CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede Anders_Lie Nybegynder
25. august 2010 - 14:04 Der er 6 kommentarer

Facebook virus - Hijackthis, Combofix og Mbam-log

Hej alle.

Tror jeg har fået den berygtede facebook-virus. Der bliver sendt underlige beskeder rundt med chatten og mit internet er blevet langsomt. Jeg håber der er nogen der kan hjælpe.

Det skal siges at jeg havde nogle problemer med combofix, men jeg tror at jeg fik det til at virke til sidst.

HJT-log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:55, on 25-08-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Anders\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldda-dk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA8E6B0E-6C04-4D3A-A2AD-24C470DDE077}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Tjenesten Google Update (gupdate1ca88cf60b876b0) (gupdate1ca88cf60b876b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 8667 bytes

Combofix-log:
ComboFix 10-08-24.0A - Anders 25-08-2010  11:13:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.3062.1572 [GMT 2:00]
Kører fra: c:\users\Anders\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\users\Anders\Desktop\combofix\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\ie3sh.exe
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWB3SH.dll
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\SGPSA
c:\program files\SGPSA\ie3sh.exe
c:\program files\SGPSA\mtwb3sh.dll
c:\users\Public\RemoveSGP.exe

c:\windows\system32\wininit.exe . . . er inficeret!!

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-07-25 til 2010-08-25  )))))))))))))))))))))))))))))))))))
.

2010-08-25 09:27 . 2010-08-25 09:36    --------    d-----w-    c:\users\Anders\AppData\Local\temp
2010-08-25 09:27 . 2010-08-25 09:27    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-08-25 07:55 . 2010-06-28 20:57    38848    ----a-w-    c:\windows\avastSS.scr
2010-08-25 07:55 . 2010-08-25 07:55    --------    d-----w-    c:\programdata\Alwil Software
2010-08-13 09:59 . 2010-08-13 09:59    --------    d-----w-    C:\found.000
2010-08-09 14:08 . 2010-08-09 14:08    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-08-02 09:03 . 2010-08-06 16:15    --------    d-----w-    c:\program files\StarCraft II
2010-08-01 18:04 . 2010-08-02 07:58    --------    d-----w-    c:\users\Anders\SC2-WingsOfLiberty-enGB-Installer

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 09:03 . 2010-04-09 12:59    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-08-25 08:59 . 2010-05-26 10:43    --------    d-----w-    c:\program files\Verbix2008
2010-08-25 08:59 . 2010-05-26 10:43    --------    d-----w-    c:\users\Anders\AppData\Roaming\verbix2008
2010-08-25 08:41 . 2009-01-10 21:41    --------    d-----w-    c:\program files\uTorrent
2010-08-25 08:41 . 2009-01-10 21:41    --------    d-----w-    c:\users\Anders\AppData\Roaming\uTorrent
2010-08-25 08:01 . 2010-04-08 08:15    --------    d-----w-    c:\program files\Steam
2010-08-25 08:00 . 2009-03-27 11:11    --------    d-----w-    c:\program files\Alwil Software
2010-08-17 08:58 . 2009-02-12 18:59    680    ----a-w-    c:\users\Anders\AppData\Local\d3d9caps.dat
2010-08-15 20:07 . 2009-02-12 18:31    4182    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2010-08-14 13:10 . 2008-04-24 09:31    --------    d-----w-    c:\program files\Microsoft Works
2010-08-14 13:07 . 2008-04-24 09:37    --------    d-----w-    c:\programdata\Microsoft Help
2010-08-14 13:01 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-08-11 19:47 . 2010-06-02 19:20    --------    d-----w-    c:\users\Anders\AppData\Roaming\Azureus
2010-08-09 14:09 . 2008-04-24 08:53    --------    d-----w-    c:\program files\Common Files\Java
2010-08-09 14:08 . 2008-04-24 08:53    --------    d-----w-    c:\program files\Java
2010-08-07 11:31 . 2010-04-08 08:15    --------    d-----w-    c:\program files\Common Files\Steam
2010-08-06 16:13 . 2008-12-25 13:25    --------    d-----w-    c:\program files\Common Files\Blizzard Entertainment
2010-08-02 09:21 . 2009-11-29 13:52    --------    d-----w-    c:\programdata\Blizzard Entertainment
2010-07-26 15:48 . 2008-01-21 05:51    77202    ----a-w-    c:\windows\system32\perfc006.dat
2010-07-26 15:48 . 2008-01-21 05:51    463344    ----a-w-    c:\windows\system32\perfh006.dat
2010-07-24 19:05 . 2010-07-19 13:59    --------    d-----w-    c:\programdata\Symantec
2010-07-19 13:59 . 2010-07-19 13:59    --------    d-----w-    c:\programdata\Norton
2010-07-19 13:59 . 2010-07-19 13:59    --------    d-----w-    c:\program files\Norton Security Scan
2010-07-19 13:59 . 2010-07-19 13:59    --------    d-----w-    c:\programdata\NortonInstaller
2010-07-19 13:59 . 2010-07-19 13:59    --------    d-----w-    c:\program files\NortonInstaller
2010-07-18 12:24 . 2010-07-17 20:06    --------    d-----w-    c:\users\Anders\AppData\Roaming\DivX
2010-07-17 20:08 . 2010-07-17 20:00    --------    d-----w-    c:\programdata\DivX
2010-07-17 20:07 . 2009-12-29 21:39    --------    d-----w-    c:\program files\DivX
2010-07-17 20:06 . 2008-05-17 10:11    --------    d-----w-    c:\program files\Common Files\PX Storage Engine
2010-07-17 20:06 . 2009-12-29 21:39    --------    d-----w-    c:\program files\Common Files\DivX Shared
2010-06-28 20:57 . 2009-03-27 11:11    165032    ----a-w-    c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-03-27 11:11    46672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-03-27 11:11    165456    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-03-27 11:11    23376    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-03-27 11:11    50256    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2009-03-27 11:11    17744    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-13 13:54    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 13:54    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-13 13:54    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-13 13:54    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-13 13:54    2037760    ----a-w-    c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-13 13:54    36864    ----a-w-    c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-13 13:54    302080    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-13 13:54    144896    ----a-w-    c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-13 13:54    905088    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-13 13:54    274944    ----a-w-    c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-13 13:54    1248768    ----a-w-    c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-13 13:54    3548040    ----a-w-    c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-13 13:54    3600768    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2010-06-01 09:05 . 2008-12-25 11:57    116616    ----a-w-    c:\users\Anders\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-31 20:22 . 2010-05-31 20:22    104688    ----a-w-    c:\windows\~GLC0001.TMP
2010-05-27 20:08 . 2010-08-13 13:54    81920    ----a-w-    c:\windows\system32\iccvid.dll
2009-02-12 18:31 . 2009-02-12 18:31    8    --sh--r-    c:\windows\System32\90B197C536.sys
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-25 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-17 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\Anders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4a,a6,6f,f4,dc,d7,ca,01

