Notifikationer

Markér alle som læst Log ud

oboen Nybegynder

13. marts 2008 - 19:59 Der er 15 kommentarer

windows m.m. pop up

Hej eksperten.
jeg har det seneste fået masser af popups (nye sider) medens jeg er på internettet. Det er meget irriterende. Jeg plejer ellers at kunne fjerne det meste af irriterende smuds, men denne er lidt for svær for mig. Det er tilbud på lidt af hver, men mest en tom side. har prøvet lidt af hver: avg, spybot,xcleaner (der viser trojaner), ccleaner, SAS, atf, men intet har taget den fejl.

Logfile of HijackThis v1.99.1
Scan saved at 19:47:30, on 13-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
H:\microsoft activesync\wcescomm.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
E:\virus mm\hijakthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cybercity.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Programmer\BrowsingAdvisor\BrowsingAdvisor-2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: Blubster Toolbar - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - C:\Programmer\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AudioBaitSixthDent] C:\Documents and Settings\All Users\Application Data\Mpeg size audio bait\mpeg64.exe
O4 - HKLM\..\Run: [Byte Tool Tons Mail] C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\memo roam.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\microsoft activesync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [spamlist] C:\DOCUME~1\BJARKE~1\APPLIC~1\FLAPFR~1\Plan Atom.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download with GetRight - D:\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - g:\microsoft activesync\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\microsoft activesync\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\microsoft activesync\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {14B1C266-7BC8-46AC-8E3D-5828F52B7506} (CACSecurity.SecurityClass) - http://katalog.onlineautodele.dk/CACSecurity.CAB
O16 - DPF: {1E69721D-9104-11D3-82D3-D06650C10000} (DafoloControl Class) - http://www.diaform.dk/menu/config/codebase/dafolo.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181043922781
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe

ComboFix 08-03-05.3 - Bjarke Jensen 2008-03-13 19:34:30.3 - NTFSx86
Running from: E:\virus mm\combofix\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.

2008-03-13 19:11 . 2008-03-13 19:11 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-01 23:16 . 2008-03-01 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool
2008-03-01 23:15 . 2008-03-01 23:15 <DIR> d-------- C:\Programmer\FLAP FREE BEND
2008-03-01 22:50 . 2008-03-07 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-01 22:44 . 2008-03-01 22:44 <DIR> d-------- C:\Programmer\Bonjour
2008-03-01 22:33 . 2008-03-01 22:33 <DIR> d-------- C:\Programmer\Fælles filer\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 18:12 --------- d-----w C:\Programmer\BrowsingAdvisor
2008-03-13 18:03 --------- d-----w C:\Documents and Settings\Bjarke Jensen\Application Data\AVG7
2008-03-13 00:08 --------- d-----w C:\Programmer\RegistrySmart
2008-03-04 00:18 --------- d-----w C:\Programmer\SpywareGuard
2008-03-04 00:14 --------- d-----w C:\Programmer\SUPERAntiSpyware
2008-03-04 00:14 --------- d-----w C:\Programmer\SpywareBlaster
2008-03-01 22:16 --------- d-----w C:\Documents and Settings\Bjarke Jensen\Application Data\FLAP FREE BEND
2008-03-01 21:44 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-02-23 10:50 --------- d-----w C:\Documents and Settings\Bjarke Jensen\Application Data\uTorrent
2008-02-21 19:09 --------- d-----w C:\Documents and Settings\Bjarke Jensen\Application Data\Azureus
2008-02-21 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 22:16 --------- d-----w C:\Programmer\Spybot - Search & Destroy
2008-02-06 22:01 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-01-18 21:44 --------- d-----w C:\Documents and Settings\Bjarke Jensen\Application Data\Winamp55
2008-01-16 20:24 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\AVG7
2006-06-13 20:15 3,327 ----a-w C:\Programmer\INSTALL.LOG
2006-05-31 19:39 72,240 ----a-w C:\Documents and Settings\Bjarke Jensen\Application Data\GDIPFONTCACHEV1.DAT
1998-10-07 15:16 148,480 ----a-w C:\Programmer\UNWISE.EXE
.

