Notifikationer

Markér alle som læst Log ud

jpi Mester

08. maj 2009 - 14:42 Der er 65 kommentarer og
1 løsning

Win32 Cryptor

Jeg har en PC, hvor AVG rapporterer at den har Win32 Cryptor virus i bl.a. c:\windows\system32\svchost.exe og c:\windows\explorer.exe
Den kan ikke fjerne virussen eller slette filerne.

Jeg har forsøgt at installere Malwarebytes, men uden held. I første omgang ville installatione slet ikke starte og efer en omdøbning af install-filen installerede den, men vil ikke efterfølgende starte.

Jeg har forsøgt at starte i fejlsikret tilstand, og AVG rapporterer at filen er flyttet til virus vault, men den er der efter en genstart. Det ser ud til at den finder virussen i de kørende processer, da der er en parantes med et nummer i efter filnavnet, men ikke i selve filen.

Jeg har forsøgt at lave en systemgendannelse, men når jeg når til det sidste punkt i guiden og trykker på "næste >" sker der ingenting; som om virussen har blokeret det ??

Er der nogen der har prøvet dette og kender en "kur" ?

Eller er det nemmere med en "format c:" ?

Synes godt om

Computer Hjælp (Gratis) Mester

08. maj 2009 - 15:27 #1

For 13'ende gang - skal vi gætte:
Win98, W2000, XP, Vista, Win7, ... ?

Synes godt om

Computer Hjælp (Gratis) Mester

08. maj 2009 - 15:28 #2

... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)
Ikke nødvendigvis pga virus ell. lign. men så ka' jeg se hvad der er i din opstart mm.

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

------------------

Synes godt om

jpi Mester

08. maj 2009 - 16:30 #3

Undskyld... Det er Win XP Home

Her er loggen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:55, on 08-05-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Dell\AccessDirect\dadapp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\logtool.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gurredam.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: 456131 helper - {E2931DF0-B740-44B6-8104-4A7AE9562E88} - C:\WINDOWS\system32\456131\456131.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DadApp] C:\Programmer\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [dll32] dll32
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150058542093
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7829 bytes

Synes godt om

johnstigers Seniormester

08. maj 2009 - 16:41 #4

Der er flere uønskede elementer...

Hent Ccleaner her > Klik ude til højre på "Download Latest Version".
http://www.filehippo.com/download_ccleaner/
Der er en manual her > http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Der er en lille forskel "Problemer" er udskiftet med "Register".
Sæt de flueben som vist i manualen punkt 11 inden du kører "Renser".
PS.: Dette program vil jeg anbefale dig at beholde, det er fremragende til at rydde op med.

Under installationen får du tilbudt [Yahoo Toolbar]. Sig "Nej" til den.
Lad programmer foretage en oprydning i Renser og Register, og lad den slette det den finder.
Jeg skal ikke se log fra Ccleaner.

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Manual for HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

Hent Hijackthis her: http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

PS: (Vistabrugere skal klikke med højre-musetast på filen og vælge (Kør som administrator)

Synes godt om

Computer Hjælp (Gratis) Mester

08. maj 2009 - 16:47 #5

<john_stigers>: Bemærk at <jpi> skriver at [Malwarebytes] ikke vil starte...

<jpi>: Det ka' være at du så skal gennemføre denne først ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Synes godt om

f-arn Guru

08. maj 2009 - 16:52 #6

Combofix virker ikke lige pt. Rapporterer ustandseligt om mulig virut!

Synes godt om

f-arn Guru

08. maj 2009 - 16:56 #7

Prøv det her:
Download Lop S&D by Eric_71 og gem det på dit Skrivebord.
http://eric.71.mespages.googlepages.com/lop.sd.en
Klik på - Download knappen til venstre

-- Kør LopSD. Tast e - for Engelsk. Tryk Enter.
Tast så 2 = (Fix + Hosts)
Tryk Enter. Så kører scanningen.
Lad programmet gennemføre en rensning.

Når scanningen er færdig, ligger der en log fil her C:lopR txt, som du godt må kopiere ind i dit næste svar.

Og nej - den fjerner ikke noget, men den kan måske fortælle hvad der blokerer Malwarebytes

Synes godt om

jpi Mester

08. maj 2009 - 16:58 #8

Jeg har lagt combofix på, men når jeg starter exe-filen sker der ikke noget.
Der kommer et timeglas i et par sekunder og så ikke mere.
I task-manager kan jeg se under processer at den kører, men der vises intet skærmbillede eller noget. Ligesom med Malwarebytes...

Synes godt om

f-arn Guru

08. maj 2009 - 16:59 #9

Rettelse, selvfølgelig fjerner den det der ligger i host filen. Dårligt formuleret!

Synes godt om

johnstigers Seniormester

08. maj 2009 - 17:01 #10

Så prøv at fjern snavs på denne måde:
Kør Hijackthis, klik på "do a systemscan only", sæt vinge ved disse og klik på "fix checked":

O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: 456131 helper - {E2931DF0-B740-44B6-8104-4A7AE9562E88} - C:\WINDOWS\system32\456131\456131.dll

Genstart PC, scan igen med hijackthis og smid loggen herind.

Synes godt om

Computer Hjælp (Gratis) Mester

08. maj 2009 - 17:09 #11

O4 - HKCU\..\Run: [dll32] dll32

bør også 'fixes' i HiJackThis ...

Synes godt om

jpi Mester

08. maj 2009 - 17:23 #12

Her er logfil fra lopR.txt:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Mobile Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A07
USER : Heribert ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:20 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 08-05-2009|17:02 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3AB.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3B0.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse86.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsg550.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsjE.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsk6.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsl3.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsn6.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso3.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso4EB.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsp8.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsq169.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr3AC.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr4E9.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr8.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nst3AD.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsu10.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsv552.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsvA.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsw5.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsx1AA.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsy84.tmp
Deleted! - C:\DOCUME~1\Heribert\Cookies\heribert@imagevenue.advertserve[2].txt
Deleted! - C:\DOCUME~1\Heribert\Cookies\heribert@adultfriendfinder[2].txt
Deleted! - C:\DOCUME~1\Heribert\Cookies\heribert@www.adultadvertising[1].txt
Deleted! - C:\DOCUME~1\Heribert\Cookies\heribert@partypoker[2].txt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SECOND PASS

Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3AB.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3B0.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse86.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsg550.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsjE.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsk6.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsl3.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsn6.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso3.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso4EB.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsp8.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsq169.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr3AC.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr4E9.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr8.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nst3AD.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsu10.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsv552.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsvA.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsw5.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsx1AA.tmp
Failed ! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsy84.tmp

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Deleted! - C:\Programmer\Viewpoint
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in APPLIC~1

[28-09-2006|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[29-04-2009|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[26-11-2004|13:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[11-02-2005|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\e-Safekey
[17-12-2004|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[08-05-2009|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[21-03-2008|13:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[01-02-2007|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17-12-2004|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17-09-2006|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[17-09-2006|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[17-09-2006|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[17-12-2004|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[24-12-2005|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[0|fil(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte
[16|mappe(r)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte ledig

[26-11-2004|13:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[26-11-2004|13:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26-11-2004|13:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[26-11-2004|13:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[26-11-2004|13:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[0|fil(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte
[7|mappe(r)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte ledig

[23-09-2008|19:15] C:\DOCUME~1\Heribert\APPLIC~1\Adobe
[12-01-2007|18:09] C:\DOCUME~1\Heribert\APPLIC~1\AdobeUM
[05-12-2004|12:40] C:\DOCUME~1\Heribert\APPLIC~1\CyberLink
[13-02-2006|08:13] C:\DOCUME~1\Heribert\APPLIC~1\Help
[26-11-2004|13:00] C:\DOCUME~1\Heribert\APPLIC~1\Identities
[01-02-2007|18:17] C:\DOCUME~1\Heribert\APPLIC~1\Lavasoft
[05-12-2004|12:39] C:\DOCUME~1\Heribert\APPLIC~1\Leadertech
[21-01-2006|10:54] C:\DOCUME~1\Heribert\APPLIC~1\Macromedia
[26-12-2008|12:28] C:\DOCUME~1\Heribert\APPLIC~1\Microsoft
[17-09-2006|20:11] C:\DOCUME~1\Heribert\APPLIC~1\ScanSoft
[05-12-2004|12:39] C:\DOCUME~1\Heribert\APPLIC~1\Sonic
[26-11-2004|13:28] C:\DOCUME~1\Heribert\APPLIC~1\Sun
[26-11-2004|13:34] C:\DOCUME~1\Heribert\APPLIC~1\Symantec
[04-05-2009|13:03] C:\DOCUME~1\Heribert\APPLIC~1\TeamViewer
[25-12-2008|20:54] C:\DOCUME~1\Heribert\APPLIC~1\U3
[0|fil(er)] C:\DOCUME~1\Heribert\APPLIC~1\byte
[17|mappe(r)] C:\DOCUME~1\Heribert\APPLIC~1\byte ledig

[21-03-2008|13:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte
[3|mappe(r)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte ledig

[21-03-2008|13:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte
[3|mappe(r)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte ledig

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[08-05-2009 16:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[16-09-2002 08:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing Folders in C:\Programmer

[26-01-2006|18:02] C:\Programmer\Adobe
[01-03-2005|15:53] C:\Programmer\AGFEO
[25-12-2008|21:00] C:\Programmer\AVG
[26-11-2004|13:29] C:\Programmer\Broadcom
[26-11-2004|13:37] C:\Programmer\Common Files
[26-11-2004|13:00] C:\Programmer\ComPlus Applications
[26-11-2004|13:33] C:\Programmer\CyberLink
[26-11-2004|13:32] C:\Programmer\Dell
[17-12-2004|22:50] C:\Programmer\Dell Computer Corporation
[17-09-2006|20:11] C:\Programmer\F‘lles filer
[21-03-2008|13:12] C:\Programmer\Grisoft
[17-12-2004|22:00] C:\Programmer\Hewlett-Packard
[17-12-2004|22:06] C:\Programmer\HP
[17-12-2004|21:26] C:\Programmer\InstallShield Installation Information
[15-04-2009|16:20] C:\Programmer\Internet Explorer
[26-11-2004|13:28] C:\Programmer\Java
[01-02-2007|18:17] C:\Programmer\Lavasoft
[17-12-2004|21:26] C:\Programmer\Logitech
[08-05-2009|16:52] C:\Programmer\Malwarebytes' Anti-Malware
[08-05-2009|14:06] C:\Programmer\Messenger
[11-06-2006|22:55] C:\Programmer\Microsoft ActiveSync
[14-05-2007|12:43] C:\Programmer\Microsoft CAPICOM 2.1.0.2
[26-11-2004|13:00] C:\Programmer\microsoft frontpage
[17-12-2004|23:35] C:\Programmer\Microsoft Office
[17-12-2004|20:31] C:\Programmer\Microsoft Works
[17-12-2004|23:35] C:\Programmer\Microsoft.NET
[08-05-2009|14:01] C:\Programmer\Movie Maker
[25-12-2008|21:01] C:\Programmer\MSECache
[26-11-2004|13:00] C:\Programmer\MSN Gaming Zone
[30-11-2006|12:09] C:\Programmer\MSXML 4.0
[08-05-2009|13:59] C:\Programmer\NetMeeting
[17-03-2006|20:24] C:\Programmer\OfficeUpdate11
[26-11-2004|13:00] C:\Programmer\Onlinetjenester
[08-05-2009|13:59] C:\Programmer\Outlook Express
[26-11-2004|13:33] C:\Programmer\r
[25-03-2005|19:00] C:\Programmer\RealVNC
[17-09-2006|20:11] C:\Programmer\ScanSoft
[26-11-2004|13:32] C:\Programmer\Sonic
[26-11-2004|13:31] C:\Programmer\Synaptics
[26-11-2004|13:37] C:\Programmer\Uninstall Information
[08-05-2009|13:59] C:\Programmer\Windows Media Player
[08-05-2009|13:59] C:\Programmer\Windows NT
[26-11-2004|13:00] C:\Programmer\WindowsUpdate
[26-11-2004|13:00] C:\Programmer\XEROX
[0|fil(er)] C:\Programmer\byte
[46|mappe(r)] C:\Programmer\byte ledig

--------------------\\ Listing Folders in C:\Programmer\F‘lles filer

[05-12-2004|12:21] C:\Programmer\F‘lles filer\Adobe
[17-12-2004|23:35] C:\Programmer\F‘lles filer\DESIGNER
[17-12-2004|21:58] C:\Programmer\F‘lles filer\Hewlett-Packard
[17-12-2004|22:02] C:\Programmer\F‘lles filer\HP
[17-12-2004|22:50] C:\Programmer\F‘lles filer\InstallShield
[26-11-2004|13:27] C:\Programmer\F‘lles filer\Java
[11-06-2006|22:55] C:\Programmer\F‘lles filer\L&H
[17-12-2004|21:25] C:\Programmer\F‘lles filer\Logitech
[08-08-2008|15:42] C:\Programmer\F‘lles filer\Microsoft Shared
[26-11-2004|13:00] C:\Programmer\F‘lles filer\MSSoap
[26-11-2004|13:00] C:\Programmer\F‘lles filer\ODBC
[17-09-2006|20:11] C:\Programmer\F‘lles filer\ScanSoft Shared
[26-11-2004|13:32] C:\Programmer\F‘lles filer\Sonic
[26-11-2004|13:00] C:\Programmer\F‘lles filer\SpeechEngines
[17-12-2004|19:58] C:\Programmer\F‘lles filer\Symantec Shared
[08-05-2009|13:59] C:\Programmer\F‘lles filer\System
[26-11-2004|13:00] C:\Programmer\F‘lles filer\Tjenester
[0|fil(er)] C:\Programmer\F‘lles filer\byte
[19|mappe(r)] C:\Programmer\F‘lles filer\byte ledig

--------------------\\ Process

( 42 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3AB.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3B0.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse86.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsg550.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsj3B6.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsjE.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsk6.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsl3.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsn6.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso3.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso4EB.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsp8.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsq169.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr3AC.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr4E9.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr8.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nst3AD.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsu10.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsv552.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsvA.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsw5.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsx1AA.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsy84.tmp

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

--------------------\\ Searching for other infections

No other infections found !

[F:1992][D:87]-> C:\DOCUME~1\Heribert\LOKALE~1\Temp
[F:1479][D:0]-> C:\DOCUME~1\Heribert\Cookies
[F:4639][D:14]-> C:\DOCUME~1\Heribert\LOKALE~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 08-05-2009|17:20 - Option : [2]

--------------------\\ Scan completed at 17:20:14

Synes godt om

johnstigers Seniormester

08. maj 2009 - 17:35 #13

Og #10 + #11 ???

Synes godt om

jpi Mester

08. maj 2009 - 18:58 #14

HiJack-log efter fjernelse af de ting beskrevet i #10 og #11:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:28, on 08-05-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Dell\AccessDirect\dadapp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\hijak_log.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gurredam.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DadApp] C:\Programmer\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150058542093
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 7627 bytes

Synes godt om

Computer Hjælp (Gratis) Mester

08. maj 2009 - 19:26 #15

Bingo... i den retning...

Kan [Malwarebytes] eller [ComboFix] få rulle uden brok ?

Synes godt om

jpi Mester

08. maj 2009 - 19:58 #16

CombiFix melder tilbage at filen er blevet ændret
"You may be infected with a file patching virus (virut)"

Jeg overfører filen fra mine egen PC via TeamViewer til den "syge" PC. Har prøvet at overføre igen, men samme resultat.
Hvis jeg ikke omdøber filen vil den slet ikke starte...
Malwarebytes kan stadig ikke starte...

Synes godt om

jpi Mester

08. maj 2009 - 20:10 #17

Til info kan jeg fortælle at man ikke kan gå på nettet via en browser fra den PC.
Der er vist ikke hul igennem via http
Dette er vist virussens skyld...

Synes godt om

johnstigers Seniormester

08. maj 2009 - 20:17 #18

Virut...
Øv: http://www.spywarefri.dk/artikel/ramt-af-virut/

Synes godt om

johnstigers Seniormester

08. maj 2009 - 20:19 #19

Når spywarefri ikke kan hjælpe der, så er der desværre ingen anden udvej, end at gøre som i link :(

Synes godt om

johnstigers Seniormester

08. maj 2009 - 20:20 #20

http://forum.nettips.dk/forum_posts.asp?TID=8305

Synes godt om

f-arn Guru

08. maj 2009 - 20:28 #21

Som jeg skrev tidligere:
http://www.eksperten.dk/spm/874323#reply_7382681

Synes godt om

jpi Mester

08. maj 2009 - 20:40 #22

OK, virut-advarsel er muligvis ikke til at stole på...
Har du fået noget ud af den logfil jeg har postet ?

Synes godt om

johnstigers Seniormester

08. maj 2009 - 20:40 #23

ok! - så jeg ikke du skrev :)

Synes godt om

f-arn Guru

08. maj 2009 - 20:45 #24

Hent ProcessExplorer: http://download.sysinternals.com/Files/ProcessExplorer.zip

Pak den ud og start den, lad den skanne, når den er færdig så klik "file" "save" og kopier indholdet herind.

Nu kender jeg ikke AVG men kan du ikke lige lave en log fra den (hurtig skan?)

Synes godt om

johnstigers Seniormester

08. maj 2009 - 20:47 #25

Hijackthis log er ok

Synes godt om

jpi Mester

08. maj 2009 - 20:52 #26

Fra processExplorer:

Process PID CPU Description Company Name
System Idle Process 0 97.73
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 552 Windows NT-sessionsstyring Microsoft Corporation
csrss.exe 600 Client Server Runtime Process Microsoft Corporation
winlogon.exe 624 Windows NT-logonprogram Microsoft Corporation
services.exe 672 0.76 Tjenester og controllerprogrammer Microsoft Corporation
svchost.exe 880 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 952 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1052 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 3772 Windows Update Automatic Updates Microsoft Corporation
svchost.exe 1152 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1256 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1464 Spooler SubSystem App Microsoft Corporation
svchost.exe 456 Generic Host Process for Win32 Services Microsoft Corporation
avgwdsvc.exe 364 AVG Watchdog Service AVG Technologies CZ, s.r.o.
avgrsx.exe 1636 AVG Resident Shield Service AVG Technologies CZ, s.r.o.
nvsvc32.exe 108 NVIDIA Driver Helper Service, Version 66.10 NVIDIA Corporation
svchost.exe 1204 Generic Host Process for Win32 Services Microsoft Corporation
TeamViewer_Service.exe 1576 TeamViewer Service TeamViewer GmbH
TeamViewer.exe 3220 0.76 TeamViewer fjernstyringsprogram TeamViewer GmbH
wdfmgr.exe 2140 Windows User Mode Driver Manager Microsoft Corporation
alg.exe 2824 Application Layer Gateway Service Microsoft Corporation
lsass.exe 684 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1752 Windows Stifinder Microsoft Corporation
BCMSMMSG.exe 1920 Modem Messaging Applet Broadcom Corporation
jusched.exe 1928
DadApp.exe 1936
SynTPLpr.exe 1944 TouchPad Driver Helper Application Synaptics, Inc.
SynTPEnh.exe 1952 Synaptics TouchPad Enhancements Synaptics, Inc.
tfswctrl.exe 2004 Drive Letter Access Component Sonic Solutions
PCMService.exe 2024 PowerCinema Resident Program for Dell CyberLink Corp.
DVDLauncher.exe 2032 CyberLink PowerCinema Resident Program CyberLink Corp.
iTouch.exe 132 iTouch Application Logitech Inc.
hpwuSchd2.exe 180 hpwuSchd Hewlett-Packard Company
hpcmpmgr.exe 196 HP Framework Component Manager Service Hewlett-Packard Company
opware32.exe 308 OCR Aware (32-bit) ScanSoft, Inc
avgtray.exe 320 AVG Tray Monitor AVG Technologies CZ, s.r.o.
ctfmon.exe 396 CTF Loader Microsoft Corporation
hpqtra08.exe 1080 HP Digital Imaging Monitor (CUE) Hewlett-Packard Co.
procexp.exe 488 0.76 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
EM_EXEC.EXE 324 Logitech Events Handler Application Logitech Inc.
hpqgalry.exe 3668 Hewlett-Packard Co.