R2 gupdate1ca88cf60b876b0;Tjenesten Google Update (gupdate1ca88cf60b876b0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
Indhold af mappen 'Planlagte Opgaver'

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:39]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:39]

2010-08-24 c:\windows\Tasks\Norton Security Scan for Anders.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-19 07:48]

2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{51328AA6-AB21-4BE7-9E7D-F849CA1BF4C6}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: danskebank.dk
Trusted Zone: dr.dk
TCP: {EA8E6B0E-6C04-4D3A-A2AD-24C470DDE077} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 11:38
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

MBAM-log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

25-08-2010 12:48:28
mbam-log-2010-08-25 (12-48-28).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 270155
Tid gået: 59 minut(ter), 47 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)

På forhånd tak :)
Anders Lie
Avatar billede sullep Nybegynder
25. august 2010 - 18:49 #1
Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284


Åbn Notesblok og kopier teksten med fed skrift ind, gem den som CFScript.txt samme sted som Combofix.

Killall::
Snapshot::
File::
c:\windows\~GLC0001.TMP
Folder::
c:\program files\uTorrent
c:\users\Anders\AppData\Roaming\uTorrent
c:\users\Anders\AppData\Roaming\Azureus
Filelook::
c:\windows\System32\90B197C536.sys
Mia::
c:\windows\system32\wininit.exe
Srpeek::
c:\windows\system32\wininit.exe
Restore::
c:\windows\system32\wininit.exe


Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.
Avatar billede Anders_Lie Nybegynder
25. august 2010 - 20:13 #2
Så er det gjort. Det skal siges at jeg afinstallerede alle fildelingsprogrammer da virus'en kom.
Mit internet virker stadig langsomt.

Combfix-log:

