|
|
#11
27 oktober 2008, 16:06
| |||
| |||
| Download ComboFix ved Subs fra et af nedenstående links. Vær sikker på toppen gemme den til Desktop. Link # 1 Link # 2 ** Note: Det er vigtigt, at den er gemt direkte til dit skrivebord Luk alle åbne Internet-browsere. (Firefox, Internet Explorer, osv.), før du begynder ComboFix. Midlertidigt deaktivere din antivirus, Og enhver antispyware realtid beskyttelse før udførelse af en scanning. Klik på dette link at se en liste over sikkerhedsprogrammer, der skal være slået fra, og hvordan du deaktivere dem. Dobbeltklik combofix.exe & følg instruktionerne. For Windows XP Systems installere genoprettelseskonsollen: - Hvis du bruger Windows XP og ikke allerede har Genoprettelseskonsol installeret, skal du sikre, at din internetforbindelse er aktiv (hvis muligt) og klik Ja. - Hvis der af en eller anden grund din internetudbyder ikke fungerer klik Nej. -- Hvis du ikke bruger Windows XP, vil du ikke blive bedt. - Når du bliver bedt om at acceptere slutbrugerlicensaftalen klik OK. - Accepter Microsofts EULA (Klik Ja). - Når du får at vide, at de RC er installeret korrekt klik JA at fortsætte med at scanne for malware. Når du er færdig ComboFix vil udarbejde en log for dig. Post den ComboFix log og en ny HijackThis log i dit næste svar. Vigtigt: Må ikke mouseclick ComboFix vindue mens den kører. Det kan få det til at stå. Husk at genaktivere dine antivirus-og antispyware beskyttelse, når ComboFix er færdig.
__________________  |
|
#12
28 oktober 2008, 09:52
| |||
| |||
| ComboFix 08-10-28.01 - komet 2008-10-28 16:45:41.2 -- FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.200 [GMT 0:00] Running from: C: \ Documents and Settings \ Comet \ Desktop \ ComboFix.exe * Skabt et nyt gendannelsespunkt . ((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ Downloaded Program Files \ setup.inf C: \ WINDOWS \ system32 \ dao350.dll C: \ WINDOWS \ system32 \ spptfqyx.ini C: \ WINDOWS \ system32 \ xhqmppgy.ini . ((((((((((((((((((((((((( Files Created from 2008/09/28 til 2008/10/28 ))))))))))) )))))))))))))))))))) . 2008-10-26 23:17. 2008-10-26 23:16 410.976 - a ------ C: \ WINDOWS \ system32 \ deploytk.dll 2008-10-26 23:02. 2008-10-26 23:02 <DIR> d -------- C: \ Programmer \ Malwarebytes 'Anti-Malware 2008-10-26 23:02. 2008-10-26 23:02 <DIR> d -------- C: \ Documents and Settings \ Comet \ Application Data \ Malwarebytes 2008-10-26 23:02. 2008-10-26 23:02 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-10-26 23:02. 2008-10-22 16:10 38.496 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-10-26 23:02. 2008-10-22 16:10 15.504 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-10-26 19:27. 2008-10-26 19:27 <DIR> d -------- C: \ Programmer \ SUPERAntiSpyware 2008-10-26 19:27. 2008-10-26 19:27 <DIR> d -------- C: \ Documents and Settings \ Comet \ Application Data \ SUPERAntiSpyware.com 2008-10-26 19:27. 2008-10-26 19:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-10-18 15:04. 2008-10-18 15:04 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ qfkhglkl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-10-15 17:57 332.800 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Netapi32.dll 2008-10-03 18:41 6.066.176 ------ w C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll 2008-09-15 12:57 1.846.016 ---- aw C: \ WINDOWS \ system32 \ Win32k.sys 2008-09-15 12:57 1.846.016 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys 2008-08-31 13:51 97.928 ---- aw C: \ WINDOWS \ system32 \ drivers \ avgldx86.sys 2008-08-28 11:04 333.056 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys 2008-08-28 11:04 333.056 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Srv.sys 2008-08-27 09:24 3.593.216 ------ w C: \ WINDOWS \ system32 \ dllcache \ mshtml.dll 2008-08-25 09:38 70.656 ------ w C: \ WINDOWS \ system32 \ dllcache \ IE4UINIT.EXE 2008-08-25 09:38 13.824 ------ w C: \ WINDOWS \ system32 \ dllcache \ ieudinit.exe 2008-08-23 06:56 635.848 ------ w C: \ WINDOWS \ system32 \ dllcache \ iexplore.exe 2008-08-23 06:54 161.792 ------ w C: \ WINDOWS \ system32 \ dllcache \ ieakui.dll 2008-08-14 11:00 2.180.352 ------ w C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe 2008-08-14 10:58 2.136.064 ---- aw C: \ WINDOWS \ system32 \ ntoskrnl.exe 