Connection problemer

**rocker9455** · #1 5. november 2008, 12:37

Hej,
Jeg fik at vide for at skrive en kapre denne logfile ved serverguy fra dette indlæg:
http://www.computer-juice.com/forums...998/ # post90830

Her er det:
Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 19:36:22 den 05/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Kan ikke hente Internet Explorer version!
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programmer \ Bonjour \ mDNSResponder.exe
C: \ Programmer \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
C: \ Programmer \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ ESET \ ESET NOD32 Antivirus \ egui.exe
C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe
C: \ Programmer \ PeerGuardian2 \ pg2.exe
C: \ Programmer \ POP Peeper \ POPPeeper.exe
C: \ Programmer \ uTorrent \ utorrent.exe
C: \ Programmer \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe
C: \ Programmer \ filehippo.com \ UpdateChecker.exe
C: \ Programmer \ SlySoft \ AnyDVD \ AnyDVDtray.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Programmer \ CalcFire \ CalcFire.exe
C: \ Programmer \ FreshIP \ FreshIP.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ Programmer \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ Programmer \ Trend Micro \ HijackThis \ Sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: Click-to-Call BHO - (5C255C8A-E604-49b4-9D64-90988571CECB) - C: \ Programmer \ Windows Live \ Messenger \ wlchtc.dll
O2 - BHO: Java (tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programmer \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Programmer \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Programmer \ Java \ jre6 \ lib \ indsætte \ jqs \ dvs \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [egui] "C: \ Programmer \ ESET \ ESET NOD32 Antivirus \ egui.exe" / skjul / waitservice
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [PeerGuardian] C: \ Programmer \ PeerGuardian2 \ pg2.exe
O4 - HKCU \ .. \ Run: [POP Peeper] "C: \ Programmer \ POP Peeper \ POPPeeper.exe"-min
O4 - HKCU \ .. \ Run: [μTorrent] "C: \ Programmer \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [uTorrent] "C: \ Programmer \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Programmer \ Windows Live \ Messenger \ msnmsgr.exe" / baggrund
O4 - HKCU \ .. \ Run: [Google Update] "C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" / c
O4 - HKCU \ .. \ Run: [filehippo.com] "C: \ Programmer \ filehippo.com \ UpdateChecker.exe" / baggrund
O4 - HKCU \ .. \ Run: [AnyDVD] C: \ Programmer \ SlySoft \ AnyDVD \ AnyDVDtray.exe
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_3] rundll32 Advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'Default user')
O4 - Startup: CalcFire.lnk = C: \ Programmer \ CalcFire \ CalcFire.exe
O4 - Startup: FreshIP.lnk = C: \ Programmer \ FreshIP \ FreshIP.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Restriktioner stede
O6 - HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Restriktioner stede
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 1 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programmer \ Bonjour \ mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C: \ Programmer \ ESET \ ESET NOD32 Antivirus \ EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C: \ Programmer \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programmer \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe

--
End of file - 5869 bytes

**evilfantasy** · #2 5 november 2008, 15:27

Downloade Malwarebytes' Anti-Malware (MBAM)

Dobbeltklik på mbam-setup.exe og følg instruktionerne for at installere programmet.
Ved udgangen, skal du sørge for en hak er placeret ud for følgende:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Klik derefter på Udfør.
Hvis en opdatering er fundet, vil det at hente og installere den nyeste version.
Når programmet er indlæst, skal du vælge Udføre hurtig scanningKlik derefter på Scan.
Når scanningen er færdig, skal du klikke på OK, Derefter Vis resultater at se resultaterne.
Vær sikker på at alt er markeret, og klik Fjern markering.
Når desinfektionen er afsluttet, en log vil åbne i Notesblok, og du kan blive bedt om at genstarte. (Se Ekstra note)
Logfilen gemmes automatisk ved MBAM og kan ses ved at klikke på Logs fane i MBAM.
Kopier og indsæt hele rapport i dit næste svar.

Ekstra Bemærk: Hvis MBAM støder på en fil, der er vanskelige at fjerne, vil du blive præsenteret med 1 af 2 prompter, klik på OK for at enten og lad MBAM fortsætte med desinfektion processen, hvis bedt om at genstarte computeren, skal du gøre det straks.

**rocker9455** · #3 6 november 2008, 01:01

Malwarebytes' Anti-Malware 1.30
Database version: 1368
Windows 5.1.2600 Service Pack 2

06/11/2008 07:44:27
mbam-log-2008-11-06 (07-44-27). txt

Scan type: Quick Scan
Objekter skannet: 43086
Tidsforbrug: 3 minut (s), 25 sekund (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registreringsdatabasenøgler Inficerede: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(Nr. ondsindede elementer opdaget)

Memory Modules Infected:
(Nr. ondsindede elementer opdaget)

Registreringsdatabasenøgler Inficerede:
(Nr. ondsindede elementer opdaget)

Registry Values Infected:
(Nr. ondsindede elementer opdaget)

Registry Data Items Infected:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> karantæne og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> karantæne og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> karantæne og slettet.