ComboFix 10-08-24.0C - Anders 25-08-2010  19:37:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.3062.1900 [GMT 2:00]
Kører fra: c:\users\Anders\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\users\Anders\Desktop\combofix\CFScript.txt.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\~GLC0001.TMP"
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\uTorrent
c:\users\Anders\AppData\Roaming\Azureus
c:\users\Anders\AppData\Roaming\Azureus\.certs
c:\users\Anders\AppData\Roaming\Azureus\.keystore
c:\users\Anders\AppData\Roaming\Azureus\.lock
c:\users\Anders\AppData\Roaming\Azureus\active\2E921EAE6596BBEE285511CA331F8E4CDD9A08A6.dat
c:\users\Anders\AppData\Roaming\Azureus\active\2E921EAE6596BBEE285511CA331F8E4CDD9A08A6.dat.bak
c:\users\Anders\AppData\Roaming\Azureus\active\cache.dat
c:\users\Anders\AppData\Roaming\Azureus\azureus.config
c:\users\Anders\AppData\Roaming\Azureus\azureus.config.bak
c:\users\Anders\AppData\Roaming\Azureus\azureus.statistics
c:\users\Anders\AppData\Roaming\Azureus\azureus.statistics.bak
c:\users\Anders\AppData\Roaming\Azureus\banips.config
c:\users\Anders\AppData\Roaming\Azureus\banips.config.bak
c:\users\Anders\AppData\Roaming\Azureus\devices.config
c:\users\Anders\AppData\Roaming\Azureus\devices.config.bak
c:\users\Anders\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\general.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\version.dat
c:\users\Anders\AppData\Roaming\Azureus\downloads.config
c:\users\Anders\AppData\Roaming\Azureus\downloads.config.bak
c:\users\Anders\AppData\Roaming\Azureus\filters.config
c:\users\Anders\AppData\Roaming\Azureus\ipfilter.cache
c:\users\Anders\AppData\Roaming\Azureus\logs\debug_1.log
c:\users\Anders\AppData\Roaming\Azureus\logs\debug_2.log
c:\users\Anders\AppData\Roaming\Azureus\metasearch.config
c:\users\Anders\AppData\Roaming\Azureus\metasearch.config.bak
c:\users\Anders\AppData\Roaming\Azureus\net\pm_5603.dat
c:\users\Anders\AppData\Roaming\Azureus\net\pm_6785.dat
c:\users\Anders\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.jar
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.zip
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.0.2
c:\users\Anders\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
c:\users\Anders\AppData\Roaming\Azureus\rcm.config
c:\users\Anders\AppData\Roaming\Azureus\rcm.config.bak
c:\users\Anders\AppData\Roaming\Azureus\sidebarauto.config
c:\users\Anders\AppData\Roaming\Azureus\sidebarauto.config.bak
c:\users\Anders\AppData\Roaming\Azureus\subs\0CA501254A05880D39A5.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\151DF88A4BCFE63CC930.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\1BBB966397F44E660A50.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\2266987B15E8D0C3682C.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\3581EC08AE75A905F431.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\41B5BA8E964DADE2D58B.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\444CF4E0A0C1E20CB67C.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\4AC562DF938A934FD9C3.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\59F63F3137ADD26E919F.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\6E02FAF0A7F9C5DEFF7B.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\723EF567A591C3D6FEFF.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\90BC3DD49F302F52E17A.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\9B684245C8D0EA3A3680.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\A467A4E601BA7AF7C487.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\BD293EA13C5D3A8EA4BC.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\C1181DBAB72DD16EB649.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\CE22771EC242C845C71A.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\D4B8F08F30791F2ED969.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\E7802205543398D89EBB.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\EC1EA4CD184D3EC77C1F.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\F07B8AF9D6B5E0604903.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\AA36395F0C99E87D7BD3.vuze
c:\users\Anders\AppData\Roaming\Azureus\subscriptions.config
c:\users\Anders\AppData\Roaming\Azureus\subscriptions.config.bak
c:\users\Anders\AppData\Roaming\Azureus\tables.config
c:\users\Anders\AppData\Roaming\Azureus\tables.config.bak
c:\users\Anders\AppData\Roaming\Azureus\tmp\AZU6281417575236052886.tmp
c:\users\Anders\AppData\Roaming\Azureus\tmp\speedTestTorrent.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\(500)Days_of_Summer.[2009].RETAIL.DVDRIP.XVID.[Eng]-DUQA.5153829.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\AZU1314353998155512781.tmp
c:\users\Anders\AppData\Roaming\Azureus\torrents\AZU48453.tmp
c:\users\Anders\AppData\Roaming\Azureus\torrents\Clinton_Sparks_Presents_Mike_Posner-One_Foot_Out_the_Door-2009-D.5139541.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Complete_Supernatural_Season_4.4910270.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Grown_Ups_2010_DVDSCR-XViD-IMAGiNE.5688934.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Mike_Posner_-_31_Minutes_To_Takeoff_CDRip_[MP3-320][MJN].5735910.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Mike_Posner_-_A_Matter_of_Time_(2009).5630693.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Repo.Men.UNRATED.2010.DVDRip.XviD-Larceny.5680375.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Supernatural_-_Season_2.4156071.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Supernatural_Season_1.5169500.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Supernatural_Season_3.4256547.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\VuzeActivities.config
c:\users\Anders\AppData\Roaming\Azureus\VuzeActivities.config.bak
c:\users\Anders\AppData\Roaming\uTorrent
c:\users\Anders\AppData\Roaming\uTorrent\05-T.I.-Live Your Life _Ft. Rihanna_.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Alors on danse.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Britney Spears - Womanizer [Uncensored][2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Bruno.TS.XviD-Lynks.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Burn.After.Reading[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Coldplay- viva la vida.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Coldplay - Viva La Vida [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Crank.High.Voltage.2009.DVDRip.XviD-BeStDivX.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Crank[2006]DvDrip[Eng]-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\David Guetta - One Love [2009].torrent
c:\users\Anders\AppData\Roaming\uTorrent\dht.dat
c:\users\Anders\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Eagle.Eye[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Enya - A Day Without Rain.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Enya - Only Time.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Guru Josh Project - Infinity 2008 [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Guru Josh Project - Infinity 2008.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Heroes Season 1 Complete-Xvid-MFG.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Heroes Season 2.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Heroes Season 3 Complete [HDTV][XVID].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ice Age 3 Dawn Of The Dinosaurs (2009) DVDRip XviD-MAXSPEED.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Katy Perry - Hot N Cold [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Katy Perry - I Kissed A Girl [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Kid Rock - All Summer Long [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\King Of Leon - Sex On Fire.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Kings Of Leon - Use Somebody.avi.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Kings_Of_Leon-Use_Somebody-(CDS)-2008-WRE.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady GaGa- Poker Face.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady GaGa - Poker Face [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady Gaga ft. Colby O Donis - Just Dance.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady.Gaga.-.Just.Dance.PDTV.XviD-Regenzy.avi.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Maskinen - Alla som inte dansar.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Microsoft Office 2007 Enterprise Edition  [blaze69].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Mirrors[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ne Yo - Miss Independent [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Pineapple.Express[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\resume.dat
c:\users\Anders\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Rihanna - Disturbia [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\rss.dat
c:\users\Anders\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Season 4.torrent
c:\users\Anders\AppData\Roaming\uTorrent\settings.dat
c:\users\Anders\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Seven.Pounds[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Shutter Island (2010) R5 DVDRip XviD-MAXSPEED.1.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Shutter Island (2010) R5 DVDRip XviD-MAXSPEED.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The Hangover (2009) DVDSCR-MAXSPEED.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The Killers - Human.mkv.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The Killers - When You Were Young.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The.Last.House.On.The.Left.UNRATED.DvDRip-FxM.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The.Librarian.The.Curse.Of.The.Judas.Chalice.2008.STV.DVDRip-GAYGAY.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The.Pursuit.Of.Happyness[2006]DvDrip[Eng]-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Timbaland Ft. OneRepublic - Apologize [2007][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ting Tings - Shut Up And Let Me Go [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ting Tings - Thats Not My Name [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Transformers-2 Revenge of the Fallen 2009 English [DivX].torrent
c:\users\Anders\AppData\Roaming\uTorrent\utorrent.lng
c:\users\Anders\AppData\Roaming\uTorrent\Zack.And.Miri.Make.A.Porno.2008.R5.DVDRiP.XViD.torrent
c:\windows\~GLC0001.TMP

Inficeret kopi af c:\windows\system32\wininit.exe blev fundet og desinficeret
Genskabt kopi fra - c:\windows\ERDNT\cache\wininit.exe

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-07-25 til 2010-08-25  )))))))))))))))))))))))))))))))))))
.