2008-08-14 10:58 2.136.064 ------ w C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe 2008-08-14 10:51 138.368 ---- aw C: \ WINDOWS \ system32 \ dllcache \ afd.sys 2008-08-14 10:22 2.057.728 ------ w C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe 2008-08-14 10:22 2.015.744 ---- aw C: \ WINDOWS \ system32 \ Ntkrnlpa.exe 2008-08-14 10:22 2.015.744 ------ w C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe 2007-07-21 23:46 2.244 ---- aw C: \ Documents and Settings \ Comet \ Application Data \ filterclsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries er ikke vist REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "MsnMsgr" = "C: \ Programmer \ MSN Messenger \ MsnMsgr.Exe" [2007-01-19 5674352] "swg" = "C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-06-17 68856] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "LaunchApp" = "Alaunch" [X] "ntiMUI" = "C: \ Programmer \ NewTech InfoSystemer \ NTI CD & DVD-Maker 7 \ ntiMUI.exe" [2005-05-11 45056] "NvCplDaemon" = "C: \ Programmer \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-11-02 32768] "IMJPMIG8.1" = "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.E XE" [2004-08-04 208952] "MSPY2002" = "C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScI nst.exe" [2004-08-04 59392] "PHIME2002ASync" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TIN TSETP.EXE" [2004-08-04 455168] "eRecoveryService" = "C: \ Acer \ Empowering Technology \ eRecovery \ Monitor.exe" [2005-11-16 397312] "NvCplDaemon" = "C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe" [2008-10-26 136600] "BJCFD" = "C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe" [2003-01-27 376912] "Broadbandadvisor.exe" = "C: \ Programmer \ Virgin Broadband \ rådgiver \ Broadbandadvisor.exe" [2007-01-24 2037240] "InstantAccess" = "C: \ Programmer \ TextBridge Pro Millenium \ Bin \ InstantAccess.exe" [2001-10-04 49152] "MSMSGS" = "C: \ Programmer \ Common Files \ Real \ iTunes \ iTunesHelper.exe" [2007-10-11 185632] "QuickTime Task" = "C: \ Programmer \ QuickTime \ qttask.exe" [2008-03-28 413696] "iTunesHelper" = "C: \ Programmer \ iTunes \ iTunesHelper.exe" [2008-03-30 267048] "AVG8_TRAY" = "C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe" [2008-09-29 1234712] "SiSPower" = "SiSPower.dll" [2005/07/13 C: \ WINDOWS \ system32 \ SiSPower.dll] "SoundMan" = "SOUNDMAN.EXE" [2005/08/17 C: \ Programmer \ soundman.exe] "SMSERIAL" = "sm56hlpr.exe" [2005/06/06 C: \ WINDOWS \ sm56hlpr.exe] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360] C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ Adobe Reader Speed Launch.lnk - C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe [2004-12-14 29696] Utility Tray.lnk - C: \ WINDOWS \ system32 \ sistray.exe [2006-08-01 262144] Bluetooth.lnk - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ BTTray.exe [2006-06-07 553021] Ulead Photo Express 3,0 SE Kalender Checker.lnk - C: \ Programmer \ Ulead Systems \ Ulead Photo Express 3,0 SE \ CalCheck.exe [2007-05-19 61440] ScanPanel.lnk - C: \ Programmer \ Trust \ Easy WebScan 19.200 \ ScanPanel \ ScnPanel.exe [2007-06-06 3043409] Exif Launcher S.lnk - C: \ Programmer \ FinePixViewerS \ QuickDCF2.exe [2007-10-27 303104] Adobe Gamma Loader.lnk - C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2008-08-05 113664] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB, 48E0-853A-EBB7F4A000DA)" = "C: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \! SASWinLogon] 2008-07-23 16:28 352256 C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows] "AppInit_DLLs" = avgrsstx.dll [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Programmer \ \ MSN Messenger \ \ livecall.exe" = "C: \ \ Programmer \ \ utorrent \ \ utorrent.