp"
Wed 27 Apr 2005 33,280 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3321.tmp"
Tue 26 Apr 2005 57,344 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0188.tmp"
Mon 13 Aug 2007 65,536 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0007.tmp"
Mon 13 Aug 2007 62,464 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2272.tmp"
Mon 13 Aug 2007 61,952 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3985.tmp"
Mon 22 Jan 2007 32,768 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0006.tmp"
Mon 22 Jan 2007 31,744 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3641.tmp"
Tue 2 May 2006 36,352 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2599.tmp"
Tue 2 May 2006 36,864 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3007.tmp"
Tue 2 May 2006 37,888 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL1793.tmp"
Tue 2 May 2006 37,376 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3151.tmp"
Tue 2 May 2006 37,376 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2615.tmp"
Tue 2 May 2006 37,376 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL1271.tmp"
Tue 2 May 2006 37,376 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3044.tmp"
Tue 2 May 2006 37,888 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0190.tmp"
Tue 2 May 2006 38,912 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3014.tmp"
Mon 22 Jan 2007 31,744 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0967.tmp"
Mon 22 Jan 2007 30,720 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3534.tmp"
Mon 22 Jan 2007 30,720 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL1652.tmp"
Mon 22 Jan 2007 29,184 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL1092.tmp"
Mon 22 Jan 2007 27,136 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2191.tmp"

Finished!

Den fandt ingenting med den anden scanner.

Synes godt om

mummimor Nybegynder

09. november 2007 - 16:27 #24

nu virker baggrundsbilledet på skrivebordet igen!!!

Synes godt om

mummimor Nybegynder

09. november 2007 - 16:46 #25

den fik vist ikke scannet rigtig den superantispyware. loggen kommer om lidt...

Synes godt om

arlet Juniormester

09. november 2007 - 17:24 #26

Efter loggen med SuperAntiSpyware scanneren skal jeg også se en ny log fra combofixet

Synes godt om

mummimor Nybegynder

09. november 2007 - 17:28 #27

Synes godt om

arlet Juniormester

09. november 2007 - 17:49 #28

Det var sd fixet du kørte igen..

Nu gør vi sådan her:
Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind sammen med en ny combofix log

Synes godt om

mummimor Nybegynder

09. november 2007 - 18:01 #29

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/09/2007 at 05:20 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 00:52:08

Memory items scanned : 449
Memory threats detected : 0
Registry items scanned : 5252
Registry threats detected : 0
File items scanned : 41320
File threats detected : 141

Adware.Tracking Cookie
C:\Documents and Settings\Rikke\Cookies\rikke@mediaplex[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@e2.emediate[9].txt
C:\Documents and Settings\Rikke\Cookies\rikke@1062757019[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@doubleclick[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@track.adform[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@statcounter[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ncom.banneradministration[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@atdmt[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@eas4.emediate[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ad1.emediate[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@advertising[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@edsa.122.2o7[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adtech[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@cgi-bin[6].txt
C:\Documents and Settings\Rikke\Cookies\rikke@bs.serving-sys[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@serving-sys[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@clickbank[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@1070847646[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@stat.onestat[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@atwola[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adform[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.sexdating[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@hit1.xstats[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@e2.emediate[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@track.adform[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@hotbar[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adopt.hotbar[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@hotbar[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ad.ofir[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@metareward[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@windowsmedia[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adopt.hotbar[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@mediamgr.ugo[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@sexnoveller[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adopt.hotbar[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@m1.webstats4u[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adknowledge[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ad.zanox[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@partypoker[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.statsinaflash[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@windowsmedia[4].txt
C:\Documents and Settings\Rikke\Cookies\rikke@windowsmedia[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@e2.emediate[4].txt
C:\Documents and Settings\Rikke\Cookies\rikke@e2.emediate[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@windowsmedia[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.sexnoveller[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@mywebsearch[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@dist.belnk[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@e2.emediate[5].txt
C:\Documents and Settings\Rikke\Cookies\rikke@yourmedia[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@stat.postdanmark[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@sexdebut[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adfair[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.sexnoveller[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ads.ims[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@server.cpmstar[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@falck_health_care_click_2006_09[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ad1.emediate[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@banner.bolddk[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@indextools[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adserver.banneradministration[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.sexdating[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@drivecleaner[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@cts.metricsdirect[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.sexdating[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@indextools[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@dk.drivecleaner[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@stats.drivecleaner[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.windowsmedia[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@hotbar[4].txt
C:\Documents and Settings\Rikke\Cookies\rikke@partypoker[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@bannere.fyens[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@upspiral[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.hotbargames[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@sexdating[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.upspiral[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@sexnoveller[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@e2.emediate[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@tracking.notabenestats[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@e2.emediate[7].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adfair[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adultfriendfinder[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@roiservice[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@agoramedia[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ads1.partnerlogic[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.sexnoveller[4].txt
C:\Documents and Settings\Rikke\Cookies\rikke@pacificpoker[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ad.zanox[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adinterax[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@xiti[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.hotbargames[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@netmediagroup[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@bannere.fyens[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@bizrate[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@secure.agoramedia[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@m1.webstats.motigo[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@roiservice[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@eas4.emediate[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@clickandbuy[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@specificclick[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@sexmouze[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@secure.agoramedia[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adfarm1.adition[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@banner.fynskemedier[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adlegend[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.sexshoppen[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adserver.banneradministration[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@agoramedia[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@singlesex[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@planteriget.intramediaserver[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.sexdating[5].txt
C:\Documents and Settings\Rikke\Cookies\rikke@sexdating[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adfair[4].txt
C:\Documents and Settings\Rikke\Cookies\rikke@cts.metricsdirect[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ads1.partnerlogic[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@track.adform[3].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ads.contactmusic[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@tripod[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@dksvom.tripod[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@stats.canalblog[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ad.thewheelof[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@e2.emediate[6].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.windowsmedia[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@www.singlesex[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@eas.apm.emediate[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@qxl.banneradministration[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@stat.novasol[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@indextools[4].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adserver.banneradministration[4].txt
C:\Documents and Settings\Rikke\Cookies\rikke@indextools[5].txt
C:\Documents and Settings\Rikke\Cookies\rikke@sexnoveller[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@tracking.notabenestats[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adserver.banneradministration[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ad2.hoga[1].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ads2.jubii[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adopt.specificclick[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@adserver[2].txt
C:\Documents and Settings\Rikke\Cookies\rikke@ad1.emediate[2].txt