2010-08-25 17:44 . 2010-08-25 17:49    --------    d-----w-    c:\users\Anders\AppData\Local\temp
2010-08-25 17:44 . 2010-08-25 17:44    --------    d-----w-    c:\users\Public\AppData\Local\temp
2010-08-25 17:44 . 2010-08-25 17:44    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-08-25 15:06 . 2010-08-25 15:06    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2010-08-25 07:55 . 2010-06-28 20:57    38848    ----a-w-    c:\windows\avastSS.scr
2010-08-25 07:55 . 2010-08-25 07:55    --------    d-----w-    c:\programdata\Alwil Software
2010-08-13 09:59 . 2010-08-13 09:59    --------    d-----w-    C:\found.000
2010-08-09 14:08 . 2010-08-09 14:08    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-08-02 09:03 . 2010-08-06 16:15    --------    d-----w-    c:\program files\StarCraft II
2010-08-01 18:04 . 2010-08-02 07:58    --------    d-----w-    c:\users\Anders\SC2-WingsOfLiberty-enGB-Installer

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 17:22 . 2010-04-08 08:15    --------    d-----w-    c:\program files\Steam
2010-08-25 09:03 . 2010-04-09 12:59    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-08-25 08:59 . 2010-05-26 10:43    --------    d-----w-    c:\program files\Verbix2008
2010-08-25 08:59 . 2010-05-26 10:43    --------    d-----w-    c:\users\Anders\AppData\Roaming\verbix2008
2010-08-25 08:00 . 2009-03-27 11:11    --------    d-----w-    c:\program files\Alwil Software
2010-08-17 08:58 . 2009-02-12 18:59    680    ----a-w-    c:\users\Anders\AppData\Local\d3d9caps.dat
2010-08-15 20:07 . 2009-02-12 18:31    4182    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2010-08-14 13:10 . 2008-04-24 09:31    --------    d-----w-    c:\program files\Microsoft Works
2010-08-14 13:07 . 2008-04-24 09:37    --------    d-----w-    c:\programdata\Microsoft Help
2010-08-14 13:01 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-08-09 14:09 . 2008-04-24 08:53    --------    d-----w-    c:\program files\Common Files\Java
2010-08-09 14:08 . 2008-04-24 08:53    --------    d-----w-    c:\program files\Java
2010-08-07 11:31 . 2010-04-08 08:15    --------    d-----w-    c:\program files\Common Files\Steam
2010-08-06 16:16 . 2010-08-06 16:16    47364    ----a-w-    c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-06 16:13 . 2008-12-25 13:25    --------    d-----w-    c:\program files\Common Files\Blizzard Entertainment
2010-08-02 09:21 . 2009-11-29 13:52    --------    d-----w-    c:\programdata\Blizzard Entertainment
2010-07-26 15:48 . 2008-01-21 05:51    77202    ----a-w-    c:\windows\system32\perfc006.dat
2010-07-26 15:48 . 2008-01-21 05:51    463344    ----a-w-    c:\windows\system32\perfh006.dat
2010-07-24 19:05 . 2010-07-19 13:59    --------    d-----w-    c:\programdata\Symantec
2010-07-19 13:59 . 2010-07-19 13:59    --------    d-----w-    c:\programdata\Norton
2010-07-19 13:59 . 2010-07-19 13:59    --------    d-----w-    c:\program files\Norton Security Scan
2010-07-19 13:59 . 2010-07-19 13:59    --------    d-----w-    c:\programdata\NortonInstaller
2010-07-19 13:59 . 2010-07-19 13:59    --------    d-----w-    c:\program files\NortonInstaller
2010-07-18 12:24 . 2010-07-17 20:06    --------    d-----w-    c:\users\Anders\AppData\Roaming\DivX
2010-07-17 20:08 . 2010-07-17 20:00    --------    d-----w-    c:\programdata\DivX
2010-07-17 20:08 . 2010-07-17 20:08    57344    ----a-w-    c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-17 20:07 . 2010-07-17 20:07    56997    ----a-w-    c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-17 20:07 . 2010-07-17 20:07    56765    ----a-w-    c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-17 20:07 . 2009-12-29 21:39    --------    d-----w-    c:\program files\DivX
2010-07-17 20:07 . 2010-07-17 20:07    57715    ----a-w-    c:\programdata\DivX\Player\Uninstaller.exe
2010-07-17 20:07 . 2010-07-17 20:07    53600    ----a-w-    c:\programdata\DivX\Update\Uninstaller.exe
2010-07-17 20:00 . 2010-07-17 20:07    1062184    ----a-w-    c:\programdata\DivX\Setup\Resource.dll
2010-07-17 20:00 . 2010-07-17 20:07    895256    ----a-w-    c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-28 20:57 . 2009-03-27 11:11    165032    ----a-w-    c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-03-27 11:11    46672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-03-27 11:11    165456    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-03-27 11:11    23376    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-03-27 11:11    50256    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2009-03-27 11:11    17744    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-13 13:54    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 13:54    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-13 13:54    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-13 13:54    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-13 13:54    2037760    ----a-w-    c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-13 13:54    36864    ----a-w-    c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-13 13:54    302080    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-13 13:54    144896    ----a-w-    c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-13 13:54    905088    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-13 13:54    274944    ----a-w-    c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-13 13:54    1248768    ----a-w-    c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-13 13:54    3548040    ----a-w-    c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-13 13:54    3600768    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2010-06-01 09:05 . 2008-12-25 11:57    116616    ----a-w-    c:\users\Anders\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-27 20:08 . 2010-08-13 13:54    81920    ----a-w-    c:\windows\system32\iccvid.dll
2009-02-12 18:31 . 2009-02-12 18:31    8    --sh--r-    c:\windows\System32\90B197C536.sys
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\System32\90B197C536.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 8
Created time: 2009-02-12 18:31
Modified time: 2009-02-12 18:31
MD5: 0641A46F1E58529A42EAD4573A3A0861
SHA1: 2FA91927668FB0B3A4DA32722825E15080CB5C21


((((((((((((((((((((((((((((((((((((((((((  SR_Search  ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-25 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-17 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\Anders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4a,a6,6f,f4,dc,d7,ca,01

R2 gupdate1ca88cf60b876b0;Tjenesten Google Update (gupdate1ca88cf60b876b0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
Indhold af mappen 'Planlagte Opgaver'