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Programmer \ \ iTunes \ \ iTunes.exe" = "C: \ \ Programmer \ \ AVG \ \ AVG8 \ \ avgupd.exe" = R1 AvgLdx86; AVG AVI Loader Driver x86; C: \ WINDOWS \ system32 \ Drivers \ avgldx86.sys [2008-08-31 97928] R2 avg8wd; AVG8 WatchDog; C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [2008-08-31 231704] R2 int15.sys; int15.sys; C: \ Acer \ Empowering Technology \ eRecovery \ int15.sys [2005-01-13 69632] R2 JavaQuickStarterService; Java Quick Starter; C: \ Programmer \ Java \ jre6 \ bin \ jqs.exe [2008-10-26 152984] S3 ss_bus; Samsung Mobile USB Device 1,0 driver (WDM); C: \ WINDOWS \ system32 \ DRIVERS \ ss_bus.sys [2005-01-24 52384] S3 ss_mdfl; SAMSUNG Mobile USB Modem 1,0 Filter; C: \ WINDOWS \ system32 \ DRIVERS \ ss_mdfl.sys [2005-01-24 6064] S3 ss_mdm; SAMSUNG Mobile USB Modem 1,0 Drivers C: \ WINDOWS \ system32 \ DRIVERS \ ss_mdm.sys [2005-01-24 84512] * Newly Created Service * - INT15.SYS . Indhold af "Planlagte opgaver" mappe 2008/10/22 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job - C: \ Programmer \ Apple Software Update \ SoftwareUpdate.exe [2008-04-11 17:57] . . ------- Supplerende Scan ------- . FireFox -: Profile - C: \ Documents and Settings \ Comet \ Application Data \ Mozilla \ Firefox \ Profiles \ mrpo7rd4.default \ FireFox -: prefs.js - SEARCH.DEFAULTURL - 1 FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.co.uk |www.google.co.uk FF -: plugin - C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ browser \ nppdf32.dll FF -: plugin - C: \ Programmer \ iTunes \ Mozilla Plugins \ npitunes.dll FF -: plugin - C: \ Programmer \ Java \ jre6 \ bin \ new_plugin \ npdeploytk.dll FF -: plugin - C: \ Programmer \ Java \ jre6 \ bin \ new_plugin \ npjp2.dll FF -: plugin - C: \ Programmer \ Mozilla Firefox \ plugins \ npdeploytk.dll . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net Rootkit scan 2008-10-28 16:47:36 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning skjulte processer ... scanning skjulte autostart entries ... scanning skjulte filer ... scanning afsluttet med succes skjulte filer: 0 ************************************************** ************************ . Completion time: 2008-10-28 16:48:32 ComboFix2.txt 2007-11-12 22:53:46 ComboFix-quarantined-files.txt 2008-10-28 16:48:30 Pre-Run: 7665582080 bytes fri Post-Run: 7917305856 bytes fri WindowsXP-KB310994-SP2-Home-bootdisk-DAN.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (0) partition (2) \ WINDOW S [operating systems] C: \ Cmdcons \ BOOTSECT.DAT = "Microsoft Windows Genoprettelseskonsol" / cmdcons multi (0) disk (0) rdisk (0) partition (2) \ WINDOWS = "Micro soft Windows XP Home Edition" / noexecute = OptIn / fastdetect 148 --- EOF --- 2008-10-24 23:26:39 Kapre denne log: Logfile af Trend Micro HijackThis v2.0.2 Scan gemt kl 16:49:55, den 28.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Kørende processer: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe C: \ Programmer \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe C: \ Programmer \ Java \ jre6 \ bin \ jqs.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgrsx.exe C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe C: \ Acer \ Stærke Technology \ eRecovery \ Monitor.exe C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe C: \ Programmer \ Virgin Bredbånd \ rådgiver \ Broadbandadvisor.exe C: \ Programmer \ TextBridge Pro Millennium \ Bin \ InstantAccess.exe C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Programmer \ iTunes \ iTunesHelper.exe C: \ WINDOWS \ sm56hlpr.exe C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ WINDOWS \ system32 \ sistray.exe C: \ Programmer \ WIDCOMM \ Bluetooth Software \ BTTray.exe C: \ Programmer \ Ulead Systems \ Ulead Photo Express 3.0 SE \ CalCheck.exe C: \ Programmer \ Trust \ Easy Webscan 19200 \ ScanPanel \ ScnPanel.exe C: \ Programmer \ iPod \ bin \ iPodService.exe C: \ Programmer \ FinePixViewerS \ QuickDCF2.exe C: \ PROGRA ~ 1 \ WIDCOMM \ BLUETO ~ 1 \ BTSTAC ~ 1.EXE C: \ WINDOWS \ system32 \ wuauclt.exe C: \ WINDOWS \ explorer.exe C: \ Programmer \ HijackThis \ Analyse.exe.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll O2 - BHO: StumbleUpon Launcher - (145B29F4-A56B-4b90-BBAC-45784EBEBBB7) - C: \ Programmer \ StumbleUpon \ StumbleUponIEBar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Programmer \ AVG \ AVG8 \ avgssie.dll O2 - BHO: Java (tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre6 \ bin \ ssv.dll O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programmer \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Programmer \ Java \ jre6 \ bin \ jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Programmer \ Java \ jre6 \ lib \ indsætte \ jqs \ dvs \ jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - (E99421FB-68DD-40F0-B4AC-B7027CAE2F1A) - C: \ Programmer \ Epson \ Epson Web-To-Page \ Epson Web-To-Page.