Vira

**rsteenoven** · #1 23 februar 2008, 12:47

Dette er min dads computer og jeg har en fornemmelse af, den har nogle dårlige ting. Så her er 2 rapporter. Også, iexplore.exe bruger en masse hukommelse, når de ikke selv kører.

Super antispyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/23/2008 at 07:01

Application Version: 3.9.1008

Core Rules Database Version: 3389
Trace Rules Database Version: 1383

Scan type: Complete Scan
Total Scan Time: 02:21:49

Memory poster scannet: 400
Memory trusler opdaget: 0
Topdomæneadministratoren poster scannet: 6072
Topdomæneadministratoren trusler opdaget: 0
File poster skannet: 60290
File trusler opdaget: 0

Kapre denne log:

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 19:44:10 den 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLAcsd.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Programmer \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Programmer \ QuickTime \ qttask.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe
C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe
C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ Intelligent \ Common \ RaUI.exe
C: \ Programmer \ Panasonic \ LUMIXSimpleViewer \ PhLeAutoRun.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://uk.yahoo.com/fsc/
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://uk.yahoo.com/fsc/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ ycomp5_3_19_0. dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O3 - Toolbar: Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ ycomp5_3_19_0. dll
O3 - Toolbar: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Programmer \ AOL Toolbar \ toolbar.dll
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM \ .. \ Run: [Epson Stylus DX3800 Series] C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA CE.EXE / P26 "Epson Stylus DX3800 Series" / O6 "USB001" / M " Stylus DX3800 "
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / START
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [AOL Spywarebeskyttelse] "C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe"
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [søger 1 springe mfcd] C: \ Documents and Settings \ All Users \ Application Data \ Fire Hjælp søges 1 \ Long bin.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programmer \ Messenger \ msmsgs.exe" / baggrund
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [theowns] C: \ DOCUME ~ 1 \ Graham \ PROGRAMMER ~ 1 \ BIASWA ~ 1 \ SlowLoad.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk =?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C: \ Programmer \ AOL 9.0 \ aoltray.exe
O4 - Global Startup: Intelligent Wireless Utility.lnk = C: \ Programmer \ Intelligent \ Common \ RaUI.exe
O4 - Global Startup: Lumix Simpelt Viewer.lnk =?
O8 - Extra sammenhæng menupunktet: & AOL Toolbar søgning - res: / / C: \ Programmer \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O8 - Extra sammenhæng menupunkt: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ npjpi160_03.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ npjpi160_03.dll
O9 - Ekstra knap: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Programmer \ AOL Toolbar \ toolbar.dll
O9 - Extra 'Tools' MENUITEM: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Programmer \ AOL Toolbar \ toolbar.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Ekstra knap: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe
O9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe
O9 - Ekstra knap: @ C: \ Programmer \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: @ C: \ Programmer \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) -- http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl klasse) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: (6E5E167B-1566-4316-B27F-0DDAB3484CF7) (Image Uploader Control) -- http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AOL Tilslutningsmuligheder Service (AOL ACS) - America Online, Inc. - C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C: \ Programmer \ Common Files \ Sony Shared \ AVLib \ MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C: \ Programmer \ Common Files \ Sony Shared \ AVLib \ PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C: \ Programmer \ Common Files \ Sony Shared \ AVLib \ SPTISRV.exe

--
End of file - 8712 bytes

**evilfantasy** · #2 23 februar 2008, 13:05

Åbn Hijackthis og vælg Må en systemscanning kun.

Anbringe en markering ved siden af følgende poster: (hvis der)

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)

Vigtigt: Luk alle vinduer undtagen Hijackthis og klik derefter på Fix kontrolleres.

Afslut Hijackthis.

----------

Download NoLop til din computer fra en af nedenstående links ...

Luk alle programmer, du har kørt siden en genstart er nødvendig
Dobbeltklik NoLop.exe at køre den
Næste, og klik på knappen: Search and Destroy
- Computeren vil nu blive scannet for inficerede filer
Når scanningen er færdig, hvis det er inficeret, bliver du bedt om at genstarte
Klik på OK
Nu skal du klikke på: Genstart
Et budskab bør popup fra NoLop. Hvis ikke, dobbeltklik på programmet igen, og det vil finish.
Post indholdet af C: \ NoLop.log i næste svar.

Bemærk: Hvis du modtager en fejl, "mscomctl.ocx eller en af dens afhængigheder er ikke korrekt registreret," du downloade mscomctl.ocx til din System32 derefter gentagelsen programmet.

----------

Downloade Vundofix.exe til skrivebordet.

Dobbeltklik på VundoFix.exe at køre den.
Put en markeringen ud for Kør VundoFix som en opgave.
Du vil modtage en besked, siger vundofix vil lukke og genåbne for et minut eller derunder. Klik på OK
Når VundoFix igen åbnes, skal du klikke på Scan for Vundo knappen.
Når det er gjort scanning, skal du klikke på Fjern Vundo knappen.
Du vil modtage en prompt der spørger, om du vil fjerne filer, skal du klikke på JA
Når du klikker på Ja, skrivebordet går tom, da det begynder at fjerne Vundo.
Når afsluttet, vil det hurtigt, at det vil shutdown din computer, skal du klikke på OK.
Tænd computeren igen.
Please post indholdet af C: \vundofix.txt

Bemærk: Det er muligt, at VundoFix mødt en fil den ikke kunne fjerne. I dette tilfælde VundoFix vil køre på reboot, blot følge ovenstående anvisninger fra "Klik på Scan for Vundo-knappen", når VundoFix vises ved genstart.

Lad Vundo finish, nogle gange kan det tage flere passerer

----------

Downloade SDFix.exe og gemme den til dit skrivebord.

Dobbeltklik SDFix.exe og det vil udpakke filerne til% systemdrive%
(Drive, der indeholder Windows Directory, typisk C: \ SDFix)

Du bedes derefter genstarte din computer i Fejlsikret tilstand ved at gøre følgende:

Genstart computeren
Efter at have hørt din computer bipper én gang under start, men før Windows-ikonet vises, tryk på F8 kontinuerligt;
I stedet for Windows lastning som normalt, Avancerede indstillinger Menu skal vises;
Vælg den første mulighed, for at køre Windows i fejlsikret tilstand, og tryk derefter på Indtast.
Vælg din normale konto.
Åbn ekstraheres SDFix mappe og dobbeltklik på RunThis.bat for at starte scriptet.
Type Y for at begynde Tilfældig proces.
Det vil fjerne enhver Trojan Service og registreringsdatabaseposter, at den konstaterer, derefter bede dig om at trykke på en tast for at genstarte.
Tryk på en tast, og det vil genstarte pc'en.
Når pc'en genstarter Fixtool vil løbe igen og færdiggøre processen til fjernelse derefter vise FinishedTryk på en vilkårlig tast for at afslutte scriptet og belastning skrivebordet ikoner.
Når skrivebordet ikoner indlæse SDFix rapport vil åbne på skærmen og også gemme i SDFix mappe som Report.txt
(Report.txt vil også blive kopieret til Udklipsholder).
Endelig tilføje indholdet af Report.txt i dit næste indlæg.

----------

Næste post
NoLop log
Vundofix log
SDFix log
Ny Hijackthis log

**rsteenoven** · #3 23 februar 2008, 14:18

NoLop! Log af Skate_Punk_21

Fix løber fra: C: \ Documents and Settings \ Graham
[23/02/2008]
[20:13:10]

--- Infection Files Found/Removed---
C: \ WINDOWS \ opgaver \ A9115856918AD032.job

Begyndelse Removal ...
Genstart ...
Fjernelse skære's sidesten filer / mapper ...
Redigering Justitskontor ...
** Fix Complete! **

--- Liste AppData sub directories ---

C: \ Documents and Settings \ All Users \ Application Data \ Adobe
C: \ Documents and Settings \ All Users \ Application Data \ Ahead
C: \ Documents and Settings \ All Users \ Application Data \ Aol
C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
C: \ Documents and Settings \ All Users \ Application Data \ Avg7
C: \ Documents and Settings \ All Users \ Application Data \ Bvrp Software
C: \ Documents and Settings \ All Users \ Application Data \ Fire Hjælp Søg 1
C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Sbsi
C: \ Documents and Settings \ All Users \ Application Data \ Sony Corporation
C: \ Documents and Settings \ All Users \ Application Data \ Superantispyware.com
C: \ Documents and Settings \ All Users \ Application Data \ Symantec
C: \ Documents and Settings \ All Users \ Application Data \ Temp - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Videoegg
C: \ Documents and Settings \ All Users \ Application Data \ synspunkt
C: \ Documents and Settings \ All Users \ Application Data \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Application Data \ Windows Live Toolbar
C: \ Documents and Settings \ Default User \ Application Data \ Identities
C: \ Documents and Settings \ Default User \ Application Data \ Microsoft
C: \ Documents and Settings \ Graham \ Application Data \ Adobe
C: \ Documents and Settings \ Graham \ Application Data \ Adobeum
C: \ Documents and Settings \ Graham \ Application Data \ Ahead
C: \ Documents and Settings \ Graham \ Application Data \ Anvil soft
C: \ Documents and Settings \ Graham \ Application Data \ Aol
C: \ Documents and Settings \ Graham \ Application Data \ Apple Computer
C: \ Documents and Settings \ Graham \ Application Data \ Avg7
C: \ Documents and Settings \ Graham \ Application Data \ Avs4you
C: \ Documents and Settings \ Graham \ Application Data \ Bias Vent Iso
C: \ Documents and Settings \ Graham \ Application Data \ Divx
C: \ Documents and Settings \ Graham \ Application Data \ Dvdcss
C: \ Documents and Settings \ Graham \ Application Data \ Epson
C: \ Documents and Settings \ Graham \ Application Data \ Google
C: \ Documents and Settings \ Graham \ Application Data \ Greyfirst
C: \ Documents and Settings \ Graham \ Application Data \ Grisoft
C: \ Documents and Settings \ Graham \ Application Data \ Identities
C: \ Documents and Settings \ Graham \ Application Data \ InstallShield
C: \ Documents and Settings \ Graham \ Application Data \ Intervideo
C: \ Documents and Settings \ Graham \ Application Data \ Lego Company
C: \ Documents and Settings \ Graham \ Application Data \ Macromedia
C: \ Documents and Settings \ Graham \ Application Data \ Microsoft
C: \ Documents and Settings \ Graham \ Application Data \ Monkeyjam
C: \ Documents and Settings \ Graham \ Application Data \ Mozilla
C: \ Documents and Settings \ Graham \ Application Data \ Panasonic
C: \ Documents and Settings \ Graham \ Application Data \ Real
C: \ Documents and Settings \ Graham \ Application Data \ Snapfish
C: \ Documents and Settings \ Graham \ Application Data \ søndag
C: \ Documents and Settings \ Graham \ Application Data \ Superantispyware.com
C: \ Documents and Settings \ Graham \ Application Data \ Symantec
C: \ Documents and Settings \ Graham \ Application Data \ Systemrequirementslab
C: \ Documents and Settings \ Graham \ Application Data \ Talkback
C: \ Documents and Settings \ Graham \ Application Data \ Teamspeak2
C: \ Documents and Settings \ Graham \ Application Data \ TSO
C: \ Documents and Settings \ Graham \ Application Data \ Videoegg
C: \ Documents and Settings \ Graham \ Application Data \ synspunkt
C: \ Documents and Settings \ Graham \ Application Data \ VLC
C: \ Documents and Settings \ Graham \ Application Data \ Xfire
C: \ Documents and Settings \ Graham \ Application Data \ You've Got Pictures Screensaver
C: \ Documents and Settings \ LocalService \ Application Data \ Avg7 - EMPTY Directory
C: \ Documents and Settings \ LocalService \ Application Data \ Microsoft
C: \ Documents and Settings \ LocalService \ Application Data \ Symantec
C: \ Documents and Settings \ NetworkService \ Application Data \ Microsoft

VundoFix V6.7.8

Checking Java version ...

Scan begyndte kl 20:28:56 23/02/2008

Notering filer fundet mens scanning ....

Ingen inficerede filer blev fundet.

Begyndelse fjernelse ...

SDFix: Version 1.145

Kør af Graham på 23/02/2008 til 20:59

Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ SDFix

Kontrol Services :

Retablering af Windows Registry Values
Retablering af Windows Default Hosts File

Genstart

Checking Files :

Nr. Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 21:06:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning skjulte processer ...

scanning skjulte tjenesteydelser & system hive ...

scanning skjulte registreringsdatabaseposter ...

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Prefetcher]
"TracesProcessed" = dword: 00000000
"TracesSuccessful" = dword: 00000000
"LastTraceFailure" = dword: 00000000

scanning skjulte filer ...

scanning afsluttet med succes
skjulte processer: 0
skjulte tjenester: 0
skjulte filer: 196

Resterende Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Programmer \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Programmer \ \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" = "C: \ \ Programmer \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe: *: Enabled : AOL "
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe" = "C: \ \ Programmer \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe: *: Enabled : AOL "
"C: \ \ Programmer \ \ AOL 9.0 \ \ waol.exe" = "C: \ \ Programmer \ \ AOL 9.0 \ \ waol.exe: *: Enabled: AOL 9.0"
"C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avginet.exe" = "C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avginet.exe: *: Enabled: avgine t.exe"
"C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avgamsvr.exe" = "C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avgamsvr.exe: *: Enabled: avgam svr.exe"
"C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avgcc.exe" = "C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avgcc.exe: *: Enabled: avgcc.ex e"
"C: \ \ Programmer \ \ Internet Explorer \ \ iexplore.exe" = "C: \ \ Programmer \ \ Internet Explorer \ \ iexplore.exe: *: Enabled: Internet Explorer"
"C: \ \ Programmer \ \ Xfire \ \ xfire.exe" = "C: \ \ Programmer \ \ Xfire \ \ xfire.exe: *: Enabled: Xfire"
"C: \ \ WINDOWS \ \ system32 \ \ dpvsetup.exe" = "C: \ \ WINDOWS \ \ system32 \ \ dpvsetup.exe: *: Enabled: Microsoft DirectPlay Voice Test"
"C: \ \ WINDOWS \ \ system32 \ \ rundll32.exe" = "C: \ \ WINDOWS \ \ system32 \ \ rundll32.exe: *: Enabled: Kør en DLL som et App"
"C: \ \ Programmer \ \ Wolfenstein - Enemy Territory \ \ ET.exe" = "C: \ \ Programmer \ \ Wolfenstein - Enemy Territory \ \ ET.exe: *: Enabled: ET"
"C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: Windows Live Messenger 8.1"
"C: \ \ Programmer \ \ MSN Messenger \ \ livecall.exe" = "C: \ \ Programmer \ \ MSN Messenger \ \ livecall.exe: *: Enabled: Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" = "C: \ \ Programmer \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe: *: Enabled : AOL "
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe" = "C: \ \ Programmer \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe: *: Enabled : AOL "
"C: \ \ Programmer \ \ AOL 9.0 \ \ waol.exe" = "C: \ \ Programmer \ \ AOL 9.0 \ \ waol.exe: *: Enabled: AOL 9.0"
"C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: Windows Live Messenger 8.1"
"C: \ \ Programmer \ \ MSN Messenger \ \ livecall.exe" = "C: \ \ Programmer \ \ MSN Messenger \ \ livecall.exe: *: Enabled: Windows Live Messenger 8.1 (Phone)"

Resterende Files :

Filer med Skjult Attributter :

Tirsdag 22 juni 2004 54.384 A.. H. --- "C: \ Programmer \ AOL 9.0 \ aolphx.exe"
Tirsdag 22 juni 2004 156.784 A.. H. --- "C: \ Programmer \ AOL 9.0 \ aoltray.exe"
Tirsdag 22 juni 2004 31.344 A.. H. --- "C: \ Programmer \ AOL 9.0 \ RBM.exe"
Onsdag den 9 januar 2002 1.097.728 A.. H. --- "C: \ Programmer \ VoyagerModemDrivers \ Dirapi.dll"
Onsdag 9 jan 2002 561.152 A.. H. --- "C: \ Programmer \ VoyagerModemDrivers \ Iml32.dll"
Onsdag 1 sep 2004 2.048 A.. H. --- "C: \ Programmer \ VoyagerModemDrivers \ ipchecking.exe"
Tirsdag den 8 januar 2002 266.293 A.. H. --- "C: \ Programmer \ VoyagerModemDrivers \ Msvcrt.dll"
Onsdag 9 jan 2002 151.552 A.. H. --- "C: \ Programmer \ VoyagerModemDrivers \ Proj.dll"
Tirsdag den 1 marts 2005 467.688 A.. H. --- "C: \ Programmer \ VoyagerModemDrivers \ WindowsXP-KB885295-x86-enu.exe"
Mandag den 15 oktober 2007 56 .. SHR --- "C: \ WINDOWS \ system32 \ F64AF6059C.sys"
Mandag den 15 oktober 2007 952 A.SH. --- "C: \ WINDOWS \ system32 \ KGyGaAvL.sys"
Onsdag 26 december 2007 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Mandag 26 februar 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Tors 20 sep 2007 0 A.. H. --- "C: \ Windows \ SoftwareDistribution \ Download \ cf7ced0e 70c80a1e476f1abf49afecb1 \ BIT1.tmp"

Færdig!

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 21:15:11 den 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLAcsd.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Programmer \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Programmer \ QuickTime \ qttask.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA CE.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe
C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe
C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
C: \ Programmer \ Intelligent \ Common \ RaUI.exe
C: \ Programmer \ Panasonic \ LUMIXSimpleViewer \ PhLeAutoRun.exe
C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page =
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://uk.yahoo.com/fsc/
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://uk.yahoo.com/fsc/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ ycomp5_3_19_0. dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ ycomp5_3_19_0. dll
O3 - Toolbar: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Programmer \ AOL Toolbar \ toolbar.dll
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM \ .. \ Run: [Epson Stylus DX3800 Series] C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA CE.EXE / P26 "Epson Stylus DX3800 Series" / O6 "USB001" / M " Stylus DX3800 "
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / START
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [AOL Spywarebeskyttelse] "C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe"
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [søger 1 springe mfcd] C: \ Documents and Settings \ All Users \ Application Data \ Fire Hjælp søges 1 \ Long bin.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [theowns] C: \ DOCUME ~ 1 \ Graham \ PROGRAMMER ~ 1 \ BIASWA ~ 1 \ SlowLoad.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk =?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C: \ Programmer \ AOL 9.0 \ aoltray.exe
O4 - Global Startup: Intelligent Wireless Utility.lnk = C: \ Programmer \ Intelligent \ Common \ RaUI.exe
O4 - Global Startup: Lumix Simpelt Viewer.lnk =?
O8 - Extra sammenhæng menupunktet: & AOL Toolbar søgning - res: / / C: \ Programmer \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O8 - Extra sammenhæng menupunkt: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Ekstra knap: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Programmer \ AOL Toolbar \ toolbar.dll
O9 - Extra 'Tools' MENUITEM: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Programmer \ AOL Toolbar \ toolbar.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Ekstra knap: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe
O9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe
O9 - Ekstra knap: @ C: \ Programmer \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: @ C: \ Programmer \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) -- http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl klasse) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: (6E5E167B-1566-4316-B27F-0DDAB3484CF7) (Image Uploader Control) -- http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AOL Tilslutningsmuligheder Service (AOL ACS) - America Online, Inc. - C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C: \ Programmer \ Common Files \ Sony Shared \ AVLib \ MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C: \ Programmer \ Common Files \ Sony Shared \ AVLib \ PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C: \ Programmer \ Common Files \ Sony Shared \ AVLib \ SPTISRV.exe

--
End of file - 8485 bytes

**evilfantasy** · #4 23 februar 2008, 14:26

Hent Combofix af subs fra en af de nedenstående links.
(Prøv alle tre, hvis det er nødvendigt)

Vigtigt! Combofix.exe SKAL gemmes på og løb fra Desktop.

Luk alle åbne Internet-browsere. (Firefox, Internet Explorer, osv.), før de starter Combofix.
Vigtigt! Midlertidigt deaktivere din antivirus, script blokering og enhver antispyware realtid beskyttelse før udførelse af en scanning.
- Klik på dette link at se en liste over sikkerhedsprogrammer, der skal være slået fra, og hvordan du deaktivere dem.
- Hvis din ikke er børsnoteret, og du ikke ved hvordan man deaktivere det, så spørg.
Advarsel: Combofix afbryder din computer fra Internettet. Forbindelsen automatisk gendannet før Combofix afslutter sit løb.
Dobbeltklik combofix.exe & følg instruktionerne.
- Fra tastaturet vælge 1 og tryk Indtast
Når du er færdig, vil den udarbejde en log for dig.
Post at logge på din næste svar.

Advarsel: Må ikke mouseclick combofix vindue mens den kører. Det kan få det til at stall

Hvis Combofix løber ind i vanskeligheder og udtræder for tidligt, at forbindelsen kan manuelt genoprettes ved at genstarte computeren.
Vigtigt: Husk at genaktivere dine antivirus-og antispyware før genskabe forbindelsen til internettet.

----------

Næste post
Combofix log
NYE Hijackthis log

**rsteenoven** · #5 23 februar 2008, 14:47

ComboFix 08-02-24.2 - Graham 2008-02-23 21:35:51.1 - NTFSx86
Kører fra: C: \ Documents and Settings \ Graham \ Desktop \ ComboFix.exe
* Skabt et nyt gendannelsespunkt

ADVARSEL-maskinen IKKE HAR RECOVERY CONSOLE INSTALLERET!!
.

((((((((((((((((((((((((( Files Created fra 2008-01-24 til 2008-02-24 ))))))))))) ))))))))))))))))))))
.

2008-02-23 20:57. 2008-02-23 20:57 <DIR> d -------- C: \ WINDOWS \ ERUNT
2008-02-23 20:50. 2008-02-23 21:09 <DIR> d -------- C: \ SDFix
2008-02-23 20:28. 2008-02-23 20:28 <DIR> d -------- C: \ VundoFix sikkerhedskopieringer
2008-02-23 20:14. 2008-02-23 20:16 <DIR> d -------- C: \ NoLopBackups
2008-02-23 19:41. 2008-02-23 19:41 <DIR> d -------- C: \ Programmer \ Trend Micro
2008-02-23 19:25. 2007-09-24 23:31 69.632 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2008-02-23 16:29. 2008-02-23 16:29 <DIR> d -------- C: \ Programmer \ CCleaner
2008-02-23 14:15. 2008-02-23 16:23 <DIR> d -------- C: \ Documents and Settings \ Graham \. Housecall6.6
2008-02-16 22:59. 2008-02-16 22:59 <DIR> d -------- C: \ Documents and Settings \ Graham \ Application Data \ dvdcss
2008-02-16 17:49. 2008-02-16 17:49 12.302.839 --------- C: \ avg7qt.dat
2008-02-14 11:21. 2008-02-14 11:21 <DIR> d -------- C: \ Programmer \ Bias Vent Iso
2008-02-05 19:36. 2008-02-05 19:36 268 - ah ----- C: \ sqmdata09.sqm
2008-02-05 19:36. 2008-02-05 19:36 244 - ah ----- C: \ sqmnoopt09.sqm
2008-01-31 02:02. 2008-01-31 02:02 54.608 - a ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008-01-26 19:25. 2008-02-23 19:11 <DIR> d -------- C: \ Programmer \ SUPERAntiSpyware
2008-01-26 19:25. 2008-01-26 19:25 <DIR> d -------- C: \ Documents and Settings \ Graham \ Application Data \ SUPERAntiSpyware.com
2008-01-26 19:25. 2008-01-26 19:25 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-26 19:22. 2008-01-26 19:22 <DIR> d -------- C: \ Programmer \ Common Files \ Wise Installation Wizard
2008-01-26 19:18. 2008-01-26 19:18 <DIR> d -------- C: \ Documents and Settings \ Graham \ Application Data \ Grisoft
2008-01-26 19:17. 2007-05-30 12:10 10.872 - a ------ C: \ Windows \ System32 \ Drivers \ AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 19:40 --------- d ----- w C: \ Programmer \ Java
2008-02-23 12:32 --------- d ----- w C: \ Documents and Settings \ Graham \ Application Data \ Xfire
2008-02-16 19:01 --------- d ----- w C: \ Documents and Settings \ Graham \ Application Data \ Bias Vent Iso
2008-02-16 18:54 --------- d ----- w C: \ Programmer \ SpeedFan
2008-02-16 17:49 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-02-14 16:57 --------- ds --- w C: \ Programmer \ Xfire
2008-02-14 11:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Fire Hjælp Søg 1
2008-01-26 19:17 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008-01-16 17:55 --------- d ----- w C: \ Programmer \ Circle udvikling
2008-01-16 16:20 --------- d ----- w C: \ Programmer \ Image-Line
2008-01-16 16:17 --------- d ----- w C: \ Programmer \ VstPlugins
2008-01-05 13:12 --------- d ----- w C: \ Programmer \ LEGO Company
2008-01-04 23:12 --------- d ----- w C: \ Programmer \ Windows Live
2008-01-04 23:12 --------- d ----- w C: \ Programmer \ MSN Messenger
2008-01-04 23:12 --------- d ----- w C: \ Programmer \ Messenger Plus! Levende
2008-01-04 23:12 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
2007-12-26 11:37 --------- d - h - w C: \ Programmer \ InstallShield Installation Information
2007-12-26 11:37 --------- d ----- w C: \ Programmer \ Digital Video
2007-12-26 11:36 --------- d ----- w C: \ Documents and Settings \ Graham \ Application Data \ InstallShield
2007-12-25 17:21 --------- d ----- w C: \ Programmer \ MonkeyJam
2007-12-07 00:44 666.112 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll
2007-12-04 18:38 550.912 ---- aw C: \ WINDOWS \ system32 \ Oleaut32.dll
2007-04-15 11:18 24.192 ---- aw C: \ Documents and Settings \ Graham \ usbsermptxp.sys
2007-04-15 11:18 22.768 ---- aw C: \ Documents and Settings \ Graham \ usbsermpt.sys
2007-10-15 16:48 56 - sh - r C: \ WINDOWS \ system32 \ F64AF6059C.sys
2007-10-15 16:48 952 - sha-w C: \ WINDOWS \ system32 \ KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"updateMgr" = "C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"theowns" = "C: \ DOCUME ~ 1 \ Graham \ PROGRAMMER ~ 1 \ BIASWA ~ 1 \ Sl owLoad.exe" [2008-02-14 11:20 435200]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"TkBellExe" = "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-08-22 07:26 185632]
"RTHDCPL" = "RTHDCPL.EXE" [2005-08-18 05:20 14820864 C: \ WINDOWS \ RTHDCPL.EXE]
"QuickTime Task" = "C: \ Programmer \ QuickTime \ qttask.exe" [2006-09-01 15:57 282624]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001-07-09 09:50 155648]
"igfxtray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2005-08-24 10:50 94208]
"igfxpers" = "C: \ WINDOWS \ system32 \ igfxpers.exe" [2005-08-24 10:51 114688]
"igfxhkcmd" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2005-08-24 10:47 77824]
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" [2005-01-07 15:07 61952 C: \ WINDOWS \ system32 \ HdAShCut.exe]
"Epson Stylus DX3800 Series" = "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIACE.exe" [2005-02-08 04:00 98304]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-21 15:07 579072]
"AOLDialer" = "C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe" [2004-11-09 23:22 497240]
"AOL Spywarebeskyttelse" = "C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ AOLSPY ~ 1 \ AOL SP Scheduler.exe" [2004-10-18 16:42 79448]
"søge 1 springe mfcd" = "C: \ Documents and Settings \ All Users \ Application Data \ Fire Hjælp søges 1 \ Long bin.exe" [2008-02-23 21:12 2885120]
"SunJavaUpdateSched" = "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-10-24 10:19 219136]

C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \
Adobe Gamma Loader.lnk - C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2006-01-10 19:06:38 113664]
Adobe Reader Speed Launch.lnk - C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe [2005-09-23 22:05:26 29696]
AOL 9.0 Tray Icon.lnk - C: \ Programmer \ AOL 9.0 \ aoltray.exe [2007-01-20 19:34:26 156784]
Intelligent Wireless Utility.lnk - C: \ Programmer \ Intelligent \ Common \ RaUI.exe [2006-11-11 11:18:12 626688]
Lumix Simpelt Viewer.lnk - C: \ Programmer \ Panasonic \ LUMIXSimpleViewer \ PhLeAutoRun.exe [2006-12-02 09:48:19 61440]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \! SASWinLogon]
C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Programmer \ \ Messenger \ \ msmsgs.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" =
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe" =
"C: \ \ Programmer \ \ AOL 9.0 \ \ waol.exe" =
"C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avginet.exe" =
"C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avgamsvr.exe" =
"C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avgcc.exe" =
"C: \ \ Programmer \ \ Internet Explorer \ \ iexplore.exe" =
"C: \ \ Programmer \ \ Xfire \ \ xfire.exe" =
"C: \ \ WINDOWS \ \ system32 \ \ dpvsetup.exe" =
"C: \ \ WINDOWS \ \ system32 \ \ rundll32.exe" =
"C: \ \ Programmer \ \ Wolfenstein - Enemy Territory \ \ ET.exe" =
"C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe" =
"C: \ \ Programmer \ \ MSN Messenger \ \ livecall.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"27950: UDP" = 27950: UDP: Wolfenstein
"27951: UDP" = 27951: UDP: Wolfenstein1
"27960: UDP" = 27960: UDP: Wolfenstein2

R3 AN983; ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C: \ Windows \ System32 \ Drivers \ AN983.sys [2005-01-13 08:28]
S3 CoachUsb; Coach Digital Kamera på USB; C: \ Windows \ System32 \ Drivers \ CoachUsb.sys [2004-01-22 12:41]

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 21:39:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning skjulte processer ...

scanning skjulte autostart entries ...

scanning skjulte filer ...

scanning afsluttet med succes
skjulte filer: 0

************************************************** ************************
.
Afslutning tid: 2008-02-24 21:42:27
.
2008-02-13 12:22:05 --- EOF ---

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 21:45:13 den 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLAcsd.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Programmer \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Programmer \ QuickTime \ qttask.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA CE.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe
C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe
C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ Intelligent \ Common \ RaUI.exe
C: \ Programmer \ Panasonic \ LUMIXSimpleViewer \ PhLeAutoRun.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ Notepad.exe
C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page =
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://uk.yahoo.com/fsc/
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://uk.yahoo.com/fsc/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ ycomp5_3_19_0. dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ ycomp5_3_19_0. dll
O3 - Toolbar: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Programmer \ AOL Toolbar \ toolbar.dll
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM \ .. \ Run: [Epson Stylus DX3800 Series] C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA CE.EXE / P26 "Epson Stylus DX3800 Series" / O6 "USB001" / M " Stylus DX3800 "
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / START
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [AOL Spywarebeskyttelse] "C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe"
O4 - HKLM \ .. \ Run: [søger 1 springe mfcd] C: \ Documents and Settings \ All Users \ Application Data \ Fire Hjælp søges 1 \ Long bin.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [theowns] C: \ DOCUME ~ 1 \ Graham \ PROGRAMMER ~ 1 \ BIASWA ~ 1 \ SlowLoad.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk =?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C: \ Programmer \ AOL 9.0 \ aoltray.exe
O4 - Global Startup: Intelligent Wireless Utility.lnk = C: \ Programmer \ Intelligent \ Common \ RaUI.exe
O4 - Global Startup: Lumix Simpelt Viewer.lnk =?
O8 - Extra sammenhæng menupunktet: & AOL Toolbar søgning - res: / / C: \ Programmer \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O8 - Extra sammenhæng menupunkt: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Ekstra knap: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Programmer \ AOL Toolbar \ toolbar.dll
O9 - Extra 'Tools' MENUITEM: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Programmer \ AOL Toolbar \ toolbar.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Ekstra knap: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: @ C: \ Programmer \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: @ C: \ Programmer \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) -- http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl klasse) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: (6E5E167B-1566-4316-B27F-0DDAB3484CF7) (Image Uploader Control) -- http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AOL Tilslutningsmuligheder Service (AOL ACS) - America Online, Inc. - C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C: \ Programmer \ Common Files \ Sony Shared \ AVLib \ MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C: \ Programmer \ Common Files \ Sony Shared \ AVLib \ PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C: \ Programmer \ Common Files \ Sony Shared \ AVLib \ SPTISRV.exe

--
End of file - 8061 bytes

**evilfantasy** · #6 23 februar 2008, 14:55

Scan Mistænkelige File (s)

Besøg én af følgende:
(Flere steder er givet i tilfælde en ikke fungerer)

Kopier filstien i kode boksen nedenfor.

Code:

C: \ Documents and Settings \ All Users \ Application Data \ Fire Hjælp søges 1 \ Long bin.exe

Code:

C: \ DOCUME ~ 1 \ Graham \ PROGRAMMER ~ 1 \ BIASWA ~ 1 \ SlowLoad.exe

Bemærk: Du kan kun scanne en fil ad gangen, så du bliver nødt til at gentage procecc og efter både scanne resultater.

Ved upload site, klik en gang inde i vinduet ved siden af Browse.
Tryk Ctrl + V på tastaturet (begge dele på samme tid) for at indsætte filstien i vinduet.
Næste klikke Send File / Indsend / Upload (afhængigt af anlæg)
- Din fil vil muligvis være trådt i en kø, der normalt tager mindre end et minut til at klare.
Dette vil foretage en scanning på tværs af flere forskellige virusscanningen motorer.
Vent venligst, for alle de scanning motorer til at fuldføre.
Kopier og derefter indsætte resultaterne i den næste svar.

**rsteenoven** · #7 23 februar 2008, 15:19

Long bin.exe

Antivirus Version Last Update Result AhnLab-V32008.2.22.02008.02.22-AntiVir7.6.0.672008.02.22-Authentium4.93.82008.02.23-Avast4.7.1098.02008.02.23-AVG7.5.0.5162008.02.22-BitDefender7.22008.02.23 -CAT-QuickHeal9.502008.02.22-ClamAV0.92.12008.02.23-DrWeb4.44.0.091702008.02.23-eSafe7.0.15.02008.02.21-eTrust-Vet31.3.55572008.02.23-Ewido4.02008.02.23-FileAdvisor12008.02.23-Fortinet3 .14.0.02008.02.23-F-Prot4 .4.2.542008.02.23-F-Secure6 .70.13260.02008.02.23-IkarusT3 .1.1.202008.02.23-Kaspersky7 .0.0.1252008.02.23-McAfee52362008 .02.22-Microsoft1 .32042008.02 .23-NOD32v228982008 .02.23-Norman5 .80.022008.02.22-Panda9 .0.0.42008.02.23-Prevx1V22008 .02.23-Rising20 .32.52.002008.02.23-Sophos4 .26.02008.02.23-Sunbelt3 .0.893.02008.02.23-Symantec102008 .02.23 -TheHacker6.2.9.2282008.02.23-VBA323.12.6.12008.02.21-VirusBuster4.3.26 :92008.02.23-Webwasher-Gateway6 .6.22008.02.23 - Yderligere oplysninger Filstørrelse: 2885120 bytesMD5: 394ff269da96f0189c9a2df92df41e46SHA1: bb51404b2d9c0c03e273f75f20cd01bd5aad5802PEiD: --

SlowLoad.exe

Antivirus Version Last Update Result AhnLab-V32008.2.22.02008.02.22-AntiVir7.6.0.672008.02.22-Authentium4.93.82008.02.23Possibly en ny variant af W32/Swizzor-based! MaximusAvast4.7.1098.02008.02.23-AVG7.5.0 .5162008.02.22-BitDefender7 .22008.02.23-CAT-QuickHeal9 .502008.02.22-ClamAV0 .92.12008.02.23-DrWeb4 .44.0.091702008.02.23-eSafe7 .0.15.02008.02.21-eTrust-Vet31 .3.55572008.02.23-Ewido4 .02008.02.23-FileAdvisor12008.02.23-Fortinet3.14.0.02008.02.23-F-Prot4.4.2.542008.02.23W32/Swizzor-based! MaximusF-Secure6.70.13260.02008.02.23-IkarusT3.1.1.202008.02.23-Kaspersky7 .0.0.1252008.02.23-McAfee52362008 .02.22-Microsoft1 .32042008.02.23-NOD32v228982008 .02.23-Norman5 .80.022008.02.22-Panda9 .0.0.42008.02.23-Prevx1V22008 .02.23-Rising20 .32.52.002008.02.23-Sophos4 .26.02008 .02.23-Sunbelt3 .0.893.02008.02.23-Symantec102008 .02.23-TheHacker6 .2.9.2282008.02.23-VBA323 .12.6.12008.02.21-VirusBuster4 .3.26:92008.02.23 Trojan.DL.Swizzor.Gen! Pac.2Webwasher-Gateway6 .6.22008.02.23 - Yderligere oplysninger Filstørrelse: 435.200 bytesMD5: a8063318bfd0a7d6c9c4059d4506d021SHA1: 17a4d06e242919227ccc3f4e1c3b38dafbad4263PEiD: --

**evilfantasy** · #8 23 februar 2008, 15:35

Kør det F-Secure Online Scanner

Bemærk: Denne scanner virker med Internet Explorer Kun!

Rul ned til bunden af siden og klik på Start scanning knappen. Et vindue vil poppe op.
Tillad Active X-kontrol, der skal installeres på din computer, og klik derefter på Accepter knappen
Klik på Full System Scan og gøre det muligt for komponenter for at hente og scanningen at fuldføre.
Hvis malware er fundet, skal du kontrollere, Indsende prøver til F-Secure derefter vælge Automatisk rengøring
Når rengøringen er finitished, skal du klikke på Vis rapport (dette vil åbne et vindue i Internet Explorer indeholder rapporten)
Fremhæv og Kopiér (Ctrl + C) den samlede rapport, og indsæt (CTRL + V) i et nyt svar til dette indlæg
- Hvis Automatisk rensning med Indsend prøver hænger, skal du klikke på Annuller, Derefter Ny Scan
Når rengøring valgmulighed er fremlagt, Fjern markeringen Indsende prøver til F-Secure
Klik på Automatisk rengøring
Når rengøringen er finitished, skal du klikke på Vis rapport (dette vil åbne et vindue i Internet Explorer indeholder rapporten)
Fremhæv og Kopiér (Ctrl + C) den samlede rapport, og indsæt (CTRL + V) i et nyt svar til dette indlæg.

Hvis det er nødvendigt gå til Start> Kør> skriv Notepad.exe tryk derefter på OK.
Indsæt logge ind Notesblok og gemme den på skrivebordet, så det kan nemt blive offentliggjort senere.

Denne scanning kan tage temmelig lang tid, så vær tålmodig

----------

Næste post
F-Secure log

Også lade mig vide, hvordan computeren er nu.

**rsteenoven** · #9 23 februar 2008, 16:11

Scanningen plejer arbejde, ir holder siger en fejl er opstået.

Enhver idé?

**evilfantasy** · #10 23 februar 2008, 16:13

Er du bruger det i Internet Explorer? Hvis den ikke vil arbejde derefter bruge BitDefender.

Denne scanner virker med Internet Explorer kun
Gå til BitDefender Online Scanner
Klik på Jeg accepterer til licens og derefter installere ActiveX-objektet.
Vær så venlig MÅ IKKE ændre Scanning Valg.
Det vil gøre dine logfiler enorm, og vi behøver ikke at se ren filer.
Vælg Start Scan at begynde.
Denne scanning kan tage et stykke tid, så vær tålmodig og lad den fuldstændige.

Når Bitdefender fuldfører scan:
Klik på de Opdages Problemer fane.
Vælg derefter Klik her for at eksportere scanningen rapport

Når vinduet kommer op at gemme rapporten, ændre Gem som type: boksen for at:
Tekst (Tab Afgrænset) (*. txt) og derefter i Filnavn boks ind ændring bdscan klik derefter på Gemme

Dette vil gemme en fil med navnet bdscan.txt. Jeg vil foreslå at gemme den til Desktop så du nemt kan finde det.
(tage varsel om, hvor du gemmer det, så du kan finde den senere)

Denne bdcan.txt filen faktisk vil indeholde HTML-koden, at vi kan nemt få vist senere, samtidig med en gennemgang af din log. Alt, hvad vi skal gøre, er at omdøbe filen til bdscan.html.

Hvis du ikke følge disse trin, vil du have en forkert log eller værre en log resumé, som er ubrugelig for os

Post den bdscan.txt i den næste post.

Lignende Tråde
Tråd	Thread Starter	Forum	Svar	Last Post
Kan virus virkelig stjæle ID information?	jill8beans2	Virus, Spyware & Sikkerhed	10	16 marts 2009 05:21
Tænk min desktop PC blevet inficeret med bugs / vira! Enhver hjælp?	Theresonly1	Virus, Spyware & Sikkerhed	21	2 februar 2009 13:34
Tonsvis af virus'	crazythumbs23	Virus, Spyware & Sikkerhed	3	10 november 2008 09:58
Tons af vira, tror jeg!	Begrebet	Virus, Spyware & Sikkerhed	6	15. maj 2008 13:12
Virus???	virusinfected	Virus, Spyware & Sikkerhed	39	1 august 2007 00:59