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:39]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:39]

2010-08-25 c:\windows\Tasks\Norton Security Scan for Anders.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-19 07:48]

2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{51328AA6-AB21-4BE7-9E7D-F849CA1BF4C6}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: danskebank.dk
Trusted Zone: dr.dk
TCP: {EA8E6B0E-6C04-4D3A-A2AD-24C470DDE077} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 19:49
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2010-08-25  19:57:17 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-08-25 17:57
ComboFix2.txt  2010-08-25 09:47

Pre-Kørsel: 115.447.328.768 byte ledig
Post-Kørsel: 115.438.571.520 byte ledig

- - End Of File - - 6614150F1E5D578FF0BEAF7443734D34
Avatar billede Anders_Lie Nybegynder
25. august 2010 - 20:18 #3
Så er det gjort. Det skal siges at jeg afinstallerede alle fildelingsprogrammer da virus'en kom.
Mit internet virker stadig meget langsomt.

Combfix-log:

ComboFix 10-08-24.0C - Anders 25-08-2010  19:37:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.3062.1900 [GMT 2:00]
Kører fra: c:\users\Anders\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\users\Anders\Desktop\combofix\CFScript.txt.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\~GLC0001.TMP"
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\uTorrent
c:\users\Anders\AppData\Roaming\Azureus
c:\users\Anders\AppData\Roaming\Azureus\.certs
c:\users\Anders\AppData\Roaming\Azureus\.keystore
c:\users\Anders\AppData\Roaming\Azureus\.lock
c:\users\Anders\AppData\Roaming\Azureus\active\2E921EAE6596BBEE285511CA331F8E4CDD9A08A6.dat
c:\users\Anders\AppData\Roaming\Azureus\active\2E921EAE6596BBEE285511CA331F8E4CDD9A08A6.dat.bak
c:\users\Anders\AppData\Roaming\Azureus\active\cache.dat
c:\users\Anders\AppData\Roaming\Azureus\azureus.config
c:\users\Anders\AppData\Roaming\Azureus\azureus.config.bak
c:\users\Anders\AppData\Roaming\Azureus\azureus.statistics
c:\users\Anders\AppData\Roaming\Azureus\azureus.statistics.bak
c:\users\Anders\AppData\Roaming\Azureus\banips.config
c:\users\Anders\AppData\Roaming\Azureus\banips.config.bak
c:\users\Anders\AppData\Roaming\Azureus\devices.config
c:\users\Anders\AppData\Roaming\Azureus\devices.config.bak
c:\users\Anders\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\general.dat
c:\users\Anders\AppData\Roaming\Azureus\dht\version.dat
c:\users\Anders\AppData\Roaming\Azureus\downloads.config
c:\users\Anders\AppData\Roaming\Azureus\downloads.config.bak
c:\users\Anders\AppData\Roaming\Azureus\filters.config
c:\users\Anders\AppData\Roaming\Azureus\ipfilter.cache
c:\users\Anders\AppData\Roaming\Azureus\logs\debug_1.log
c:\users\Anders\AppData\Roaming\Azureus\logs\debug_2.log
c:\users\Anders\AppData\Roaming\Azureus\metasearch.config
c:\users\Anders\AppData\Roaming\Azureus\metasearch.config.bak
c:\users\Anders\AppData\Roaming\Azureus\net\pm_5603.dat
c:\users\Anders\AppData\Roaming\Azureus\net\pm_6785.dat
c:\users\Anders\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.jar
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.zip
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
c:\users\Anders\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.0.2
c:\users\Anders\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
c:\users\Anders\AppData\Roaming\Azureus\rcm.config
c:\users\Anders\AppData\Roaming\Azureus\rcm.config.bak
c:\users\Anders\AppData\Roaming\Azureus\sidebarauto.config
c:\users\Anders\AppData\Roaming\Azureus\sidebarauto.config.bak
c:\users\Anders\AppData\Roaming\Azureus\subs\0CA501254A05880D39A5.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\151DF88A4BCFE63CC930.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\1BBB966397F44E660A50.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\2266987B15E8D0C3682C.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\3581EC08AE75A905F431.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\41B5BA8E964DADE2D58B.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\444CF4E0A0C1E20CB67C.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\4AC562DF938A934FD9C3.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\59F63F3137ADD26E919F.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\6E02FAF0A7F9C5DEFF7B.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\723EF567A591C3D6FEFF.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\90BC3DD49F302F52E17A.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\9B684245C8D0EA3A3680.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\A467A4E601BA7AF7C487.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\BD293EA13C5D3A8EA4BC.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\C1181DBAB72DD16EB649.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\CE22771EC242C845C71A.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\D4B8F08F30791F2ED969.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\E7802205543398D89EBB.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\EC1EA4CD184D3EC77C1F.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\F07B8AF9D6B5E0604903.vuze
c:\users\Anders\AppData\Roaming\Azureus\subs\AA36395F0C99E87D7BD3.vuze
c:\users\Anders\AppData\Roaming\Azureus\subscriptions.config
c:\users\Anders\AppData\Roaming\Azureus\subscriptions.config.bak
c:\users\Anders\AppData\Roaming\Azureus\tables.config
c:\users\Anders\AppData\Roaming\Azureus\tables.config.bak
c:\users\Anders\AppData\Roaming\Azureus\tmp\AZU6281417575236052886.tmp
c:\users\Anders\AppData\Roaming\Azureus\tmp\speedTestTorrent.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\(500)Days_of_Summer.[2009].RETAIL.DVDRIP.XVID.[Eng]-DUQA.5153829.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\AZU1314353998155512781.tmp
c:\users\Anders\AppData\Roaming\Azureus\torrents\AZU48453.tmp
c:\users\Anders\AppData\Roaming\Azureus\torrents\Clinton_Sparks_Presents_Mike_Posner-One_Foot_Out_the_Door-2009-D.5139541.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Complete_Supernatural_Season_4.4910270.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Grown_Ups_2010_DVDSCR-XViD-IMAGiNE.5688934.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Mike_Posner_-_31_Minutes_To_Takeoff_CDRip_[MP3-320][MJN].5735910.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Mike_Posner_-_A_Matter_of_Time_(2009).5630693.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Repo.Men.UNRATED.2010.DVDRip.XviD-Larceny.5680375.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Supernatural_-_Season_2.4156071.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Supernatural_Season_1.5169500.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\torrents\Supernatural_Season_3.4256547.TPB.torrent
c:\users\Anders\AppData\Roaming\Azureus\VuzeActivities.config
c:\users\Anders\AppData\Roaming\Azureus\VuzeActivities.config.bak
c:\users\Anders\AppData\Roaming\uTorrent
c:\users\Anders\AppData\Roaming\uTorrent\05-T.I.-Live Your Life _Ft. Rihanna_.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Alors on danse.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Britney Spears - Womanizer [Uncensored][2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Bruno.TS.XviD-Lynks.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Burn.After.Reading[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Coldplay- viva la vida.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Coldplay - Viva La Vida [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Crank.High.Voltage.2009.DVDRip.XviD-BeStDivX.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Crank[2006]DvDrip[Eng]-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\David Guetta - One Love [2009].torrent
c:\users\Anders\AppData\Roaming\uTorrent\dht.dat
c:\users\Anders\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Eagle.Eye[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Enya - A Day Without Rain.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Enya - Only Time.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Guru Josh Project - Infinity 2008 [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Guru Josh Project - Infinity 2008.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Heroes Season 1 Complete-Xvid-MFG.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Heroes Season 2.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Heroes Season 3 Complete [HDTV][XVID].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ice Age 3 Dawn Of The Dinosaurs (2009) DVDRip XviD-MAXSPEED.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Katy Perry - Hot N Cold [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Katy Perry - I Kissed A Girl [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Kid Rock - All Summer Long [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\King Of Leon - Sex On Fire.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Kings Of Leon - Use Somebody.avi.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Kings_Of_Leon-Use_Somebody-(CDS)-2008-WRE.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady GaGa- Poker Face.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady GaGa - Poker Face [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady Gaga ft. Colby O Donis - Just Dance.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Lady.Gaga.-.Just.Dance.PDTV.XviD-Regenzy.avi.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Maskinen - Alla som inte dansar.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Microsoft Office 2007 Enterprise Edition  [blaze69].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Mirrors[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ne Yo - Miss Independent [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Pineapple.Express[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\resume.dat
c:\users\Anders\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Rihanna - Disturbia [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\rss.dat
c:\users\Anders\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Season 4.torrent
c:\users\Anders\AppData\Roaming\uTorrent\settings.dat
c:\users\Anders\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Anders\AppData\Roaming\uTorrent\Seven.Pounds[2008]DvDrip-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Shutter Island (2010) R5 DVDRip XviD-MAXSPEED.1.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Shutter Island (2010) R5 DVDRip XviD-MAXSPEED.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The Hangover (2009) DVDSCR-MAXSPEED.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The Killers - Human.mkv.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The Killers - When You Were Young.mp3.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The.Last.House.On.The.Left.UNRATED.DvDRip-FxM.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The.Librarian.The.Curse.Of.The.Judas.Chalice.2008.STV.DVDRip-GAYGAY.torrent
c:\users\Anders\AppData\Roaming\uTorrent\The.Pursuit.Of.Happyness[2006]DvDrip[Eng]-aXXo.torrent
c:\users\Anders\AppData\Roaming\uTorrent\Timbaland Ft. OneRepublic - Apologize [2007][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ting Tings - Shut Up And Let Me Go [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Ting Tings - Thats Not My Name [2008][SkidVid_XviD].torrent
c:\users\Anders\AppData\Roaming\uTorrent\Transformers-2 Revenge of the Fallen 2009 English [DivX].torrent
c:\users\Anders\AppData\Roaming\uTorrent\utorrent.lng
c:\users\Anders\AppData\Roaming\uTorrent\Zack.And.Miri.Make.A.Porno.2008.R5.DVDRiP.XViD.torrent
c:\windows\~GLC0001.TMP