Folders Infected:
(Nr. ondsindede elementer opdaget)

Files Infected:
C: \ WINDOWS \ run32.sys (Trojan.Agent) -> karantæne og slettet.

**evilfantasy** · #4 6 november 2008, 09:35

Download ComboFix ved Subs fra et af nedenstående links. Vær sikker på toppen gemme den til Desktop.

Link # 1
Link # 2

** Note: Det er vigtigt, at den er gemt direkte til dit skrivebord

Luk alle åbne Internet-browsere. (Firefox, Internet Explorer, osv.), før du begynder ComboFix.

Midlertidigt deaktivere din antivirus, Og enhver antispyware realtid beskyttelse før udførelse af en scanning. Klik på dette link at se en liste over sikkerhedsprogrammer, der skal være slået fra, og hvordan du deaktivere dem.

Dobbeltklik combofix.exe & følg instruktionerne.

For Windows XP Systems installere genoprettelseskonsollen:

- Hvis du bruger Windows XP og ikke allerede har Genoprettelseskonsol installeret, skal du sikre, at din internetforbindelse er aktiv (hvis muligt) og klik Ja.
- Hvis der af en eller anden grund din internetudbyder ikke fungerer klik Nej.
-- Hvis du ikke bruger Windows XP, vil du ikke blive bedt.
- Når du bliver bedt om at acceptere slutbrugerlicensaftalen klik OK.
- Accepter Microsofts EULA (Klik Ja).
- Når du får at vide, at de RC er installeret korrekt klik JA at fortsætte med at scanne for malware.

Når du er færdig ComboFix vil udarbejde en log for dig.
Post den ComboFix log og en ny HijackThis log i dit næste svar.

Vigtigt: Må ikke mouseclick ComboFix vindue mens den kører. Det kan få det til at stå.

Husk at genaktivere dine antivirus-og antispyware beskyttelse, når ComboFix er færdig.

**rocker9455** · #5 6 november 2008, 10:56

ComboFix 08-11-05.02 - Administrator 2008-11-06 17:52:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.607 [GMT 0:00]
Kører fra: c: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
.

((((((((((((((((((((((((( Files Created fra 2008-10-06 til 2008-11-06 ))))))))))) ))))))))))))))))))))
.