Synes godt om

mummimor Nybegynder

09. november 2007 - 18:02 #30

så skulle det være den rigtige. sorry - fangede lige den forkerte.

Synes godt om

arlet Juniormester

09. november 2007 - 18:11 #31

ja, det var den rigtige..

Og så en ny combofix efter genstart

Synes godt om

mummimor Nybegynder

09. november 2007 - 18:16 #32

ComboFix 07-11-08.1 - Rikke 2007-11-09 18:05:14.5 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1030.18.141 [GMT 1:00]
Running from: C:\Documents and Settings\Rikke\Skrivebord\Spywarefri\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
.

2007-11-09 16:07 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-09 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-09 15:51 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-11-09 15:51 <DIR> d-------- C:\Documents and Settings\Rikke\Application Data\SUPERAntiSpyware.com
2007-11-09 06:59 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-09 06:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-09 06:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-09 06:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-09 06:59 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-08 20:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 20:31 <DIR> d-------- C:\Programmer\Trend Micro
2007-10-29 20:44 3,746 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-10-22 18:51 50,896 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2007-10-22 18:51 14,152 --a------ C:\WINDOWS\system32\client_cc.dll
2007-10-17 10:52 <DIR> d-------- C:\Programmer\Real
2007-10-17 10:52 <DIR> d-------- C:\Programmer\F�lles filer\Real
2007-10-17 10:52 774,144 --a------ C:\Programmer\RngInterstitial.dll
2007-10-17 10:49 <DIR> d-------- C:\Programmer\OneStepSearch
2007-10-17 10:49 <DIR> d-------- C:\Programmer\Freeze.com
2007-10-17 10:49 <DIR> d-------- C:\Programmer\Free Offers from Freeze.com
2007-10-17 10:48 <DIR> d-------- C:\Programmer\DeliciousDeluxe2_at
2007-10-16 18:58 <DIR> d-------- C:\Programmer\ParadisePetSalon_at
2007-10-12 20:47 <DIR> d--hs---- C:\FOUND.018

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 09:50 118,784 ----a-w C:\WINDOWS\Web\Wallpaper\Living Waterfalls Wallpaper #1 dir\uninstall.exe
2007-09-15 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2007-09-15 13:49 --------- d-----w C:\Programmer\EscapefromParadise_at
2007-09-09 12:44 --------- d-----w C:\Programmer\JackpotMatchup_at
2007-01-09 11:25 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2003-08-27 14:52 461 ----a-w C:\Programmer\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_20.58.38.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-06-24 11:43:52 226,831 ----a-r C:\WINDOWS\Cache\Adobe Reader 6.0\DANMIN\setup.exe
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-11-08 10:59:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-09 15:07:46 4,882,432 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2007-11-09 15:07:46 286,720 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-08 10:59:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-09 15:07:38 4,882,432 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2007-11-09 15:07:38 286,720 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2007-11-09 14:51:56 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-11-09 14:51:56 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-11-09 14:51:56 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2007-11-08 19:49:48 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-11-09 17:04:52 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2007-07-22 20:38:26 68,054 ----a-w C:\WINDOWS\system32\perfc006.dat
+ 2007-11-08 20:00:02 62,664 ----a-w C:\WINDOWS\system32\perfc006.dat
- 2007-07-22 20:38:26 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-08 20:00:02 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-07-22 20:38:26 446,248 ----a-w C:\WINDOWS\system32\perfh006.dat
+ 2007-11-08 20:00:02 395,076 ----a-w C:\WINDOWS\system32\perfh006.dat
- 2007-07-22 20:38:26 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-08 20:00:02 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-11-29 16:21:30 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 04:20:34 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2004-01-13 14:19]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2004-05-02 10:24]
"Lexmark 5200 series"="C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 18:10]
"FaxCenterServer"="C:\Programmer\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 15:33]
"USB Keyboard"="C:\Programmer\USB Keyboard Driver\kb_2k.exe" [2004-03-30 21:57]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38]
"NPCTray"="C:\Programmer\TDCpakke\npc\bin\npc_tray.exe" []
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 14:47]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2001-10-09 11:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-09 11:00]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BitComet"="C:\Programmer\BitComet\BitComet.exe" []
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-28 21:33]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafe]
"C:\Programmer\Error Safe Free\ers.exe" /min