Inficeret kopi af c:\windows\system32\wininit.exe blev fundet og desinficeret
Genskabt kopi fra - c:\windows\ERDNT\cache\wininit.exe

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-07-25 til 2010-08-25  )))))))))))))))))))))))))))))))))))
.

2010-08-25 17:44 . 2010-08-25 17:49    --------    d-----w-    c:\users\Anders\AppData\Local\temp
2010-08-25 17:44 . 2010-08-25 17:44    --------    d-----w-    c:\users\Public\AppData\Local\temp
2010-08-25 17:44 . 2010-08-25 17:44    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-08-25 15:06 . 2010-08-25 15:06    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2010-08-25 07:55 . 2010-06-28 20:57    38848    ----a-w-    c:\windows\avastSS.scr
2010-08-25 07:55 . 2010-08-25 07:55    --------    d-----w-    c:\programdata\Alwil Software
2010-08-13 09:59 . 2010-08-13 09:59    --------    d-----w-    C:\found.000
2010-08-09 14:08 . 2010-08-09 14:08    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-08-02 09:03 . 2010-08-06 16:15    --------    d-----w-    c:\program files\StarCraft II
2010-08-01 18:04 . 2010-08-02 07:58    --------    d-----w-    c:\users\Anders\SC2-WingsOfLiberty-enGB-Installer