2008-11-06 07:59. 2008-11-06 07:59 236 - a ------ C: \ sqmdata02.sqm
2008-11-06 07:59. 2008-11-06 07:59 200 - a ------ C: \ sqmnoopt02.sqm
2008-11-06 07:39. 2008-11-06 07:39 236 - a ------ C: \ sqmdata01.sqm
2008-11-06 07:39. 2008-11-06 07:39 200 - a ------ C: \ sqmnoopt01.sqm
2008-11-05 22:36. 2008-11-05 22:36 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-11-05 22:35. 2008-11-05 22:35 <DIR> d -------- C: \ Programmer \ Malwarebytes' Anti-Malware
2008-11-05 22:35. 2008-11-05 22:35 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-11-05 22:35. 2008-10-22 16:10 38.496 - a ------ C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys
2008-11-05 22:35. 2008-10-22 16:10 15.504 - a ------ C: \ Windows \ system32 \ drivers \ mbam.sys
2008-11-05 19:35. 2008-11-05 19:35 <DIR> d -------- C: \ Programmer \ Trend Micro
2008-11-04 22:07. 2008-11-04 22:07 <DIR> d -------- C: \ Programmer \ Cabos
2008-11-04 22:07. 2008-11-04 22:07 <DIR> d -------- C: \ Documents and Settings \ Administrator \ delt
2008-11-04 22:07. 2008-11-04 22:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Cabos
2008-11-04 17:50. 2008-11-04 17:50 <DIR> d -------- C: \ CloneDVDTemp
2008-11-04 17:49. 2008-11-04 17:49 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Udarbejde Bytes
2008-11-04 17:37. 2008-11-04 17:37 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SlySoft
2008-11-04 17:33. 2008-11-04 17:33 <DIR> d -------- C: \ Programmer \ Udarbejde Bytes
2008-11-04 17:31. 2008-11-04 17:31 <DIR> d -------- C: \ Programmer \ SlySoft
2008-11-03 17:05. 2008-11-03 17:05 2.560 - a ------ C: \ Windows \ _MSRSTRT.EXE
2008-11-03 17:05. 2008-11-03 17:05 236 - a ------ C: \ sqmdata00.sqm
2008-11-03 17:05. 2008-11-03 17:05 200 - a ------ C: \ sqmnoopt00.sqm
2008-11-03 17:04. 2008-11-03 17:05 <DIR> d -------- C: \ Programmer \ Your Uninstaller 2008
2008-11-03 17:04. 2008-11-03 17:05 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-11-03 17:04. 2008-11-03 17:04 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ URSoft
2008-11-03 17:01. 2008-11-03 17:09 158 - a ------ C: \ Windows \ nurtab.bat
2008-11-03 07:53. 2008-11-03 07:53 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ ImgBurn
2008-11-03 07:50. 2008-11-03 07:50 0 --------- C: \ Windows \ WB.ini
2008-11-02 13:19. 2008-11-02 13:36 64 - a ------ C: \ Windows \ prio.ini
2008-11-01 22:23. 2008-11-01 22:23 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ VLC
2008-11-01 18:49. 2008-11-01 18:49 410.976 - a ------ C: \ Windows \ system32 \ deploytk.dll
2008-11-01 11:04. 2008-11-06 07:46 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Tracing
2008-11-01 11:00. 2008-11-01 11:03 <DIR> d -------- C: \ Programmer \ Mozilla Firefox 3.1 Beta 1
2008-11-01 10:59. 2008-11-01 10:59 <DIR> d -------- C: \ Program Files \ Microsoft
2008-11-01 10:57. 2008-11-01 10:58 <DIR> d -------- C: \ Programmer \ Windows Live
2008-11-01 10:54. 2008-11-01 10:54 <DIR> d -------- C: \ Programmer \ filehippo.com
2008-11-01 10:51. 2008-11-01 10:51 <DIR> d -------- C: \ Program Files \ Common Files \ Windows Live
2008-10-31 13:40. 2008-11-04 21:34 <DIR> d -------- C: \ Programmer \ DupeEliminator
2008-10-31 10:32. 2008-10-31 10:32 <DIR> d -------- C: \ Programmer \ Foxit Software
2008-10-30 23:21. 2008-10-30 23:21 <DIR> d -------- C: \ Windows \ søndag
2008-10-30 22:55. 2008-10-30 23:00 <DIR> d -------- C: \ Programmer \ Gratis Musik Zilla
2008-10-30 22:55. 2008-10-30 22:59 <DIR> d -------- C: \ downloads
2008-10-30 22:55. 2008-10-30 22:55 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ FMZilla
2008-10-30 22:38. 2008-10-31 22:55 <DIR> d -------- C: \ DVDVideoSoft
2008-10-30 21:03. 2008-10-30 21:03 <DIR> d -------- C: \ Programmer \ Belkin
2008-10-30 21:03. 2005-10-03 09:49 204.800 - a ------ C: \ Windows \ system32 \ UploadDLL.dll
2008-10-30 21:03. 2005-11-20 04:31 192.512 - a ------ C: \ Windows \ system32 \ blkwcd.dll
2008-10-30 21:03. 2005-10-03 09:50 167.936 - a ------ C: \ Windows \ system32 \ BelkinwcuiDLL.dll