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll O3 - Toolbar: Epson Web-To-Page - (EE5D279F-081B-4404-994D-C6B60AAEBA6D) - C: \ Programmer \ Epson \ Epson Web-To-Page \ Epson Web-To-Page.dll O3 - Toolbar: StumbleUpon Toolbar - (5093EB4C-3E93-40AB-9266-B607BA87BDC8) - C: \ Programmer \ StumbleUpon \ StumbleUponIEBar.dll O3 - Toolbar: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch O4 - HKLM \ .. \ Run: [ntiMUI] C: \ Programmer \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe" O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / forkæle / RemAdvDef / Migration32 O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Stærke Technology \ eRecovery \ Monitor.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [BJCFD] C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe O4 - HKLM \ .. \ Run: [Broadbandadvisor.exe] "C: \ Programmer \ Virgin Bredbånd \ rådgiver \ Broadbandadvisor.exe" / AutoRun O4 - HKLM \ .. \ Run: [InstantAccess] C: \ Programmer \ TextBridge Pro Millennium \ Bin \ InstantAccess.exe / h O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [AVG8_TRAY] C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe O4 - HKLM \ .. \ Run: [SMSERIAL] sm56hlpr.exe O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programmer \ MSN Messenger \ MsnMsgr.Exe" / baggrund O4 - HKCU \ .. \ Run: [SWG] C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O4 - Startup: Comet Screensaver.lnk = C: \ Programmer \ Comet Screensaver \ Comet Screensaver.exe O4 - Startup: IMVU.lnk = C: \ Programmer \ IMVU \ IMVUClient.exe O4 - Startup: Tilbehør O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe O4 - Global Startup: Bluetooth.lnk =? O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C: \ Programmer \ Ulead Systems \ Ulead Photo Express 3.0 SE \ CalCheck.exe O4 - Global Startup: ScanPanel.lnk = C: \ Programmer \ Trust \ Easy Webscan 19200 \ ScanPanel \ ScnPanel.exe O4 - Global Startup: Exif Launcher S.lnk =? O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O8 - Extra sammenhæng menupunkt: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ EXCEL.EXE/3000 O8 - Extra sammenhæng menupunkt: Send To & Bluetooth - C: \ Programmer \ Belkin \ Bluetooth Software \ btsendto_ie_ctx.htm O8 - Extra sammenhæng menupunkt: Send til & Bluetooth-enhed ... - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm O8 - Extra sammenhæng menupunkt: StumbleUpon Photoblog It! - Res: / / StumbleUponIEBar.dll / blogimage O9 - Ekstra knap: StumbleUpon - (75C9223A-409A-4795-A3CA-08DE6B075B4B) - C: \ Programmer \ StumbleUpon \ StumbleUponIEBar.dll O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Ekstra knap: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm O9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Programmer \ Yahoo! \ Common \ yinsthelper.dll O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: (5C051655-FCD5-4969-9182-770EA5AA5565) (Solitaire Showdown Class) -- http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl klasse) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1177956484625 O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Programmer \ AVG \ AVG8 \ avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: AVG8 vagthund (avg8wd) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programmer \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programmer \ Java \ jre6 \ bin \ jqs.exe -- End of file - 10.971 bytes |
|
#13
28 oktober 2008, 10:35
| |||
| |||
---------- Kør CCleaner. ---------- Kør dette online scanning. Denne scanner kræver Internet Explorer Brug ESET Nod32 Online Scanner 1. Marker afkrydsningsfeltet ved siden af JA, jeg accepterer Terms of Use. 2. Klik på Start 3. Adspurgt, tillade ActiveX-objekt til at installere 4. Klik på Start 5. Sørg for, at optionen Fjern fundet trusler og muligheden Scan uønskede programmer er tjekke mærket. 6. Klik på Scan 7. Vent til scanningen for at afslutte 8. Brug Notesblok til at åbne logfile placeret på C: \ Programmer \ EsetOnlineScanner \ Log.txt 9. Tilføj den C: \ Programmer \ EsetOnlineScanner \ Log.txt Log ind på din næste svar. Hvordan er den computer, der kører nu?