Synes godt om

jpi Mester

08. maj 2009 - 20:56 #27

Log fra AVG:
"Scan ""Scan whole computer"" was finished."
"Infections";"14";"9";"5"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"4. maj 2009, 13:35:09"
"Scan finished:";"4. maj 2009, 13:36:31 (1 minute(s) 21 second(s))"
"Total object scanned:";"16652"
"User who launched the scan:";"Heribert"

"Infections"
"File";"Infection";"Result"
"\\?\globalroot\systemroot\system32\UACodainadv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACodainadv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACodainadv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACodainadv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACqtoiqhkl.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACqtoiqhkl.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACqtoiqhkl.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACqtoiqhkl.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\explorer.exe (1804)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\SYSTEM32\svchost.exe (1048)";"Virus identified Win32/Cryptor";""
"\\?\globalroot\systemroot\system32\UACqtoiqhkl.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\SYSTEM32\svchost.exe (1328)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\SYSTEM32\svchost.exe (1792)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\SYSTEM32\svchost.exe (876)";"Virus identified Win32/Cryptor";""

Synes godt om

f-arn Guru

08. maj 2009 - 21:08 #28

Hent og pak RootRepeal ud.

http://rootrepeal.googlepages.com/RootRepeal.zip

Start og vælg "files" skan og lad den søge
Når den er færdig viser den en liste over filer.
Tryk på "save report" og send den herind.

Synes godt om

jpi Mester

08. maj 2009 - 21:08 #29

På min egen PX, der ikke er inficeret melder ComboFix også at der er virut på, så der er vist rigtig nok noget galt.. Heldigvis :-)

Synes godt om

jpi Mester

08. maj 2009 - 21:20 #30

RootRepeal-og:

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/08 21:19
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACcdsmxfmm.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACcplnraux.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACodainadv.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACqfrfqomu.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACqlosewef.db
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACqtoiqhkl.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACsjnxukal.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACtebmskgu.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\uactmp.db
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACubowtnwa.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\DRIVERS\UACccfifipb.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\UAC63cf.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Dokumenter\Billeder\Russland2005\CAYNYFE5.:Zone.Identifier
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Dokumenter\Billeder\Russland2005\CAYNYFE5.
Status: Allocation size mismatch (API: 1683456, Raw: 0)

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nse3AB.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nse3B0.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nse86.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsg550.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsj3B6.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsjE.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsk6.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsl3.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsn6.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nso3.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nso4EB.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsp8.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsq169.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsr3AC.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsr3BB.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsr4E9.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsr8.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nst3AD.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nst3BE.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsu10.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsv552.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsvA.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsw5.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsx1AA.tmp\UAC.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\nsy84.tmp\UAC.dll
Status: Invisible to the Windows API!

Synes godt om

f-arn Guru

08. maj 2009 - 21:41 #31

Start RootRepeal igen og find denne: UACccfifipb.sys
Højreklik på den og vælg "wipe file"

Genstart straks og prøv om du ikke kan installere og køre malwarebytes. Husk opdatering og at lade den fjerne hvad den finder Jeg vil gerne se logs fra Malwarebytes og DDS som du finder her: http://download.bleepingcomputer.com/sUBs/dds.scr

Synes godt om

f-arn Guru

08. maj 2009 - 21:48 #32

Hvis det lykkes at installere så start hijackthis klik på "do a system skan only" og sæt flueben i disse:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

luk alle andre vinduer og klik "fix checked"

Elles kan du ikke opdatere

Synes godt om

f-arn Guru

08. maj 2009 - 22:00 #33

Og jeg mente selvfølgelig at du ikke kunne bruge nettet med din IE 7

Synes godt om

jpi Mester

08. maj 2009 - 22:03 #34

Malwarebytes virker igen, og med det sidste trick i #32 virker opgraderingen også.
Vil IE nu også virke igen ?
Indtil videre har jeg sat Malwarebytes til at scanne.
Skal jeg scanne med AVG også eller vente til senere ?

I hvart faæd ser det bedre ud, for under opstarten kom AVG og og havde fundet alle de dll-filer der startede med UAC.

Synes godt om

f-arn Guru

08. maj 2009 - 23:02 #35

Vent til senere, vi skal under alle omstændigheder finde en bedre antivirus til dig!

http://www.spywarefri.dk/artikel/computerblade-misinformerer/

Prøv lige combofix igen, den er tilsyneladende blevet "fixet". Hvis den virker så vil jeg gerne se en log fra den istedet for DDS.

Synes godt om

jpi Mester

08. maj 2009 - 23:03 #36

Logfil fra malwarebytes:

Malwarebytes' Anti-Malware 1.36
Database version: 2096
Windows 5.1.2600 Service Pack 3

08-05-2009 22:59:25
mbam-log-2009-05-08 (22-59-12).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 133140
Tid tilbagelagt: 45 minute(s), 1 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 8
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 0
Inficerede Filer: 15

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\o675.o675mgr (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\o675.o675mgr.1 (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> No action taken.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\hijackthis\backups\backup-20090508-172508-158.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243839.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243840.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243841.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243842.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243856.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\SYSTEM32\UACcdsmxfmm.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\SYSTEM32\UACqfrfqomu.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\SYSTEM32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\ie3.tmp (Trojan.Agent) -> No action taken.
C:\svchost.exe (Trojan.Agent) -> No action taken.
C:\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\WINDOWS\SYSTEM32\UACsjnxukal.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\UACubowtnwa.log (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\DRIVERS\UACccfifipb.sys (Trojan.Agent) -> No action taken.

Synes godt om

jpi Mester

08. maj 2009 - 23:14 #37

Har lige hentet GData til min anden PC. Er det OK ?

Ang comboFix, så vil jeg gerne vente til imorgen, da man åbenbart mister netværket osv., hvilket ikke er så smart når jeg sidder remote ift maskinen. Imorgen er der nogen onsite, der kan genskabe forbindelsen osv.
Men jeg kører lige en DDS.scr...

Synes godt om

jpi Mester

08. maj 2009 - 23:21 #38

DDS.log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Heribert at 23:19:32,59 on 08-05-2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.511.156 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Dell\AccessDirect\dadapp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\hijackthis\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.euro.dell.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gurredam.dk/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmer\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sonic RecordNow!]
uRun: [updateMgr] "c:\programmer\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SunJavaUpdateSched] c:\programmer\java\j2re1.4.2_03\bin\jusched.exe
mRun: [<NO NAME>]
mRun: [DadApp] c:\programmer\dell\accessdirect\dadapp.exe
mRun: [SynTPLpr] c:\programmer\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programmer\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\programmer\fælles filer\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\programmer\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\programmer\r\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [zBrowser Launcher] c:\programmer\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [HP Software Update] "c:\programmer\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\programmer\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Omnipage] c:\programmer\scansoft\omnipagese\opware32.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\adober~1.lnk - c:\programmer\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpdigi~1.lnk - c:\programmer\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpimag~1.lnk - c:\programmer\hp\digital imaging\bin\hpqthb08.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.danskebank.dk/html/activex/DB/Menu.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150058542093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programmer\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmer\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-25 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-21 27656]
R2 agfwmp;AGFEO NDISWAN Miniport Driver;c:\windows\system32\drivers\AGFWMP.sys [2005-3-1 70144]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-25 298264]
R2 TeamViewer4;TeamViewer 4;c:\documents and settings\heribert\temp\teamviewer\version4\TeamViewer_Service.exe [2009-4-29 185640]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2004-12-17 14092]
S2 agfucapi;AGFEO ISDN PC-Adapter;c:\windows\system32\drivers\AGFUCAPI.sys [2005-3-1 268288]

=============== Created Last 30 ================

2009-05-08 21:53 <DIR> --d----- c:\docume~1\heribert\applic~1\Malwarebytes
2009-05-08 19:47 <DIR> --d----- C:\32788R22FWJFW.0.tmp
2009-05-08 17:01 <DIR> --d----- C:\Lop SD
2009-05-08 16:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-08 16:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 16:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-08 16:27 <DIR> --d----- C:\hijackthis
2009-05-08 14:01 <DIR> --d----- c:\windows\system32\da
2009-05-08 14:01 <DIR> --d----- c:\windows\l2schemas
2009-05-08 14:01 <DIR> --d----- c:\windows\system32\bits
2009-05-08 13:22 <DIR> --d----- c:\programmer\Malwarebytes' Anti-Malware
2009-05-08 11:35 2,967,800 a------- C:\tool.exe
2009-05-04 13:09 3,496 a------- C:\virusresults.csv
2009-05-04 13:03 <DIR> --d----- c:\docume~1\heribert\applic~1\TeamViewer
2009-05-04 13:03 <DIR> --d----- c:\documents and settings\heribert\temp
2009-04-29 17:38 <DIR> --d----- c:\windows\system32\456131
2009-04-29 17:08 24,576 a------- c:\windows\system32\stu2.exe
2009-04-17 13:08 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-17 13:08 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-15 15:39 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 15:39 217,088 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-08 23:01 22,122 a------- c:\windows\system32\nvModes.dat
2009-05-08 16:26 399,716 a------- c:\windows\system32\PERFH006.DAT
2009-05-08 16:26 64,610 a------- c:\windows\system32\PERFC006.DAT
2009-05-08 14:03 79,183 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 16:08 1,006,080 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 16:20 284,672 a------- c:\windows\system32\pdh.dll
2009-03-06 16:20 284,672 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-03 02:11 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 02:11 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 06:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 12:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 12:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 07:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 19:08 2,068,608 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 16:07 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 16:07 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 13:26 2,191,616 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 13:26 2,026,496 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-09 13:26 2,026,496 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 13:25 2,147,840 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 13:25 2,147,840 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 13:25 110,592 a------- c:\windows\system32\services.exe
2009-02-09 13:25 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-02-09 12:53 730,624 a------- c:\windows\system32\lsasrv.dll
2009-02-09 12:53 730,624 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 12:53 719,360 a------- c:\windows\system32\ntdll.dll
2009-02-09 12:53 682,496 a------- c:\windows\system32\advapi32.dll
2009-02-09 12:53 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:53 719,360 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 12:53 682,496 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 12:53 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 12:53 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 12:53 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2008-03-19 12:13 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat

============= FINISH: 23:19:54,59 ===============

Synes godt om

Computer Hjælp (Gratis) Mester

09. maj 2009 - 09:33 #39

<jpi>: Indtil <f-arn> kommer tilbage: Du skal lige gennemføre [malwarebytes] igen - du har nemlig IKKE fjernet noget -> No action taken. .
Efter scanning - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.

Synes godt om

jpi Mester

09. maj 2009 - 11:23 #40

<karise_larry> Jeg fik vist gemt logfilen inden den selv gemte den og fik kun sendt den "forkerte" herind.
Her er den der blev autogenereret efter den var helt færdig:

Malwarebytes' Anti-Malware 1.36
Database version: 2096
Windows 5.1.2600 Service Pack 3

08-05-2009 22:59:31
mbam-log-2009-05-08 (22-59-31).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 133140
Tid tilbagelagt: 45 minute(s), 1 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 8
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 0
Inficerede Filer: 15

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\o675.o675mgr (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\o675.o675mgr.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\hijackthis\backups\backup-20090508-172508-158.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243839.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243840.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243841.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243842.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP395\A0243856.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACcdsmxfmm.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACqfrfqomu.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Heribert\Lokale indstillinger\Temp\ie3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACsjnxukal.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACubowtnwa.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\UACccfifipb.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Synes godt om

f-arn Guru

09. maj 2009 - 12:18 #41

Jeg ved ikke rigtigt hvad du mener med GData?

Det her?
http://www.spywarefri.dk/forum/viewthread/55962/

Find og upload disse filer hos Jotti eller Virustotal:

c:\windows\system32\drivers\AGFWMP.sys
c:\windows\system32\drivers\AGFUCAPI.sys

http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Hvis du ikke ved hvordan så se her:
http://www.it-artikler.dk/2008/03/05/vis-skjulte-filer-og-mapper/

Kopier resultatet herind

Synes godt om

jpi Mester

09. maj 2009 - 12:37 #42

De to filer er ikke på PC'en længere (og jeg har kigget i skjulte filer)
Ud fra DDS-loggen kan jeg se at de tilhørte en ISDN-adapter der var tilsluttet PC'en indtil for nyligt, og da jeg har ryddet op og afinstalleret AGFEO-adapteren og tilhørende software er den blevet fjernet. Så de var vist gode nok.

Ang. valg af anti-virus, så synes jeg at alle de tests man læser peger i forskellige retninger...
Så jeg så at GData havde en god detection-rate og installerede det. Lige nu kører den og scanner PC'en og har fundet en del trojanske heste som AVG og Malwarebytes ikke havde fundet.

Men er der et antivirus program der er det bedste ? Jeg har en fornemmelse af at det er lidt en religions-sag :-)

Synes godt om

f-arn Guru

09. maj 2009 - 12:45 #43

Ja, det er lidt en religions-sag ;-)

Jeg var bare lidt i tvivl om de 2 filer da der er lidt modstridende oplysninger.

Combofix må vi vist vente på :-(

Synes godt om

jpi Mester

09. maj 2009 - 12:52 #44

Ja, jeg startede combofix op, og den viste stadig den samme fejl :-(

Hvilke modstridende oplysninger fandt du ? på nettet ?

Hvilken antivirussoftware ville du anbefale ?

Synes godt om

jpi Mester

10. maj 2009 - 01:45 #45

Jeg har scannet PC en med malwarebytes, GData og Ad-Aware og alle 3 viser ingen infectioner.

Jeg har lavet nogle kørsler med deforegående tools, og her er logfilerne:

Synes godt om

jpi Mester

10. maj 2009 - 01:45 #46

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:15, on 09-05-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Dell\AccessDirect\dadapp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Fælles filer\G DATA\AVKProxy\AVKProxy.exe
C:\Programmer\G Data\AntiVirus\AVK\AVKService.exe
C:\Programmer\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Fælles filer\G DATA\GDScan\GDScan.exe
C:\hijackthis\hijak_log.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gurredam.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: ::1 localhost
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programmer\G Data\AntiVirus\Webfilter\AvkWebIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programmer\G Data\AntiVirus\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DadApp] C:\Programmer\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Programmer\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150058542093
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Programmer\Fælles filer\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Programmer\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Filesystem Monitor (AVKWCtl) - G Data Software AG - C:\Programmer\G Data\AntiVirus\AVK\AVKWCtl.exe
O23 - Service: G Data Scanner (GDScan) - G DATA Software AG - C:\Programmer\Fælles filer\G DATA\GDScan\GDScan.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 8230 bytes

Synes godt om

jpi Mester

10. maj 2009 - 01:46 #47

lopR:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Mobile Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A07
USER : Heribert ( Administrator )
BOOT : Normal boot
Antivirus : G Data AntiVirus 2010 18.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:20 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 09-05-2009|23:22 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3AB.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse3B0.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nse86.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsg550.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsj3B6.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsjE.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsk6.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsl3.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsn6.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso3.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nso4EB.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsp8.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsq169.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr3AC.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr4E9.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr8.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nst3AD.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsu10.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsv552.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsvA.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsw5.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsx1AA.tmp
Deleted! - C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsy84.tmp

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in APPLIC~1

[09-05-2009|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[28-09-2006|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[09-05-2009|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[26-11-2004|13:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[11-02-2005|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\e-Safekey
[09-05-2009|02:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\G DATA
[17-12-2004|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[09-05-2009|01:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[08-05-2009|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[21-03-2008|13:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[01-02-2007|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17-12-2004|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17-09-2006|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[17-09-2006|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[17-09-2006|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[17-12-2004|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[24-12-2005|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[0|fil(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte
[19|mappe(r)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte ledig

[26-11-2004|13:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[26-11-2004|13:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26-11-2004|13:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[26-11-2004|13:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[26-11-2004|13:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[0|fil(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte
[7|mappe(r)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte ledig

[23-09-2008|19:15] C:\DOCUME~1\Heribert\APPLIC~1\Adobe
[12-01-2007|18:09] C:\DOCUME~1\Heribert\APPLIC~1\AdobeUM
[05-12-2004|12:40] C:\DOCUME~1\Heribert\APPLIC~1\CyberLink
[13-02-2006|08:13] C:\DOCUME~1\Heribert\APPLIC~1\Help
[26-11-2004|13:00] C:\DOCUME~1\Heribert\APPLIC~1\Identities
[09-05-2009|00:03] C:\DOCUME~1\Heribert\APPLIC~1\Lavasoft
[05-12-2004|12:39] C:\DOCUME~1\Heribert\APPLIC~1\Leadertech
[21-01-2006|10:54] C:\DOCUME~1\Heribert\APPLIC~1\Macromedia
[08-05-2009|21:53] C:\DOCUME~1\Heribert\APPLIC~1\Malwarebytes
[26-12-2008|12:28] C:\DOCUME~1\Heribert\APPLIC~1\Microsoft
[17-09-2006|20:11] C:\DOCUME~1\Heribert\APPLIC~1\ScanSoft
[05-12-2004|12:39] C:\DOCUME~1\Heribert\APPLIC~1\Sonic
[26-11-2004|13:28] C:\DOCUME~1\Heribert\APPLIC~1\Sun
[26-11-2004|13:34] C:\DOCUME~1\Heribert\APPLIC~1\Symantec
[04-05-2009|13:03] C:\DOCUME~1\Heribert\APPLIC~1\TeamViewer
[25-12-2008|20:54] C:\DOCUME~1\Heribert\APPLIC~1\U3
[0|fil(er)] C:\DOCUME~1\Heribert\APPLIC~1\byte
[18|mappe(r)] C:\DOCUME~1\Heribert\APPLIC~1\byte ledig

[09-05-2009|01:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[08-05-2009|21:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\TeamViewer
[0|fil(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte
[4|mappe(r)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte ledig

[09-05-2009|01:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte
[3|mappe(r)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte ledig

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09-05-2009 01:16][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[09-05-2009 21:32][--ah-----] C:\WINDOWS\tasks\SA.DAT
[16-09-2002 08:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing Folders in C:\Programmer

[26-01-2006|18:02] C:\Programmer\Adobe
[09-05-2009|00:04] C:\Programmer\AGFEO
[25-12-2008|21:00] C:\Programmer\AVG
[26-11-2004|13:29] C:\Programmer\Broadcom
[26-11-2004|13:37] C:\Programmer\Common Files
[26-11-2004|13:00] C:\Programmer\ComPlus Applications
[26-11-2004|13:33] C:\Programmer\CyberLink
[26-11-2004|13:32] C:\Programmer\Dell
[17-12-2004|22:50] C:\Programmer\Dell Computer Corporation
[09-05-2009|01:46] C:\Programmer\F‘lles filer
[09-05-2009|01:46] C:\Programmer\G Data
[21-03-2008|13:12] C:\Programmer\Grisoft
[17-12-2004|22:00] C:\Programmer\Hewlett-Packard
[17-12-2004|22:06] C:\Programmer\HP
[17-12-2004|21:26] C:\Programmer\InstallShield Installation Information
[15-04-2009|16:20] C:\Programmer\Internet Explorer
[26-11-2004|13:28] C:\Programmer\Java
[09-05-2009|01:13] C:\Programmer\Lavasoft
[17-12-2004|21:26] C:\Programmer\Logitech
[08-05-2009|21:53] C:\Programmer\Malwarebytes' Anti-Malware
[08-05-2009|14:06] C:\Programmer\Messenger
[11-06-2006|22:55] C:\Programmer\Microsoft ActiveSync
[14-05-2007|12:43] C:\Programmer\Microsoft CAPICOM 2.1.0.2
[26-11-2004|13:00] C:\Programmer\microsoft frontpage
[17-12-2004|23:35] C:\Programmer\Microsoft Office
[17-12-2004|20:31] C:\Programmer\Microsoft Works
[17-12-2004|23:35] C:\Programmer\Microsoft.NET
[08-05-2009|14:01] C:\Programmer\Movie Maker
[25-12-2008|21:01] C:\Programmer\MSECache
[26-11-2004|13:00] C:\Programmer\MSN Gaming Zone
[30-11-2006|12:09] C:\Programmer\MSXML 4.0
[08-05-2009|13:59] C:\Programmer\NetMeeting
[17-03-2006|20:24] C:\Programmer\OfficeUpdate11
[26-11-2004|13:00] C:\Programmer\Onlinetjenester
[08-05-2009|13:59] C:\Programmer\Outlook Express
[26-11-2004|13:33] C:\Programmer\r
[17-09-2006|20:11] C:\Programmer\ScanSoft
[26-11-2004|13:32] C:\Programmer\Sonic
[26-11-2004|13:31] C:\Programmer\Synaptics
[26-11-2004|13:37] C:\Programmer\Uninstall Information
[08-05-2009|13:59] C:\Programmer\Windows Media Player
[08-05-2009|13:59] C:\Programmer\Windows NT
[26-11-2004|13:00] C:\Programmer\WindowsUpdate
[26-11-2004|13:00] C:\Programmer\XEROX
[0|fil(er)] C:\Programmer\byte
[46|mappe(r)] C:\Programmer\byte ledig

--------------------\\ Listing Folders in C:\Programmer\F‘lles filer

[05-12-2004|12:21] C:\Programmer\F‘lles filer\Adobe
[17-12-2004|23:35] C:\Programmer\F‘lles filer\DESIGNER
[09-05-2009|01:48] C:\Programmer\F‘lles filer\G DATA
[17-12-2004|21:58] C:\Programmer\F‘lles filer\Hewlett-Packard
[17-12-2004|22:02] C:\Programmer\F‘lles filer\HP
[17-12-2004|22:50] C:\Programmer\F‘lles filer\InstallShield
[26-11-2004|13:27] C:\Programmer\F‘lles filer\Java
[11-06-2006|22:55] C:\Programmer\F‘lles filer\L&H
[17-12-2004|21:25] C:\Programmer\F‘lles filer\Logitech
[08-08-2008|15:42] C:\Programmer\F‘lles filer\Microsoft Shared
[26-11-2004|13:00] C:\Programmer\F‘lles filer\MSSoap
[26-11-2004|13:00] C:\Programmer\F‘lles filer\ODBC
[17-09-2006|20:11] C:\Programmer\F‘lles filer\ScanSoft Shared
[26-11-2004|13:32] C:\Programmer\F‘lles filer\Sonic
[26-11-2004|13:00] C:\Programmer\F‘lles filer\SpeechEngines
[17-12-2004|19:58] C:\Programmer\F‘lles filer\Symantec Shared
[08-05-2009|13:59] C:\Programmer\F‘lles filer\System
[26-11-2004|13:00] C:\Programmer\F‘lles filer\Tjenester
[0|fil(er)] C:\Programmer\F‘lles filer\byte
[20|mappe(r)] C:\Programmer\F‘lles filer\byte ledig

--------------------\\ Process

( 46 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Heribert\LOKALE~1\Temp\nsr3BB.tmp
C:\DOCUME~1\Heribert\LOKALE~1\Temp\nst3BE.tmp

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 23:23:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

No other infections found !

[F:2136][D:190]-> C:\DOCUME~1\Heribert\LOKALE~1\Temp
[F:2][D:0]-> C:\DOCUME~1\Heribert\Cookies
[F:10][D:4]-> C:\DOCUME~1\Heribert\LOKALE~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 08-05-2009|17:20 - Option : [2]
2 - "C:\Lop SD\LopR_2.txt" - 09-05-2009|23:24 - Option : [2]

--------------------\\ Scan completed at 23:24:40

Synes godt om

jpi Mester

10. maj 2009 - 01:46 #48

DDS:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Heribert at 21:56:29,60 on 09-05-2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.511.223 [GMT 2:00]

AV: G Data AntiVirus 2010 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Dell\AccessDirect\dadapp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
svchost.exe
C:\Programmer\Fælles filer\G DATA\AVKProxy\AVKProxy.exe
C:\Programmer\G Data\AntiVirus\AVK\AVKService.exe
C:\Programmer\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Fælles filer\G DATA\GDScan\GDScan.exe
C:\hijackthis\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.euro.dell.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gurredam.dk/
BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\programmer\g data\antivirus\webfilter\AvkWebIE.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\programmer\g data\antivirus\webfilter\AvkWebIE.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sonic RecordNow!]
uRun: [updateMgr] "c:\programmer\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SunJavaUpdateSched] c:\programmer\java\j2re1.4.2_03\bin\jusched.exe
mRun: [<NO NAME>]
mRun: [DadApp] c:\programmer\dell\accessdirect\dadapp.exe
mRun: [SynTPLpr] c:\programmer\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programmer\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\programmer\fælles filer\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\programmer\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\programmer\r\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [zBrowser Launcher] c:\programmer\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [HP Software Update] "c:\programmer\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\programmer\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Omnipage] c:\programmer\scansoft\omnipagese\opware32.exe
mRun: [Ad-Watch] c:\programmer\lavasoft\ad-aware\AAWTray.exe
mRun: [G DATA AntiVirus Trayapplication] c:\programmer\g data\antivirus\avktray\AVKTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\adober~1.lnk - c:\programmer\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpdigi~1.lnk - c:\programmer\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpimag~1.lnk - c:\programmer\hp\digital imaging\bin\hpqthb08.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.danskebank.dk/html/activex/DB/Menu.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150058542093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programmer\hp\hpcoretech\comp\hpuiprot.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-9 64160]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-5-9 68424]
R2 AVKProxy;G Data AntiVirus Proxy;c:\programmer\fælles filer\g data\avkproxy\AVKProxy.exe [2009-4-9 1043528]
R2 AVKService;G Data Scheduler;c:\programmer\g data\antivirus\avk\AVKService.exe [2009-4-9 388168]
R2 AVKWCtl;G Data Filesystem Monitor;c:\programmer\g data\antivirus\avk\AVKWCtl.exe [2009-2-25 1206096]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-5-9 51016]
R2 TeamViewer4;TeamViewer 4;c:\documents and settings\heribert\temp\teamviewer\version4\TeamViewer_Service.exe [2009-4-29 185640]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-5-9 50632]
R3 GDScan;G Data Scanner;c:\programmer\fælles filer\g data\gdscan\GDScan.exe [2009-3-10 298568]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-5-9 32328]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2004-12-17 14092]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmer\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]

=============== Created Last 30 ================

2009-05-09 14:33 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-09 02:34 68,424 a------- c:\windows\system32\drivers\GRD.sys
2009-05-09 01:50 50,632 a------- c:\windows\system32\drivers\MiniIcpt.sys
2009-05-09 01:49 51,016 a------- c:\windows\system32\drivers\GDTdiIcpt.sys
2009-05-09 01:49 32,328 a------- c:\windows\system32\drivers\HookCentre.sys
2009-05-09 01:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\G DATA
2009-05-09 01:46 <DIR> --d----- c:\programmer\G Data
2009-05-09 01:46 <DIR> --d----- c:\programmer\fælles filer\G DATA
2009-05-09 01:16 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-09 01:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-09 01:13 <DIR> --d----- c:\programmer\Lavasoft
2009-05-08 21:53 <DIR> --d----- c:\docume~1\heribert\applic~1\Malwarebytes
2009-05-08 19:47 <DIR> --d----- C:\32788R22FWJFW.0.tmp
2009-05-08 17:01 <DIR> --d----- C:\Lop SD
2009-05-08 16:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-08 16:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 16:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-08 16:27 <DIR> --d----- C:\hijackthis
2009-05-08 14:01 <DIR> --d----- c:\windows\system32\da
2009-05-08 14:01 <DIR> --d----- c:\windows\l2schemas
2009-05-08 14:01 <DIR> --d----- c:\windows\system32\bits
2009-05-08 13:22 <DIR> --d----- c:\programmer\Malwarebytes' Anti-Malware
2009-05-08 11:35 2,967,800 a------- C:\tool.exe
2009-05-04 13:09 3,496 a------- C:\virusresults.csv
2009-05-04 13:03 <DIR> --d----- c:\docume~1\heribert\applic~1\TeamViewer
2009-05-04 13:03 <DIR> --d----- c:\documents and settings\heribert\temp
2009-04-29 17:38 <DIR> --d----- c:\windows\system32\456131
2009-04-29 17:08 24,576 a------- c:\windows\system32\stu2.exe
2009-04-17 13:08 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-17 13:08 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-15 15:39 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 15:39 217,088 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-09 21:32 22,122 a------- c:\windows\system32\nvModes.dat
2009-05-08 16:26 399,716 a------- c:\windows\system32\PERFH006.DAT
2009-05-08 16:26 64,610 a------- c:\windows\system32\PERFC006.DAT
2009-05-08 14:03 79,183 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 16:08 1,006,080 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 16:20 284,672 a------- c:\windows\system32\pdh.dll
2009-03-06 16:20 284,672 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-03 02:11 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 02:11 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 06:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 12:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 12:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 07:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 19:08 2,068,608 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 16:07 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 16:07 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 13:26 2,191,616 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 13:26 2,026,496 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-09 13:26 2,026,496 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 13:25 2,147,840 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 13:25 2,147,840 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 13:25 110,592 a------- c:\windows\system32\services.exe
2009-02-09 13:25 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-02-09 12:53 730,624 a------- c:\windows\system32\lsasrv.dll
2009-02-09 12:53 730,624 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 12:53 719,360 a------- c:\windows\system32\ntdll.dll
2009-02-09 12:53 682,496 a------- c:\windows\system32\advapi32.dll
2009-02-09 12:53 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:53 719,360 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 12:53 682,496 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 12:53 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 12:53 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 12:53 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2008-03-19 12:13 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat

============= FINISH: 21:57:15,01 ===============

Synes godt om

jpi Mester

10. maj 2009 - 01:47 #49

ProcessExplorer:

Process PID CPU Description Company Name
System Idle Process 0 90.30
Interrupts n/a Hardware Interrupts
DPCs n/a 0.75 Deferred Procedure Calls
System 4
smss.exe 548 Windows NT-sessionsstyring Microsoft Corporation
csrss.exe 604 Client Server Runtime Process Microsoft Corporation
winlogon.exe 628 Windows NT-logonprogram Microsoft Corporation
services.exe 672 1.49 Tjenester og controllerprogrammer Microsoft Corporation
svchost.exe 876 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 944 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1040 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1148 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1236 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1392 Spooler SubSystem App Microsoft Corporation
svchost.exe 732 Generic Host Process for Win32 Services Microsoft Corporation
AVKProxy.exe 908 G Data AntiVirus Proxy Service G Data Software AG
AVKService.exe 984 G Data InternetSecurity Scheduler Service G Data Software AG
AVKWCtl.exe 1012 G Data Filesystem Monitor Service G Data Software AG
nvsvc32.exe 1140 NVIDIA Driver Helper Service, Version 66.10 NVIDIA Corporation
svchost.exe 1292 Generic Host Process for Win32 Services Microsoft Corporation
TeamViewer_Service.exe 1620 TeamViewer Service TeamViewer GmbH
TeamViewer.exe 2056 5.97 TeamViewer fjernstyringsprogram TeamViewer GmbH
wdfmgr.exe 1744 Windows User Mode Driver Manager Microsoft Corporation
HPZipm12.exe 2624 PML Driver HP
GDScan.exe 2704 G DATA AntiVirus Scan Server G DATA Software AG
alg.exe 2992 Application Layer Gateway Service Microsoft Corporation
lsass.exe 684 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1652 Windows Stifinder Microsoft Corporation
BCMSMMSG.exe 1804 Modem Messaging Applet Broadcom Corporation
jusched.exe 1812
DadApp.exe 1820
SynTPLpr.exe 1844 TouchPad Driver Helper Application Synaptics, Inc.
SynTPEnh.exe 1852 Synaptics TouchPad Enhancements Synaptics, Inc.
tfswctrl.exe 1860 Drive Letter Access Component Sonic Solutions
PCMService.exe 1876 PowerCinema Resident Program for Dell CyberLink Corp.
DVDLauncher.exe 1884 CyberLink PowerCinema Resident Program CyberLink Corp.
iTouch.exe 1892 iTouch Application Logitech Inc.
hpwuSchd2.exe 1908 hpwuSchd Hewlett-Packard Company
hpcmpmgr.exe 1920 HP Framework Component Manager Service Hewlett-Packard Company
opware32.exe 1952 OCR Aware (32-bit) ScanSoft, Inc
AVKTray.exe 1984 G Data InternetSecurity Tray Application G Data Software AG
ctfmon.exe 1992 CTF Loader Microsoft Corporation
hpqtra08.exe 188 HP Digital Imaging Monitor (CUE) Hewlett-Packard Co.
procexp.exe 1304 1.49 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
EM_EXEC.EXE 136 Logitech Events Handler Application Logitech Inc.
hpqgalry.exe 380 Hewlett-Packard Co.

Synes godt om

jpi Mester

10. maj 2009 - 01:47 #50

Rootpeal:
ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/10 00:09
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\hijackthis\settings.dat
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Heribert\Dokumenter\Billeder\Russland2005\CAYNYFE5.:Zone.Identifier
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Heribert\Dokumenter\Billeder\Russland2005\CAYNYFE5.
Status: Allocation size mismatch (API: 1683456, Raw: 0)

Rootpeal 2:
ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/10 00:09
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACccfifipb.sys

Synes godt om

jpi Mester

10. maj 2009 - 01:48 #51

Hvordan ser det ud men maskinen ?
Kan den erklæres "rask" ?

Synes godt om

f-arn Guru

10. maj 2009 - 12:10 #52

Det er jeg ikke helt sikker på. Rootpeal 2, er den lavet med drivers skan eller? Det kan godt være det kun er en rest men jeg vil gerne vide det.

Synes godt om

jpi Mester

10. maj 2009 - 14:00 #53

Rootpeel 2 er med "Hidden Services"

(Kaspersky Online Scan viser ingen infectioner.)

Synes godt om

f-arn Guru

10. maj 2009 - 15:31 #54

Hent random's system information tool (RSIT) af random/random

http://images.malwareremoval.com/random/RSIT.exe

Den laver to log filer log.txt og info.txt
Jeg vil gerne se begge to

Synes godt om

jpi Mester

10. maj 2009 - 21:41 #55

info.txt logfile of random's system information tool 1.06 2009-05-10 21:38:23

======Uninstall list======

-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AccessDirect-->RunDll32 C:\PROGRA~1\FÆLLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{417B79C9-CDB4-477F-952D-840CEFC57A6C}\setup.exe" -l0x9
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Broadcom Management Programs-->C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A6282FF-B75B-463F-90F5-0A43732F690D} /l1030
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0406-0000-0000000FF1CE}
Dell Media Experience-->RunDll32 C:\PROGRA~1\FÆLLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
EWE TEL-Installationsdateien entfernen-->C:\WINDOWS\ISW\ewetel\iswdel.exe
G Data AntiVirus-->MsiExec.exe /I{0FDB2D25-D880-4E10-868F-8C64EFE155F1}
HijackThis 2.0.2-->"C:\hijackthis\HijackThis.exe" /uninstall
Hotfix til Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix til Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.2-->C:\Programmer\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Programmer\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Logitech iTouch-program-->RunDll32 C:\PROGRA~1\FÆLLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x6 UNINSTALL
Logitech MouseWare 9.79 -->RunDll32 C:\PROGRA~1\FÆLLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x6 -l0006 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Programmer\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Danish Language Pack-->MsiExec.exe /X{973F8409-F8DA-4A40-ACB4-12B02F3399D7}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Proofing Tools-->MsiExec.exe /I{901F0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120406-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper-->RunDll32 C:\PROGRA~1\FÆLLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x6 ControlPanel
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
Opdatering til Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\FÆLLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sikkerhedsopdatering til Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spelling Dictionaries For Adobe Reader Package-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7E8A450000A7}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programmer\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format Runtime-->"C:\Programmer\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programmer\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost
::1 localhost

======Security center information======

AV: G Data AntiVirus 2010

======System event log======

Computer Name: HP
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 skiftede tilstand til stoppet.

Record Number: 39756
Source Name: Service Control Manager
Time Written: 20090224150210.000000+060
Event Type: oplysninger
User:

Computer Name: HP
Event Code: 7035
Message: Tjenesten Pml Driver HPZ12 modtog en start-kontrol.

Record Number: 39755
Source Name: Service Control Manager
Time Written: 20090224142527.000000+060
Event Type: oplysninger
User: HP\Heribert

Computer Name: HP
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 skiftede tilstand til kører.

Record Number: 39754
Source Name: Service Control Manager
Time Written: 20090224142527.000000+060
Event Type: oplysninger
User:

Computer Name: HP
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 skiftede tilstand til stoppet.

Record Number: 39753
Source Name: Service Control Manager
Time Written: 20090224142524.000000+060
Event Type: oplysninger
User:

Computer Name: HP
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 skiftede tilstand til kører.

Record Number: 39752
Source Name: Service Control Manager
Time Written: 20090224142523.000000+060
Event Type: oplysninger
User:

=====Application event log=====

Computer Name: HP
Event Code: 5028
Message:
Record Number: 1975
Source Name: McLogEvent
Time Written: 20051224145157.000000+060
Event Type: advarsel
User: NT AUTHORITY\SYSTEM

Computer Name: HP
Event Code: 5000
Message:
Record Number: 1974
Source Name: McLogEvent
Time Written: 20051224144619.000000+060
Event Type: oplysninger
User: NT AUTHORITY\SYSTEM

Computer Name: HP
Event Code: 5000
Message:
Record Number: 1973
Source Name: McLogEvent
Time Written: 20051224101744.000000+060
Event Type: oplysninger
User: NT AUTHORITY\SYSTEM

Computer Name: HP
Event Code: 5028
Message:
Record Number: 1972
Source Name: McLogEvent
Time Written: 20051223142454.000000+060
Event Type: advarsel
User: NT AUTHORITY\SYSTEM

Computer Name: HP
Event Code: 5000
Message:
Record Number: 1971
Source Name: McLogEvent
Time Written: 20051223141519.000000+060
Event Type: oplysninger
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Heribert at 2009-05-10 21:37:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (59%) free of 34 GB
Total RAM: 511 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:15, on 10-05-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Dell\AccessDirect\dadapp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Fælles filer\G DATA\AVKProxy\AVKProxy.exe
C:\Programmer\G Data\AntiVirus\AVK\AVKService.exe
C:\Programmer\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe
C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe
C:\Programmer\Fælles filer\G DATA\GDScan\GDScan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\G Data\AntiVirus\GUI\GDSC.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\RSIT.exe
C:\Programmer\trend micro\Heribert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gurredam.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: ::1 localhost
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programmer\G Data\AntiVirus\Webfilter\AvkWebIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programmer\G Data\AntiVirus\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DadApp] C:\Programmer\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Programmer\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150058542093
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Programmer\Fælles filer\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Programmer\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Filesystem Monitor (AVKWCtl) - G Data Software AG - C:\Programmer\G Data\AntiVirus\AVK\AVKWCtl.exe
O23 - Service: G Data Scanner (GDScan) - G DATA Software AG - C:\Programmer\Fælles filer\G DATA\GDScan\GDScan.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 8556 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G Data WebFilter - C:\Programmer\G Data\AntiVirus\Webfilter\AvkWebIE.dll [2009-04-09 590920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programmer\Java\jre6\bin\jp2ssv.dll [2009-05-10 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G Data WebFilter - C:\Programmer\G Data\AntiVirus\Webfilter\AvkWebIE.dll [2009-04-09 590920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-08-19 4554752]
"nwiz"=nwiz.exe /installquiet []
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"SunJavaUpdateSched"=C:\Programmer\Java\jre6\bin\jusched.exe [2009-05-10 148888]
""= []
"DadApp"=C:\Programmer\Dell\AccessDirect\dadapp.exe [2004-03-04 211828]
"SynTPLpr"=C:\Programmer\Synaptics\SynTP\SynTPLpr.exe [2004-05-13 98304]
"SynTPEnh"=C:\Programmer\Synaptics\SynTP\SynTPEnh.exe [2004-05-14 536576]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]
"UpdateManager"=C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"PCMService"=C:\Programmer\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"DVDLauncher"=C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
"zBrowser Launcher"=C:\Programmer\Logitech\iTouch\iTouch.exe [2003-12-01 892928]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-11-07 19968]
"HP Software Update"=C:\Programmer\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Programmer\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"Omnipage"=C:\Programmer\ScanSoft\OmniPageSE\opware32.exe [2002-02-20 49152]
"Ad-Watch"=C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-09 516440]
"G DATA AntiVirus Trayapplication"=C:\Programmer\G Data\AntiVirus\AVKTray\AVKTray.exe [2009-04-09 918600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Sonic RecordNow!"= []
"updateMgr"=C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
Adobe Reader Speed Launch.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Hurtig start.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmer\AGFEO\Tk-Suite-Basic-2\tkserver\tksock.exe"="C:\Programmer\AGFEO\Tk-Suite-Basic-2\tkserver\tksock.exe:*:Enabled:tksock"
"C:\Programmer\AGFEO\Tk-Suite-Basic-2\tkserver\tkmedia.exe"="C:\Programmer\AGFEO\Tk-Suite-Basic-2\tkserver\tkmedia.exe:*:Enabled:tkmedia"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmer\Grisoft\AVG7\avginet.exe"="C:\Programmer\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Programmer\Grisoft\AVG7\avgamsvr.exe"="C:\Programmer\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Programmer\Grisoft\AVG7\avgcc.exe"="C:\Programmer\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Programmer\AVG\AVG8\avgupd.exe"="C:\Programmer\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer fjernstyringsprogram"
"C:\Programmer\RealVNC\VNC4\winvnc4.exe"="C:\Programmer\RealVNC\VNC4\winvnc4.exe:*:Disabled:VNC Server Free Edition for Win32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2009-05-10 21:37:49 ----D---- C:\Programmer\trend micro
2009-05-10 21:37:44 ----D---- C:\rsit
2009-05-10 01:00:47 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-10 01:00:46 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-10 01:00:46 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-10 01:00:46 ----A---- C:\WINDOWS\system32\java.exe
2009-05-09 14:33:31 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-05-09 01:48:04 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA
2009-05-09 01:46:56 ----D---- C:\Programmer\G Data
2009-05-09 01:46:56 ----D---- C:\Programmer\Fælles filer\G DATA
2009-05-09 01:16:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-09 01:13:39 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-09 01:13:17 ----D---- C:\Programmer\Lavasoft
2009-05-09 01:13:17 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-05-08 21:53:08 ----D---- C:\Documents and Settings\Heribert\Application Data\Malwarebytes
2009-05-08 20:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-08 19:48:24 ----D---- C:\Qoobox
2009-05-08 19:48:13 ----A---- C:\Bug.txt
2009-05-08 19:47:58 ----D---- C:\32788R22FWJFW.0.tmp
2009-05-08 17:02:35 ----A---- C:\lopR.txt
2009-05-08 17:01:56 ----D---- C:\Lop SD
2009-05-08 16:52:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-08 16:27:10 ----D---- C:\hijackthis
2009-05-08 16:23:35 ----D---- C:\WINDOWS\Prefetch
2009-05-08 14:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-08 14:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-08 14:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-08 14:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-08 14:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-08 14:09:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-08 14:09:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-08 14:08:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-08 14:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-08 14:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-05-08 14:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-05-08 14:08:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-08 14:08:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-08 14:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-08 14:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-08 14:07:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-08 14:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-05-08 14:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-08 14:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-08 14:07:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-08 14:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-08 14:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-05-08 14:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-08 14:06:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-05-08 14:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-08 14:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-08 14:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-08 14:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-08 14:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-05-08 14:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-08 14:01:27 ----D---- C:\WINDOWS\system32\da
2009-05-08 14:01:27 ----D---- C:\WINDOWS\l2schemas
2009-05-08 14:01:26 ----D---- C:\WINDOWS\system32\bits
2009-05-08 13:22:14 ----D---- C:\Programmer\Malwarebytes' Anti-Malware
2009-05-08 12:40:16 ----A---- C:\avgrep.txt
2009-05-08 11:45:51 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-08 11:35:57 ----A---- C:\tool.exe
2009-05-04 13:03:44 ----D---- C:\Documents and Settings\Heribert\Application Data\TeamViewer
2009-04-29 17:38:49 ----D---- C:\WINDOWS\system32\456131
2009-04-29 17:08:36 ----A---- C:\WINDOWS\system32\stu2.exe
2009-04-17 13:08:09 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-04-17 13:08:08 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-04-15 16:21:08 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-04-15 16:21:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-04-15 16:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-04-15 16:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-04-15 16:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-04-15 16:16:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$

======List of files/folders modified in the last 1 months======

2009-05-10 21:37:49 ----RD---- C:\Programmer
2009-05-10 20:49:16 ----D---- C:\WINDOWS\Temp
2009-05-10 14:00:05 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-10 01:02:34 ----SHD---- C:\WINDOWS\Installer
2009-05-10 01:00:47 ----D---- C:\WINDOWS\SYSTEM32
2009-05-10 01:00:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-10 00:58:56 ----D---- C:\Programmer\Java
2009-05-10 00:21:19 ----A---- C:\WINDOWS\iTouch.ini
2009-05-10 00:21:18 ----D---- C:\WINDOWS
2009-05-10 00:20:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-09 05:04:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-09 05:02:46 ----HD---- C:\WINDOWS\INF
2009-05-09 05:02:34 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-09 01:47:53 ----D---- C:\WINDOWS\WinSxS
2009-05-09 01:46:56 ----D---- C:\Programmer\Fælles filer
2009-05-09 01:35:10 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-09 01:16:49 ----SD---- C:\WINDOWS\Tasks
2009-05-09 00:09:02 ----A---- C:\WINDOWS\wininit.ini
2009-05-09 00:04:17 ----D---- C:\WINDOWS\SYSTEM
2009-05-09 00:04:16 ----AD---- C:\Programmer\AGFEO
2009-05-09 00:03:21 ----D---- C:\Documents and Settings\Heribert\Application Data\Lavasoft
2009-05-08 23:23:04 ----HD---- C:\$AVG8.VAULT$
2009-05-08 22:41:55 ----SHD---- C:\System Volume Information
2009-05-08 22:41:55 ----D---- C:\WINDOWS\system32\Restore
2009-05-08 20:06:44 ----D---- C:\WINDOWS\network diagnostic
2009-05-08 16:26:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-08 16:24:16 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-08 14:14:10 ----A---- C:\WINDOWS\SETUPLOG.TXT
2009-05-08 14:13:41 ----D---- C:\WINDOWS\system32\Setup
2009-05-08 14:13:41 ----D---- C:\WINDOWS\AppPatch
2009-05-08 14:13:40 ----RSD---- C:\WINDOWS\Fonts
2009-05-08 14:13:40 ----D---- C:\WINDOWS\system32\WBEM
2009-05-08 14:12:48 ----D---- C:\WINDOWS\SECURITY
2009-05-08 14:10:08 ----A---- C:\WINDOWS\imsins.BAK
2009-05-08 14:10:04 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-05-08 14:06:07 ----D---- C:\Programmer\Messenger
2009-05-08 14:01:41 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-08 14:01:40 ----D---- C:\WINDOWS\IME
2009-05-08 14:01:40 ----D---- C:\WINDOWS\Help
2009-05-08 14:01:28 ----D---- C:\WINDOWS\system32\USMT
2009-05-08 14:01:28 ----D---- C:\WINDOWS\system32\da-dk
2009-05-08 14:01:26 ----D---- C:\WINDOWS\peernet
2009-05-08 14:01:26 ----D---- C:\Programmer\Movie Maker
2009-05-08 13:59:13 ----D---- C:\WINDOWS\system32\NPP
2009-05-08 13:59:12 ----D---- C:\WINDOWS\MSAGENT
2009-05-08 13:59:11 ----D---- C:\WINDOWS\SRCHASST
2009-05-08 13:59:11 ----D---- C:\Programmer\NetMeeting
2009-05-08 13:59:09 ----D---- C:\WINDOWS\system32\Com
2009-05-08 13:59:07 ----D---- C:\Programmer\Windows NT
2009-05-08 13:59:07 ----D---- C:\Programmer\Windows Media Player
2009-05-08 13:59:06 ----D---- C:\Programmer\Outlook Express
2009-05-08 13:59:03 ----D---- C:\Programmer\Fælles filer\System
2009-05-08 13:58:50 ----D---- C:\WINDOWS\system32\OOBE
2009-05-08 13:56:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-08 13:55:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-08 13:51:27 ----D---- C:\WINDOWS\EHome
2009-04-29 18:26:50 ----A---- C:\itouch_crash_info.txt
2009-04-15 16:20:47 ----D---- C:\Programmer\Internet Explorer
2009-04-15 16:17:16 ----A---- C:\WINDOWS\WIN.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 GRD;G Data Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []
R1 intelppm;Driver til Intel-processor; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;HID-tastaturdriver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2004-04-23 44032]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 CmBatt;Microsoft ACPI Control Method-batteri; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2003-11-09 12953]
R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2003-11-07 14092]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-11-07 25502]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-11-07 37884]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798]
R3 mouhid;HID-driver til mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-04 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-19 2973568]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-07-20 258160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-05-13 182688]
R3 usbccgp;Overordnet Microsoft USB-standarddriver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniportdriver til Microsoft USB 2.0-udvidet værtscontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver til Microsoft USB-standardhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER-klasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB-scannerdriver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Driver til USB-lagerenhed; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB-universel værtscontroller miniportdriver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Driver til Intel PentiumIII-processor; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
S3 Arp1394;1394 ARP-klientprotokol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2002-05-13 4272]
S3 EL90XBC;Driver til 3Com EtherLink XL 90XB/C-netværkskort; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NIC1394;1394-netværksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S4 agpCPQ;Compaq AGP-busfilter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-busfilter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Filterdriver til AMD AGP-bus; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP-busfilter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;Filterdriver til Systemgendannelse; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73344]
S4 viaagp;VIA AGP-busfilter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVKProxy;G Data AntiVirus Proxy; C:\Programmer\Fælles filer\G DATA\AVKProxy\AVKProxy.exe [2009-04-09 1043528]
R2 AVKService;G Data Scheduler; C:\Programmer\G Data\AntiVirus\AVK\AVKService.exe [2009-04-09 388168]
R2 AVKWCtl;G Data Filesystem Monitor; C:\Programmer\G Data\AntiVirus\AVK\AVKWCtl.exe [2009-02-25 1206096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmer\Java\jre6\bin\jqs.exe [2009-05-10 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-08-19 127042]
R2 TeamViewer4;TeamViewer 4; C:\Documents and Settings\Heribert\temp\TeamViewer\Version4\TeamViewer_Service.exe [2009-04-29 185640]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 GDScan;G Data Scanner; C:\Programmer\Fælles filer\G DATA\GDScan\GDScan.exe [2009-03-10 298568]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 aspnet_state;ASP.NET-tilstandstjeneste; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe [2009-05-09 953168]
S3 ose;Office Source Engine; C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Synes godt om

f-arn Guru

11. maj 2009 - 14:49 #56

Det var bare en rest. Højreklik på den og fjern den. Hvis maskinen kører ok må den betragtes som helbredt :-)

Synes godt om

jpi Mester

11. maj 2009 - 14:53 #57

Det lyder godt.
Læg et svar, så får du point

Mange tak for hjælpen !!

Synes godt om

f-arn Guru

11. maj 2009 - 15:03 #58

Kommer her ;-)

Synes godt om

f-arn Guru

11. maj 2009 - 15:44 #59

Du bør nok også tømme gendannelsen så du ikke gendanner infektionen ved et uheld. Jeg kan også se spor af programmer der har været på pc'en. så du kan prøve at køre CCleaner. særligt punktet [register].
http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Den bør du sige nej til.
Lad programmer foretage en oprydning.

http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763

Synes godt om

jpi Mester

11. maj 2009 - 18:09 #60

OK, det vil jeg gøre.

Forresten, hvilket antivirus vil du anbefale ?

Synes godt om

jpi Mester

11. maj 2009 - 19:30 #61

Ang. den sidste rest, så kan jeg ikke fjerne den, da filen ikke er der. Der er åbenbart en reference som jeg ikke ved hvordan jeg fjerner...

Synes godt om

f-arn Guru

11. maj 2009 - 19:47 #62

Jeg tænkte på rootrepeal. At du der skulle højreklikke på den. Selve filen blev fjernet af malwarebytes.

Synes godt om

jpi Mester

11. maj 2009 - 21:45 #63

Filen blev fjernet af mig efter dine anvisninger i #31.
Men der er åbenbart stadig en henvisning et sted...
i RootPeal kan jeg kun vælge "Wipe file" og "Force delete" og ingen af delene virker, da filen ikke er der mere. Men hvor kommer henvisningen fra ?

Synes godt om

f-arn Guru

11. maj 2009 - 22:04 #64

Fra #36

C:\WINDOWS\SYSTEM32\DRIVERS\UACccfifipb.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Jeg ved ikke helt hvor den henvisnig står men den er ikke vigtig længere. Filen og infektionen er væk.

Synes godt om

f-arn Guru

11. maj 2009 - 22:34 #65

Klik start-> kør og skriv devmgmt.msc.
klik på vis - vis skjulte enheder og find 'ikke plug and play drivere'
Så er den nok der.

Synes godt om

jpi Mester

11. maj 2009 - 23:13 #66

Der kan jeg ikke finde den, men som du elv skriver, så er det jo ikke sp vigtigt.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

27/12

AI er blevet forretningskritisk: Her er de fem skift, der definerer 2026

26/12

Nørgaard: Jeg har sparet MANGE penge for jer

24/12

AI-lab #17: Jeg mistede en af mine AI-superkræfter – men fandt en endnu stærkere en midt i juletravlheden

23/12

Dansk pensionskæmpe køber op i hemmelighedsfuld it-komet fra Aalborg

23/12

Vil publicere millioner af hackede sange fra Spotify: Enhver vil kunne lave sin egen version af musiktjenesten, advarer eksperter

23/12

Hackerangreb rammer dansk a-kasse med 86.000 medlemmer: Cpr-numre og personlige oplysninger i fare for misbrug

23/12

Fransk postvæsen ramt af omfattende cyberangreb midt i juleræset

23/12

Investeringerne i datacentre slår alle rekorder - så mange milliarder bruges der i år

23/12

Flygiganten Airbus vil flytte sin kritiske it-systemer til en suveræn europæisk cloud: På vej med stort udbud

23/12

Vil du have fuldt udbytte af AI, så skal du lære dette nye begreb

23/12

Film: Too rich to care

Vis flere artikler

IT-JOB

PensionDanmark

Senior Data Scientist

Forsvarsministeriets Materiel- og Indkøbsstyrelse

Release og Change Manager til DeMars i Cyberdivisionen, Hvidovre.

Politiets Efterretningstjeneste

Softwareudvikler til PET

Jyske Bank

Senior Java-udvikler til AML-udviklingsteamet - med fokus på samarbejde og innovation

Styrelsen For It og Læring

It-tekniker/udvikler til platformteam med fokus på drift af centrale platforme, samarbejde med udviklingsteams og opgaver inden for operationel sikkerhed

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 22:02	Låse brugt iPad op Af drstein i iOS, iPhone & iPad
I går 19:21	Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
I går 11:31	TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05	Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36	Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows

White papers

Er I klar til at tage næste skridt på den digitale retailrejse?
TDC Erhverv
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Udnyt Genesys Cloud CX optimalt og styrk kundeoplevelsen
Sabio
Revolutionér kundeoplevelsen med AI og automatisering
Sabio

Flere white papers »