2008-10-30 21:03. 2005-10-03 09:50 101.888 - a ------ C: \ Windows \ system32 \ CrashRpt.dll
2008-10-30 21:03. 2005-10-03 09:49 81.920 - a ------ C: \ Windows \ system32 \ brdcm2k.dll
2008-10-30 21:03. 2005-10-03 09:49 61.440 - a ------ C: \ Windows \ system32 \ BelkinHWStatus.dll
2008-10-30 21:03. 2004-10-29 12:09 53.248 - a ------ C: \ Windows \ system32 \ preflib.dll
2008-10-30 20:23. 2008-10-30 20:23 20.747 - a ------ C: \ Windows \ system32 \ drivers \ AegisP.sys
2008-10-30 20:23. 2003-07-24 12:10 17.149 - a ------ C: \ Windows \ system32 \ DNINDIS5.SYS
2008-10-30 20:21. 2008-10-30 20:21 <DIR> d -------- C: \ Programmer \ DVDVideoSoft
2008-10-30 20:21. 2008-10-30 20:22 <DIR> d -------- C: \ Program Files \ Common Files \ DVDVideoSoft
2008-10-30 20:21. 2002-01-05 14:37 344.064 - a ------ C: \ Windows \ system32 \ msvcr70.dll
2008-10-30 11:23. 2008-10-30 11:23 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ vsosdk
2008-10-30 09:53. 2008-11-02 16:08 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ VSO
2008-10-30 09:53. 2008-10-30 09:53 47.360 - a ------ C: \ Windows \ system32 \ drivers \ pcouffin.sys
2008-10-30 09:53. 2008-10-30 09:53 47.360 - a ------ c: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
2008-10-30 09:52. 2008-10-30 09:52 <DIR> d -------- C: \ Programmer \ VSO
2008-10-30 09:52. 2004-05-04 12:53 1.645.320 - a ------ C: \ Windows \ Gdiplus.dll
2008-10-30 09:52. 2006-05-20 17:16 1,184,984 - a ------ C: \ Windows \ system32 \ wvc1dmod.dll
2008-10-30 09:52. 2006-05-11 20:21 626,688 - a ------ C: \ Windows \ system32 \ vp7vfw.dll
2008-10-30 09:52. 2006-09-29 13:24 217.127 - a ------ C: \ Windows \ system32 \ drv43260.dll
2008-10-30 09:52. 2006-09-29 13:25 208,935 - a ------ C: \ Windows \ system32 \ drv33260.dll
2008-10-30 09:52. 2006-09-29 13:26 176.165 - a ------ C: \ Windows \ system32 \ drv23260.dll
2008-10-30 09:52. 2007-03-18 21:37 65,602 - a ------ C: \ Windows \ system32 \ cook3260.dll
2008-10-29 14:11. 2008-10-29 15:48 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ dvdcss
2008-10-29 13:17. 2008-10-29 13:17 376 - a ------ C: \ Windows \ ODBC.INI
2008-10-29 13:16. 2003-06-18 17:31 17,920 - a ------ C: \ Windows \ system32 \ mdimon.dll
2008-10-29 13:13. 2008-10-29 13:13 <DIR> d -------- C: \ Program Files \ Microsoft ActiveSync
2008-10-29 13:10. 2008-10-29 13:10 <DIR> d -------- C: \ Windows \ SHELLNEW
2008-10-29 13:10. 2008-10-29 13:10 <DIR> d -------- C: \ Programmer \ Microsoft.NET
2008-10-29 13:08. 2008-10-29 13:08 <DIR> dr-h ----- C: \ MSOCache
2008-10-29 11:53. 2008-10-29 11:53 12.670 - a ------ C: \ Windows \ system32 \ LexFiles.ulf
2008-10-29 11:52. 2008-10-30 09:38 <DIR> d -------- C: \ Temp \ (9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15)
2008-10-29 11:52. 2008-10-29 11:53 <DIR> d -------- C: \ Programmer \ Lexmark 730 Series
2008-10-29 11:17. 2008-10-31 13:03 <DIR> d -------- C: \ Programmer \ Håndbremselås
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- C: \ Programmer \ FreshIP
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- C: \ Programmer \ Ejector
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- C: \ Programmer \ CalcFire
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Windows \ SIS
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Programmer \ sisagp
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Programmer \ SiS VGA Utilities V3.81
2008-10-29 09:26. 2008-10-30 21:03 <DIR> d - h ----- C: \ Programmer \ InstallShield Installation Information
2008-10-29 09:26. 2008-10-30 21:03 <DIR> d -------- C: \ Program Files \ Common Files \ InstallShield
2008-10-29 09:26. 2007-06-25 16:45 262.144 - a ------ C: \ Windows \ system32 \ sistray.exe
2008-10-29 09:26. 2006-04-12 19:35 208,896 - a ------ C: \ Windows \ Progress.exe
2008-10-29 09:26. 2007-06-25 16:44 135,168 --------- C: \ Windows \ system32 \ SiSApCom.dll
2008-10-29 09:26. 2007-06-25 16:46 110,592 --------- C: \ Windows \ system32 \ TVMode.dll
2008-10-29 09:26. 2007-06-29 21:04 92.761 - a ------ C: \ Windows \ VGAsetup.ini
2008-10-29 09:26. 2008-10-29 09:26 78.664 - a ------ C: \ Windows \ system32 \ VGAunistlog.ini
2008-10-29 09:26. 2007-06-25 16:46 65.536 --------- C: \ Windows \ system32 \ SiSHook.dll
2008-10-29 09:25. 2007-06-25 16:46 9728 - a ------ C: \ Windows \ system32 \ SiSPIns2.dll
2008-10-28 20:06. 2004-08-03 22:58 5504 - a ------ C: \ Windows \ system32 \ drivers \ MSTEE.sys
2008-10-28 20:05. 2004-08-03 23:10 85,376 - a ------ C: \ Windows \ system32 \ drivers \ NABTSFEC.sys
2008-10-28 20:05. 2004-08-03 23:10 19,328 - a ------ C: \ Windows \ system32 \ drivers \ WSTCODEC.SYS
2008-10-28 20:05. 2004-08-03 23:10 17,024 - a ------ C: \ Windows \ system32 \ drivers \ CCDECODE.sys
2008-10-28 20:05. 2004-08-04 00:56 16.384 - a ------ C: \ Windows \ system32 \ ipsink.ax
2008-10-28 20:05. 2004-08-03 23:10 15,360 - a ------ C: \ Windows \ system32 \ drivers \ StreamIP.sys
2008-10-28 20:05. 2004-08-03 23:10 11,136 - a ------ C: \ Windows \ system32 \ drivers \ SLIP.sys
2008-10-28 20:05. 2004-08-03 23:10 10,880 - a ------ C: \ Windows \ system32 \ drivers \ NdisIP.sys
2008-10-28 19:49. 2008-10-28 19:49 <DIR> d -------- C: \ Documents and Settings \ Administrator \ WINDOWS
2008-10-28 19:49. 1998-01-23 12:22 304.128 - a ------ C: \ Windows \ IsUninst.exe
2008-10-28 19:49. 2002-08-20 14:58 139.264 - a ------ C: \ Windows \ system32 \ IDEproperty.dll
2008-10-28 19:49. 2002-10-17 15:14 49,024 - a ------ C: \ Windows \ system32 \ drivers \ sisidex.sys
2008-10-28 19:49. 2002-08-20 17:19 9472 - a ------ C: \ Windows \ system32 \ drivers \ sisperf.sys
2008-10-28 19:49. 2003-03-25 17:50 4096 - a ------ C: \ Windows \ system32 \ drivers \ siside.sys
2008-10-28 18:36. 2008-10-28 18:36 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Media Player Classic
2008-10-28 18:19. 2008-10-28 18:49 <DIR> d -------- C: \ Windows \ system32 \ Adobe
2008-10-28 18:19. 2008-08-06 15:27 499.712 - a ------ C: \ Windows \ system32 \ msvcp71.dll
2008-10-28 18:10. 2008-10-28 18:10 822 - a ------ C: \ Windows \ langorig.ini
2008-10-28 17:58. 2008-03-03 14:25 5.702 - ah ----- C: \ Windows \ nod32restoretemdono.reg
2008-10-28 17:58. 2008-03-03 18:21 568 - ah ----- C: \ Windows \ nod32fixtemdono.reg
2008-10-28 17:57. 2008-10-28 17:57 <DIR> d -------- C: \ Programmer \ ESET
2008-10-28 17:57. 2008-10-28 17:57 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ ESET
2008-10-28 17:49. 2008-10-28 17:49 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Kontakter
2008-10-28 17:07. 2008-10-28 17:07 <DIR> d -------- C: \ Programmer \ POP Peeper
2008-10-28 17:07. 2008-11-04 20:22 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ POP Peeper
2008-10-28 17:02. 2008-10-28 17:02 <DIR> d -------- C: \ Documents and Settings \ Administrator \ dwhelper
2008-10-28 17:01. 2008-10-28 17:01 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Apple Computer
2008-10-28 17:01. 2008-04-17 13:12 107.368 - a ------ C: \ Windows \ system32 \ GEARAspi.dll
2008-10-28 17:01. 2008-04-17 13:12 15.464 - a ------ C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys
2008-10-28 17:00. 2008-10-28 17:00 <DIR> d -------- C: \ Programmer \ QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 15:52 --------- d ----- WC: \ Programmer \ Opera
2008-10-23 15:07 99.904 ---- aw C: \ Windows \ system32 \ drivers \ AnyDVD.sys
2008-09-09 00:03 51.712 ---- aw C: \ Windows \ system32 \ sirenacm.dll
2008-08-29 10:18 87.336 ---- aw C: \ Windows \ system32 \ dns-sd.exe
2008-08-29 09:53 61.440 ---- aw C: \ Windows \ system32 \ dnssd.dll
2007-07-31 12:00 34.048 ---- ar C: \ Programmer \ Mozilla Firefox \ plugins \ upd62i9x.dll
2007-07-31 12:00 45.056 ---- ar C: \ Programmer \ Mozilla Firefox \ plugins \ upd62int.dll
2007-07-31 12:00 34.048 ---- ar C: \ Programmer \ Opera \ Programmer \ plugins \ upd62i9x.dll
2007-07-31 12:00 45.056 ---- ar C: \ Programmer \ Opera \ Programmer \ plugins \ upd62int.dll
.

------- Sigcheck -------

2007-07-31 12:00 360576 c7be59b07c6eb74bea6fd67c1b164015 C: \ Windows \ system32 \ drivers \ Tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"PeerGuardian" = "c: \ program files \ PeerGuardian2 \ pg2.exe" [2007-01-30 1432064]
"POP Peeper" = "c: \ Programmer \ POP Peeper \ POPPeeper.exe" [2008-07-18 1437696]
"μTorrent" = "c: \ Programmer \ uTorrent \ utorrent.exe" [2008-10-28 270128]
"uTorrent" = "c: \ Programmer \ uTorrent \ utorrent.exe" [2008-10-28 270128]
"msnmsgr" = "c: \ Programmer \ Windows Live \ Messenger \ msnmsgr.exe" [2008-09-09 3513344]
"Google Update" = "c: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" [2008-11-01 133104]
"filehippo.com" = "c: \ program files \ filehippo.com \ UpdateChecker.exe" [2008-10-22 147968]
"AnyDVD" = "c: \ Programmer \ SlySoft \ AnyDVD \ AnyDVDtray.exe" [2008-11-04 2259904]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = "c: \ Programmer \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"iTunesHelper" = "c: \ Programmer \ iTunes \ iTunesHelper.exe" [2008-10-01 289576]
"egui" = "c: \ Programmer \ ESET \ ESET NOD32 Antivirus \ egui.exe" [2008-02-20 1443072]
"SunJavaUpdateSched" = "c: \ Programmer \ Java \ jre6 \ bin \ jusched.exe" [2008-11-01 136600]
"SiSPower" = "SiSPower.dll" [2007-06-25 C: \ Windows \ system32 \ SiSPower.dll]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"nltide_2" = "shell32" [X]
"nltide_3" = "Advpack.dll" [2007-07-31 C: \ Windows \ system32 \ Advpack.dll]

c: \ Documents and Settings \ Administrator \ Menuen Start \ Programmer \ Start \
CalcFire.lnk - c: \ program files \ CalcFire \ CalcFire.exe [2008-09-04 283529]
FreshIP.lnk - c: \ program files \ FreshIP \ FreshIP.exe [2008-09-15 232891]

c: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \
Utility Tray.lnk - C: \ Windows \ system32 \ sistray.exe [2008-10-29 262144]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ Explorer]
"MemCheckBoxInRunDlg" = 1 (0x1)
"StartMenuFavorites" = 0 (0x0)
"Start_ShowMyComputer" = 1 (0x1)
"Start_ShowMyDocs" = 1 (0x1)
"Start_ShowMyMusic" = 0 (0x0)
"Start_ShowRun" = 1 (0x1)
"Start_ShowSearch" = 0 (0x0)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ Explorer]
"NoSMHelp" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoResolveTrack" = 1 (0x1)
"NoResolveSearch" = 1 (0x1)
"NoSMMyPictures" = 1 (0x1)
"NoSMConfigurePrograms" = 1 (0x1)
"MemCheckBoxInRunDlg" = 1 (0x1)

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ valu rentversion \ policies \ Explorer]
"NoInternetIcon" = 1 (0x1)
"NoSMHelp" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoResolveTrack" = 1 (0x1)
"NoResolveSearch" = 1 (0x1)
"NoSMMyPictures" = 1 (0x1)
"NoSMConfigurePrograms" = 1 (0x1)
"MemCheckBoxInRunDlg" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \ WBSrv]
2008-09-16 08:44 174328 c: \ Programmer \ Stardock \ Object Desktop \ WindowBlinds \ WbSrv.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = wbsys.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SecurityProviders]
SecurityProviders Schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center]
"UpdatesDisableNotify" = dword: 00000001
"AntiVirusDisableNotify" = dword: 00000001
"AntiVirusOverride" = dword: 00000001
"FirewallOverride" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"c: \ \ Programmer \ \ Bonjour \ \ mDNSResponder.exe" =
"c: \ \ Programmer \ \ iTunes \ \ iTunes.exe" =
"c: \ \ Programmer \ \ uTorrent \ \ utorrent.exe" =
"c: \ \ Programmer \ \ Gratis Musik Zilla \ \ FMZilla.exe" =
"c: \ \ Programmer \ \ Windows Live \ \ Messenger \ \ wlcsdk.exe" =
"c: \ \ Programmer \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"c: \ \ WINDOWS \ \ system32 \ \ java.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ IcmpSettings]
"AllowInboundEchoRequest" = 1 (0x1)

R1 epfwtdir; epfwtdir c: \ Windows \ System32 \ Drivers \ epfw tdir.sys [2008-02-20 33800]
R1 lusbaudio; Logitech USB-mikrofon; C: \ Windows \ system32 \ drivers \ OVSound2.sy s [2001-08-17 25216]
R2 JavaQuickStarterService; Java Quick Starter c: \ Programmer \ Java \ jre6 \ bin \ jqs.exe [2008-11-01 152984]
R3 QCEmerald; Logitech QuickCam Web c: \ Windows \ System32 \ Drivers \ OVCE.sys [2001-08-17 31872]
S2 NOD32FiXTemDono; Eset Nod32 Boot; C: \ Windows \ system32 \ Regedt32.exe [2007-07-31 3584]
S3 DNINDIS5; DNINDIS5 midlertidige NDIS-protokollen Driver c: \ progra ~ 1 \ Belkin \ Belkin ~ 1.11G \ DNINDIS5.SY S [2003-07-24 17149]

NETSVCS KRAEVER REPARATIONER - løbende poster vist
6to4
AppMgmt
AudioSrv
Browser
Cryptsvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
NLA
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
RasMan
Remoteaccess
Plan
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Temaer
TrkWks
W32Time
WZCSVC
WMI
WmdmPmSp
winmgmt
xmlprov
ShellHWDetection

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs

* Nyoprettede Service * - CATCHME
* Nyoprettede Service * - PROCEXP90
.
Indhold af "Planlagte opgaver" mappe

2008-11-03 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job
- C: \ Programmer \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-06 C: \ Windows \ Tasks \ GoogleUpdateTaskUser.job
- C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe [2008-11-01 10:54]
.
.
------- Supplerende Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \ p2eog6ij.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / www.google.com/
FF -: plugin - c: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ 1.2.131.25 \ npGoogleOneClick6.dl l
FF -: plugin - C: \ Programmer \ iTunes \ Mozilla Plugins \ npitunes.dll
FF -: plugin - C: \ Programmer \ Java \ jre6 \ bin \ new_plugin \ npdeploytk.dll
FF -: plugin - C: \ Programmer \ Java \ jre6 \ bin \ new_plugin \ npjp2.dll
FF -: plugin - C: \ Programmer \ K-Lite Codec Pack \ Real \ browser \ plugins \ nppl3260.dll
FF -: plugin - C: \ Programmer \ K-Lite Codec Pack \ Real \ browser \ plugins \ nprpjplug.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 17:53:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning skjulte processer ...

scanning skjulte autostart entries ...

scanning skjulte filer ...

scanning afsluttet med succes
skjulte filer: 0

************************************************** ************************
.
Afslutning tid: 2008-11-06 17:55:07
ComboFix-karantæne-files.txt 2008-11-06 17:54:43
ComboFix2.txt 2008-11-06 17:44:22

Pre-Run: 71168983040 bytes fri
Post-Run: 71160324096 bytes fri

306

**rocker9455** · #6 6 november 2008, 10:56

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 17:56:55 den 06/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Kan ikke hente Internet Explorer version!
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programmer \ Bonjour \ mDNSResponder.exe
C: \ Programmer \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
C: \ Programmer \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ ESET \ ESET NOD32 Antivirus \ egui.exe
C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe
C: \ Programmer \ POP Peeper \ POPPeeper.exe
C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe
C: \ Programmer \ filehippo.com \ UpdateChecker.exe
C: \ Programmer \ SlySoft \ AnyDVD \ AnyDVDtray.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ Programmer \ iTunes \ iTunes.exe
C: \ WINDOWS \ explorer.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ Programmer \ Trend Micro \ HijackThis \ Sniper.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: Click-to-Call BHO - (5C255C8A-E604-49b4-9D64-90988571CECB) - C: \ Programmer \ Windows Live \ Messenger \ wlchtc.dll
O2 - BHO: Java (tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programmer \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Programmer \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Programmer \ Java \ jre6 \ lib \ indsætte \ jqs \ dvs \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [egui] "C: \ Programmer \ ESET \ ESET NOD32 Antivirus \ egui.exe" / skjul / waitservice
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [PeerGuardian] C: \ Programmer \ PeerGuardian2 \ pg2.exe
O4 - HKCU \ .. \ Run: [POP Peeper] "C: \ Programmer \ POP Peeper \ POPPeeper.exe"-min
O4 - HKCU \ .. \ Run: [μTorrent] "C: \ Programmer \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [uTorrent] "C: \ Programmer \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Programmer \ Windows Live \ Messenger \ msnmsgr.exe" / baggrund
O4 - HKCU \ .. \ Run: [Google Update] "C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" / c
O4 - HKCU \ .. \ Run: [filehippo.com] "C: \ Programmer \ filehippo.com \ UpdateChecker.exe" / baggrund
O4 - HKCU \ .. \ Run: [AnyDVD] C: \ Programmer \ SlySoft \ AnyDVD \ AnyDVDtray.exe
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_3] rundll32 Advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'Default user')
O4 - Startup: CalcFire.lnk = C: \ Programmer \ CalcFire \ CalcFire.exe
O4 - Startup: FreshIP.lnk = C: \ Programmer \ FreshIP \ FreshIP.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O6 - HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Restriktioner stede
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 1 \ Office11 \ REFIEBAR.DLL
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programmer \ Bonjour \ mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Ukendt ejer - C: \ WINDOWS \ system32 \ cisvc.exe (file mangler)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C: \ Programmer \ ESET \ ESET NOD32 Antivirus \ EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C: \ Programmer \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programmer \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe

--
End of file - 5724 bytes

**evilfantasy** · #7 6 november 2008, 11:30

Åbn HijackThis og vælg Må en systemscanning kun.

Anbringe en markering ved siden af følgende poster: (hvis der)

O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:

Vigtigt: Luk alle vinduer undtagen HijackThis og klik derefter på Fix kontrolleres.

Afslut HijackThis.

----------

Downloade CCleaner Slim og gemme den på dit skrivebord .- Alternativ download link
Når filen er gemt, skal du gå til dit skrivebord og dobbeltklik på den ccsetupxxx_slim.exe
Følg anvisningerne for at installere programmet.
Dobbeltklik på CCleaner genvej på skrivebordet for at starte programmet.

Klik på Valg blok til venstre, vælg derefter Cookies.
Under Cookies til at Slet, Fremhæve eventuelle cookies, du gerne vil beholde permanent

Klik på højrepilen > at flytte dem til Cookies til at holde vinduet.

Gå ind Valg > Avanceret unkontrollere Kun slette filer i Windows Temp mapper ældre end 48 timer

Klik på Renere på venstre derefter Kør Cleaner om retten til at køre programmet.

Vigtigt: Sørg for, at ALLE browser vinduer er lukket før udvælgelsen Kør Cleaner

Forsigtig: Kun bruge Topdomæneadministratoren funktion, hvis du er meget fortrolig med registreringsdatabasen.
Altid sikkerhedskopiere dine registreringsdatabasen før at foretage nogen ændringer.
Afslut CCleaner efter at den har fuldført den proces.

----------

Downloade SUPERAntiSpyware.exe

Alternativ download link 1
Alternativ download link 2

Dobbeltklik på ikonet på skrivebordet for at køre installationsprogrammet.
Når der anmodes om at Opdatering programmet definitioner, skal du klikke på Ja
Hvis du støder på problemer, samtidig med at downloade opdateringer manuelt hente og unzippe dem fra her
Næste klikke på Præferencer knappen.

Under Start-Up Valg Fjern markeringen i følgende:

Start SUPERAntiSpyware når Windows starter

Vise SUPERAntiSpyware ikonet i systembakken

Vis splash skærmen ved opstart

Klik på Scanning Control fane.
Under Scanner Valg sørg for kun følgende er kontrolleret:

Luk browsere før scanning

Scan for tracking cookies

Opsige hukommelse trusler før karantæne

Scan Alternate Data Streams

Indtal de andre markeret.

Klik på Luk knappen for at forlade Kontrol Center skærmen.

På hovedskærmbilledet klik Scan computeren

På venstre marker afkrydsningsfeltet for det drev du scanner.

På højre vælge Udfør Complete Scan

Klik på Næste for at starte scanningen. Vær tålmodig, mens den scanner din computer.

Når scanningen er fuldført en oversigt vises. Klik på OK

Sørg for alt i den hvide boks har en markeringen ud for det, og klik derefter på Næste

Det vil karantæne, hvad det findes, og hvis den spørger om du vil genstarte, skal du klikke på Ja

At hente fjernelse information bedes du gøre følgende:

Efter genstart, skal du dobbeltklikke på SUPERAntiSpyware ikon på skrivebordet.

Klik på Præferencer. Klik på Statistics / Logs fane.

Under Scanner log, skal du dobbeltklikke på SUPERAntiSpyware Scan Log.

Det vil åbne i din standard teksteditor (helst Notesblok).

Gem notesblokken filen på skrivebordet ved at klikke (i Notesblok) Fil > Gem som...

Gem logfilen et sted, du nemt kan finde det. (normalt på skrivebordet)
Klik på Luk, og luk igen for at forlade programmet.
Kopiere og indsætte loggen i dit indlæg.

Lignende Tråde
Tråd	Thread Starter	Forum	Svar	Last Post
MP3-afspillere Connection Problemer via USB	Wizosir	Lyd, højtalere og MP3-afspillere	1	26 juli 2008 10:18
LAN / internetforbindelse problemer	lloydwoodford91	Networking, Modemer & VoIP	7	26. maj 2008 05:38
Hamachi problemer, dårlig forbindelse.	euhlol	General Software Chat	1	24 januar 2008 14:29
Internetforbindelse problemer	opnight	Networking, Modemer & VoIP	6	21. jan 2008 06:38
PC internetforbindelse problemer	tjhawg	Networking, Modemer & VoIP	6	27 august 2007 20:34