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 17:22 . 2010-04-08 08:15    --------    d-----w-    c:\program files\Steam
2010-08-25 09:03 . 2010-04-09 12:59    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-08-25 08:59 . 2010-05-26 10:43    --------    d-----w-    c:\program files\Verbix2008
2010-08-25 08:59 . 2010-05-26 10:43    --------    d-----w-    c:\users\Anders\AppData\Roaming\verbix2008
2010-08-25 08:00 . 2009-03-27 11:11    --------    d-----w-    c:\program files\Alwil Software
2010-08-17 08:58 . 2009-02-12 18:59    680    ----a-w-    c:\users\Anders\AppData\Local\d3d9caps.dat
2010-08-15 20:07 . 2009-02-12 18:31    4182    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2010-08-14 13:10 . 2008-04-24 09:31    --------    d-----w-    c:\program files\Microsoft Works
2010-08-14 13:07 . 2008-04-24 09:37    --------    d-----w-    c:\programdata\Microsoft Help
2010-08-14 13:01 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-08-09 14:09 . 2008-04-24 08:53    --------    d-----w-    c:\program files\Common Files\Java
2010-08-09 14:08 . 2008-04-24 08:53    --------    d-----w-    c:\program files\Java
2010-08-07 11:31 . 2010-04-08 08:15    --------    d-----w-    c:\program files\Common Files\Steam
2010-08-06 16:16 . 2010-08-06 16:16    47364    ----a-w-    c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-06 16:13 . 2008-12-25 13:25    --------    d-----w-    c:\program files\Common Files\Blizzard Entertainment
2010-08-02 09:21 . 2009-11-29 13:52    --------    d-----w-    c:\programdata\Blizzard Entertainment
2010-07-26 15:48 . 2008-01-21 05:51    77202    ----a-w-    c:\windows\system32\perfc006.dat
2010-07-26 15:48 . 2008-01-21 05:51    463344    ----a-w-    c:\windows\system32\perfh006.dat
2010-07-24 19:05 . 2010-07-19 13:59    --------    d-----w-    c:\programdata\Symantec
2010-07-19 13:59 . 2010-07-19 13:59    --------    d-----w-    c:\programdata\Norton
2010-07-19 13:59 . 2010-07-19 13:59    --------    d-----w-    c:\program files\Norton Security Scan
2010-07-19 13:59 . 2010-07-19 13:59    --------    d-----w-    c:\programdata\NortonInstaller
2010-07-19 13:59 . 2010-07-19 13:59    --------    d-----w-    c:\program files\NortonInstaller
2010-07-18 12:24 . 2010-07-17 20:06    --------    d-----w-    c:\users\Anders\AppData\Roaming\DivX
2010-07-17 20:08 . 2010-07-17 20:00    --------    d-----w-    c:\programdata\DivX
2010-07-17 20:08 . 2010-07-17 20:08    57344    ----a-w-    c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-17 20:07 . 2010-07-17 20:07    56997    ----a-w-    c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-17 20:07 . 2010-07-17 20:07    56765    ----a-w-    c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-17 20:07 . 2009-12-29 21:39    --------    d-----w-    c:\program files\DivX
2010-07-17 20:07 . 2010-07-17 20:07    57715    ----a-w-    c:\programdata\DivX\Player\Uninstaller.exe
2010-07-17 20:07 . 2010-07-17 20:07    53600    ----a-w-    c:\programdata\DivX\Update\Uninstaller.exe
2010-07-17 20:00 . 2010-07-17 20:07    1062184    ----a-w-    c:\programdata\DivX\Setup\Resource.dll
2010-07-17 20:00 . 2010-07-17 20:07    895256    ----a-w-    c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-28 20:57 . 2009-03-27 11:11    165032    ----a-w-    c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-03-27 11:11    46672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-03-27 11:11    165456    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-03-27 11:11    23376    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-03-27 11:11    50256    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2009-03-27 11:11    17744    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-13 13:54    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 13:54    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-13 13:54    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-13 13:54    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-13 13:54    2037760    ----a-w-    c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-13 13:54    36864    ----a-w-    c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-13 13:54    302080    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-13 13:54    144896    ----a-w-    c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-13 13:54    905088    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-13 13:54    274944    ----a-w-    c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-13 13:54    1248768    ----a-w-    c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-13 13:54    3548040    ----a-w-    c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-13 13:54    3600768    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2010-06-01 09:05 . 2008-12-25 11:57    116616    ----a-w-    c:\users\Anders\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-27 20:08 . 2010-08-13 13:54    81920    ----a-w-    c:\windows\system32\iccvid.dll
2009-02-12 18:31 . 2009-02-12 18:31    8    --sh--r-    c:\windows\System32\90B197C536.sys
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\System32\90B197C536.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 8
Created time: 2009-02-12 18:31
Modified time: 2009-02-12 18:31
MD5: 0641A46F1E58529A42EAD4573A3A0861
SHA1: 2FA91927668FB0B3A4DA32722825E15080CB5C21


((((((((((((((((((((((((((((((((((((((((((  SR_Search  ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-25 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-17 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\Anders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4a,a6,6f,f4,dc,d7,ca,01

R2 gupdate1ca88cf60b876b0;Tjenesten Google Update (gupdate1ca88cf60b876b0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
Indhold af mappen 'Planlagte Opgaver'

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:39]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:39]

2010-08-25 c:\windows\Tasks\Norton Security Scan for Anders.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-19 07:48]

2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{51328AA6-AB21-4BE7-9E7D-F849CA1BF4C6}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: danskebank.dk
Trusted Zone: dr.dk
TCP: {EA8E6B0E-6C04-4D3A-A2AD-24C470DDE077} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 19:49
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2010-08-25  19:57:17 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-08-25 17:57
ComboFix2.txt  2010-08-25 09:47

Pre-Kørsel: 115.447.328.768 byte ledig
Post-Kørsel: 115.438.571.520 byte ledig

- - End Of File - - 6614150F1E5D578FF0BEAF7443734D34
Avatar billede sullep Nybegynder
26. august 2010 - 10:44 #4
Vista bruger skal klikke med højre-musetast på HijackThis - vælg "Kør som administrator"
Kør Hijackthis, på menuen der kommer op, klikker du på: Do a system scan only.
Scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab


Skriv I Søg/Kør services.msc find de tjenester herunder >

Bonjour Service
Apple Mobile Device - Apple Inc
gusvc
iPod Service
ProtexisLicensing

Klik med højre Musetast på dem > Egenskaber > Ret "Starttype" til "Manuelt" > Anvend > OK.


Skriv i Søg/Kør msconfig > Fanen "Start" > Fjern flueben ved denne >

Google Desktop Search  > Anvend > OK.


Find denne fil med fed skrift > c:\windows\System32\90B197C536.sys

Omdøb den til dette > 90B197C536.old


Brug dette link til at fjerne rester af norton.

http://pctricks.dk/fjern-norton-antivirus-nu-55.html

Download filen til din pc og kør den, følg vejledningen.



Hent CCleaner her:
http://www.filehippo.com/download_ccleaner/

Installer CCleaner, husk at fjern fluebenet udfor Yahoo Toolbar - ingen grund til at få det skrammel på.

Start > Fjern fluebenet ved cookies.

Klik på kør Cleaner og lad den fjerne hvad den finder.  Kør et par gange eller til der ikke er mere og komme efter.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.  Kør et par gange, eller til der ikke er mere og komme efter.
Klik på OK, klik på Luk når den er færdig.
Genstart.


hent Security Check af screen317
http://screen317.spywareinfoforum.org/SecurityCheck.exe
Start den og følg instruktionerne.
Kopier loggen herind.


Hvordan kører din pc nu?
Avatar billede Anders_Lie Nybegynder
26. august 2010 - 15:08 #5
Må indrømme at jeg stadig synes at den kører langsomt, især internnet, er der andet jeg kan gøre?
Hvad med virus'en? Er den fjernet?

Her er Security Check-log'en:

Results of screen317's Security Check version 0.99.5 
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus   
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware   
HijackThis 2.0.2   
TuneUp Companion 1.6.9 
CCleaner   
Java(TM) 6 Update 21 
Java(TM) 6 Update 5 
Out of date Java installed!
Adobe Flash Player 10.0.45.2 
Adobe Reader 8.1.2 - Dansk
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe 
Alwil Software Avast5 AvastSvc.exe 
Alwil Software Avast5 AvastUI.exe 
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
Avatar billede sullep Nybegynder
26. august 2010 - 17:30 #6
Prøv og gå ind på denne test side - den vil kunne fortælle dig om det er den nyeste software du har installeret, og er det ikke tilfældet via link kunne sende dig til de sider hvor du kan hente opdateringerne

http://kundeservice.tdc.dk/testcenter/

Du  skal også opdater din "Adobe Reader" > Åbn "Adobe Reader" > Fanen "Hjælp" > "Kontroller for opdateringer"


Dine logs er rene


Klik på START derefter Kør
Skriv/kopier: Combofix /Uninstall i boxen, og klik OK.

Bemærk mellemrum mellem X og /U, det skal være der.

Ovennævnte procedure vil:
Slette følgende:
ComboFix og tilhørende filer og mapper. 
Nulstille uret indstillinger.
Skjul filtypenavne, hvis det kræves.
Skjule System / Skjulte filer, hvis det kræves.


Du kan lige rydde op i systemgendannelsen, læs her hvordan.
Deaktiver systemgendannelsen - genstart og aktiver den igen.
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=4&PN=1

God fornøjelse
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 00:19 EEPROM reparation Af akse0435 i Andet hardware
I går 10:49 Blaupunkt 32 / 1330 : Formatere USB ? Af Ikke-ekspert i Fjernsyn & projektorer
30/0519:14 Acer Af buls i PC
30/0517:06 Lyd fra Vandkøling Af Hansen96 i PC
30/0516:01 Epson ET-2860 Af Hans Christian i Printere
White papers
Flere white papers »


Premium
Teaser billede
Microsoft og efterretningstjenester afslører årelang russisk hacker-kampagne: Gik efter disse sektorer
Læs mere »
Microsoft-opdatering fejler: Nogle Windows 11-maskiner ryger i gendannelsestilstand
SAP har gennemført markante ændringer i sine processer: Sådan har nye værktøjer effektiviseret arbejdsgangene
Her er Per Koguts nye liv efter 14 år som topchef i NNIT: "Jeg føler, at jeg er født på ny"
Se alle »
Computerworld
Teaser billede
Facebook og Instagram vil anvende dine fotos og opslag til træning af AI: I dag er sidste frist for at sige fra - sådan gør du
Læs mere »
Ny stor aftale slår fast: De danske kommuner skal samle deres it-drift
Facebook og Instagram vil igen anvende dine opslag og kommentarer til at træne AI-modeller: Sådan kan du undgå det
Test af GPS-robotplæneklipper: Den kabelfri teknologi er tæt på topkarakter
Se alle »
CIO
Teaser billede
It-omkostninger steget med 160 procent på fire år: Nu trækker styrelse i nødbremsen - vil forny sin it-arkitektur fra bunden
Læs mere »
Her er Per Koguts nye liv efter 14 år som topchef i NNIT: "Jeg føler, at jeg er født på ny"
Her er de tre vigtigste årsager til, at it-ansatte forlader deres job
Nomineret til Årets CIO 2025: Heldigvis havde Carina Harders taget laptoppen med: Cyberangrebet ramte, da hun sad i en finsk hytte
Se alle »
Job & Karriere
Teaser billede
Fungerede ikke: Dropper AI som erstatning for kundeservice-medarbejdere - har nu brug for nye folk
Læs mere »
NNIT har fyret 100 medarbejdere - nedjusterer markant
It-chef og halv it-afdeling fyret i forsikringsselskab på grund af kommentar om potteplante
Har fælles fortid i Devoteam: Nu etablerer disse fire tunge it-profiler nyt dansk konsulenthus - ser et hul i markedet
Se alle »
White paper
Teaser billede
Cybersikkerhed 2025: Er din branche blandt de mest udsatte?
Læs mere »
Undgå at printeren bliver svageste led i sikkerheden
Udnyt Genesys Cloud CX optimalt og styrk kundeoplevelsen
IT i front: Sådan bliver netværk en strategisk driver
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »