* Uofficiel Black/White liste V3
|
Denne tråd er over 6 måneder gammel
Er du sikker på, at du har noget relevant at tilføje?
TrojanAf Gæst TWP | 15-12-2007 14:06 | 1533 visninger | 23 svar, hop til senesteHjælp! Jeg har fået noget nasty shit på computeren.
Et program som har lagt sig i proceslinien og åbener websider til steder som, Virusprotect og ligende. Der popper konstant vinduer op med råd om at købe spyware og andet spam.
Mcafee og SPYWAREfighter har fundet noget men ikke det aktuelle problem.
En mappe med filer jeg ikke kan få rettigheder til at slette har lagt sig under programmer med navnet video Add-on(jeg har denne under mistanke).
spyware doctor finder i mellem tiden 9 lav - høj risiko filer men så skal man jo betale for en opdatering.
nogen der kan hjælpe?!
--
Gæstebruger, opret dit eget login og få din egen signatur.
#0
Hvis du vil, kan vi da lige tage et check og se, hvad der evt. gemmer sig på din PC?!
--------
Hent nedenstående programmer (til fx Skrivebordet) og kør dem:
Combofix
http://download.bleepingcomputer.com[...]
(Følg vejledningen i vinduet.
VIGTIGT! Du må ikke klikke på vinduet, mens det kører, da det kan få din PC til at fryse!
Når combofix er færdig og har genstartet, åbnes en logfil, som kan findes her >>> C:\combofix.txt)
HijackThis (skal gemmes i egen mappe – fx på Skrivebordet!)
http://www.trendsecure.com[...]
(Klik så på hijacthis.exe filen, Vælg "Do a system scan and save a logfile". Luk ned for HJT-programmet og for Notepad-vinduet. Programmet gemmer automatisk loggen i den mappe, programmet selv ligger i).
--------
Kopier så log fra både HJT og Combofixet herind til kontrol.
//*Cookie
--
--
Member of Alliance of Security Analysis Professionals
http://asap.maddoktor2.com[...] ok prøver....
--
Gæstebruger, opret dit eget login og få din egen signatur. ComboFix 07-12-15.5 - theis wolter 2007-12-15 14:55:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.294 [GMT 1:00]
Running from: E:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\theis wolter\err.log
C:\Programmer\Helper
C:\Programmer\Helper\mattsearch.dll
C:\WINDOWS\system32\wowlze.dll
.
((((((((((((((((((((((((( Files Created from 2007-11-15 to 2007-12-15 )))))))))))))))))))))))))))))))
.
2007-12-15 13:45 . 2007-12-15 14:11 d-------- C:\Programmer\Spyware Doctor
2007-12-15 13:45 . 2007-12-15 13:45 d-------- C:\Documents and Settings\theis wolter\Application Data\PC Tools
2007-12-15 13:45 . 2007-12-15 14:02 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-15 13:45 . 2007-12-15 14:02 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-15 13:45 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-15 13:45 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-15 13:40 . 2007-12-15 13:40 d-------- C:\Programmer\Trend Micro
2007-12-15 10:22 . 2007-12-15 10:23 d-------- C:\Programmer\SPYWAREfighter
2007-12-15 10:22 . 2007-12-15 10:22 d-------- C:\Programmer\Fælles filer\Application
2007-12-15 10:07 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-14 19:16 . 2007-12-14 19:16 d-------- C:\Programmer\SiteAdvisor
2007-12-14 19:16 . 2007-12-15 13:41 d-------- C:\Documents and Settings\theis wolter\Application Data\SiteAdvisor
2007-12-14 19:16 . 2007-12-14 19:16 d-------- C:\Documents and Settings\LocalService\Skrivebord
2007-12-14 19:16 . 2007-12-14 19:16 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-14 19:16 . 2007-12-14 19:16 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-14 19:16 . 2007-12-15 15:00 9,153 --a------ C:\WINDOWS\system32\Config.MPF
2007-12-14 19:14 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-14 19:14 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-12-14 19:14 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-14 19:14 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-12-14 19:14 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-14 19:14 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-12-14 19:13 . 2007-12-15 10:29 d-------- C:\Programmer\McAfee
2007-12-14 19:13 . 2007-12-14 19:14 d-------- C:\Programmer\Fælles filer\McAfee
2007-12-14 19:07 . 2007-12-14 19:20 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-09 13:13 . 2007-12-14 17:35 d-------- C:\Programmer\Macrogaming
2007-12-09 11:17 . 2007-02-09 16:34 198,144 --------- C:\WINDOWS\system32\_psisdecd.dll
2007-12-05 20:12 . 2007-12-09 11:17 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-05 20:11 . 2007-02-09 16:34 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-12-05 20:09 . 2007-12-09 11:16 d-------- C:\Programmer\CyberLink
2007-12-05 20:09 . 2007-02-09 16:34 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2007-11-29 19:28 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-11-29 19:28 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-11-20 09:50 . 2007-11-23 08:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-15 13:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-15 09:08 --------- d-----w C:\Programmer\Google
2007-12-14 18:20 --------- d-----w C:\Programmer\McAfee.com
2007-12-14 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-14 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-14 10:06 --------- d-----w C:\Programmer\Java
2007-12-12 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-09 09:51 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-12-07 10:34 --------- d-----w C:\Programmer\Windows Live Toolbar
2007-11-21 17:34 --------- d-----w C:\Documents and Settings\theis wolter\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 10:48 --------- d-----w C:\Documents and Settings\theis wolter\Application Data\dvdcss
2007-11-07 17:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-07 17:10 --------- d--h--r C:\Documents and Settings\theis wolter\Application Data\SecuROM
2007-11-07 16:13 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2007-11-07 16:12 --------- d-----w C:\Programmer\AGEIA Technologies
2007-10-29 22:44 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-21 19:03 --------- d-----w C:\Documents and Settings\theis wolter\Application Data\InstallShield
2007-10-20 11:54 --------- d-----w C:\Programmer\Picasa2
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-16 11:40 --------- d-----w C:\Documents and Settings\theis wolter\Application Data\U3
2007-10-03 17:19 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-12 21:10 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Application Data\Microsoft\Feeds Cache\index.dat
2007-07-24 22:42 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012007072420070725\index.dat
2007-07-28 09:04 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012007072820070729\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014}]
C:\Programmer\Video Add-on\isfmdl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{F2BADA0D-FD61-45EF-A994-64A073FD6613}
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
[HKEY_CLASSES_ROOT\clsid\{f2bada0d-fd61-45ef-a994-64a073fd6613}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F2BADA0D-FD61-45EF-A994-64A073FD6613}"= C:\Programmer\Video Add-on\ictmdl.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{f2bada0d-fd61-45ef-a994-64a073fd6613}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"MsnMsgr"="~C:\Programmer\MSN Messenger\MsnMsgr.exe" []
"OM2_Monitor"="C:\Programmer\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-23 09:40]
"ErrorSafeFree"="C:\Programmer\ErrorSafe Free\uers.exe" []
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe" [2005-09-16 08:47]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09]
"Zykon Z1 Mouse"="C:\PROGRA~1\THEISW~1\Zykon\Z1Driver.exe" [2007-01-29 16:27]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-15 10:08]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-27 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-29 03:05 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 22:49 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 02:43 C:\WINDOWS\Alcmtr.exe]
"SMSERIAL"="C:\Programmer\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-23 01:31]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 22:51]
"IFXSPMGT"="C:\WINDOWS\system32\IFXSPMGT.exe" [2006-11-13 22:23]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 13:00 C:\WINDOWS\system32\bthprops.cpl]
"uerscw"="C:\Programmer\ErrorSafe Free\uerscw.exe" []
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2007-06-29 05:24]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-07 15:55]
"StxTrayMenu"="C:\Programmer\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 12:20]
"@"="" []
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09]
"mcagent_exe"="C:\Programmer\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"SiteAdvisor"="C:\Programmer\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 22:57]
"spywarefighterguard"="C:\Programmer\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]
"SDTray"="C:\Programmer\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00]
"Picasa Media Detector"="E:\Picasa2\PicasaMediaDetector.exe" []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys
R3 hidshim;Service for HID-KMDF Shim layer;C:\WINDOWS\system32\DRIVERS\hidshim.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
R3 SpyFighter;SpyFighter Guard Device;\??\C:\Programmer\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programmer\SPYWAREfighter\spfprc.exe"
R3 winbondhidcir;Winbond HID CIR Receiver;C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys
S0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys
S3 AR5416;Atheros AR5008 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5416.sys
S3 u3kh;ASUS My Cinema U3000 Hybrid;C:\WINDOWS\system32\DRIVERS\u3kh.sys
S3 u3khrc;ASUS Infrared Receiver;C:\WINDOWS\system32\DRIVERS\u3khrc.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cf571e8-7bdc-11dc-bb0d-00a0d1c23ff4}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 10:05:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-12-14 18:14:19 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-12-14 18:14:17 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-12-15 12:37:01 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net[...]
Rootkit scan 2007-12-15 15:00:14
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-15 15:01:42
.
2007-12-12 20:09:16 --- E O F ---
--
Gæstebruger, opret dit eget login og få din egen signatur. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:27, on 15-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Seagate\SystemTray\StxMenuMgr.exe
C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
C:\Programmer\McAfee.com\Agent\mcagent.exe
C:\Programmer\SiteAdvisor\6172\SiteAdv.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\Programmer\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\THEISW~1\Zykon\Z1Driver.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FLLESF~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FLLESF~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmer\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Programmer\Spyware Doctor\svcntaux.exe
C:\Programmer\Spyware Doctor\swdsvc.exe
C:\Programmer\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Memeo\AutoBackup\MemeoBackup.exe
C:\Programmer\Infineon\Security Platform Software\PSDrt.exe
C:\Programmer\Infineon\Security Platform Software\SpTna.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com[...]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com[...]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com[...]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com[...]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk[...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmer\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014} - C:\Programmer\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: IE Custom Tools - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - C:\Programmer\Video Add-on\ictmdl.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmer\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmer\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [uerscw] C:\Programmer\ErrorSafe Free\uerscw.exe -c
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Programmer\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Programmer\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmer\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Programmer\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Programmer\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ErrorSafeFree] C:\Programmer\ErrorSafe Free\uers.exe /scan
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Zykon Z1 Mouse] C:\PROGRA~1\THEISW~1\Zykon\Z1Driver.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Programmer\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com[...] (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com[...] (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL= http://www.zepto.com[...]
O15 - Trusted Zone: *.bec.dk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com[...]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com[...]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Programmer\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FLLESF~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FLLESF~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmer\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - E:\Programmer\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programmer\SiteAdvisor\6172\SAService.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe
--
End of file - 12446 bytes
--
Gæstebruger, opret dit eget login og få din egen signatur. ...umiddlbart vil jeg mene at combofix har ordnet problemet?!
Der ikke noget icon i proceslinien der popper op mere og ingen
meddelser om spyware ... det er et mirakel:)
- eller hvad?
--
Gæstebruger, opret dit eget login og få din egen signatur. Nu har jeg ikke lige læst den log overstående igennem, men jeg ville hente avast, avg eller lign og starte spanden om i fejlsikret tilstand, og så fixe virus/soyware derfra ..
Goodluck
--
Yeah! #5
Du kom desværre kun af med det mindst uskadelige malware. Det fremgår af logsene, at PCen har fået reddet sig en del ret seriøst skidt! Kommer vi ikke af med det i en fart, begynder de at gå i dine systemfiler.
--------
Hent nedenstående programmer (til fx Skrivebordet), men vent med at bruge dem, til jeg siger til:
CCleaner
http://www.filehippo.com[...]
(Fjern fluebenet ud for installation af Yahoo Toolbar.)
AVG AntiSpyware/Ewido
http://download.ewido.net[...]
SuperAntiSpyware
http://www.superantispyware.com[...]
(Du bliver tilbudt et check af din PC, og registrering med email. Spring alt det over og fortsæt installationen. Check for opdateringer. Opdater programmet, så det er klart til brug.)
SmitfraudFix
http://siri.urz.free.fr[...]
--------
Genstart PC i fejlsikret tilstand ( tryk F8 gentagne gange ved opstart.).
Kør så nedenstående programmer - i nævnte rækkefølge:
CCleaner
(Start programmet. Under Programmer, fjern fluebenet i Outlook2003, hvis du bruger det.
Klik på kør Cleaner og lad programmet fjerne, hvad det finder.
AVG AntiSpyware
(Når du starter scanneren vil den opdatere automatisk. Scan og lad den fjerne, hvad den finder. Husk at vælge "Save report", inden du klikker "Remove infections".)
SuperAntiSpyware
(Check manuelt for opdateringer, inden du scanner. Klik på ”Scan your computer”, vælg drev, der skal scannes og sæt prikken i ”Perform Complete Scan”. Når scanningen er færdig, skal du lade scanneren fjerne alt det, den har fundet. Klik Next og den vil genstarte din PC.)
HVIS SAS genstarter din PC, må du genstarte den igen i fejlsikret tilstand og kør:
SmitfraudFix
(Dobbeltklik på SmitfraudFix, tast 2 og tryk på . Lad programmet gennemføre en rensning. Fixet genstarter muligvis computeren og laver en lille tekstfil, som du kan finde her >>> C:\rapport.txt)
--------
Genstart så PC i normal tilstand ( hvis ikke fixene har gjort det for dig)
Kør så nedenstående programmer igen – i nævnte rækkefølge:
- Combofix
- HJT
--------
Post så logs fra HJT herind til kontrol – sammen med logs AVG AS, SAS, Smitfraud og Combo. Skriv også gerne et par ord om, hvordan PC’en opfører sig nu.
//*Cookie
--
--
Member of Alliance of Security Analysis Professionals
http://asap.maddoktor2.com[...] #6 ->Nu har jeg ikke lige læst den log overstående igennem
Så lad være med at blande dig.. Ingen af de programmer du nævner kan klare de infektioner der er i den log.
Det er kun vejledningen fra Cookie, der kan rense den log
--
Med venlig hilsen Arlet
www.arlet.dk[...]
www.malwarecheck.dk[...] ComboFix 07-12-15.5 - theis wolter 2007-12-16 22:11:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.382 [GMT 1:00]
Running from: C:\Documents and Settings\theis wolter\Skrivebord\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-16 to 2007-12-16 )))))))))))))))))))))))))))))))
.
2007-12-16 21:21 . 2007-12-16 21:21 2,748 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 19:14 . 2007-12-16 19:14 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-16 18:41 . 2007-12-16 20:25 d-------- C:\Programmer\SUPERAntiSpyware
2007-12-16 18:41 . 2007-12-16 18:41 d-------- C:\Documents and Settings\theis wolter\Application Data\SUPERAntiSpyware.com
2007-12-16 18:33 . 2007-12-16 18:33 d-------- C:\Programmer\CCleaner
2007-12-15 13:45 . 2007-12-15 14:11 d-------- C:\Programmer\Spyware Doctor
2007-12-15 13:45 . 2007-12-15 13:45 d-------- C:\Documents and Settings\theis wolter\Application Data\PC Tools
2007-12-15 13:45 . 2007-12-15 14:02 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-15 13:45 . 2007-12-15 14:02 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-15 13:45 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-15 13:45 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-15 13:40 . 2007-12-15 13:40 d-------- C:\Programmer\Trend Micro
2007-12-15 10:22 . 2007-12-15 10:23 d-------- C:\Programmer\SPYWAREfighter
2007-12-15 10:22 . 2007-12-15 10:22 d-------- C:\Programmer\Fælles filer\Application
2007-12-15 10:07 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-14 19:16 . 2007-12-14 19:16 d-------- C:\Programmer\SiteAdvisor
2007-12-14 19:16 . 2007-12-15 13:41 d-------- C:\Documents and Settings\theis wolter\Application Data\SiteAdvisor
2007-12-14 19:16 . 2007-12-14 19:16 d-------- C:\Documents and Settings\LocalService\Skrivebord
2007-12-14 19:16 . 2007-12-14 19:16 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-14 19:16 . 2007-12-16 14:30 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-14 19:16 . 2007-12-16 22:17 10,235 --a------ C:\WINDOWS\system32\Config.MPF
2007-12-14 19:14 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-14 19:14 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-12-14 19:14 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-14 19:14 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-12-14 19:14 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-14 19:14 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-12-14 19:13 . 2007-12-15 10:29 d-------- C:\Programmer\McAfee
2007-12-14 19:13 . 2007-12-14 19:14 d-------- C:\Programmer\Fælles filer\McAfee
2007-12-14 19:07 . 2007-12-14 19:20 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-09 13:13 . 2007-12-14 17:35 d-------- C:\Programmer\Macrogaming
2007-12-09 11:17 . 2007-02-09 16:34 198,144 --------- C:\WINDOWS\system32\_psisdecd.dll
2007-12-05 20:12 . 2007-12-09 11:17 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-05 20:11 . 2007-02-09 16:34 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-12-05 20:09 . 2007-12-09 11:16 d-------- C:\Programmer\CyberLink
2007-12-05 20:09 . 2007-02-09 16:34 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2007-11-29 19:28 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-11-29 19:28 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-11-20 09:50 . 2007-11-23 08:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 20:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-15 09:08 --------- d-----w C:\Programmer\Google
2007-12-14 18:20 --------- d-----w C:\Programmer\McAfee.com
2007-12-14 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-14 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-14 10:06 --------- d-----w C:\Programmer\Java
2007-12-12 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-09 09:51 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-12-07 10:34 --------- d-----w C:\Programmer\Windows Live Toolbar
2007-11-21 17:34 --------- d-----w C:\Documents and Settings\theis wolter\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 10:48 --------- d-----w C:\Documents and Settings\theis wolter\Application Data\dvdcss
2007-11-07 17:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-07 17:10 --------- d--h--r C:\Documents and Settings\theis wolter\Application Data\SecuROM
2007-11-07 16:13 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2007-11-07 16:12 --------- d-----w C:\Programmer\AGEIA Technologies
2007-10-29 22:44 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-21 19:03 --------- d-----w C:\Documents and Settings\theis wolter\Application Data\InstallShield
2007-10-20 11:54 --------- d-----w C:\Programmer\Picasa2
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-16 11:40 --------- d-----w C:\Documents and Settings\theis wolter\Application Data\U3
2007-10-03 17:19 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-12 21:10 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Application Data\Microsoft\Feeds Cache\index.dat
2007-07-24 22:42 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012007072420070725\index.dat
2007-07-28 09:04 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012007072820070729\index.dat
.
((((((((((((((((((((((((((((( snapshot@2007-12-15_15.00.37,70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-16 17:41:22 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-12-16 17:41:21 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-12-16 17:41:22 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2007-12-15 13:15:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-16 17:50:37 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-15 13:15:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat
+ 2007-12-16 17:50:37 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat
- 2007-12-15 13:15:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-16 17:50:37 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"MsnMsgr"="~C:\Programmer\MSN Messenger\MsnMsgr.exe" []
"OM2_Monitor"="C:\Programmer\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-23 09:40]
"ErrorSafeFree"="C:\Programmer\ErrorSafe Free\uers.exe" []
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe" [2005-09-16 08:47]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09]
"Zykon Z1 Mouse"="C:\PROGRA~1\THEISW~1\Zykon\Z1Driver.exe" [2007-01-29 16:27]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-15 10:08]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-27 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-29 03:05 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 22:49 C:\WINDOWS\RTHDCPL.exe]
"SMSERIAL"="C:\Programmer\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-23 01:31]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 22:51]
"IFXSPMGT"="C:\WINDOWS\system32\IFXSPMGT.exe" [2006-11-13 22:23]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 13:00 C:\WINDOWS\system32\bthprops.cpl]
"uerscw"="C:\Programmer\ErrorSafe Free\uerscw.exe" []
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2007-06-29 05:24]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-07 15:55]
"StxTrayMenu"="C:\Programmer\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 12:20]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09]
"mcagent_exe"="C:\Programmer\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"SiteAdvisor"="C:\Programmer\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 22:57]
"spywarefighterguard"="C:\Programmer\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]
"SDTray"="C:\Programmer\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00]
"Picasa Media Detector"="E:\Picasa2\PicasaMediaDetector.exe" []
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys
R3 hidshim;Service for HID-KMDF Shim layer;C:\WINDOWS\system32\DRIVERS\hidshim.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
R3 SpyFighter;SpyFighter Guard Device;\??\C:\Programmer\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programmer\SPYWAREfighter\spfprc.exe"
R3 winbondhidcir;Winbond HID CIR Receiver;C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys
S0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys
S3 AR5416;Atheros AR5008 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5416.sys
S3 u3kh;ASUS My Cinema U3000 Hybrid;C:\WINDOWS\system32\DRIVERS\u3kh.sys
S3 u3khrc;ASUS Infrared Receiver;C:\WINDOWS\system32\DRIVERS\u3khrc.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cf571e8-7bdc-11dc-bb0d-00a0d1c23ff4}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 10:05:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-12-14 18:14:19 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-12-14 18:14:17 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-12-16 20:37:56 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net[...]
Rootkit scan 2007-12-16 22:17:20
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-16 22:19:55
C:\ComboFix2.txt ... 2007-12-15 15:01
.
2007-12-12 20:09:16 --- E O F ---
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net[...]
__________________________________________________
Name: Adware.Comet
Path: C:\System Volume Information\_restore{17DC14D2-2C6C-4839-885B-32EF3D44959E}\RP82\A0011325.exe
Risk: Medium
Name: Adware.ErrorSafe
Path: C:\System Volume Information\_restore{17DC14D2-2C6C-4839-885B-32EF3D44959E}\RP82\A0011326.sys
Risk: Medium
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:27, on 16-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Memeo\AutoBackup\MemeoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FLLESF~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FLLESF~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmer\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Programmer\Spyware Doctor\svcntaux.exe
C:\Programmer\Spyware Doctor\swdsvc.exe
C:\Programmer\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Seagate\SystemTray\StxMenuMgr.exe
C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
C:\Programmer\SiteAdvisor\6172\SiteAdv.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\Programmer\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\THEISW~1\Zykon\Z1Driver.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Infineon\Security Platform Software\PSDrt.exe
C:\Programmer\Infineon\Security Platform Software\SpTna.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Memeo\AutoBackup\MemeoBackup.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmer\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmer\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmer\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [uerscw] C:\Programmer\ErrorSafe Free\uerscw.exe -c
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Programmer\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Programmer\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmer\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Programmer\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Programmer\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ErrorSafeFree] C:\Programmer\ErrorSafe Free\uers.exe /scan
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Zykon Z1 Mouse] C:\PROGRA~1\THEISW~1\Zykon\Z1Driver.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Programmer\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL= http://www.zepto.com[...]
O15 - Trusted Zone: *.bec.dk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com[...]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com[...]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Programmer\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FLLESF~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FLLESF~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmer\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - E:\Programmer\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programmer\SiteAdvisor\6172\SAService.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe
--
End of file - 11588 bytes
--
Gæstebruger, opret dit eget login og få din egen signatur. #9
Der er stadig snavs på PCen.
Havde du sat AVG AS til at fjerne, hvad det fandt? Det ser ikke umiddelbart sådan ud?! Vil du køre det igen og sæt det til at fjerne, hvad det finder, tak :o) ?
Jeg mangler også logs fra SAS og Smitfraud. Har du kørt dem? Jeg skal bruge logs'ene derfra - især den fra Smitfraudfixet!
//*Cookie
--
--
Member of Alliance of Security Analysis Professionals
http://asap.maddoktor2.com[...] Jeg har kørt alle men jeg synes nu ikke der kom nogen log frem fra em du omtaler?
jeg prøver igen..
--
Gæstebruger, opret dit eget login og få din egen signatur. OK, håber, det lykkes. Især smitfraud-loggen er jeg interesseret i at se.
Kan du ikke finde dem, så sig til - så må jeg prøve at nøjes med dem, du allerede har postet :o)
//*Cookie
--
Member of Alliance of Security Analysis Professionals
http://asap.maddoktor2.com[...] Det lyder 100% som om at du er i sikre hænder hos cookie hvad angår rensningen af din pc - held og lykke med det! Hvad angår den mappe du ikke kan slette grundet manglende rettigheder kan du bruge Igor Artemovs program Moveonboot (google for dl placering :) )! Det installeres og straks kommer der en ekstra valgmulighed når der højreklikkes på mapper/filer som hedder "remove on next boot" - og således slettes stien ved næste genstart inden et evt. program når at blokere adgangen... super nyttigt når man først har fået sig en "besætter" fil! Held og lykke med det!
--
Gæstebruger, opret dit eget login og få din egen signatur. SmitFraudFix v2.269
Scan done at 13:47:27,45, 19-12-2007
Run from C:\Documents and Settings\theis wolter\Skrivebord\ANTIspyware\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) Wireless WiFi Link 4965AGN - Miniport til Packet Scheduler
DNS Server Search Order: 84.238.112.11
DNS Server Search Order: 84.238.112.27
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A1921D26-BF57-45A7-B98D-811745ED66A7}: DhcpNameServer=84.238.112.11 84.238.112.27
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A1921D26-BF57-45A7-B98D-811745ED66A7}: DhcpNameServer=84.238.112.11 84.238.112.27
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A1921D26-BF57-45A7-B98D-811745ED66A7}: DhcpNameServer=84.238.112.11 84.238.112.27
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=84.238.112.11 84.238.112.27
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=84.238.112.11 84.238.112.27
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=84.238.112.11 84.238.112.27
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
--
Gæstebruger, opret dit eget login og få din egen signatur. __________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net[...]
__________________________________________________
Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\theis wolter\Cookies\theis_wolter@atdmt[2].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\theis wolter\Cookies\ [email protected]-sys[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\theis wolter\Cookies\ [email protected][1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\theis wolter\Cookies\ [email protected][1].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\theis wolter\Cookies\theis_wolter@serving-sys[2].txt
Risk: Medium
Name: TrackingCookie.Statistik-gallup
Path: C:\Documents and Settings\theis wolter\Cookies\theis_wolter@statistik-gallup[1].txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: :mozilla.16:C:\Documents and Settings\theis wolter\Application Data\Mozilla\Firefox\Profiles\6t4p2e23.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: :mozilla.17:C:\Documents and Settings\theis wolter\Application Data\Mozilla\Firefox\Profiles\6t4p2e23.default\cookies.txt
Risk: Medium
--
Gæstebruger, opret dit eget login og få din egen signatur. AVG har fjernet hvad den fandt igen.
Oven over har du logs fra SAS og smitfraud.
Jeg skylder vist lige at sige jeg er meget taknemlig for den hjælp du yder mig:)
mange tak!
--
Gæstebruger, opret dit eget login og få din egen signatur. #17
"Jeg skylder vist lige at sige jeg er meget taknemlig for den hjælp du yder mig:).... mange tak!"
Selv tak da :o).... men vi mangler lige den sidste finpudsning, så jeg håber, du vil følge rensningen til dørs. Det er kun meget lidt, der mangler. Det ser nemlig rigtig godt ud nu! Du er kommet af med de lede infektioner!
----------
Kopier nedenstående med fed skrift mellem de bølgede linier ind i Notesblok (kun Notesblok må anvendes):
~~~~~~~~~~~~
File::
C:\Programmer\ErrorSafe Free\uerscw.exe
C:\Programmer\ErrorSafe Free\uers.exe
Folder::
C:\Programmer\ErrorSafe Free
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ErrorSafeFree"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uerscw"=-
~~~~~~~~~~~~
Gem filen som en txt fil med navnet CFScript på samme sted som du har ComboFix. Træk så CFScript.txt hen på Combofix ikonet, som vist her http://www.fromsej.saknet.dk[...]
Så vil Combofix starte, og måske genstarte maskinen. Hvis ikke, så genstart PC, scan igen med HJT og Combo og poste begge logs herind til den sidste kontrol.
Viser de sig at være rene, mangler vi kun éen sidste ting – nemlig at runde rensningen af. Men den tid, den glæde – I hope ;o) !
Hvordan opfører PCen sig ellers nu?
//*Cookie
--
--
Member of Alliance of Security Analysis Professionals
http://asap.maddoktor2.com[...] ComboFix 07-12-15.5 - theis wolter 2007-12-20 11:35:03.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.427 [GMT 1:00]
Running from: C:\Documents and Settings\theis wolter\Skrivebord\ANTIspyware\ComboFix.exe
Command switches used :: C:\Documents and Settings\theis wolter\Skrivebord\ANTIspyware\CFScript.txt
* Created a new restore point
FILE
C:\Programmer\ErrorSafe Free\uers.exe
C:\Programmer\ErrorSafe Free\uerscw.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.
2007-12-19 14:11 . 2007-12-19 14:11 d-------- C:\Documents and Settings\theis wolter\CDCARDS
2007-12-19 14:11 . 2007-12-19 14:11 d-------- C:\Documents and Settings\theis wolter\.oces
2007-12-16 21:21 . 2007-12-19 13:47 2,624 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 19:14 . 2007-12-16 19:14 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-16 18:41 . 2007-12-19 11:49 d-------- C:\Programmer\SUPERAntiSpyware
2007-12-16 18:41 . 2007-12-16 18:41 d-------- C:\Documents and Settings\theis wolter\Application Data\SUPERAntiSpyware.com
2007-12-16 18:33 . 2007-12-16 18:33 d-------- C:\Programmer\CCleaner
2007-12-15 13:40 . 2007-12-15 13:40 d-------- C:\Programmer\Trend Micro
2007-12-15 10:22 . 2007-12-15 10:23 d-------- C:\Programmer\SPYWAREfighter
2007-12-15 10:22 . 2007-12-15 10:22 d-------- C:\Programmer\Fælles filer\Application
2007-12-15 10:07 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-14 19:16 . 2007-12-19 10:37 d-------- C:\Programmer\SiteAdvisor
2007-12-14 19:16 . 2007-12-15 13:41 d-------- C:\Documents and Settings\theis wolter\Application Data\SiteAdvisor
2007-12-14 19:16 . 2007-12-14 19:16 d-------- C:\Documents and Settings\LocalService\Skrivebord
2007-12-14 19:16 . 2007-12-14 19:16 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-14 19:16 . 2007-12-20 11:26 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-14 19:16 . 2007-12-20 11:38 11,231 --a------ C:\WINDOWS\system32\Config.MPF
2007-12-14 19:14 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-14 19:14 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-12-14 19:14 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-14 19:14 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-12-14 19:14 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-14 19:14 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-12-14 19:13 . 2007-12-18 17:42 d-------- C:\Programmer\McAfee
2007-12-14 19:13 . 2007-12-14 19:14 d-------- C:\Programmer\Fælles filer\McAfee
2007-12-14 19:07 . 2007-12-14 19:20 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-09 13:13 . 2007-12-14 17:35 d-------- C:\Programmer\Macrogaming
2007-12-09 11:17 . 2007-02-09 16:34 198,144 --------- C:\WINDOWS\system32\_psisdecd.dll
2007-12-05 20:12 . 2007-12-09 11:17 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-05 20:11 . 2007-02-09 16:34 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-12-05 20:09 . 2007-12-09 11:16 d-------- C:\Programmer\CyberLink
2007-12-05 20:09 . 2007-02-09 16:34 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2007-11-29 19:28 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-11-29 19:28 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-11-20 09:50 . 2007-11-23 08:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-17 09:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-15 09:08 --------- d-----w C:\Programmer\Google
2007-12-14 18:20 --------- d-----w C:\Programmer\McAfee.com
2007-12-14 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-14 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-14 10:06 --------- d-----w C:\Programmer\Java
2007-12-09 09:51 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-12-07 10:34 --------- d-----w C:\Programmer\Windows Live Toolbar
2007-11-21 17:34 --------- d-----w C:\Documents and Settings\theis wolter\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 10:48 --------- d-----w C:\Documents and Settings\theis wolter\Application Data\dvdcss
2007-11-07 17:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-07 17:10 --------- d--h--r C:\Documents and Settings\theis wolter\Application Data\SecuROM
2007-11-07 16:13 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2007-11-07 16:12 --------- d-----w C:\Programmer\AGEIA Technologies
2007-10-29 22:44 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-21 19:03 --------- d-----w C:\Documents and Settings\theis wolter\Application Data\InstallShield
2007-10-20 11:54 --------- d-----w C:\Programmer\Picasa2
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-03 17:19 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-12 21:10 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Application Data\Microsoft\Feeds Cache\index.dat
2007-07-24 22:42 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012007072420070725\index.dat
2007-07-28 09:04 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012007072820070729\index.dat
.
((((((((((((((((((((((((((((( snapshot@2007-12-15_15.00.37,70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-16 17:41:22 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-12-16 17:41:21 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-12-16 17:41:22 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2007-12-15 13:15:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-20 10:26:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-15 13:15:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat
+ 2007-12-20 10:26:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat
- 2007-12-15 13:15:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-20 10:26:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"MsnMsgr"="~C:\Programmer\MSN Messenger\MsnMsgr.exe" []
"OM2_Monitor"="C:\Programmer\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-23 09:40]
"ErrorSafeFree"="C:\Programmer\ErrorSafe Free\uers.exe" []
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe" [2005-09-16 08:47]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09]
"Zykon Z1 Mouse"="C:\PROGRA~1\THEISW~1\Zykon\Z1Driver.exe" [2007-01-29 16:27]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-18 17:49]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-27 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-29 03:05 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 22:49 C:\WINDOWS\RTHDCPL.exe]
"SMSERIAL"="C:\Programmer\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-23 01:31]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 22:51]
"IFXSPMGT"="C:\WINDOWS\system32\IFXSPMGT.exe" [2006-11-13 22:23]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 13:00 C:\WINDOWS\system32\bthprops.cpl]
"uerscw"="C:\Programmer\ErrorSafe Free\uerscw.exe" []
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2007-06-29 05:24]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-07 15:55]
"StxTrayMenu"="C:\Programmer\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 12:20]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09]
"mcagent_exe"="C:\Programmer\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"SiteAdvisor"="C:\Programmer\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 22:57]
"spywarefighterguard"="C:\Programmer\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00]
"Picasa Media Detector"="E:\Picasa2\PicasaMediaDetector.exe" []
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys
R3 hidshim;Service for HID-KMDF Shim layer;C:\WINDOWS\system32\DRIVERS\hidshim.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
R3 SpyFighter;SpyFighter Guard Device;\??\C:\Programmer\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programmer\SPYWAREfighter\spfprc.exe"
R3 winbondhidcir;Winbond HID CIR Receiver;C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys
S0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys
S3 AR5416;Atheros AR5008 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5416.sys
S3 u3kh;ASUS My Cinema U3000 Hybrid;C:\WINDOWS\system32\DRIVERS\u3kh.sys
S3 u3khrc;ASUS Infrared Receiver;C:\WINDOWS\system32\DRIVERS\u3khrc.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cf571e8-7bdc-11dc-bb0d-00a0d1c23ff4}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 10:05:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-12-14 18:14:19 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-12-14 18:14:17 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-12-20 10:37:09 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE
C:\ComboFix\temp00
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net[...]
Rootkit scan 2007-12-20 11:38:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-20 11:39:35
.
2007-12-12 20:09:16 --- E O F ---
--
Gæstebruger, opret dit eget login og få din egen signatur. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:40, on 20-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Memeo\AutoBackup\MemeoService.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FLLESF~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FLLESF~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmer\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Programmer\SiteAdvisor\6253\SAService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Seagate\SystemTray\StxMenuMgr.exe
C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
C:\Programmer\SiteAdvisor\6253\SiteAdv.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\THEISW~1\Zykon\Z1Driver.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Infineon\Security Platform Software\PSDrt.exe
C:\Programmer\Infineon\Security Platform Software\SpTna.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Memeo\AutoBackup\MemeoBackup.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fck.dk[...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmer\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmer\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmer\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Programmer\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Programmer\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmer\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Programmer\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Zykon Z1 Mouse] C:\PROGRA~1\THEISW~1\Zykon\Z1Driver.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Programmer\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL= http://www.zepto.com[...]
O15 - Trusted Zone: *.bec.dk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com[...]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com[...]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Programmer\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FLLESF~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FLLESF~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmer\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - E:\Programmer\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programmer\SiteAdvisor\6253\SAService.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe
--
End of file - 10875 bytes
--
Gæstebruger, opret dit eget login og få din egen signatur. Computeren kører upåklageligt, jeg har ikke umiddelbart lagt mærke til noget sjusk!
Set bort fra min internet forbindelse der konstant ryger af og
henter ny ip adresse... tror det er den trådløse router der laver ballade? det sker nemlig på begge vores computere...
--
Gæstebruger, opret dit eget login og få din egen signatur. #21
Det ser helt perfekt ud nu! Du er kommet af med al skidtet, så godt kæmpet :o) ! Det med det ustabile net har du nok ret i, når det forekommer på begge jeres PCer.
Vi kan godt runde rensningen af nu. Men inden da kan du lige overveje, om du evt. vil prøve nedenstående, som sandsynligvis kan give PCen en hurtigere opstart. Hvis du IKKE vil, springer du det bare A) over og hopper direkte ned til B), men vil du fx virkelig have både MSN Messenger og Windows Messenger til at starte automatisk op?
--------
A)
Nedenstående programmer er unødvendige at have liggende i din opstart, da de alle nemt kan nås ad anden vej. De ligger bare og sluger ressourcer, så du kan med fordel fravælge dem nu, hvis du vil. I så fald skal du gøre flg.:
Gå i Start=>Kør og skriv: msconfig. Klik OK og gå i fanebladet Start. Fjern vingen til venstre for flg. programmer:
- [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
- [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
- [RTHDCPL] RTHDCPL.EXE
- [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
- [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
- [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
- [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
- [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
- [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
- [MsnMsgr] ~"C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
- [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
- [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
- [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
- [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Skulle du på et senere tidspunkt fortryde at have fravalgt noget af det i opstart, kan du bare gå ind samme sted og sæt flueben ved programmet igen.
Genstart PC.
OBS! Du får nu en advarsel om, at ”Start” er lavet om. Sig OK til det og fjern flueben i vis denne advarsel.
--------
B)
Efter en rensning er det altid en god idé at rydde op i systemgendannelsesfilerne, så du ikke får problemet igen ved en evt. systemgendannelse. Det gør du således:
Kør igen med CCleaner.
(Hvis du vil, kan du bare afinstallere programmet igen bagefter – sammen med de andre programmer/værktøjer, jeg bad dig bruge under rensningen. Kan jo altid hente dem igen, hvis det er.)
1) Gå så i Start =>Programmer =>Tilbehør =>Systemværktøjer =>Systemgendannelse
2) I venstre side af vinduet klikker du på Indstillinger for Systemgendannelse
3) I det nye vindue sætter du flueben i Deaktiver Systemgendannelse på alle drev
4) Vent et minut, og fjern så fluebenet igen
-----------
Du får lige nogle gode råd med på vej om, hvordan du kan sikre din PC: http://www.bufferzone.dk[...]
Har du ikke mere på hjertet, skal jeg ikke plage dig med mere ;o) !
Rigtig glædelig jul.
//*Cookie
--
--
Member of Alliance of Security Analysis Professionals
http://asap.maddoktor2.com[...] SUPER SUPER!
... Så blev det alligevel jul i den lille to ér på Nørrebro.
Jeg er meget taknemelig for hjælpen, det kan slet ikke siges med ord.
Rigtig mange gange tak! og glædelig jul til dig også!
...hvor fedt du gider hjælpe!!!!!
--
Gæstebruger, opret dit eget login og få din egen signatur.
Opret svar til indlægget: Trojan
Grundet øget spam aktivitet fra gæstebrugere, er det desværre ikke længere muligt, at oprette svar som gæst.
Hvis du ønsker at deltage i debatten, skal du oprette en brugerprofil.
Opret bruger | Login
|
Du skal være logget ind for at tilmelde dig nyhedsbrev.
Hvilken udbyder har du til internet? 425 personer har stemt - Mit energiselskab (Ewii f.eks) 12%
|
|
|