------- Sigcheck -------

46fe2ed518fdfbfd289f014a3078575c C:\WINDOWS\system32\svchost.exe
-c----w 12,800 2001-10-09 11:00:00 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
------w 14,336 2004-08-26 16:53:56 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
----a-w 14,336 2004-08-26 16:53:56 C:\WINDOWS\system32\svchost.exe
-c--a-w 14,336 2004-08-26 16:53:56 C:\WINDOWS\system32\dllcache\svchost.exe

3c83a9029bc93e4cdcf7975decfdae5d C:\WINDOWS\system32\ws2_32.dll
-c----w 75,264 2001-10-09 11:00:00 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
------w 82,944 2004-08-26 16:53:48 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
----a-w 82,944 2004-08-26 16:53:48 C:\WINDOWS\system32\ws2_32.dll
-c--a-w 82,944 2004-08-26 16:53:48 C:\WINDOWS\system32\dllcache\ws2_32.dll

713ad65b9ff9cee0a43181b442d846eb C:\WINDOWS\system32\winlogon.exe
-c----w 430,080 2001-10-09 11:00:00 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
------w 502,272 2004-08-26 16:53:56 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
----a-w 502,272 2004-08-26 16:53:56 C:\WINDOWS\system32\winlogon.exe
-c--a-w 502,272 2004-08-26 16:53:56 C:\WINDOWS\system32\dllcache\winlogon.exe

558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
-c----w 161,536 2001-10-09 11:00:00 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
------w 182,912 2004-08-03 22:14:30 C:\WINDOWS\ServicePackFiles\i386\ndis.sys
----a-w 182,912 2004-08-03 22:14:30 C:\WINDOWS\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-06_22.03.35,92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-12 22:57:52 687,128 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\xclean_micro.exe
+ 2008-03-12 22:51:59 687,128 ----a-w C:\WINDOWS\Downloaded Program Files\xclean_micro.exe
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}]
2007-12-30 21:49 1019904 --a------ C:\Programmer\BrowsingAdvisor\BrowsingAdvisor-2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{7EFBC57C-CD57-481F-B794-648FCE9C9116}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_CLASSES_ROOT\clsid\{7efbc57c-cd57-481f-b794-648fce9c9116}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7EFBC57C-CD57-481F-B794-648FCE9C9116}"= C:\Programmer\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll [2007-04-28 23:05 798720]

[HKEY_CLASSES_ROOT\clsid\{7efbc57c-cd57-481f-b794-648fce9c9116}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="H:\microsoft activesync\wcescomm.exe" [2005-01-04 18:50 405583]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 15:56 68856]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"spamlist"="C:\DOCUME~1\BJARKE~1\APPLIC~1\FLAPFR~1\Plan Atom.exe" [2008-03-01 23:15 430592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-13 01:50 4112384]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 01:32 196608]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 15:06 406016]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 11:23 67584 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\WINDOWS\System32\qttask.exe" [2005-12-30 16:08 28672]
"nwiz"="nwiz.exe" [2004-07-13 01:50 843776 C:\WINDOWS\system32\nwiz.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 18:42 579072]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2003-10-21 15:36 2334792]
"AudioBaitSixthDent"="C:\Documents and Settings\All Users\Application Data\Mpeg size audio bait\mpeg64.exe" [2007-03-04 17:54 0]
"Byte Tool Tons Mail"="C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\memo roam.exe" [2008-03-13 19:02 944640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 17:53 15360]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 17:25 219136]

C:\Documents and Settings\Bjarke Jensen\Menuen Start\Programmer\Start\
SpywareGuard.lnk - C:\Programmer\SpywareGuard\sgmain.exe [2003-08-29 18:05:35 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL 2007-04-28 23:29 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABIT uGuru]
--a------ 2004-05-21 15:07 1695830 C:\Programmer\ABIT\ABIT uGuru\uGuru.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioBaitSixthDent]
--a------ 2007-03-04 17:54 0 C:\Documents and Settings\All Users\Application Data\Mpeg size audio bait\mpeg64.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 14:47 57344 d:\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--a------ 2003-10-13 02:04 184320 C:\Programmer\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2004-12-10 19:44 11776 C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
-ra------ 2004-07-13 01:50 81920 C:\WINDOWS\System32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-07-13 01:50 843776 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-11-08 13:27 222208 C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 18:42 32768 d:\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spamlist]
--a------ 2008-03-01 23:15 430592 C:\DOCUME~1\BJARKE~1\APPLIC~1\FLAPFR~1\Plan Atom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-13 15:56 68856 C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 C:\Programmer\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\uTorrent\\uTorrent.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=

R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2004-02-26 16:52]
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 13:47]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2006-02-22 13:25]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-09-01 13:50]
R2 A4SII300;A4SII300;C:\WINDOWS\system32\drivers\A4SII300.SYS [1998-02-26 15:10]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 10:10]
S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2003-12-10 08:21]
S3 Memctl;Memctl;C:\Programmer\ABIT\ABIT uGuru\Memctl.sys [2001-11-29 18:49]
S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys [2005-07-15 14:47]
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [2005-07-15 14:48]
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys [2005-07-15 14:48]
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys [2005-07-15 14:49]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys [2005-07-15 14:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-12 23:00:01 C:\WINDOWS\Tasks\AF5BBBAD93882FE5.job"
- c:\docume~1\bjarke~1\applic~1\flapfr~1\sign tool dog.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 19:37:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-03-13 19:39:11
ComboFix-quarantined-files.txt 2008-03-13 18:38:14
ComboFix2.txt 2008-03-06 21:04:12
ComboFix3.txt 2007-12-11 23:29:10
.
2008-03-13 18:13:15 --- E O F ---

Synes godt om

levich Nybegynder

13. marts 2008 - 20:12 #1

Hent den seneste version af hijackthis og lav en ny log. http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php.

Synes godt om

Computer Hjælp (Gratis) Mester

13. marts 2008 - 20:23 #2

YFFER PYFFER - jeg ser på den...

Synes godt om

Computer Hjælp (Gratis) Mester

13. marts 2008 - 20:24 #3

HOVSA fik ikke opdateret ... <levich> Du fortsætter bare... der er jo lidt at se til *S*

Synes godt om

oboen Nybegynder

13. marts 2008 - 20:39 #4

sender hermed

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:08, on 13-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
H:\microsoft activesync\wcescomm.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
E:\virus mm\hjt08\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cybercity.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Programmer\BrowsingAdvisor\BrowsingAdvisor-2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: Blubster Toolbar - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - C:\Programmer\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AudioBaitSixthDent] C:\Documents and Settings\All Users\Application Data\Mpeg size audio bait\mpeg64.exe
O4 - HKLM\..\Run: [Byte Tool Tons Mail] C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\memo roam.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\microsoft activesync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [spamlist] C:\DOCUME~1\BJARKE~1\APPLIC~1\FLAPFR~1\Plan Atom.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download with GetRight - D:\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - g:\microsoft activesync\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\microsoft activesync\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\microsoft activesync\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {14B1C266-7BC8-46AC-8E3D-5828F52B7506} (CACSecurity.SecurityClass) - http://katalog.onlineautodele.dk/CACSecurity.CAB
O16 - DPF: {1E69721D-9104-11D3-82D3-D06650C10000} (DafoloControl Class) - http://www.diaform.dk/menu/config/codebase/dafolo.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181043922781
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe

--
End of file - 10251 bytes

Synes godt om

levich Nybegynder

13. marts 2008 - 23:54 #5

Læs alle punkterne inden du gør noget.
Gem evt. denne vejledning som en tekstfil på skrivebordet vha. Notepad.

(1)
Hent AVG Anti-Spyware her: http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=asf
Installer programmer og opdater det, men vent med at scanne.

(2)
Hent AFT-cleaner her: http://www.geekstogo.com/forum/index.php?autocom=downloads&showfile=21
Start programmet og vælg "select all" og derefter "empty all".
Hvis du har Firefox skal du først vælge det i menuen og derefter "select all" og "empty all".

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op) og Fix følgende linjer med HijackThis:
O3 - Toolbar: Blubster Toolbar - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - C:\Programmer\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [AudioBaitSixthDent] C:\Documents and Settings\All Users\Application Data\Mpeg size audio bait\mpeg64.exe
O4 - HKLM\..\Run: [Byte Tool Tons Mail] C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\memo roam.exe
O4 - HKCU\..\Run: [spamlist] C:\DOCUME~1\BJARKE~1\APPLIC~1\FLAPFR~1\Plan Atom.exe

(4)
Start AVG Anti-Spyware, vælg fanebladet "scanner" og klik på "complete system scan".
Bagefter klik "apply all actions", "save report", "save report as" og gem logfil, f.eks. på skrivebordet.

(5)
Åbn "denne computer", i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper", sæt prik i "Vis skjulte filer og mapper". Husk at trykke på knappen "Anvend på alle mapper" i stedet for "ok".

søg efter og slet følgende fil(er):
C:\WINDOWS\System32\qttask.exe
C:\Documents and Settings\All Users\Application Data\Mpeg size audio bait\mpeg64.exe
C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\memo roam.exe
C:\DOCUME~1\BJARKE~1\APPLIC~1\FLAPFR~1\Plan Atom.exe
... og følgende mappe(r):
C:\Programmer\Blubster Toolbar\

(6)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind sammen med loggen fra AVG Anti-Spyware.

Synes godt om

Computer Hjælp (Gratis) Mester

14. marts 2008 - 08:11 #6

Samt C:\WINDOWS\Tasks\AF5BBBAD93882FE5.job slettes...

Synes godt om

oboen Nybegynder

14. marts 2008 - 09:39 #7

Et hurtig spørgsmål. Hvis man har mange genvejstaster m.m. på forsiden og man kører i fejlsikret tilstand, er der ikke plads til alle. Jeg har lavet genvej til hijts, men den bliver uden for skærmen, ligemeget hvor jeg ligger den. ændre skærmstørelse hjælper heller ikke. Er det muligt at ændre forsiden så alle kan være på skærmen i fejlsikret tilstand.

Synes godt om

Computer Hjælp (Gratis) Mester

14. marts 2008 - 09:56 #8

... så manuelt kravle ned til E:\virus mm\hjt08\HiJackThis.exe vha Stifinder/[Denne computer] ...

Synes godt om

oboen Nybegynder

14. marts 2008 - 10:08 #9

ok, prøver, men den gemmer sig også, men jeg har ikke prøvet at flytte den. Gør det i aften.

Synes godt om

oboen Nybegynder

15. marts 2008 - 01:18 #10

langt om længe:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:01:37, on 15-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\microsoft activesync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
d:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
E:\virus mm\hjt08\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cybercity.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Programmer\BrowsingAdvisor\BrowsingAdvisor-2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\microsoft activesync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download with GetRight - D:\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - g:\microsoft activesync\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\microsoft activesync\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\microsoft activesync\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {14B1C266-7BC8-46AC-8E3D-5828F52B7506} (CACSecurity.SecurityClass) - http://katalog.onlineautodele.dk/CACSecurity.CAB
O16 - DPF: {1E69721D-9104-11D3-82D3-D06650C10000} (DafoloControl Class) - http://www.diaform.dk/menu/config/codebase/dafolo.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181043922781
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe

--
End of file - 10068 bytes

log fra avg-anttispy er åbenbart blevet væk, men der var ingenting i den, nul fejl.

Synes godt om

oboen Nybegynder

15. marts 2008 - 01:45 #11

indtil videre kommer der ikke nogen pop upper, de plejer næsten at stå i kø. men i morgen lørdag bliver den sat på prøve. Tøsen er kommet hjem.

fandt forresten loggen:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:43:43 15-03-2008

+ Scan result:

Nothing found.

::Report end

Synes godt om

levich Nybegynder

15. marts 2008 - 09:42 #12

Det ser i hvert fald fint ud

Synes godt om

fromsej Praktikant

15. marts 2008 - 10:52 #13

C:\Documents and Settings\All Users\Application Data\Mpeg size audio bait\mpeg64.exe
C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\memo roam.exe
C:\DOCUME~1\BJARKE~1\APPLIC~1\FLAPFR~1\Plan Atom.exe
Det skriger Lop til mig.

Hent Schtasks her:
http://fromsej.dk/download/schtasks.exe
Den skal ligge i C:\windows\system32\
Hvis du bliver spurgt om den skal overskrives, så annuller download, så har du filen allerede.

Klik på Start->Kør skriv CMD og klik OK.
I "DOS"vinduet skriver du følgende: (tryk på <Enter> efter hver linie)
schtasks /query>C:\tasks.txt
notepad C:\tasks.txt
Kopier indholdet herind.

Hent fl.zip, pak den ud og kør fl.bat - programmet laver en lille tekst fil, som du også skal kopiere herind:
http://www.ctrlaltdel.dk/Programmer/fl.zip

Synes godt om

oboen Nybegynder

16. marts 2008 - 01:57 #14

kopi af tasks:
der er ikke nogen planlagte opgaver skrives der, men hvis man markere og indsætter her står der:
antropologi hvorfor?

indhold af fl.fil:

Disken i drev C har ikke noget navn.
Diskens serienummer er 80ED-4DF8

Indhold af C:\Documents and Settings\All Users\Application Data

04-03-2007 14:53 305 addr_file.html
01-03-2008 22:45 <DIR> Adobe
29-12-2005 20:53 <DIR> Autodata Limited
05-06-2007 13:10 <DIR> avg7
02-09-2005 20:13 <DIR> CyberLink
10-01-2007 18:43 <DIR> Downloaded Installations
28-09-2005 09:30 <DIR> DVD Shrink
01-02-2006 20:08 <DIR> e-Safekey
07-03-2008 19:50 <DIR> FLEXnet
18-10-2006 21:33 <DIR> Google
14-03-2008 00:21 <DIR> Grisoft
15-03-2008 00:51 <DIR> Mpeg size audio bait
29-01-2006 13:58 <DIR> My Pictures
06-08-2007 17:01 <DIR> Nokia
16-01-2007 18:56 <DIR> nView_Profiles
17-07-2007 19:24 <DIR> PC Suite
15-03-2008 00:51 <DIR> Ping Sign Byte Tool
30-12-2005 16:08 <DIR> QuickTime
31-05-2006 19:10 <DIR> Sony Ericsson
21-02-2008 12:42 <DIR> Spybot - Search & Destroy
23-02-2007 02:15 <DIR> SUPERAntiSpyware.com
31-01-2007 18:02 <DIR> Support.com
13-03-2007 00:12 <DIR> Symantec
31-05-2006 19:10 <DIR> Teleca
31-10-2007 00:28 <DIR> TEMP
05-06-2007 13:00 <DIR> Windows Genuine Advantage
23-05-2007 23:14 <DIR> Yahoo! Companion
1 fil(er) 305 byte
26 mappe(r) 11.070.697.472 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 80ED-4DF8

Indhold af C:\Documents and Settings\Bjarke Jensen\Application Data

09-04-2006 14:16 <DIR> .BitTornado
01-03-2008 23:03 <DIR> Adobe
14-06-2007 18:12 <DIR> AdobeUM
20-08-2006 23:16 <DIR> ArcSoft
15-03-2008 17:18 <DIR> AVG7
21-02-2008 20:09 <DIR> Azureus
25-09-2007 19:35 <DIR> Canon
16-09-2005 20:05 <DIR> Creative
15-05-2006 22:26 <DIR> Cryptomathic
03-09-2005 11:49 <DIR> CyberLink
23-04-2006 12:09 <DIR> Datalayer
27-01-2007 19:07 <DIR> DivX
15-03-2008 00:53 <DIR> FLAP FREE BEND
31-05-2006 20:39 72.240 GDIPFONTCACHEV1.DAT
28-04-2007 23:24 <DIR> GetRightToGo
28-04-2007 22:15 <DIR> Google
14-03-2008 00:23 <DIR> Grisoft
04-09-2005 23:53 <DIR> Help
29-03-2007 20:46 <DIR> ICQ Toolbar
29-03-2007 20:31 <DIR> ICQLite
01-09-2005 19:15 <DIR> Identities
02-09-2005 19:50 <DIR> Kazaa Lite
02-09-2005 18:30 <DIR> Macromedia
04-09-2005 15:43 <DIR> Microsoft Web Folders
15-02-2007 01:31 970 NMM-MetaData.db
06-08-2007 16:46 <DIR> Nokia
09-12-2007 21:52 <DIR> Nokia Multimedia Player
06-08-2007 16:46 <DIR> PC Suite
07-03-2007 22:55 <DIR> RegistrySmart
31-05-2006 19:42 <DIR> Sony Ericsson
02-11-2007 19:26 <DIR> SopCast
04-09-2005 16:41 <DIR> Sun
23-02-2007 02:15 <DIR> SUPERAntiSpyware.com
13-03-2007 00:12 <DIR> Symantec
31-05-2006 19:11 <DIR> Teleca
23-02-2008 11:50 <DIR> uTorrent
27-01-2007 16:10 <DIR> vlc
18-01-2008 22:44 <DIR> Winamp55
2 fil(er) 73.210 byte
36 mappe(r) 11.070.697.472 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 80ED-4DF8

Indhold af C:\Documents and Settings\Default User\Application Data

01-09-2005 19:38 <DIR> .
01-09-2005 19:38 <DIR> ..
24-10-2005 15:02 62 desktop.ini
1 fil(er) 62 byte
2 mappe(r) 11.070.697.472 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 80ED-4DF8

Indhold af C:\Documents and Settings\LocalService\Application Data

Disken i drev C har ikke noget navn.
Diskens serienummer er 80ED-4DF8

Indhold af C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues

maskinen har ellers kørt fint idag. ikke noget med popups.

Synes godt om

fromsej Praktikant

16. marts 2008 - 07:44 #15

Afinstaller BitTornado, Azureus, Kazaa Lite, RegistrySmart og uTorrent i Tilføj/Fjern programmer.
Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Åbn et Notesblokvindue, kopiér indholdet mellem de bølgede linier ind i dokumentet, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::

Folder::
C:\Documents and Settings\All Users\Application Data\Mpeg size audio bait
C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool
C:\Documents and Settings\Bjarke Jensen\Application Data\.BitTornado
C:\Documents and Settings\Bjarke Jensen\Application Data\Azureus
C:\Documents and Settings\Bjarke Jensen\Application Data\FLAP FREE BEND
C:\Documents and Settings\Bjarke Jensen\Application Data\Kazaa Lite
C:\Documents and Settings\Bjarke Jensen\Application Data\RegistrySmart
C:\Documents and Settings\Bjarke Jensen\Application Data\uTorrent

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Der kommer en ny log fra Combofix, kopier den herind.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53
Total AV Af Malm i Virus	10	16/01/202516:48	17/01/202520:47

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

21/11

Vi tester 5G i Danmark: Her er dommen over de fire store udbydere af mobilt bredbånd og deres 5G-løsninger

21/11

Data på Salesforce-kunder er stjålet i nyt cyberangreb

21/11

Den nye europæiske sårbarhedsdatabase får stor opgradering: Bliver en central spiller

21/11

Nørgaard: En ny spiller blander sig i den mægtige nordiske krig om open source og digital selvstændighed

21/11

Microsoft skruer markant ned for prisen for 365 Copilot for en lang række virksomheder: Så meget skal du nu betale

21/11

Netcompany vinder kæmpe kontrakt i Storbritannien: Skal gøre skotterne lige så digitale som danskerne

21/11

Vi har fundet 12 ledige it-job til dig: Søg dem her

21/11

Computerworlds fem klare til skridt til digital selvstændighed: Sådan bør vi gribe vejen mod frihed an

21/11

Disse ni selskaber skal levere udstyr til næsten hele den offentlige sektor for 1,7 milliarder kroner

21/11

Licens-omkostningerne buldrer i vejret for næsten alle danske virksomheder: Så meget er de steget på et år

21/11

Disse danske it-topchefer har fået lønforhøjelser på blot 0,34 procent: Løn er steget med 365 kroner på et år

Vis flere artikler

IT-JOB

Shure Scandinavia A/S

Signal Processing Developer with Ambitions

KMD A/S

AI Engineer

Folketinget

IT-projektleder til Folketingets digitale løsninger og websites

Styrelsen For It og Læring

Ambitiøs teamkoordinator til it-driftsteam i Styrelsen for It og Læring i København

AP Pension

Dygtig tester til kerneudviklingsteam i AP Pension

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 22:24	Vise webcam fra pc til en Iphone Af lurup i Windows
I går 19:36	Bruger lang til inden start Af KurtG i PowerPoint
I går 16:01	Driver opdatering Af barth i Andet software
I går 14:32	Jeg kan ikke finde min vinkelmåler Af nu_igen i Apps til iOS
22/1122:04	Langsom Internet Af webnord i Andet software

White papers

Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta
Sikre og skalerbare datacentre med fokus på drift, energi og fremtid
Kemp & Lauritzen
Er I klar til at tage næste skridt på den digitale retailrejse?
TDC Erhverv
IT i front: Sådan bliver netværk en strategisk driver
TDC Erhverv

Flere white papers »