R1 ewido security suite driver;ewido security suite driver;\??\C:\Programmer\ewido\security suite\guard.sys
R1 VFILT;BullGuard Firewall Kernel Driver;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\FiltNt.sys
R2 BdFileSpy;BullGuard File Monitor Driver;\??\C:\WINDOWS\System32\drivers\BdFileSpy.sys
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe -k BullGuard
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe -k BullGuardFw
R3 FA312;Driver til NETGEAR FA330/FA312/FA311 Fast Ethernet-netv�rkskort;C:\WINDOWS\System32\DRIVERS\FA312nd5.sys
R3 PROTECT.DLL;BullGuard Firewall Protection Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\Protect.dll
R3 Reconn;BullGuard Email Monitor;\??\C:\Programmer\BullGuard Software\BullGuard\reconn.sys
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\AdBlock.dll
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard BgMainSvc BsFileScan BsMailProxy
BullGuardFw BsFwall

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 18:10:11
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-09 18:12:18
C:\ComboFix2.txt ... 2007-11-09 07:08
C:\ComboFix3.txt ... 2007-11-08 22:37
.
--- E O F ---

Synes godt om

mummimor Nybegynder

09. november 2007 - 18:30 #33

hva siger vi så - er min computer stadig helt "fucked up"?

Synes godt om

Computer Hjælp (Gratis) Mester

09. november 2007 - 23:44 #34

"...Jeg ville opdatere windows og dermed få SP2. ..." - det gør man altså ikke med [BitComet] *S*

<arlet> kører videre...

Synes godt om

mummimor Nybegynder

13. november 2007 - 15:44 #35

øhhhh - hallo! Er der nogen der kan hjælpe mig videre????

Hjææææææælp!

Synes godt om

Computer Hjælp (Gratis) Mester

13. november 2007 - 15:50 #36

<arlet> skal nok vende tilbage...

Synes godt om

mummimor Nybegynder

13. november 2007 - 19:21 #37

det ville i hvert fald være rigtig dejligt;o)

Synes godt om

mummimor Nybegynder

13. november 2007 - 19:29 #38

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:17, on 13-11-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmer\USB Keyboard Driver\kb_2k.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\lxbtcoms.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXBTPSWX.EXE
C:\Programmer\TrojanHunter 5.0\THGuard.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmer\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [USB Keyboard] C:\Programmer\USB Keyboard Driver\kb_2k.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/198/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.beaglekartotek.dk/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramunrising/sis/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.virustest.se/cod/cabs/cssweb.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Sikkerhedsservice til udstyr (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://tbn0.google.com/images?q=tbn:PEr8YC4YI1rOaM:http://www.theflowerexpert.com/downloads/wallpapers/flower-expert-stunning-beauty.jpg

--
End of file - 9777 bytes

Synes godt om

arlet Juniormester

13. november 2007 - 22:19 #39

-- Hent S!Ri's SmitfraudFix.zip og gem det på dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Alternativt herfra:
http://72.232.135.12/siri/SmitfraudFix.exe

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Kør SmitfraudFix. Tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Genstart og læg en frisk log fra Combofix herind, sammen med loggen fra SmitfraudFix (C:\rapport.txt).

Synes godt om

mummimor Nybegynder

17. november 2007 - 16:01 #40

ComboFix 07-11-08.1 - Rikke 2007-11-17 15:54:26.6 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.45.1030.18.139 [GMT 1:00]
Running from: C:\Documents and Settings\Rikke\Skrivebord\Spywarefri\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-16 08:23 <DIR> d--hs---- C:\FOUND.022
2007-11-15 17:13 <DIR> d-------- C:\Programmer\Carlo Gavazzi
2007-11-13 19:22 <DIR> d-------- C:\Programmer\TrojanHunter 5.0
2007-11-11 19:52 <DIR> d--hs---- C:\FOUND.021
2007-11-11 10:27 <DIR> d--hs---- C:\FOUND.020
2007-11-10 18:25 <DIR> d--hs---- C:\FOUND.019
2007-11-09 16:07 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-09 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-09 15:51 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-11-09 15:51 <DIR> d-------- C:\Documents and Settings\Rikke\Application Data\SUPERAntiSpyware.com
2007-11-09 06:59 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-09 06:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-09 06:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-09 06:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-09 06:59 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-08 20:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 20:31 <DIR> d-------- C:\Programmer\Trend Micro
2007-10-29 20:44 3,872 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-10-22 18:51 50,896 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2007-10-22 18:51 14,152 --a------ C:\WINDOWS\system32\client_cc.dll
2007-10-17 10:52 <DIR> d-------- C:\Programmer\Real
2007-10-17 10:52 <DIR> d-------- C:\Programmer\Fælles filer\Real
2007-10-17 10:52 774,144 --a------ C:\Programmer\RngInterstitial.dll
2007-10-17 10:49 <DIR> d-------- C:\Programmer\OneStepSearch
2007-10-17 10:49 <DIR> d-------- C:\Programmer\Freeze.com
2007-10-17 10:49 <DIR> d-------- C:\Programmer\Free Offers from Freeze.com
2007-10-17 10:48 <DIR> d-------- C:\Programmer\DeliciousDeluxe2_at

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 09:50 118,784 ----a-w C:\WINDOWS\Web\Wallpaper\Living Waterfalls Wallpaper #1 dir\uninstall.exe
2007-10-16 17:58 --------- d-----w C:\Programmer\ParadisePetSalon_at
2007-01-09 11:25 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2003-08-27 14:52 461 ----a-w C:\Programmer\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_20.58.38.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-06-24 11:43:52 226,831 ----a-r C:\WINDOWS\Cache\Adobe Reader 6.0\DANMIN\setup.exe
+ 2006-08-24 07:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-11-08 10:59:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-09 15:07:46 4,882,432 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2007-11-09 15:07:46 286,720 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-08 10:59:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-09 15:07:38 4,882,432 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2007-11-09 15:07:38 286,720 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2007-11-09 14:51:56 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-11-09 14:51:56 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-11-09 14:51:56 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2003-08-07 10:05:26 102,400 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2007-03-29 08:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
- 2004-01-22 17:41:02 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2006-10-05 15:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
- 1998-10-07 21:16:00 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2005-06-03 13:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
- 2003-08-01 09:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2003-08-01 10:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 12:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2006-02-16 17:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-25 17:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
- 2002-10-04 17:48:06 131,072 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2004-05-04 14:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 12:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
- 2003-02-27 09:59:18 163,896 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-04-10 09:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 12:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
- 2003-04-08 12:25:32 102,400 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-02-16 17:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
- 2002-10-30 14:40:54 106,496 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2006-10-05 15:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
- 2002-05-13 11:23:22 5,158 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2006-06-30 13:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
- 2003-07-29 12:43:36 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2004-02-04 13:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2006-08-01 12:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2006-08-23 12:06:08 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2006-08-17 10:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 10:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 07:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 13:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 09:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 09:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 15:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 08:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 09:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 13:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 13:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 12:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 07:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 07:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-04-18 16:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 13:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 1997-09-18 05:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
- 2001-10-09 10:17:06 20,480 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2006-02-28 16:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2006-08-02 11:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
- 2001-01-13 21:00:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-09 16:28:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2001-01-13 21:00:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat
+ 2007-11-09 16:28:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat
- 2001-01-13 21:00:52 114,688 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-09 17:20:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-08 19:49:48 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-11-17 14:54:14 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2005-02-20 01:10:00 86,528 ----a-w C:\WINDOWS\system32\diCrHash.dll
- 2007-09-28 06:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:58 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-07-22 20:38:26 68,054 ----a-w C:\WINDOWS\system32\perfc006.dat
+ 2007-11-08 20:00:02 62,664 ----a-w C:\WINDOWS\system32\perfc006.dat
- 2007-07-22 20:38:26 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-08 20:00:02 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-07-22 20:38:26 446,248 ----a-w C:\WINDOWS\system32\perfh006.dat
+ 2007-11-08 20:00:02 395,076 ----a-w C:\WINDOWS\system32\perfh006.dat
- 2007-07-22 20:38:26 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-08 20:00:02 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-11-29 16:21:30 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 04:20:34 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
- 2003-03-25 16:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
+ 2003-03-25 17:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2004-01-13 14:19]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2004-05-02 10:24]
"Lexmark 5200 series"="C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 18:10]
"FaxCenterServer"="C:\Programmer\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 15:33]
"USB Keyboard"="C:\Programmer\USB Keyboard Driver\kb_2k.exe" [2004-03-30 21:57]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38]
"NPCTray"="C:\Programmer\TDCpakke\npc\bin\npc_tray.exe" []
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 14:47]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2001-10-09 11:00]
"THGuard"="C:\Programmer\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-09 11:00]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-28 21:33]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafe]
"C:\Programmer\Error Safe Free\ers.exe" /min

R1 ewido security suite driver;ewido security suite driver;\??\C:\Programmer\ewido\security suite\guard.sys
R1 VFILT;BullGuard Firewall Kernel Driver;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\FiltNt.sys
R2 BdFileSpy;BullGuard File Monitor Driver;\??\C:\WINDOWS\System32\drivers\BdFileSpy.sys
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe -k BullGuard
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe -k BullGuardFw
R3 FA312;Driver til NETGEAR FA330/FA312/FA311 Fast Ethernet-netværkskort;C:\WINDOWS\System32\DRIVERS\FA312nd5.sys
R3 PROTECT.DLL;BullGuard Firewall Protection Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\Protect.dll
R3 Reconn;BullGuard Email Monitor;\??\C:\Programmer\BullGuard Software\BullGuard\reconn.sys
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\AdBlock.dll
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard BgMainSvc BsFileScan BsMailProxy
BullGuardFw BsFwall

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 15:57:24
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 15:58:11
C:\ComboFix3.txt ... 2007-11-09 07:08
C:\ComboFix2.txt ... 2007-11-09 18:12
.
--- E O F ---

SmitFraudFix v2.253

Scan done at 15:46:59,07, 17-11-2007
Run from C:\Documents and Settings\Rikke\Skrivebord\Spywarefri\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1C39F06-13A9-4747-8A37-4CC75F19D5EE}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1C39F06-13A9-4747-8A37-4CC75F19D5EE}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E1C39F06-13A9-4747-8A37-4CC75F19D5EE}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Synes godt om

arlet Juniormester

17. november 2007 - 16:31 #41

Vi prøver igen:

Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------
File::
C:\WINDOWS\logo1_.exe
C:\WINDOWS\R.COM
C:\WINDOWS\rundl132.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\system32\systems.txt
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\zts2.exe
-----------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind sammen med en ny hijackthis log

Synes godt om

mummimor Nybegynder

17. november 2007 - 19:16 #42

ComboFix 07-11-08.1 - Rikke 2007-11-17 19:10:47.7 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1030.18.179 [GMT 1:00]
Running from: C:\Documents and Settings\Rikke\Skrivebord\Spywarefri\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rikke\Skrivebord\Spywarefri\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-16 08:23 <DIR> d--hs---- C:\FOUND.022
2007-11-15 17:13 <DIR> d-------- C:\Programmer\Carlo Gavazzi
2007-11-13 19:22 <DIR> d-------- C:\Programmer\TrojanHunter 5.0
2007-11-11 19:52 <DIR> d--hs---- C:\FOUND.021
2007-11-11 10:27 <DIR> d--hs---- C:\FOUND.020
2007-11-10 18:25 <DIR> d--hs---- C:\FOUND.019
2007-11-09 16:07 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-09 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-09 15:51 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-11-09 15:51 <DIR> d-------- C:\Documents and Settings\Rikke\Application Data\SUPERAntiSpyware.com
2007-11-09 06:59 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-09 06:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-09 06:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-09 06:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-09 06:59 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-08 20:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 20:31 <DIR> d-------- C:\Programmer\Trend Micro
2007-10-29 20:44 3,872 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-10-22 18:51 50,896 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2007-10-22 18:51 14,152 --a------ C:\WINDOWS\system32\client_cc.dll
2007-10-17 10:52 <DIR> d-------- C:\Programmer\Real
2007-10-17 10:52 <DIR> d-------- C:\Programmer\Fælles filer\Real
2007-10-17 10:52 774,144 --a------ C:\Programmer\RngInterstitial.dll
2007-10-17 10:49 <DIR> d-------- C:\Programmer\OneStepSearch
2007-10-17 10:49 <DIR> d-------- C:\Programmer\Freeze.com
2007-10-17 10:49 <DIR> d-------- C:\Programmer\Free Offers from Freeze.com
2007-10-17 10:48 <DIR> d-------- C:\Programmer\DeliciousDeluxe2_at

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 09:50 118,784 ----a-w C:\WINDOWS\Web\Wallpaper\Living Waterfalls Wallpaper #1 dir\uninstall.exe
2007-10-16 17:58 --------- d-----w C:\Programmer\ParadisePetSalon_at
2007-01-09 11:25 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2003-08-27 14:52 461 ----a-w C:\Programmer\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot_2007-11-17_15.57.32,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-17 14:54:14 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-11-17 18:10:38 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2004-01-13 14:19]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2004-05-02 10:24]
"Lexmark 5200 series"="C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 18:10]
"FaxCenterServer"="C:\Programmer\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 15:33]
"USB Keyboard"="C:\Programmer\USB Keyboard Driver\kb_2k.exe" [2004-03-30 21:57]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38]
"NPCTray"="C:\Programmer\TDCpakke\npc\bin\npc_tray.exe" []
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 14:47]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2001-10-09 11:00]
"THGuard"="C:\Programmer\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-09 11:00]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-28 21:33]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafe]
"C:\Programmer\Error Safe Free\ers.exe" /min

R1 ewido security suite driver;ewido security suite driver;\??\C:\Programmer\ewido\security suite\guard.sys
R1 VFILT;BullGuard Firewall Kernel Driver;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\FiltNt.sys
R2 BdFileSpy;BullGuard File Monitor Driver;\??\C:\WINDOWS\System32\drivers\BdFileSpy.sys
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe -k BullGuard
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe -k BullGuardFw
R3 FA312;Driver til NETGEAR FA330/FA312/FA311 Fast Ethernet-netværkskort;C:\WINDOWS\System32\DRIVERS\FA312nd5.sys
R3 PROTECT.DLL;BullGuard Firewall Protection Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\Protect.dll
R3 Reconn;BullGuard Email Monitor;\??\C:\Programmer\BullGuard Software\BullGuard\reconn.sys
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\AdBlock.dll
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard BgMainSvc BsFileScan BsMailProxy
BullGuardFw BsFwall

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 19:12:45
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 19:13:27
C:\ComboFix3.txt ... 2007-11-09 18:12
C:\ComboFix2.txt ... 2007-11-17 15:58
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:58, on 17-11-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmer\USB Keyboard Driver\kb_2k.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\Programmer\Lexmark 5200 series\lxbtbmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmer\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [USB Keyboard] C:\Programmer\USB Keyboard Driver\kb_2k.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/198/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.beaglekartotek.dk/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramunrising/sis/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.virustest.se/cod/cabs/cssweb.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Sikkerhedsservice til udstyr (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8656 bytes

Synes godt om

mummimor Nybegynder

17. november 2007 - 19:28 #43

når jeg kører combofix kommer mit Bullguard en del gange op med en advarsel om at den har forhindret en virus på min computer. Den hedder Generic....?

Synes godt om

mummimor Nybegynder

25. november 2007 - 13:00 #44

Kære Arlet. Jeg håber du snart vender tilbage. Jeg hader hvis min kæreste får ret i, at det eneste der er at gøre er at formatere harddisken.... Snøft!

Synes godt om

arlet Juniormester

25. november 2007 - 19:37 #45

Den må være smuttet..

Du skal bare ignorer bullguard, så du kan få kørt den combo fix

Synes godt om

mummimor Nybegynder

28. november 2007 - 16:35 #46

Nu slog jeg Bullguard fra mens Combofix kørte. Ser det bedre ud nu?

ComboFix 07-11-19.4 - Rikke 2007-11-28 16:32:11.9 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1030.18.236 [GMT 1:00]
Running from: C:\Documents and Settings\Rikke\Skrivebord\Spywarefri\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-25 14:54 <DIR> d-------- C:\Documents and Settings\Rikke\Application Data\AdobeAUM
2007-11-24 09:11 <DIR> d-------- C:\Programmer\HeroesofHellas_at
2007-11-21 19:23 <DIR> d-------- C:\Documents and Settings\Rikke\Application Data\Jane s Hotel
2007-11-21 19:22 <DIR> d-------- C:\Programmer\JanesHotel_at
2007-11-18 13:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-18 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 22:32 <DIR> d-------- C:\Programmer\CCleaner
2007-11-17 22:25 <DIR> d-------- C:\Programmer\Fælles filer\Java
2007-11-17 22:11 0 --a------ C:\WINDOWS\system32\REN1C.tmp
2007-11-17 22:11 0 --a------ C:\WINDOWS\system32\REN1B.tmp
2007-11-16 08:23 <DIR> d--hs---- C:\FOUND.022
2007-11-15 17:13 <DIR> d-------- C:\Programmer\Carlo Gavazzi
2007-11-13 19:22 <DIR> d-------- C:\Programmer\TrojanHunter 5.0
2007-11-11 19:52 <DIR> d--hs---- C:\FOUND.021
2007-11-11 10:27 <DIR> d--hs---- C:\FOUND.020
2007-11-10 18:25 <DIR> d--hs---- C:\FOUND.019
2007-11-09 16:07 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-09 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-09 15:51 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-11-09 15:51 <DIR> d-------- C:\Documents and Settings\Rikke\Application Data\SUPERAntiSpyware.com
2007-11-09 06:59 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-09 06:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-09 06:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-08 20:31 <DIR> d-------- C:\Programmer\Trend Micro
2007-10-29 20:44 3,872 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-10-29 06:57 <DIR> d-a------ C:\WINDOWS\logo1_.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-22 17:51 50,896 ----a-w C:\WINDOWS\system32\drivers\BdFileSpy.sys
2007-10-22 17:51 14,152 ----a-w C:\WINDOWS\system32\client_cc.dll
2007-10-17 09:52 774,144 ----a-w C:\Programmer\RngInterstitial.dll
2007-10-17 09:52 --------- d-----w C:\Programmer\Real
2007-10-17 09:52 --------- d-----w C:\Programmer\Fælles filer\Real
2007-10-17 09:49 --------- d-----w C:\Programmer\OneStepSearch
2007-10-17 09:49 --------- d-----w C:\Programmer\Free Offers from Freeze.com
2007-10-17 09:48 --------- d-----w C:\Programmer\DeliciousDeluxe2_at
2007-10-16 17:58 --------- d-----w C:\Programmer\ParadisePetSalon_at
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-01-09 11:25 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2003-08-27 14:52 461 ----a-w C:\Programmer\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2007-11-26_23.09.16.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
- 2007-11-26 22:07:22 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-11-28 15:32:08 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-09 11:00]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-21 17:16]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"Lexmark 5200 series"="C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 18:10]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38]
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-22 18:51]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 14:47]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2001-10-09 11:00]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-09 11:00]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafe]
C:\Programmer\Error Safe Free\ers.exe /min

R1 ewido security suite driver;ewido security suite driver;\??\C:\Programmer\ewido\security suite\guard.sys
R1 VFILT;BullGuard Firewall Kernel Driver;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\FiltNt.sys
R2 BdFileSpy;BullGuard File Monitor Driver;\??\C:\WINDOWS\System32\drivers\BdFileSpy.sys
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe -k BullGuard
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe -k BullGuardFw
R3 FA312;Driver til NETGEAR FA330/FA312/FA311 Fast Ethernet-netværkskort;C:\WINDOWS\System32\DRIVERS\FA312nd5.sys
R3 Reconn;BullGuard Email Monitor;\??\C:\Programmer\BullGuard Software\BullGuard\reconn.sys
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\AdBlock.dll
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll
S3 PROTECT.DLL;BullGuard Firewall Protection Plugin;\??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\Protect.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard BgMainSvc BsFileScan BsMailProxy
BullGuardFw BsFwall

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 16:33:42
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 16:34:12
C:\ComboFix2.txt ... 2007-11-26 23:09
C:\ComboFix3.txt ... 2007-11-17 19:13
.
--- E O F ---

Synes godt om

arlet Juniormester

29. november 2007 - 13:42 #47

Hent Avenger ned til skrivebordet her fra:
http://swandog46.geekstogo.com/avenger.exe

1. Dobbeltklik på avenger.exe

2. Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
C:\WINDOWS\logo1_.exe
C:\WINDOWS\R.COM
C:\WINDOWS\rundl132.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\system32\systems.txt
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\zts2.exe
-----------------------------

3. Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

4. Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

Synes godt om

mummimor Nybegynder

29. november 2007 - 16:50 #48

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cvdbfhhu

*******************

Script file located at: \??\C:\WINDOWS\gplcfgia.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Error: C:\WINDOWS\logo1_.exe is a folder, not a file!
Deletion of file C:\WINDOWS\logo1_.exe failed!

Could not process line:
C:\WINDOWS\logo1_.exe
Status: 0xc00000ba

File C:\WINDOWS\R.COM not found!
Deletion of file C:\WINDOWS\R.COM failed!

Could not process line:
C:\WINDOWS\R.COM
Status: 0xc0000034

Error: C:\WINDOWS\rundl132.dll is a folder, not a file!
Deletion of file C:\WINDOWS\rundl132.dll failed!

Could not process line:
C:\WINDOWS\rundl132.dll
Status: 0xc00000ba

Error: C:\WINDOWS\rundll16.exe is a folder, not a file!
Deletion of file C:\WINDOWS\rundll16.exe failed!

Could not process line:
C:\WINDOWS\rundll16.exe
Status: 0xc00000ba

Error: C:\WINDOWS\system32\iifgfgf.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\iifgfgf.dll failed!

Could not process line:
C:\WINDOWS\system32\iifgfgf.dll
Status: 0xc00000ba

File C:\WINDOWS\system32\systems.txt not found!
Deletion of file C:\WINDOWS\system32\systems.txt failed!

Could not process line:
C:\WINDOWS\system32\systems.txt
Status: 0xc0000034

File C:\WINDOWS\system32\T.COM not found!
Deletion of file C:\WINDOWS\system32\T.COM failed!

Could not process line:
C:\WINDOWS\system32\T.COM
Status: 0xc0000034

Error: C:\WINDOWS\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\vcmgcd32.dll failed!

Could not process line:
C:\WINDOWS\system32\vcmgcd32.dll
Status: 0xc00000ba

Error: C:\WINDOWS\zts2.exe is a folder, not a file!
Deletion of file C:\WINDOWS\zts2.exe failed!

Could not process line:
C:\WINDOWS\zts2.exe
Status: 0xc00000ba

Completed script processing.

*******************

Finished! Terminate.

Synes godt om

mummimor Nybegynder

29. november 2007 - 17:21 #49

Du får også lige den her:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:01, on 29-11-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\Lexmark 5200 series\lxbtbmon.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programmer\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/198/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.beaglekartotek.dk/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramunrising/sis/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.virustest.se/cod/cabs/cssweb.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Sikkerhedsservice til udstyr (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8403 bytes

Synes godt om

arlet Juniormester

29. november 2007 - 18:15 #50

Okay, det ville den ikke..<

vi prøver noget andet..

Hent og dobbeltklik denne fil. Den pakker sig ud til C:\SDFix:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Genstart i fejlsikret, hvis du ikke ved hvordan så kig her (Scroll ned til "Sådan får du adgang til fejlsikret tilstand") http://kimludvigsen.dk/tips-windows-fejlsikret.html

Gå så ind i mappen SDFix på C drevet. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.

Synes godt om

mummimor Nybegynder

29. november 2007 - 20:03 #51

SDFix: Version 1.114

Run by Rikke on 29-11-2007 at 19:56

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Rikke\SKRIVE~1\SPYWAR~1\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 20:01:02
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Files with Hidden Attributes:

Wed 16 Nov 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 13 Nov 2004 37,376 ...H. --- "C:\Programmer\F‘lles filer\Adobe\ESD\DLMCleanup.exe"
Thu 29 Nov 2007 50 A..H. --- "C:\Documents and Settings\All Users\Application Data\BullGuard\Temp\wtslist.tmpp"
Sun 27 Jun 2004 20,480 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2653.tmp"
Wed 14 Apr 2004 39,936 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0004.tmp"
Wed 14 Apr 2004 41,472 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2069.tmp"
Wed 14 Apr 2004 41,984 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2605.tmp"
Wed 14 Apr 2004 39,936 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL1095.tmp"
Tue 2 May 2006 36,352 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0003.tmp"
Tue 2 May 2006 36,864 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0005.tmp"
Tue 2 May 2006 36,352 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2123.tmp"
Sun 27 Jun 2004 22,016 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2487.tmp"
Sun 27 Jun 2004 22,528 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3541.tmp"
Sun 27 Jun 2004 24,576 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0573.tmp"
Wed 27 Apr 2005 33,280 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3321.tmp"
Tue 26 Apr 2005 57,344 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0188.tmp"
Mon 13 Aug 2007 65,536 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0007.tmp"
Mon 13 Aug 2007 62,464 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2272.tmp"
Mon 13 Aug 2007 61,952 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3985.tmp"
Sun 11 Nov 2007 21,504 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL1843.tmp"
Mon 22 Jan 2007 32,768 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0006.tmp"
Mon 22 Jan 2007 31,744 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3641.tmp"
Tue 2 May 2006 36,352 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2599.tmp"
Tue 2 May 2006 36,864 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3007.tmp"
Tue 2 May 2006 37,888 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL1793.tmp"
Tue 2 May 2006 37,376 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3151.tmp"
Tue 2 May 2006 37,376 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2615.tmp"
Tue 2 May 2006 37,376 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL1271.tmp"
Tue 2 May 2006 37,376 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3044.tmp"
Tue 2 May 2006 37,888 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0190.tmp"
Tue 2 May 2006 38,912 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3014.tmp"
Mon 22 Jan 2007 31,744 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL0967.tmp"
Mon 22 Jan 2007 30,720 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL3534.tmp"
Mon 22 Jan 2007 30,720 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL1652.tmp"
Mon 22 Jan 2007 29,184 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL1092.tmp"
Mon 22 Jan 2007 27,136 ...H. --- "C:\Documents and Settings\Rikke\Application Data\Microsoft\Word\~WRL2191.tmp"
Sat 22 Apr 2006 37,888 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Job\Ans›gninger\~WRL3927.tmp"
Tue 2 May 2006 36,864 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Job\Ans›gninger\~WRL0168.tmp"
Tue 2 May 2006 36,352 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Job\Ans›gninger\~WRL2377.tmp"
Tue 2 May 2006 37,888 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Job\Ans›gninger\~WRL3487.tmp"
Tue 5 Apr 2005 35,840 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Dansk\~WRL0401.tmp"
Wed 27 Apr 2005 36,352 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Dansk\~WRL1987.tmp"
Wed 27 Apr 2005 39,936 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Dansk\~WRL1054.tmp"
Tue 13 Apr 2004 37,888 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Dansk\~WRL1307.tmp"
Tue 13 Apr 2004 37,888 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Dansk\~WRL3799.tmp"
Wed 14 Apr 2004 41,472 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Dansk\~WRL3329.tmp"
Wed 14 Apr 2004 41,472 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Dansk\~WRL3132.tmp"
Wed 14 Apr 2004 38,912 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Dansk\~WRL2256.tmp"
Wed 14 Apr 2004 27,136 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Dansk\~WRL0383.tmp"
Wed 14 Apr 2004 46,592 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Dansk\~WRL1074.tmp"
Sun 25 Apr 2004 57,344 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL0004.tmp"
Tue 27 Apr 2004 57,856 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL3421.tmp"
Tue 27 Apr 2004 57,344 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL3552.tmp"
Tue 27 Apr 2004 57,344 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL3581.tmp"
Tue 27 Apr 2004 58,368 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL0663.tmp"
Tue 27 Apr 2004 58,880 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL3880.tmp"
Tue 27 Apr 2004 56,832 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL1554.tmp"
Tue 27 Apr 2004 57,344 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL3367.tmp"
Tue 27 Apr 2004 59,904 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL3071.tmp"
Tue 27 Apr 2004 60,416 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL1924.tmp"
Tue 27 Apr 2004 60,928 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL0671.tmp"
Tue 27 Apr 2004 62,464 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL1052.tmp"
Tue 27 Apr 2004 62,464 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL1332.tmp"
Tue 27 Apr 2004 62,464 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL2168.tmp"
Tue 27 Apr 2004 62,464 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL0890.tmp"
Tue 27 Apr 2004 62,464 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL1551.tmp"
Tue 27 Apr 2004 57,856 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL0763.tmp"
Tue 27 Apr 2004 61,440 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\psykologi\~WRL1758.tmp"
Tue 26 Apr 2005 49,152 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Religion\~WRL2425.tmp"
Tue 26 Apr 2005 48,640 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Religion\~WRL1006.tmp"
Tue 26 Apr 2005 50,176 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Religion\~WRL2466.tmp"
Tue 26 Apr 2005 50,688 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Religion\~WRL3159.tmp"
Tue 26 Apr 2005 51,200 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Religion\~WRL3335.tmp"
Tue 26 Apr 2005 52,224 A..H. --- "C:\Documents and Settings\Rikke\Skrivebord\Rikke\Personlige\Skole\Religion\~WRL0597.tmp"

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS