/ Forside/ Teknologi / Internet / Sikkerhed / Spørgsmål
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
Virus / Spyware?
Fra : Hallob
Vist : 1135 gange
500 point
Dato : 19-11-07 21:07

Hej..

Jeg har et par problemer med min computer..

1. Når jeg starter den op kommer der et ikon frem nede i højre hjørne og siger jeg skal scanne computeren med et eller andet som den så sender mig ind på.. (Det er ikke mit virus program!) Synes det ligner spyware af en slags..

2. Når jeg søger inde på Feks. Google og vil trykke videre på linket åbner der istedet en ny side hvor jeg bliver sendt ind p denne side Feks. http://www.heavy.com/?partner=aff77 samtidig med at den anden ønsket side ikke åbner..

3. Når jeg også prøver at hente en fil på nette Feks. http://www.pcworld.dk/download/12/1580/hent bliver jeg sendt ind på denne side istedet http://dns4error.com/ Stadigvæk uden at jeg henter filen

Synes det virker lidt underligt det hele.. Og alt sammen er startet idag? Jeg har kørt at online scan af min computer fra www.spywarefri.dk og der kom intet frem.. Der kom heller intet da jeg undersøgede den for virusser!

Håber nogen kan hjælpe mig med dette!

Hilsen Kim!

 
 
Kommentar
Fra : chaufrat


Dato : 19-11-07 21:16


Hej jeg synes du skal registrere dig og oprette spørgsmålet her:

http://www.spywarefri.dk/forum/

MVH chaufrat.

Kommentar
Fra : stl_s


Dato : 19-11-07 21:18

Følg denne vejledning, så kigger jeg på det http://www.arlet.dk/hijackthis.htm

Kommentar
Fra : Hallob


Dato : 19-11-07 21:30

Hej.. Her er det så!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:27, on 19-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\explorer.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vman.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {60E2746A-9C2E-45A2-85CE-7E1A8A890961} - C:\WINDOWS\system32\hgghfgd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Programmer\E404DHelper\e404d.v1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvbuj.dll,startup
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Magic Holdem.lnk = C:\Programmer\Magic Holdem\MagicHoldem.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Casino-On-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\casino.exe
O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Programmer\Betway\Casino\casinogame.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Programmer\Betway\Poker\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Kim Hall\Skrivebord\InterCasino $$$.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Kim Hall\Skrivebord\InterCasino $$$.lnk (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192505990703
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://152.1.131.130/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://83.91.88.92/activex/AxisCamControl.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://193.172.162.99:8080/activex/AMC.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: hgghfgd - hgghfgd.dll (file missing)
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe

--
End of file - 6768 bytes

-------------

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
19-11-2007 21:36:10,92

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 21:36:11
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

Kommentar
Fra : stl_s


Dato : 19-11-07 21:37

Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Kør så combofix.exe, og følg vejledningen i vinduet.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

Kopier loggen her ind.

Nogle sikkerhedsprogrammer anser ComboFix som virus. Det er den ikke.


Kommentar
Fra : Hallob


Dato : 19-11-07 21:47

den siger at combofix er forældet! Og jeg synes ikke jeg kan finde noget nyere!

Kommentar
Fra : stl_s


Dato : 19-11-07 21:57

Ok, så prøver vi noget andet:

1. Hent Vundofix her http://www.atribune.org/ccount/click.php?id=4

2. Genstart i fejlsikret tilstand. Hvis du ikke ved hvordan, så kig her (Scroll ned til "Sådan får du adgang til fejlsikret tilstand") http://kimludvigsen.dk/tips-windows-fejlsikret.html

3. Kør Vundofix, og klik "Scan for Vundo".

4. Når den er færdig med at scanne, skal du klikke på "Remove Vundo"-knappen.

Du vil så blive spurgt om du er sikker på, at du vil fjerne filerne. Her skal du klikke på "Yes". Herefter bliver dit skrivebord blankt, og fixet vil forsøge at fjerne Vundo. Når den er færdig, vil værktøjet have lov til at lukke computeren ned. Det skal du acceptere.

Hvis der er en fil som fixet ikke kan fjerne, vil det køre ved genstart, og så skal du klikke på "Scan for Vundo", og følge ovenstående vejledning igen.

OBS: I få tilfælde kan infektionen have held med at lukke dig ude fra maskinen efter fixet, og så skal du gøre dette:

Genstart i fejlsikret. Hvis du ikke ved hvordan så kig her (Scroll ned til "Sådan får du adgang til fejlsikret tilstand") http://kimludvigsen.dk/tips-windows-fejlsikret.html

Men du skal ikke vælge fejlsikret tilstand. Vælg i stedet med piletasterne "Sidst kendte fungerende konfiguration (hvor systemet virkede)" og tryk på <enter> knappen.

-------------------------------------------------------------

1. Download http://siri.urz.free.fr/Fix/SmitfraudFix.exe (by S!Ri)
Eller her:
http://72.232.135.12/siri/SmitfraudFix.exe


2. Genstart i fejlsikret tilstand. Hvis du ikke ved hvordan, så kig her (Scroll ned til "Sådan får du adgang til fejlsikret tilstand") http://kimludvigsen.dk/tips-windows-fejlsikret.html


3. Dobbeltklik på SmitfraudFix, tast 2 og tryk på <enter>. Lad programmet gennemføre en rensning. Fixet genstarter muligvis computeren.


SmitfraudFix laver også en lille tekstfil (C:\rapport.txt). Kopier den her ind, sammen med en frisk HijackThis log.


Kommentar
Fra : Hallob


Dato : 19-11-07 22:38

Så blev det færdigt!
----

SmitFraudFix v2.253

Scan done at 22:36:51,15, 19-11-2007
Run from C:\Documents and Settings\Kim Hall\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5A308CD9-EA10-47B7-AA67-1FC46005B6E0}: DhcpNameServer=85.218.129.11 85.218.128.141 85.218.129.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5A308CD9-EA10-47B7-AA67-1FC46005B6E0}: DhcpNameServer=85.218.129.11 85.218.128.141 85.218.129.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5A308CD9-EA10-47B7-AA67-1FC46005B6E0}: DhcpNameServer=85.218.129.11 85.218.128.141 85.218.129.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.218.129.11 85.218.128.141 85.218.129.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.218.129.11 85.218.128.141 85.218.129.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=85.218.129.11 85.218.128.141 85.218.129.12


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:31, on 19-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {60E2746A-9C2E-45A2-85CE-7E1A8A890961} - C:\WINDOWS\system32\hgghfgd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Programmer\E404DHelper\e404d.v1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Magic Holdem.lnk = C:\Programmer\Magic Holdem\MagicHoldem.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Casino-On-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\casino.exe
O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Programmer\Betway\Casino\casinogame.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Programmer\Betway\Poker\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Kim Hall\Skrivebord\InterCasino $$$.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Kim Hall\Skrivebord\InterCasino $$$.lnk (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192505990703
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://152.1.131.130/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://83.91.88.92/activex/AxisCamControl.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://193.172.162.99:8080/activex/AMC.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: hgghfgd - hgghfgd.dll (file missing)
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe

--
End of file - 6639 bytes

Kommentar
Fra : stl_s


Dato : 19-11-07 22:54

Lad os lige prøve om vi ikke kan få ComboFix til at køre på denne måde. Stil din PC`s ur tilbage til den 16/11. Når vi er helt færdige, kan du stille det rigtigt igen.

Følg så den vejledning her:

Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Kør så combofix.exe, og følg vejledningen i vinduet.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

Kopier loggen her ind.

Nogle sikkerhedsprogrammer anser ComboFix som virus. Det er den ikke.

Kommentar
Fra : Hallob


Dato : 19-11-07 23:16

Det gik...

----------------

ComboFix 07-11-08.1 - Kim Hall 2007-11-16 23:11:32.1 - NTFSx86
Running from: C:\Documents and Settings\Kim Hall\Skrivebord\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmer\F‘lles filer\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\drvzuzr.dll
C:\WINDOWS\system32\winbjv32.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.

2007-11-19 22:36   2,118   --a------   C:\WINDOWS\system32\tmp.reg
2007-11-19 22:13   <DIR>   d--------   C:\VundoFix Backups
2007-11-19 21:51   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-11-19 21:33   401,720   --a------   C:\Programmer\HJTrenamed.exe
2007-11-19 21:29   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\AVG7
2007-11-19 21:28   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-19 21:28   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 20:11   <DIR>   d--------   C:\Programmer\SPYWAREfighter
2007-11-19 20:11   <DIR>      C:\Programmer\Fælles filer\Application
2007-11-19 20:01   <DIR>   d--------   C:\VIRUSfighter
2007-11-19 18:54   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-19 04:20   <DIR>   d--------   C:\Programmer\E404DHelper
2007-11-19 04:20   104,448   --a------   C:\WINDOWS\system32\drvbuj.dll
2007-11-16 23:13   104,448   --a------   C:\WINDOWS\system32\drvzuz.dll
2007-11-16 23:13   37,376   --a------   C:\WINDOWS\system32\ssqnllm.dll
2007-11-16 05:16   <DIR>   d--------   C:\WINDOWS\system32\da-dk
2007-11-16 05:11   33,792   --a--c---   C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-15 20:58   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\MGS
2007-11-15 20:56   <DIR>   d--------   C:\MicroGaming
2007-11-15 14:09   <DIR>   d--------   C:\unisecur
2007-11-13 16:26   <DIR>   d--------   C:\Programmer\CasinoOnNet
2007-11-12 16:30   107,520   --a------   C:\WINDOWS\system32\UnCasino5.exe
2007-11-12 16:29   <DIR>   d--------   C:\Programmer\InterCasino $$$
2007-11-11 04:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\ATI
2007-11-11 04:37   593,920   ---------   C:\WINDOWS\system32\ati2sgag.exe
2007-11-07 14:37   <DIR>   d--------   C:\WINDOWS\system32\FlashAX
2007-11-07 14:37   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\Microgaming
2007-11-07 14:36   <DIR>   d--------   C:\Programmer\Betway
2007-11-07 04:12   <DIR>   d--h-----   C:\Documents and Settings\Kim Hall\igLoader Files
2007-11-06 05:17   <DIR>   d--------   C:\DXTEMP
2007-11-06 04:38   <DIR>   d--------   C:\Programmer\Betfair
2007-11-06 04:37   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2007-10-27 18:11   <DIR>   d--------   C:\Programmer\Red Kings Poker
2007-10-25 20:01   <DIR>   d--------   C:\Programmer\Axis Communications
2007-10-25 16:21   <DIR>   d--------   C:\WINDOWS\Sun
2007-10-25 16:20   <DIR>   d--------   C:\Programmer\Java
2007-10-25 16:19   <DIR>      C:\Programmer\Fælles filer\Java
2007-10-25 16:16   <DIR>      C:\Programmer\Fælles filer\Adobe
2007-10-25 00:51   <DIR>   d--------   C:\Poker
2007-10-25 00:48   <DIR>   d--------   C:\Programmer\PokerSmoke
2007-10-25 00:41   <DIR>   d--------   C:\Programmer\B4Playing
2007-10-21 20:26   <DIR>   d--------   C:\Programmer\MSXML 4.0
2007-10-20 23:17   <DIR>   d--------   C:\Programmer\RealMedia
2007-10-20 23:17   <DIR>   d--------   C:\Programmer\DScaler5
2007-10-20 23:17   <DIR>   d--------   C:\Programmer\CD Audio Reader Filter
2007-10-20 23:16   <DIR>   d--------   C:\Programmer\SHOUTcast Source
2007-10-20 23:16   <DIR>   d--------   C:\Programmer\DS-MP3 Source
2007-10-20 23:15   <DIR>   d--------   C:\Programmer\Zoom Player
2007-10-20 23:04   <DIR>   d--------   C:\Programmer\DivX
2007-10-20 23:04   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\DivX
2007-10-20 23:04   120,056   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 23:04   118,520   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-10-20 23:03   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\VersionTracker Pro
2007-10-20 23:02   <DIR>   d--------   C:\Programmer\TechTracker
2007-10-20 21:10   <DIR>   d--------   C:\Programmer\BitLord
2007-10-20 18:34   1,060,864   --a------   C:\WINDOWS\system32\MFC71.dll
2007-10-20 18:34   40,960   --a------   C:\WINDOWS\system32\SSubTmr6.dll
2007-10-20 18:33   <DIR>   d--------   C:\Programmer\Webcam Video Capture
2007-10-20 18:28   <DIR>   d--------   C:\Programmer\Fake Webcam
2007-10-20 16:03   344,064   --a------   C:\WINDOWS\system32\MSVCR70.DLL
2007-10-20 15:19   <DIR>   d--------   C:\Programmer\Eyeball
2007-10-17 02:05   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\ATI
2007-10-17 01:50   0   --a------   C:\WINDOWS\ativpsrm.bin
2007-10-17 01:04   <DIR>      C:\Programmer\Fælles filer\Blizzard Entertainment
2007-10-17 01:01   <DIR>   d--------   C:\Programmer\World of Warcraft
2007-10-16 18:49   <DIR>   d--------   C:\Programmer\Winamp
2007-10-16 18:49   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\Winamp
2007-10-16 14:59   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\vlc
2007-10-16 14:58   <DIR>   d--------   C:\Programmer\VideoLAN
2007-10-16 14:52   <DIR>      C:\Programmer\Fælles filer\SWF Studio
2007-10-16 14:15   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\Media Player Classic
2007-10-16 14:06   1,559,040   --a------   C:\WINDOWS\system32\xvidcore.dll
2007-10-16 14:06   282,624   --a------   C:\WINDOWS\system32\xvidvfw.dll
2007-10-16 14:06   217,088   --a------   C:\WINDOWS\system32\yv12vfw.dll
2007-10-16 14:06   163,840   --a------   C:\WINDOWS\system32\unrar.dll
2007-10-16 14:06   7,680   --a------   C:\WINDOWS\system32\ff_vfw.dll
2007-10-16 14:05   <DIR>   d--------   C:\Programmer\K-Lite Codec Pack
2007-10-16 14:05   <DIR>   d--------   C:\Programmer\InterPoker
2007-10-16 14:05   93,184   --a------   C:\WINDOWS\system32\UnPoker.exe
2007-10-16 05:57   <DIR>   d--------   C:\Program Files
2007-10-16 05:48   499,712   --a------   C:\WINDOWS\system32\msvcp71.dll
2007-10-16 05:48   348,160   --a------   C:\WINDOWS\system32\msvcr71.dll
2007-10-16 05:45   584,192   -----c---   C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-16 05:37   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2007-10-16 05:28   <DIR>   d--------   C:\Documents and Settings\LocalService\Menuen Start
2007-10-16 05:27   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2007-10-16 05:24   3,072   --a------   C:\WINDOWS\system32\drivers\audstub.sys
2007-10-16 05:23   75,264   --a------   C:\WINDOWS\system32\usbui.dll
2007-10-16 05:23   57,856   --a------   C:\WINDOWS\system32\drivers\redbook.sys
2007-10-16 05:23   27,165   --a------   C:\WINDOWS\system32\drivers\fetnd5.sys
2007-10-16 05:23   10,624   --a------   C:\WINDOWS\system32\drivers\gameenum.sys
2007-10-16 05:22   <DIR>   d--------   C:\Programmer\F‘lles filer
2007-10-16 05:22   <DIR>      C:\Programmer\Fælles filer\SpeechEngines
2007-10-16 05:22   <DIR>      C:\Programmer\Fælles filer\ODBC
2007-10-16 05:22   <DIR>   dr-------   C:\Programmer
2007-10-16 05:22   <DIR>   d--------   C:\Documents and Settings\Default User\Skrivebord
2007-10-16 05:22   <DIR>   d--h-----   C:\Documents and Settings\Default User\Skabeloner
2007-10-16 05:22   <DIR>   d--h-----   C:\Documents and Settings\Default User\Printere
2007-10-16 05:22   <DIR>   dr-------   C:\Documents and Settings\Default User\Menuen Start
2007-10-16 05:22   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Lokale indstillinger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 21:44   6,640   ----a-w   C:\Programmer\hijackthis.log
2007-11-19 19:01   ---------   d--h--w   C:\Programmer\InstallShield Installation Information
2007-11-11 03:38   ---------   d-----w   C:\Programmer\Fælles filer\InstallShield
2007-11-11 03:38   ---------   d-----w   C:\Programmer\ATI Technologies
2007-10-16 04:56   755,392   ----a-w   C:\WINDOWS\system32\drivers\cmuda.sys
2007-10-16 04:56   712,704   ----a-w   C:\WINDOWS\system32\Audio3D.dll
2007-10-16 04:56   712,704   ----a-w   C:\WINDOWS\system32\a3d.dll
2007-10-16 04:56   712,704   ----a-w   C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-10-16 04:56   32,768   ----a-w   C:\WINDOWS\system32\udaprop.dll
2007-10-16 04:56   28,672   ----a-w   C:\WINDOWS\system32\cmirmdrv.dll
2007-10-16 04:56   233,472   ----a-w   C:\WINDOWS\system32\cmirmdrv.exe
2007-10-16 04:56   118,784   ----a-w   C:\WINDOWS\system32\cmuda.dll
2007-10-16 04:29   ---------   d-----w   C:\Programmer\MSN Messenger
2007-10-16 03:58   ---------   d-----w   C:\Programmer\Lavalys
2007-10-16 03:31   ---------   d-----w   C:\Programmer\microsoft frontpage
2007-10-16 03:29   ---------   d-----w   C:\Programmer\Onlinetjenester
2007-10-16 03:28   ---------   d-----w   C:\Programmer\Fælles filer\Tjenester
2007-10-16 03:28   ---------   d-----w   C:\Programmer\Fælles filer\MSSoap
2007-09-29 05:46   47,376   ----a-w   C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21   9,854,976   ----a-w   C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07   356,352   ----a-w   C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06   268,800   ------w   C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05   2,456,064   ----a-w   C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58   43,520   ----a-w   C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58   26,112   ----a-w   C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58   143,360   ----a-w   C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58   122,880   ----a-w   C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57   122,880   ----a-w   C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56   483,328   ----a-w   C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55   53,248   ----a-w   C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49   307,200   ----a-w   C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47   3,130,720   ------w   C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47   172,032   ----a-w   C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36   1,593,600   ------w   C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23   5,435,392   ----a-w   C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22   376,832   ----a-w   C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20   17,408   ----a-w   C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19   49,152   ----a-w   C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14   499,712   ------w   C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 16:08   156,992   ----a-w   C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07   524,288   ----a-w   C:\WINDOWS\system32\DivXsm.exe
2007-09-28 16:07   3,596,288   ----a-w   C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 16:07   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2007-09-28 16:07   129,784   ------w   C:\WINDOWS\system32\pxafs.dll
2007-09-28 16:07   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2007-09-28 16:05   823,296   ----a-w   C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05   823,296   ----a-w   C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05   81,920   ----a-w   C:\WINDOWS\system32\dpl100.dll
2007-09-28 16:05   802,816   ----a-w   C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05   739,840   ----a-w   C:\WINDOWS\system32\DivX.dll
2007-09-28 16:05   593,920   ----a-w   C:\WINDOWS\system32\dpuGUI11.dll
2007-09-28 16:05   57,344   ----a-w   C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05   53,248   ----a-w   C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05   344,064   ----a-w   C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05   294,912   ----a-w   C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05   294,912   ----a-w   C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05   196,608   ----a-w   C:\WINDOWS\system32\dtu100.dll
2007-09-28 16:05   12,288   ----a-w   C:\WINDOWS\system32\DivXWMPExtType.dll
2007-08-21 06:17   683,520   ----a-w   C:\WINDOWS\system32\inetcomm.dll
2007-05-01 15:35   146,432   --sh--w   C:\Programmer\Fælles filer\Yazzle1162OinAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60E2746A-9C2E-45A2-85CE-7E1A8A890961}]
         C:\WINDOWS\system32\hgghfgd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
2007-11-16 23:13   37376   --a------   C:\WINDOWS\system32\ssqnllm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-11-19 04:20   19456   --a------   C:\Programmer\E404DHelper\e404d.v1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"WinampAgent"="C:\Programmer\Winamp\winampa.exe" [2007-10-10 06:28]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"StartCCC"="C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"spywarefighterguard"="C:\Programmer\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-19 21:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2007-10-20 23:02:58]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{60E2746A-9C2E-45A2-85CE-7E1A8A890961}"= C:\WINDOWS\system32\hgghfgd.dll [ ]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\ssqnllm.dll [2007-11-16 23:13 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghfgd]
hgghfgd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnllm]
ssqnllm.dll 2007-11-16 23:13 37376 C:\WINDOWS\system32\ssqnllm.dll

R3 SpyFighter;SpyFighter Guard Device;\??\C:\Programmer\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programmer\SPYWAREfighter\spfprc.exe"

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 23:19:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-16 23:23:04 - machine was rebooted
.
   --- E O F ---

Kommentar
Fra : stl_s


Dato : 19-11-07 23:51

Ok, så kan vi få muget ud i det sidste:

Kopier nedenstående med fed skrift ind i Notesblok (kun Notesblok må anvendes)


Folder::
C:\Programmer\E404DHelper

File::
C:\WINDOWS\system32\drvbuj.dll
C:\WINDOWS\system32\drvzuz.dll
C:\WINDOWS\system32\ssqnllm.dll
C:\Programmer\Fælles filer\Yazzle1162OinAdmin.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60E2746A-9C2E-45A2-85CE-7E1A8A890961}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{60E2746A-9C2E-45A2-85CE-7E1A8A890961}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghfgd]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnllm]



Gem filen som en txt fil med navnet CFScript på samme sted som du har ComboFix.

Træk så CFScript.txt hen på Combofix ikonet, som vist her http://i204.photobucket.com/albums/bb106/Juliet702/CFScript-createdbyMiekiemoes.gif

Så vil Combofix starte, og måske genstarte maskinen.

Kopier indholdet af Combofix.txt her ind.

Genstart, og kom også med en frisk HJT log.



Kommentar
Fra : Hallob


Dato : 20-11-07 00:11

Her er det:

ComboFix 07-11-08.1 - Kim Hall 2007-11-17 0:07:21.2 - NTFSx86
Running from: C:\Documents and Settings\Kim Hall\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kim Hall\Skrivebord\CFScript.txt
* Created a new restore point

FILE
C:\Programmer\Fælles filer\Yazzle1162OinAdmin.exe
C:\WINDOWS\system32\drvbuj.dll
C:\WINDOWS\system32\drvzuz.dll
C:\WINDOWS\system32\ssqnllm.dll
.

   Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmer\E404DHelper
C:\Programmer\E404DHelper\e404d.v1.dll
C:\Programmer\Fælles filer\Yazzle1162OinAdmin.exe
C:\Programmer\F‘lles filer\Yazzle1162OinAdmin.exe
C:\WINDOWS\system32\drvbuj.dll
C:\WINDOWS\system32\drvzuz.dll
C:\WINDOWS\system32\ssqnllm.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.

2007-11-19 22:36   2,118   --a------   C:\WINDOWS\system32\tmp.reg
2007-11-19 22:13   <DIR>   d--------   C:\VundoFix Backups
2007-11-19 21:51   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-11-19 21:33   401,720   --a------   C:\Programmer\HJTrenamed.exe
2007-11-19 21:29   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\AVG7
2007-11-19 21:28   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-19 21:28   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 20:11   <DIR>   d--------   C:\Programmer\SPYWAREfighter
2007-11-19 20:11   <DIR>      C:\Programmer\Fælles filer\Application
2007-11-19 20:01   <DIR>   d--------   C:\VIRUSfighter
2007-11-19 18:54   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-16 05:16   <DIR>   d--------   C:\WINDOWS\system32\da-dk
2007-11-16 05:11   33,792   --a--c---   C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-15 20:58   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\MGS
2007-11-15 20:56   <DIR>   d--------   C:\MicroGaming
2007-11-15 14:09   <DIR>   d--------   C:\unisecur
2007-11-13 16:26   <DIR>   d--------   C:\Programmer\CasinoOnNet
2007-11-12 16:30   107,520   --a------   C:\WINDOWS\system32\UnCasino5.exe
2007-11-12 16:29   <DIR>   d--------   C:\Programmer\InterCasino $$$
2007-11-11 04:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\ATI
2007-11-11 04:37   593,920   ---------   C:\WINDOWS\system32\ati2sgag.exe
2007-11-07 14:37   <DIR>   d--------   C:\WINDOWS\system32\FlashAX
2007-11-07 14:37   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\Microgaming
2007-11-07 14:36   <DIR>   d--------   C:\Programmer\Betway
2007-11-07 04:12   <DIR>   d--h-----   C:\Documents and Settings\Kim Hall\igLoader Files
2007-11-06 05:17   <DIR>   d--------   C:\DXTEMP
2007-11-06 04:38   <DIR>   d--------   C:\Programmer\Betfair
2007-11-06 04:37   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2007-10-27 18:11   <DIR>   d--------   C:\Programmer\Red Kings Poker
2007-10-25 20:01   <DIR>   d--------   C:\Programmer\Axis Communications
2007-10-25 18:22   <DIR>   d--------   C:\Casino
2007-10-25 16:21   <DIR>   d--------   C:\WINDOWS\Sun
2007-10-25 16:20   <DIR>   d--------   C:\Programmer\Java
2007-10-25 16:19   <DIR>      C:\Programmer\Fælles filer\Java
2007-10-25 16:16   <DIR>      C:\Programmer\Fælles filer\Adobe
2007-10-25 00:51   <DIR>   d--------   C:\Poker
2007-10-25 00:48   <DIR>   d--------   C:\Programmer\PokerSmoke
2007-10-25 00:41   <DIR>   d--------   C:\Programmer\B4Playing
2007-10-21 20:26   <DIR>   d--------   C:\Programmer\MSXML 4.0
2007-10-20 23:17   <DIR>   d--------   C:\Programmer\RealMedia
2007-10-20 23:17   <DIR>   d--------   C:\Programmer\DScaler5
2007-10-20 23:17   <DIR>   d--------   C:\Programmer\CD Audio Reader Filter
2007-10-20 23:16   <DIR>   d--------   C:\Programmer\SHOUTcast Source
2007-10-20 23:16   <DIR>   d--------   C:\Programmer\DS-MP3 Source
2007-10-20 23:15   <DIR>   d--------   C:\Programmer\Zoom Player
2007-10-20 23:04   <DIR>   d--------   C:\Programmer\DivX
2007-10-20 23:04   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\DivX
2007-10-20 23:04   120,056   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 23:04   118,520   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-10-20 23:03   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\VersionTracker Pro
2007-10-20 23:02   <DIR>   d--------   C:\Programmer\TechTracker
2007-10-20 21:10   <DIR>   d--------   C:\Programmer\BitLord
2007-10-20 18:34   1,060,864   --a------   C:\WINDOWS\system32\MFC71.dll
2007-10-20 18:34   40,960   --a------   C:\WINDOWS\system32\SSubTmr6.dll
2007-10-20 18:33   <DIR>   d--------   C:\Programmer\Webcam Video Capture
2007-10-20 18:28   <DIR>   d--------   C:\Programmer\Fake Webcam
2007-10-20 16:03   344,064   --a------   C:\WINDOWS\system32\MSVCR70.DLL
2007-10-20 15:19   <DIR>   d--------   C:\Programmer\Eyeball
2007-10-17 02:05   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\ATI
2007-10-17 01:50   0   --a------   C:\WINDOWS\ativpsrm.bin
2007-10-17 01:04   <DIR>      C:\Programmer\Fælles filer\Blizzard Entertainment
2007-10-17 01:01   <DIR>   d--------   C:\Programmer\World of Warcraft
2007-10-16 18:49   <DIR>   d--------   C:\Programmer\Winamp
2007-10-16 18:49   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\Winamp
2007-10-16 14:59   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\vlc
2007-10-16 14:58   <DIR>   d--------   C:\Programmer\VideoLAN
2007-10-16 14:52   <DIR>      C:\Programmer\Fælles filer\SWF Studio
2007-10-16 14:15   <DIR>   d--------   C:\Documents and Settings\Kim Hall\Application Data\Media Player Classic
2007-10-16 14:06   1,559,040   --a------   C:\WINDOWS\system32\xvidcore.dll
2007-10-16 14:06   282,624   --a------   C:\WINDOWS\system32\xvidvfw.dll
2007-10-16 14:06   217,088   --a------   C:\WINDOWS\system32\yv12vfw.dll
2007-10-16 14:06   163,840   --a------   C:\WINDOWS\system32\unrar.dll
2007-10-16 14:06   7,680   --a------   C:\WINDOWS\system32\ff_vfw.dll
2007-10-16 14:05   <DIR>   d--------   C:\Programmer\K-Lite Codec Pack
2007-10-16 14:05   <DIR>   d--------   C:\Programmer\InterPoker
2007-10-16 14:05   93,184   --a------   C:\WINDOWS\system32\UnPoker.exe
2007-10-16 05:57   <DIR>   d--------   C:\Program Files
2007-10-16 05:48   499,712   --a------   C:\WINDOWS\system32\msvcp71.dll
2007-10-16 05:48   348,160   --a------   C:\WINDOWS\system32\msvcr71.dll
2007-10-16 05:45   584,192   -----c---   C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-16 05:37   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2007-10-16 05:28   <DIR>   d--------   C:\Documents and Settings\LocalService\Menuen Start
2007-10-16 05:27   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2007-10-16 05:24   3,072   --a------   C:\WINDOWS\system32\drivers\audstub.sys
2007-10-16 05:23   75,264   --a------   C:\WINDOWS\system32\usbui.dll
2007-10-16 05:23   57,856   --a------   C:\WINDOWS\system32\drivers\redbook.sys
2007-10-16 05:23   27,165   --a------   C:\WINDOWS\system32\drivers\fetnd5.sys
2007-10-16 05:23   10,624   --a------   C:\WINDOWS\system32\drivers\gameenum.sys
2007-10-16 05:22   <DIR>   d--------   C:\Programmer\F‘lles filer
2007-10-16 05:22   <DIR>      C:\Programmer\Fælles filer\SpeechEngines
2007-10-16 05:22   <DIR>      C:\Programmer\Fælles filer\ODBC
2007-10-16 05:22   <DIR>   dr-------   C:\Programmer
2007-10-16 05:22   <DIR>   d--------   C:\Documents and Settings\Default User\Skrivebord
2007-10-16 05:22   <DIR>   d--h-----   C:\Documents and Settings\Default User\Skabeloner
2007-10-16 05:22   <DIR>   d--h-----   C:\Documents and Settings\Default User\Printere
2007-10-16 05:22   <DIR>   dr-------   C:\Documents and Settings\Default User\Menuen Start
2007-10-16 05:22   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Lokale indstillinger
2007-10-16 05:22   <DIR>   d--------   C:\Documents and Settings\Default User\Foretrukne
2007-10-16 05:22   <DIR>   d--------   C:\Documents and Settings\Default User\Dokumenter
2007-10-16 05:22   <DIR>   d--h-----   C:\Documents and Settings\Default User\Andre computere

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 21:44   6,640   ----a-w   C:\Programmer\hijackthis.log
2007-11-19 19:01   ---------   d--h--w   C:\Programmer\InstallShield Installation Information
2007-11-11 03:38   ---------   d-----w   C:\Programmer\Fælles filer\InstallShield
2007-11-11 03:38   ---------   d-----w   C:\Programmer\ATI Technologies
2007-10-16 04:56   755,392   ----a-w   C:\WINDOWS\system32\drivers\cmuda.sys
2007-10-16 04:29   ---------   d-----w   C:\Programmer\MSN Messenger
2007-10-16 03:58   ---------   d-----w   C:\Programmer\Lavalys
2007-10-16 03:31   ---------   d-----w   C:\Programmer\microsoft frontpage
2007-10-16 03:29   ---------   d-----w   C:\Programmer\Onlinetjenester
2007-10-16 03:28   ---------   d-----w   C:\Programmer\Fælles filer\Tjenester
2007-10-16 03:28   ---------   d-----w   C:\Programmer\Fælles filer\MSSoap
2007-09-29 05:46   47,376   ----a-w   C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:05   2,456,064   ----a-w   C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:19   49,152   ----a-w   C:\WINDOWS\system32\drivers\ati2erec.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"WinampAgent"="C:\Programmer\Winamp\winampa.exe" [2007-10-10 06:28]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"StartCCC"="C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"spywarefighterguard"="C:\Programmer\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-19 21:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2007-10-20 23:02:58]

R3 SpyFighter;SpyFighter Guard Device;\??\C:\Programmer\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programmer\SPYWAREfighter\spfprc.exe"

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 00:15:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 0:17:50 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-16 23:23
.
   --- E O F ---

-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:18:11, on 17-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\HJTrenamed.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Magic Holdem.lnk = C:\Programmer\Magic Holdem\MagicHoldem.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Casino-On-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\casino.exe
O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Programmer\Betway\Casino\casinogame.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Programmer\Betway\Poker\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Kim Hall\Skrivebord\InterCasino $$$.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Kim Hall\Skrivebord\InterCasino $$$.lnk (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192505990703
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://152.1.131.130/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://83.91.88.92/activex/AxisCamControl.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://193.172.162.99:8080/activex/AMC.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe

--
End of file - 6294 bytes

Accepteret svar
Fra : stl_s

Modtaget 500 point
Dato : 20-11-07 00:17

Rene logs. Er problemet væk ?

Hvis ja, så slut lige af med trin 5 og 6 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Godkendelse af svar
Fra : Hallob


Dato : 20-11-07 00:20

Tak for svaret stl_s.

Hej.. Jeg takker meget for hjælpen.. Og endnu mere for at du ville tage dig tid til at hjælpe mig selvom det var et længere forløb.. Problemet er i hvert fald væk nu!

Kommentar
Fra : stl_s


Dato : 20-11-07 00:24

Selv tak. Det blev desværre et længere forløb, fordi ComboFix drillede, og jeg lige skulle finde en løsning på det. Men det gik jo heldigvis .

Husk uret

Du har følgende muligheder
Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.
Søg
Reklame
Statistik
Spørgsmål : 177558
Tips : 31968
Nyheder : 719565
Indlæg : 6408914
Brugere : 218888

Månedens bedste
Årets bedste
Sidste års bedste