__________________ |
|
#14
28 oktober 2008, 14:41
| |||
| |||
| Det er siger jeg nødt til at installere ActiveX, men kommer ikke op med pop op eller nogen form for hurtig for mig at installere det. |
|
#15
28 oktober 2008, 14:46
| |||
| |||
| Bruger du Internet Explorer?
__________________ |
|
#16
28 oktober 2008, 15:39
| |||
| |||
| # Version = 4 # OnlineScanner.ocx = 1.0.0.635 # OnlineScannerDLLA.dll = 1, 0, 0, 79 # OnlineScannerDLLW.dll = 1, 0, 0, 78 # OnlineScannerUninstaller.exe = 1, 0, 0, 49 # Vers_standard_module = 3563 (20081028) # Vers_arch_module = 1,064 (20080214) # Vers_adv_heur_module = 1,064 (20070717) # EOSSerial = 930ac3d49230114ab36d54f68f5299bf # Udgangen = færdig # Remove_checked = true # Unwanted_checked = true # Utc_time = 2008-10-28 10:37:29 # Local_time = 2008-10-28 10:37:29 (+0000, GMT Standard Time) # Land = "Det Forenede Kongerige" # OSVer = 5.1.2600 NT Service Pack 2 # Scannet = 283.640 # Fundet = 0 # Scan_time = 2537 |
|
#17
28 oktober 2008, 16:11
| |||
| |||
| Ser godt ud. Lad mig vide, hvis du har spørgsmål. Deaktiver Systemgendannelse Utility for at forhindre en ny infektion fra en gammel en 1) Højreklik på Min Computer ikonet på skrivebordet, og klik på Egenskaber. 2) Klik på System Restore fane. 3) Sæt et hak ud for Sluk Systemgendannelse på alle drev 4) Klik på OK knappen. 5) Du vil blive bedt om at genstarte computeren. Klik på Ja knappen. Nu genaktivere System Restore At genaktivere System Restore Utility, skal du følge trin et til fem, og på trin tre fjerne markeringen ud for 'Deaktiver Systemgendannelse på alle drev ". 1) Højreklik på Min Computer ikonet på skrivebordet, og klik på Egenskaber. 2) Klik på System Restore fane. 3) Fjern markering ved Sluk Systemgendannelse på alle drev 4) Klik på OK knappen. ---------- Brug Secunia Software Inspector at kontrollere, om der er forældet software. Uaktuel software har sikkerhedssvagheder, at malware kan udnytte.
---------- Gå til Microsoft Windows Update og få alle kritiske opdateringer. ---------- Sørg for, at alle dine sikkerhedsprogrammer er up to date og kører scanninger med dem regelmæssigt. Her er nogle store gratis værktøjer til at hjælpe dig med at holde fra at blive smittet igen. Disse værktøjer bruge lidt eller ingen ressourcer så vil ikke sinke din pc. Bekymret over browsersikkerhed? Overvej at bruge Mozilla Firefox 3.0. At forhindre ukendte applikationer fra at blive installeret på computeren installere WinPatrol 2008 * Brug Winpatrol at beskytte din computer mod skadelig software Jeg vil foreslå at bruge SiteAdvisor. SiteAdvisor satser på de steder på forretningsmetoder og spam. Sikkerhed ratings fra McAfee SiteAdvisor er baseret på automatiserede uskadelighedsforsøg af websteder. SpywareBlaster - Secure din Internet Explorer til at gøre det sværere for disse ActiveX-programmer til at køre på din computer. Også stoppe visse cookies i at blive tilføjet til din computer, når du kører Mozilla baserede browsere som Firefox. * Brug SpywareBlaster at beskytte din computer mod spyware og malware * Hvis du ikke ved hvad ActiveX kontroller, jf. her Check out Holde Yourself sikkert på internettet for tips og gratis værktøjer til at holde dig sikker i fremtiden. Se også Langsom computer? Den må ikke være Malware gratis rengøring / vedligeholdelse af værktøjer til at hjælpe med at holde din computer kører glat.
__________________ |
|
#18
30 oktober 2008, 13:39
| |||
| |||
| Jeg gjorde alt, hvad du sagde, men i dag da jeg kørte AVG, trojanerne er der stadig, som er AdAware Generic ting, hvad de er. : ( |
|
#19
30 oktober 2008, 13:40
| |||
| |||
| Har du klargøre dine gendannelsespunkter? Citat:
__________________ |
|
#20
30 oktober 2008, 13:42
| |||
| |||
| Ja, jeg gjorde, at det første gang du fortalte mig, og jeg løb AVG igen, der har produceret noget malware, men i dag, da jeg gjorde det, var de der igen. |
