---

Hejsa..! Jeg har fået den Messenger virus og kan bare ik komme af med den.. Min com går ekstremt langsom og nogen gange genstarter den bare. Den skriver noget med winstall.exe men tror min computer næsten kun er snavs..

HJÆLP mig Tak

---

Hent HijackThis her http://www.sitecenter.dk/secure/nss-folder/mappe/hjtspecial.exe Opret en selvstændig mappe til HijackThis, kald den f,eks HJT. Kør Hijackthis, klik "Do a systemscan and save a logfile". Kopier loggen og sæt den her ind i tråden, så kigger jeg på den. Du må ikke slette noget selv med HijackThis.

Med lidt tålmodighed kommer stl_s forbi og kan hjælpe dig af med skidtet

---

... naaaaaaaah ikke mig - men det er begyndelsen på en irriterende rensning

---

OKay mange tak det vil jeg prøve så må vi se.

---

Logfile of HijackThis v1.99.1
Scan saved at 21:07:29, on 03-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\msasvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Aminova\WordSeeker\WordSeeker.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Metacafe\MetacafeAgent.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Daniel Madsen\Skrivebord\HJT.exe
C:\Programmer\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Aminova WordSeeker] "C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" SHORTCUT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Daniel Madsen\winstall.exe
O4 - HKLM\..\Run: [WINDOWS] C:\pdwpamt.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Startup: Deer Hunter 2005 Registration.lnk = D:\Games\Deer hunter 2005\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: 82.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

---

Jeg skal nok kigge på loggen.

---

sådan

---

Mange tak

---

1. Hent og pak SmitfraudFix.zip ud til dit Skrivebord.

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.


2. Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:

http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1


3. Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Fixet genstarter muligvis computeren.


SmitfraudFix laver også en lille tekstfil (log). Kopier den her ind, sammen med den næste HijackThis log.

----------------------------------------------------------------------------------

Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

-----------------------------------------------------------------------------------

Kopier begge logs her ind, sammen med en frisk HijackThis log.

---

Puhh vil prøve...

Men det blir vel ikk nødvendigt aat formaterer computeren gør det??

---

Jeg tror at vi nok skal få den ren.

---

OKay så vil jeg lige prøve men det går godt nok langsomt

---

Helt ok.

---

Kan godt være jeg først gør det imorgen,

Er der meget snavs på den??

---

hvis jeg var dig Daxxa ville jeg få det overstået for ikke at gøre tingene værre

---

Det må du selv om, men jeg kan se der ligger filer som henter skidt ned én masse. Jo før du går igang, jo nemmere bliver det at rense.

---

Tror du at det kan blive værre?? ved at vente til imorgen, er nemlig meget træt sååh

---

Vi skal nok få den ren selv om du venter.

---

OKay

---

Men tror jeg vælger at gøre det nu

---

Altså skal jeg smide logge fra smitfraud ind nu, og en ny Hijack

---

SmitFraudFix v2.127

Scan done at 22:19:45,84, 03-12-2006
Run from C:\Documents and Settings\Daniel Madsen\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---

Logfile of HijackThis v1.99.1
Scan saved at 22:34:23, on 03-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\msasvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Aminova\WordSeeker\WordSeeker.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Metacafe\MetacafeAgent.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Documents and Settings\Daniel Madsen\Skrivebord\HJT.exe
C:\Programmer\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Aminova WordSeeker] "C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" SHORTCUT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Daniel Madsen\winstall.exe
O4 - HKLM\..\Run: [WINDOWS] C:\pdwpamt.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\BullGuard.exe"
O4 - Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Startup: Deer Hunter 2005 Registration.lnk = D:\Games\Deer hunter 2005\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: 82.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

---

Daniel Madsen - 06-12-03 22:38:30,39 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Daniel Madsen\Skrivebord"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programmer\F‘lles filer\{32170B0E-0708-1030-1219-05121305002d}
C:\Programmer\F‘lles filer\{22170B0E-0707-1030-1219-05121305002d}
C:\Programmer\F‘lles filer\{22170B0E-0708-1030-1219-05121305002d}


((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))


2006-12-03   22:19   79,360   --a------   C:\WINDOWS\system32\swxcacls.exe
2006-12-03   22:19   53,248   --a------   C:\WINDOWS\system32\Process.exe
2006-12-03   22:19   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2006-12-03   22:19   40,960   --a------   C:\WINDOWS\system32\swsc.exe
2006-12-03   22:19   4,446   --a------   C:\WINDOWS\system32\tmp.reg
2006-12-03   22:19   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2006-12-03   22:19   135,168   --a------   C:\WINDOWS\system32\swreg.exe
2006-12-03   10:12   <DIR>   d--hs----   C:\FOUND.002
2006-12-03   09:51   <DIR>   d--hs----   C:\FOUND.001
2006-12-02   17:55   <DIR>   d--------   C:\Programmer\ewido
2006-12-02   13:46   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\BullGuard
2006-12-02   13:46   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\BullGuard
2006-12-02   13:45   47,056   --a------   C:\WINDOWS\system32\drivers\BdFileSpy.sys
2006-12-02   13:45   <DIR>   d--------   C:\Programmer\BullGuard Software
2006-12-02   13:40   122,880   --a------   C:\WINDOWS\system32\winstall.exe
2006-12-02   13:38   52,161   --a------   C:\Documents and Settings\Daniel Madsen\mt-uninstaller.exe
2006-12-02   13:38   122,880   --a------   C:\Documents and Settings\Daniel Madsen\winstall.exe
2006-12-02   12:21   <DIR>   d--------   C:\Programmer\Spybot - Search & Destroy
2006-12-02   11:24   <DIR>   d--------   C:\WINDOWS\Minidump
2006-12-02   11:22   <DIR>   d--hs----   C:\FOUND.000
2006-12-01   22:32   3,584   --a------   C:\WINDOWS\system32\msasvc.exe
2006-11-30   14:07   2,938   --a------   C:\backup.reg
2006-11-30   13:29   <DIR>   d--------   C:\Programmer\Silverback Studios Ltd
2006-11-29   13:22   <DIR>   d--------   C:\Programmer\iTunes
2006-11-29   13:22   <DIR>   d--------   C:\Programmer\iPod
2006-11-29   13:21   <DIR>   d--------   C:\Programmer\QuickTime
2006-11-25   20:19   <DIR>   d--------   C:\WINDOWS\vf_hip
2006-11-25   20:19   <DIR>   d--------   C:\Programmer\Hide IP Platinum
2006-11-23   22:21   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\dvdcss
2006-11-20   19:28   <DIR>   d--------   C:\Programmer\Zoom Player
2006-11-20   19:18   <DIR>   d--------   C:\Programmer\Setup
2006-11-20   19:15   <DIR>   d--------   C:\Programmer\Webteh
2006-11-20   19:15   <DIR>   d--------   C:\Programmer\BSplayer_WhenUSave_Installer
2006-11-20   19:15   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\BSplayer
2006-11-19   15:06   <DIR>   d--------   C:\Programmer\URUSoft
2006-11-18   19:53   734,160   --a------   C:\VobSub_2.23.exe
2006-11-18   19:53   <DIR>   d--------   C:\Programmer\Gabest
2006-11-15   15:28   <DIR>   d--------   C:\Programmer\MSXML 4.0
2006-11-14   18:45   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2006-11-06   14:09   <DIR>   d--------   C:\Yeah
2006-11-06   14:05   <DIR>   d--------   C:\Programmer\DaCamYoWebcam
2006-11-06   14:05   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\DaCamYoWebcam
2006-11-06   13:42   59,264   --a------   C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-11-04   14:14   1,245,696   --a------   C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

[color=red]Rootkit driver pe386 is present. A rootkit scan is required[/color]

2006-12-02 17:29   14416   --a------   C:\WINDOWS\system32\client_cc.dll
2006-11-30 14:05   163644   --a------   C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-02 12:37   20048   --a------   C:\WINDOWS\system32\BgOutlookHook.dll
2006-11-02 12:36   14416   --a------   C:\WINDOWS\system32\lccl.dll
2006-10-26 14:03   --------   d--------   C:\Programmer\Gads Bogskab
2006-10-17 20:09   --------   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\Apple Computer
2006-10-17 20:07   36656704   --a------   C:\iTunesSetup.exe
2006-10-17 20:07   --------   d--------   C:\Programmer\Apple Software Update
2006-10-16 12:56   1405304   --a------   C:\MSXML3msms.exe
2006-10-13 13:40   142848   --a------   C:\WINDOWS\system32\nwprovau.dll
2006-09-19 15:43   109360   --a------   C:\WINDOWS\system32\GEARAspi.dll
2006-09-15 22:04   48816   --a------   C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-13 07:06   1084416   --a------   C:\WINDOWS\system32\msxml3.dll
2006-09-09 19:10   98304   --a------   C:\WINDOWS\system32\CmdLineExt.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BullGuard"="\"C:\\Programmer\\BullGuard Software\\BullGuard\\BullGuard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"preload"="C:\\Windows\\RUNXMLPL.exe"
"SynTPLpr"="C:\\Programmer\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programmer\\Synaptics\\SynTP\\SynTPEnh.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"ATIPTA"="C:\\Programmer\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LaunchAp"="\"C:\\Programmer\\Launch Manager\\LaunchAp.exe\""
"PowerKey"="\"C:\\Programmer\\Launch Manager\\PowerKey.exe\""
"LManager"="\"C:\\Programmer\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Programmer\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Programmer\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Programmer\\Launch Manager\\Wbutton.exe\""
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"SoundMan"="SOUNDMAN.EXE"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ccApp"="\"C:\\Programmer\\Fælles filer\\Symantec Shared\\ccApp.exe\""
"SunJavaUpdateSched"="C:\\Programmer\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"WinampAgent"="C:\\Programmer\\Winamp\\winampa.exe"
"HP Software Update"="\"C:\\Programmer\\HP\\HP Software Update\\HPWuSchd2.exe\""
"DAEMON Tools"="\"C:\\Programmer\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Aminova WordSeeker"="\"C:\\Programmer\\Fælles filer\\Aminova\\WordSeeker\\Controller.exe\" SHORTCUT"
"QuickTime Task"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programmer\\iTunes\\iTunesHelper.exe\""
"WINDOWS"="C:\\pdwpamt.exe"
"BullGuard"="\"C:\\Programmer\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{22170B0E-0708-1030-1219-05121305002d}"="\"C:\\Programmer\\Fælles filer\\{22170B0E-0708-1030-1219-05121305002d}\\Update.exe\" mc-110-12-0001411"
"{22170B0E-0707-1030-1219-05121305002d}"="\"C:\\Programmer\\Fælles filer\\{22170B0E-0707-1030-1219-05121305002d}\\Update.exe\" mc-110-12-0001411"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Daniel Madsen.job
C:\WINDOWS\tasks\HPpromotions photosmart 2600 series.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-03 22:42:58.01
C:\ComboFix.txt ... 06-12-03 22:42

---

Udmærket. Vi fortsætter:

Hent denne scanner ned til skrivebordet ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Vent med at køre den.


Start op i fejlsikret tilstand (tast f8 flere gange under opstart). Hvis du ikke kan det, så se her
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1


Vejledning her http://fromsej.dk/Vejledninger/html/drweb.html


Kopier loggen her ind.

--------------------------------------------------------------------------

Download Gmer-rootkit scanner, og pak den ud til skrivebordet:
http://www.gmer.net/gmer.zip
Kør programmet, klik på fanebladet "Rootkit" (kommer nok op som det første), og klik på "Scan". Når scanningen er færdig, skal du klikke på "Copy". Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v.

---

Ftp linket til Dr Web skal du lige kopiere ind i adresselinien. Kandu kan åbenbart ikke lide ftp links:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

---

Er ved det nu

---

Dr web skrev at " Mt-uninstaller is incurable"..

Skal jeg bare forsætte

---

Bare klik delete, så bliver den slettet. Muligvis først ved genstart.

Jeg er på vej ud af døren nu til Moody Blues koncert, og kommer først hjem sent i aften. Jeg vil forsøge at få en til at hjælpe dig i mellemtiden, men ellers kigger jeg på logsene når jeg kommer hjem.

---

Kan ikk gøre noget når jeg starter normalt, og kan ikk gå på nettet mere.. På din inficerede

---

Vil det være nemmere at formatere puteren og er det sikkert??

---

stl_s har bedt mig om lige at tage over her, imens han er til koncert.

Angående om det er nemmere at formatere, så er det svært at spå om, eftersom vi jo endnu ikke ved, hvor besværligt det her bliver.

Men angående om det er sikkert, så ja. En formatering vil helt sikkert give dig en ren computer

Men hvis du alligevel vælger at forsøge en rensning, så prøv følgende:

-- Fra en anden computer skal du downloade dette fix:
http://www.uploads.ejvindh.net/rustbfix.exe
Gem det på en cdrom eller en usb-pen, el.lignende, og læg det over på den syge computer.

-- Start op til fejlsikret tilstand.

-- Det kan ofte lykkes at genoprette internetforbindelsen inde i SuperAntispyware. Det gør du ved at klikke på Preferences, vælge fanebladet "repairs", og vælge punktet "Repair broken network connection (Winsock LSP Chain)".

-- Du skal nu til at slette. Som indledning hertil skal du have slået "Udvidet filvisning" til:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

-- Slet herefter følgende (hvis du kan finde dem):
C:\WINDOWS\system32\winstall.exe
C:\Documents and Settings\Daniel Madsen\mt-uninstaller.exe
C:\Documents and Settings\Daniel Madsen\winstall.exe
C:\WINDOWS\system32\msasvc.exe
C:\pdwpamt.exe

-- Start SuperAntispyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Daniel Madsen\winstall.exe
O4 - HKLM\..\Run: [WINDOWS] C:\pdwpamt.exe
O20 - AppInit_DLLs: 82.dll

-- Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet på skrivebordet som regfix.reg. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".
------------------------------
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{22170B0E-0708-1030-1219-05121305002d}"=-
"{22170B0E-0707-1030-1219-05121305002d}"=-
------------------------------
Dobbeltklik så på den fil, som du lige har lavet, og bekræft at du vil tilføje oplysningerne til registreringsdatabasen.

-- Genstart så i normal tilstand, og se om du kan få lov til at gøre følgende:
Dobbeltklik på Rustbfix.exe, som du hentede tidligere. Hvis værktøjet finder en Rustock-infektion, vil du efter kort tid blive bedt om at genstarte computeren. Dette skal du så acceptere. Genstarten vil muligvis tage et godt stykke tid, og måske skal der 2 genstarter til, men dette vil ske helt automatisk. Når genstarten er færdig vil der åbnes 2 logfiler (%root%\avenger.txt & %root%\rustbfix\pelog.txt), som du skal kopiere ind i tråden.

-- Genstart herefter computeren igen (til normal tilstand), og læg en ny log fra Hijackthis og Combofix. Skriv også gerne hvordan det går med normal tilstand -- om du kan gøre noget, og om du kan komme på nettet.

---

Har fået den til at lidt nu, så kan du ikk hjælpe mig igen så jeg ik skal brænde over fra en anden com??

---

msasvc.exe;c:\windows\system32;Trojan.Starter.112;Deleted.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Renamed.;
tmp72.tmp;C:\WINDOWS\Temp;Trojan.FakeSetup;Deleted.;
tmp3.tmp;C:\WINDOWS\Temp;Trojan.FakeSetup;Deleted.;
tmpB1.tmp;C:\WINDOWS\Temp;Trojan.FakeSetup;Deleted.;
tmp1BB.tmp;C:\WINDOWS\Temp;Trojan.FakeSetup;Deleted.;
tmp1BC.tmp;C:\WINDOWS\Temp;Trojan.FakeSetup;Deleted.;
tmp1BD.tmp;C:\WINDOWS\Temp;Trojan.FakeSetup;Deleted.;
tmp1BE.tmp;C:\WINDOWS\Temp;Trojan.FakeSetup;Deleted.;
tmp1BF.tmp;C:\WINDOWS\Temp;Trojan.FakeSetup;Deleted.;
tmp960.tmp;C:\WINDOWS\Temp;Trojan.FakeSetup;Deleted.;
mt-uninstaller.exe;C:\Documents and Settings\Daniel Madsen;Trojan.PurityAd;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Daniel Madsen\Skrivebord\SmitfraudFix;Tool.Prockill;Renamed.;
restart.exe;C:\Documents and Settings\Daniel Madsen\Skrivebord\SmitfraudFix;Tool.ShutDown.11;Renamed.;
ibm00001.dll;C:\Programmer\Fælles filer\Microsoft Shared\Web Folders;Trojan.PWS.Snap;Incurable.Moved.;
A0087410.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Trojan.PurityAd;Incurable.Moved.;
A0087412.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Win32.Dref;Deleted.;
A0087413.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Win32.Dref;Deleted.;
A0087426.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Win32.Dref;Deleted.;
A0087450.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Win32.Dref;Deleted.;
A0087527.dll;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Trojan.PWS.Snap;Incurable.Moved.;
A0088539.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Win32.Dref;Deleted.;
A0088543.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Trojan.Starter.112;Deleted.;
A0088573.dll;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Trojan.PWS.Snap;Incurable.Moved.;
A0088582.dll;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Adware.IWantSearch;Deleted.;
A0088585.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Win32.Dref;Deleted.;
A0088591.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Win32.Dref;Deleted.;
A0088611.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Win32.Dref;Deleted.;
A0088612.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Win32.Dref;Deleted.;
A0088619.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Trojan.Starter.112;Deleted.;
A0088628.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Win32.Dref;Deleted.;
A0088702.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Win32.Dref;Deleted.;
A0089691.dll;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Adware.IWantSearch;Deleted.;
A0089696.dll;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Trojan.PWS.Snap;Incurable.Moved.;
A0089698.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP300;Trojan.Starter.112;Deleted.;
A0089735.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP302;Win32.Dref;Deleted.;
A0089767.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP302;Win32.Dref;Deleted.;
A0089857.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP304;Win32.Dref;Deleted.;
A0100014.dll;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP304;Adware.IWantSearch;Deleted.;
A0103110.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP307;Trojan.Starter.112;Deleted.;
A0103111.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP307;Tool.Prockill;Renamed.;
A0103112.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP307;Trojan.PurityAd;Incurable.Moved.;
A0103113.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP307;Tool.Prockill;Renamed.;
A0103114.exe;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP307;Tool.ShutDown.11;Renamed.;
A0103115.dll;C:\System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}\RP307;Trojan.PWS.Snap;Incurable.Moved.;




Her er loggen fra Dr web

---

Ok, men du skal nok køre min anvisning alligevel, eftersom det mest var falske positiver, som Dr.Web fandt

---

Kan du ikk skrive en ny, jeg har ingen problemer med nettet, og det går også rimelig hurtigt

---

Daxxa kig op ovenfor Dato : 04-12-06 19:27......... der står hele vejledningen fra eyvindh

---

Den er ikk til at finde rundt i :S

Og har ik problemer med jeg ikk kan komme på nettet og at det går ekstremt langsomt.. Det er ikke problemet mer. Ellers venter jeg da bare til stl_s kommer på igen

---

pladder med dig - så får du den i kopieret udgave her - nu har den en anden farve så du kan finde den - og så lige - ejvindh er lige så kvalificeret til at hjælpe dig og gør det på stl_s opfordring

---

Doh, hvorfor skal jeg det med en anden com når jeg godt kan bruge den anden

---

brug den du kan

---

Og det skal han da også have mange tak for at han vil

---

Jeg kan godt forsimple proceduren lidt, hvis du ikke har problemer med dit netværk mere:

-- Hent dette fix:
http://www.uploads.ejvindh.net/rustbfix.exe

Dobbeltklik på Rustbfix.exe, som du hentede tidligere. Hvis værktøjet finder en Rustock-infektion, vil du efter kort tid blive bedt om at genstarte computeren. Dette skal du så acceptere. Genstarten vil muligvis tage et godt stykke tid, og måske skal der 2 genstarter til, men dette vil ske helt automatisk. Når genstarten er færdig vil der åbnes 2 logfiler (%root%\avenger.txt & %root%\rustbfix\pelog.txt), som du skal kopiere ind i tråden.

-- Kør herefter SuperAntispyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Daniel Madsen\winstall.exe
O4 - HKLM\..\Run: [WINDOWS] C:\pdwpamt.exe
O20 - AppInit_DLLs: 82.dll

-- Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet på skrivebordet som regfix.reg. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".
------------------------------
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{22170B0E-0708-1030-1219-05121305002d}"=-
"{22170B0E-0707-1030-1219-05121305002d}"=-
------------------------------
Dobbeltklik så på den fil, som du lige har lavet, og bekræft at du vil tilføje oplysningerne til registreringsdatabasen.

-- Genstart herefter computeren igen, og læg en ny log fra Hijackthis og Combofix.

---

Hej Daxxa. Følg bare Ejvinds vejledning stille og roligt, trin for trin, så skal det nok gå .

---

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kdjsdqbq

*******************

Script file located at: \??\C:\Program Files\ldrylopf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

---

************************* Rustock.b-fix -- By ejvindh *************************
05-12-2006 13:29:05,67


******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....
Examine the Avenger-logfile in order to assess the success of the unload-procedure

Rustock.b-ADS attached to the System32-folder:
No streams found.


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No streams found.


******************************* End of Logfile ********************************

---

Her er de to log's jeg skulle smide ind

---

-- Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet på skrivebordet som regfix.reg. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

Hvad er det for noget hjælp tak??

---

For at gøre det lidt nemmere, så hent denne fil http://sptlarsenserious.googlepages.com/fix.zip

Pak den ud, og dobbeltklik på fix.reg. Sig ok til regidtor når den spørger.

Kom med en frisk Hijackthis log.

Kør Combofix igen, og kom også med loggen fra den.

---

OKay min computer er allerede ved at køre bedre, fandt også 87 igår med Superantispyware, men er også lige ved at scanne med bitdefender den har fundet rigtig meget og det er noget af det bullguard skriver om.

---

Logfile of HijackThis v1.99.1
Scan saved at 17:00:08, on 05-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Fælles filer\Aminova\WordSeeker\WordSeeker.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuard.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Daniel Madsen\Skrivebord\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Aminova WordSeeker] "C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" SHORTCUT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\BullGuard.exe"
O4 - Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Startup: Deer Hunter 2005 Registration.lnk = D:\Games\Deer hunter 2005\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

---

Daniel Madsen - 06-12-05 17:06:10.43 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Daniel Madsen\Skrivebord"

((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 ))))))))))))))))))))))))))))))))))


2006-12-05   15:16   <DIR>   d--------   C:\WINDOWS\LastGood
2006-12-05   15:16   <DIR>   d--------   C:\WINDOWS\BDOSCAN8
2006-12-05   13:38   <DIR>   d--------   C:\avenger
2006-12-05   13:27   <DIR>   d--------   C:\Rustbfix
2006-12-04   13:21   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\DoctorWeb
2006-12-04   00:12   <DIR>   d--------   C:\Web
2006-12-03   22:19   79,360   --a------   C:\WINDOWS\system32\swxcacls.exe
2006-12-03   22:19   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2006-12-03   22:19   40,960   --a------   C:\WINDOWS\system32\swsc.exe
2006-12-03   22:19   4,446   --a------   C:\WINDOWS\system32\tmp.reg
2006-12-03   22:19   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2006-12-03   22:19   135,168   --a------   C:\WINDOWS\system32\swreg.exe
2006-12-03   09:51   <DIR>   d--------   C:\FOUND.001
2006-12-02   17:55   <DIR>   d--------   C:\Programmer\ewido
2006-12-02   13:46   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\BullGuard
2006-12-02   13:46   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\BullGuard
2006-12-02   13:45   47,056   --a------   C:\WINDOWS\system32\drivers\BdFileSpy.sys
2006-12-02   13:45   <DIR>   d--------   C:\Programmer\BullGuard Software
2006-12-02   12:21   <DIR>   d--------   C:\Programmer\Spybot - Search & Destroy
2006-12-02   11:24   <DIR>   d--------   C:\WINDOWS\Minidump
2006-12-01   22:31   68,968   --a------   C:\WINDOWS\system32\lzx32.sys
2006-11-30   13:29   <DIR>   d--------   C:\Programmer\Silverback Studios Ltd
2006-11-29   13:22   <DIR>   d--------   C:\Programmer\iTunes
2006-11-29   13:22   <DIR>   d--------   C:\Programmer\iPod
2006-11-29   13:21   <DIR>   d--------   C:\Programmer\QuickTime
2006-11-23   22:21   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\dvdcss
2006-11-20   19:28   <DIR>   d--------   C:\Programmer\Zoom Player
2006-11-20   19:18   <DIR>   d--------   C:\Programmer\Setup
2006-11-20   19:15   <DIR>   d--------   C:\Programmer\Webteh
2006-11-20   19:15   <DIR>   d--------   C:\Programmer\BSplayer_WhenUSave_Installer
2006-11-20   19:15   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\BSplayer
2006-11-19   15:06   <DIR>   d--------   C:\Programmer\URUSoft
2006-11-18   19:53   <DIR>   d--------   C:\Programmer\Gabest
2006-11-15   15:28   <DIR>   d--------   C:\Programmer\MSXML 4.0
2006-11-14   18:45   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2006-11-06   14:09   <DIR>   d--------   C:\Yeah
2006-11-06   14:05   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\DaCamYoWebcam
2006-11-06   13:42   59,264   --a------   C:\WINDOWS\system32\drivers\USBAUDIO.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-04 20:13   28672   --a------   C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-12-02 17:29   14416   --a------   C:\WINDOWS\system32\client_cc.dll
2006-11-30 14:05   163644   --a------   C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-04 14:14   1245696   --a------   C:\WINDOWS\system32\msxml4.dll
2006-11-02 12:37   20048   --a------   C:\WINDOWS\system32\BgOutlookHook.dll
2006-11-02 12:36   14416   --a------   C:\WINDOWS\system32\lccl.dll
2006-10-26 14:03   --------   d--------   C:\Programmer\Gads Bogskab
2006-10-17 20:09   --------   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\Apple Computer
2006-10-17 20:07   36656704   --a------   C:\iTunesSetup.exe
2006-10-17 20:07   --------   d--------   C:\Programmer\Apple Software Update
2006-10-16 12:56   1405304   --a------   C:\MSXML3msms.exe
2006-10-13 13:40   142848   --a------   C:\WINDOWS\system32\nwprovau.dll
2006-09-19 15:43   109360   --a------   C:\WINDOWS\system32\GEARAspi.dll
2006-09-15 22:04   48816   --a------   C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-13 07:06   1084416   --a------   C:\WINDOWS\system32\msxml3.dll
2006-09-09 19:10   98304   --a------   C:\WINDOWS\system32\CmdLineExt.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BullGuard"="\"C:\\Programmer\\BullGuard Software\\BullGuard\\BullGuard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"preload"="C:\\Windows\\RUNXMLPL.exe"
"SynTPLpr"="C:\\Programmer\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programmer\\Synaptics\\SynTP\\SynTPEnh.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"ATIPTA"="C:\\Programmer\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LaunchAp"="\"C:\\Programmer\\Launch Manager\\LaunchAp.exe\""
"PowerKey"="\"C:\\Programmer\\Launch Manager\\PowerKey.exe\""
"LManager"="\"C:\\Programmer\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Programmer\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Programmer\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Programmer\\Launch Manager\\Wbutton.exe\""
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"SoundMan"="SOUNDMAN.EXE"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ccApp"="\"C:\\Programmer\\Fælles filer\\Symantec Shared\\ccApp.exe\""
"SunJavaUpdateSched"="C:\\Programmer\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"WinampAgent"="C:\\Programmer\\Winamp\\winampa.exe"
"HP Software Update"="\"C:\\Programmer\\HP\\HP Software Update\\HPWuSchd2.exe\""
"DAEMON Tools"="\"C:\\Programmer\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Aminova WordSeeker"="\"C:\\Programmer\\Fælles filer\\Aminova\\WordSeeker\\Controller.exe\" SHORTCUT"
"QuickTime Task"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programmer\\iTunes\\iTunesHelper.exe\""
"BullGuard"="\"C:\\Programmer\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Daniel Madsen.job
C:\WINDOWS\tasks\HPpromotions photosmart 2600 series.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-05 17:08:32.29
C:\ComboFix3.txt ... 06-12-03 22:43
C:\ComboFix2.txt ... 06-12-05 17:02
C:\ComboFix.txt ... 06-12-05 17:08

---

Sådanner!!

---

Hva skal jeg så nu??

---

Nu får du lige nogle flere opgaver. Lav dem stille og roligt, en ad gangen.


Vi skal have det rootkit helt væk:

Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

1. Pak Avenger-programmet ud og dobbeltklik på avenger.exe

2. Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet (med fed skrift) mellem de stiplede linier ind:

-----------------------------

Files to delete:
C:\WINDOWS\system32\lzx32.sys

-----------------------------

3. Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

4. Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

5. Så går du i Start/Kør og skriver services.msc

6. Find så denne service Microsoft authenticate service. Dobbeltklik på servicen og klik stophvis den er aktiv. Under startype vælger du deaktiveret. Klik anvend og ok.

7. Hent ATF Cleaner her fra http://www.atribune.org/content/view/19/2/

Start ATF Cleaner. Sæt flueben i "Select all" (du kan undlade cookies, hvis du vil). Klik "Empty selected".


Kom med Avenger loggen, og kør Combofix igen, og kom også med den log.

---

Okay men min puter køre faktisk godt nu, så mangler den bare at køre perfekt

---

Kan ikk gøre det med trafiklyset den skriver bare Error

---

Ok, luk lige for den service, og gør så dette:

Download Gmer-rootkit scanner, og pak den ud til skrivebordet:
http://www.gmer.net/gmer.zip
Kør programmet, klik på fanebladet "Rootkit" (kommer nok op som det første), og klik på "Scan". Når scanningen er færdig, skal du klikke på "Copy". Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v.

---

Okaay ved det nu

---

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-05 19:28:22
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 86EB3100 ZwAlertResumeThread
SSDT 86DAC360 ZwAlertThread
SSDT 86F9B590 ZwAllocateVirtualMemory
SSDT 86D93A98 ZwConnectPort
SSDT \??\C:\Programmer\Symantec\SYMEVENT.SYS ZwCreateKey
SSDT 86E0A7B0 ZwCreateMutant
SSDT 86F9BC48 ZwCreateThread
SSDT \??\C:\Programmer\Symantec\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\Programmer\Symantec\SYMEVENT.SYS ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT 86D3F340 ZwFreeVirtualMemory
SSDT 86E0A870 ZwImpersonateAnonymousToken
SSDT 86EFF300 ZwImpersonateThread
SSDT 86D5F980 ZwMapViewOfSection
SSDT 86CE0B18 ZwOpenEvent
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Programmer\ewido\security suite\guard.sys ZwOpenProcess
SSDT 86F56360 ZwOpenProcessToken
SSDT 86DA8478 ZwOpenThreadToken
SSDT sptd.sys ZwQueryKey
SSDT 86FCC9D8 ZwQueryValueKey
SSDT 86F56318 ZwResumeThread
SSDT 86DA8440 ZwSetContextThread
SSDT 86ECF4F8 ZwSetInformationProcess
SSDT 86DCD528 ZwSetInformationThread
SSDT \??\C:\Programmer\Symantec\SYMEVENT.SYS ZwSetValueKey
SSDT 86CE0AE0 ZwSuspendProcess
SSDT 8703A8E8 ZwSuspendThread
SSDT \??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\FiltNt.sys ZwTerminateProcess
SSDT 86DCD4A8 ZwTerminateThread
SSDT 86D5F948 ZwUnmapViewOfSection
SSDT \??\C:\Programmer\BullGuard Software\BullGuard\FwEngine\FiltNt.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 235C 80501060 8 Bytes [ 00, 31, EB, 86, 60, C3, DA, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2514 80501218 8 Bytes [ 8C, 26, CF, F7, 60, 63, F5, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 26BC 805013C0 8 Bytes [ F8, F4, EC, 86, 28, D5, DC, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501424 8 Bytes [ E0, 0A, CE, 86, E8, A8, 03, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2730 80501434 8 Bytes [ 30, A3, 3A, EE, A8, D4, DC, ... ]

---- User code sections - GMER 1.0.12 ----

.text C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE[540] USER32.dll!SetScrollInfo 77D39056 7 Bytes JMP 00DC6250 C:\Programmer\BullGuard Software\BullGuard\gui\BgScrollHookDll.dll
.text C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE[540] USER32.dll!GetScrollInfo 77D417F8 7 Bytes JMP 00DC61A0 C:\Programmer\BullGuard Software\BullGuard\gui\BgScrollHookDll.dll
.text C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE[540] USER32.dll!ShowScrollBar 77D4F2CA 5 Bytes JMP 00DC6320 C:\Programmer\BullGuard Software\BullGuard\gui\BgScrollHookDll.dll
.text C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE[540] USER32.dll!GetScrollPos 77D4F6DC 1 Byte [ E9 ]
.text C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE[540] USER32.dll!GetScrollPos + 2 77D4F6DE 3 Bytes [ 6A, 07, 89 ]
.text C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE[540] USER32.dll!SetScrollPos 77D4F728 5 Bytes JMP 00DC6290 C:\Programmer\BullGuard Software\BullGuard\gui\BgScrollHookDll.dll
.text C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE[540] USER32.dll!GetScrollRange 77D4F75F 5 Bytes JMP 00DC6210 C:\Programmer\BullGuard Software\BullGuard\gui\BgScrollHookDll.dll
.text C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE[540] USER32.dll!SetScrollRange 77D4F973 5 Bytes JMP 00DC62D0 C:\Programmer\BullGuard Software\BullGuard\gui\BgScrollHookDll.dll
.text C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE[540] USER32.dll!EnableScrollBar 77D87BC5 7 Bytes JMP 00DC6160 C:\Programmer\BullGuard Software\BullGuard\gui\BgScrollHookDll.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 871CA608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 871CA608
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 86DAA560
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 86DAA560
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 86DAA560
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 86DAA560
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 86DAA560
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 86DAA560
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 86DAA560
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 86DAA560
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 86DAA560
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 86DAA560
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 86DAA560
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 86DAA560
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 86DAA560
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 86DAA560
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 871CD4F0
Device \Driver\NetBT \Device\NetBT_Tcpip_{C2019C6C-A5C0-4A24-BA75-26CC1BCB3CF4} IRP_MJ_CREATE 86FFDEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{C2019C6C-A5C0-4A24-BA75-26CC1BCB3CF4} IRP_MJ_CLOSE 86FFDEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{C2019C6C-A5C0-4A24-BA75-26CC1BCB3CF4} IRP_MJ_DEVICE_CONTROL 86FFDEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{C2019C6C-A5C0-4A24-BA75-26CC1BCB3CF4} IRP_MJ_INTERNAL_DEVICE_CONTROL 86FFDEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{C2019C6C-A5C0-4A24-BA75-26CC1BCB3CF4} IRP_MJ_CLEANUP 86FFDEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{C2019C6C-A5C0-4A24-BA75-26CC1BCB3CF4} IRP_MJ_PNP 86FFDEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86EF2A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86EF2A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86EF2A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86EF2A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86EF2A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86EF2A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86EF2A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86EF2A30
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 86E98598
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 86E98598
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 871CD4F0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 871CD4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86EF2A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86EF2A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86EF2A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86EF2A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86EF2A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86EF2A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86EF2A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86EF2A30
Device \Driver\NetBT \Device\NetBT_Tcpip_{7A2BF1FF-F883-4ABE-96B6-1A6547CDEB65} IRP_MJ_CREATE 86FFDEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{7A2BF1FF-F883-4ABE-96B6-1A6547CDEB65} IRP_MJ_CLOSE 86FFDEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{7A2BF1FF-F883-4ABE-96B6-1A6547CDEB65} IRP_MJ_DEVICE_CONTROL 86FFDEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{7A2BF1FF-F883-4ABE-96B6-1A6547CDEB65} IRP_MJ_INTERNAL_DEVICE_CONTROL 86FFDEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{7A2BF1FF-F883-4ABE-96B6-1A6547CDEB65} IRP_MJ_CLEANUP 86FFDEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{7A2BF1FF-F883-4ABE-96B6-1A6547CDEB65} IRP_MJ_PNP 86FFDEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86EF2A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86EF2A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86EF2A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86EF2A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86EF2A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86EF2A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86EF2A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86EF2A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 86EF2A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 86EF2A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 86EF2A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 86EF2A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 86EF2A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 86EF2A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 86EF2A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 86EF2A30
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 86EF2A30
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSE 86EF2A30
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_READ 86EF2A30
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 86EF2A30
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 86EF2A30
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 86EF2A30
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 86EF2A30
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 86EF2A30
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 86EF2A30
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86FFDEB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86FFDEB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86FFDEB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86FFDEB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86FFDEB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86FFDEB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86FFDEB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86FFDEB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86FFDEB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86FFDEB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86FFDEB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86FFDEB0
Device \Driver\00000052 \Device\00000094 IRP_MJ_POWER [F744CF68] sptd.sys
Device \Driver\00000052 \Device\00000094 IRP_MJ_SYSTEM_CONTROL [F7461A70] sptd.sys
Device \Driver\00000052 \Device\00000094 IRP_MJ_PNP [F745A728] sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 871CA8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 871CA8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 871CA8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 871CA8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 871CA8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 871CA8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 871CA8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 871CA8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 871CA8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 871CA8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 871CA8C0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86F7C598
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86F7C598
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 86CF70E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 86CF70E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 871CD4F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 871CD4F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 871CD4F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 871CD4F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 871CD4F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 871CD4F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 871CD4F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 871CD4F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 871CD4F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 871CD4F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 871CD4F0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 86DE60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 86DE60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 86DE60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 86DE60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 86DE60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 86DE60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 86DE60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 86DE60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 86DE60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 86DE60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 86DE60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 86DE60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 86DE60E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_CREATE 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_CLOSE 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_POWER 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_PNP 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_CREATE 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_CLOSE 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_DEVICE_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_POWER 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_SYSTEM_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_PNP 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_CREATE 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_CLOSE 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_DEVICE_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_POWER 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_SYSTEM_CONTROL 86F46828
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_PNP 86F46828
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 871CA608
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 871CA608
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86DC7730
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 86DC7730
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86DC7730
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 86DC7730
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 86DC7730
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 86DC7730
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 86DC7730
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 86DC7730
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 86DC7730
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 86DC7730
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 86DC7730
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 86DC7730
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 86DC7730

---- EOF - GMER 1.0.12 ----

---

Skal jeg stadig gøre det du skrev i den anden, altså fra punkt 5 af

---

Hent og installer Unlocker http://ccollomb.free.fr/unlocker/

Klik dig frem til denne fil: C:\WINDOWS\system32\lzx32.sys

Højreklik på filen, klik Unlocker. Hvis der er låste handles, så klik "lås alle op". Derefter vælger du handling i nederste venstre hjørne af Unlocker, vælg slet. Kan Unlocker ikke umiddelbart slette filen, vil Unlocker tilbyde at slette ved genstart. Det vælger du, og genstarter maskinen.

Og så fortsætter du fra punkt 5 i den tidligere vejledning.

---

Okay mange tak det vil jeg så prøve

---

Daniel Madsen - 06-12-05 22:34:17,53 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Daniel Madsen\Skrivebord"

((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 ))))))))))))))))))))))))))))))))))


2006-12-05   22:20   <DIR>   d--------   C:\Programmer\Unlocker
2006-12-05   19:11   80   --a------   C:\WINDOWS\gmer_uninstall.cmd
2006-12-05   15:16   <DIR>   d--------   C:\WINDOWS\LastGood
2006-12-05   15:16   <DIR>   d--------   C:\WINDOWS\BDOSCAN8
2006-12-05   13:38   <DIR>   d--------   C:\avenger
2006-12-05   13:27   <DIR>   d--------   C:\Rustbfix
2006-12-04   13:21   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\DoctorWeb
2006-12-04   00:12   <DIR>   d--------   C:\Web
2006-12-03   22:19   79,360   --a------   C:\WINDOWS\system32\swxcacls.exe
2006-12-03   22:19   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2006-12-03   22:19   40,960   --a------   C:\WINDOWS\system32\swsc.exe
2006-12-03   22:19   4,446   --a------   C:\WINDOWS\system32\tmp.reg
2006-12-03   22:19   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2006-12-03   22:19   135,168   --a------   C:\WINDOWS\system32\swreg.exe
2006-12-02   17:55   <DIR>   d--------   C:\Programmer\ewido
2006-12-02   13:46   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\BullGuard
2006-12-02   13:46   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\BullGuard
2006-12-02   13:45   47,056   --a------   C:\WINDOWS\system32\drivers\BdFileSpy.sys
2006-12-02   13:45   <DIR>   d--------   C:\Programmer\BullGuard Software
2006-12-02   12:21   <DIR>   d--------   C:\Programmer\Spybot - Search & Destroy
2006-12-02   11:24   <DIR>   d--------   C:\WINDOWS\Minidump
2006-11-30   13:29   <DIR>   d--------   C:\Programmer\Silverback Studios Ltd
2006-11-29   13:22   <DIR>   d--------   C:\Programmer\iTunes
2006-11-29   13:22   <DIR>   d--------   C:\Programmer\iPod
2006-11-29   13:21   <DIR>   d--------   C:\Programmer\QuickTime
2006-11-23   22:21   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\dvdcss
2006-11-20   19:28   <DIR>   d--------   C:\Programmer\Zoom Player
2006-11-20   19:18   <DIR>   d--------   C:\Programmer\Setup
2006-11-20   19:15   <DIR>   d--------   C:\Programmer\Webteh
2006-11-20   19:15   <DIR>   d--------   C:\Programmer\BSplayer_WhenUSave_Installer
2006-11-20   19:15   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\BSplayer
2006-11-19   15:06   <DIR>   d--------   C:\Programmer\URUSoft
2006-11-18   19:53   <DIR>   d--------   C:\Programmer\Gabest
2006-11-15   15:28   <DIR>   d--------   C:\Programmer\MSXML 4.0
2006-11-14   18:45   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2006-11-06   14:09   <DIR>   d--------   C:\Yeah
2006-11-06   14:05   <DIR>   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\DaCamYoWebcam
2006-11-06   13:42   59,264   --a------   C:\WINDOWS\system32\drivers\USBAUDIO.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-04 20:13   28672   --a------   C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-12-02 17:29   14416   --a------   C:\WINDOWS\system32\client_cc.dll
2006-11-30 14:05   163644   --a------   C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-04 14:14   1245696   --a------   C:\WINDOWS\system32\msxml4.dll
2006-11-02 12:37   20048   --a------   C:\WINDOWS\system32\BgOutlookHook.dll
2006-11-02 12:36   14416   --a------   C:\WINDOWS\system32\lccl.dll
2006-10-26 14:03   --------   d--------   C:\Programmer\Gads Bogskab
2006-10-17 20:09   --------   d--------   C:\Documents and Settings\Daniel Madsen\Application Data\Apple Computer
2006-10-17 20:07   36656704   --a------   C:\iTunesSetup.exe
2006-10-17 20:07   --------   d--------   C:\Programmer\Apple Software Update
2006-10-16 12:56   1405304   --a------   C:\MSXML3msms.exe
2006-10-13 13:40   142848   --a------   C:\WINDOWS\system32\nwprovau.dll
2006-09-19 15:43   109360   --a------   C:\WINDOWS\system32\GEARAspi.dll
2006-09-15 22:04   48816   --a------   C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-13 07:06   1084416   --a------   C:\WINDOWS\system32\msxml3.dll
2006-09-09 19:10   98304   --a------   C:\WINDOWS\system32\CmdLineExt.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BullGuard"="\"C:\\Programmer\\BullGuard Software\\BullGuard\\BullGuard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"preload"="C:\\Windows\\RUNXMLPL.exe"
"SynTPLpr"="C:\\Programmer\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programmer\\Synaptics\\SynTP\\SynTPEnh.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"ATIPTA"="C:\\Programmer\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LaunchAp"="\"C:\\Programmer\\Launch Manager\\LaunchAp.exe\""
"PowerKey"="\"C:\\Programmer\\Launch Manager\\PowerKey.exe\""
"LManager"="\"C:\\Programmer\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Programmer\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Programmer\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Programmer\\Launch Manager\\Wbutton.exe\""
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"SoundMan"="SOUNDMAN.EXE"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ccApp"="\"C:\\Programmer\\Fælles filer\\Symantec Shared\\ccApp.exe\""
"SunJavaUpdateSched"="C:\\Programmer\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"WinampAgent"="C:\\Programmer\\Winamp\\winampa.exe"
"HP Software Update"="\"C:\\Programmer\\HP\\HP Software Update\\HPWuSchd2.exe\""
"DAEMON Tools"="\"C:\\Programmer\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Aminova WordSeeker"="\"C:\\Programmer\\Fælles filer\\Aminova\\WordSeeker\\Controller.exe\" SHORTCUT"
"QuickTime Task"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programmer\\iTunes\\iTunesHelper.exe\""
"BullGuard"="\"C:\\Programmer\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"
"UnlockerAssistant"="\"C:\\Programmer\\Unlocker\\UnlockerAssistant.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Daniel Madsen.job
C:\WINDOWS\tasks\HPpromotions photosmart 2600 series.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-05 22:36:33.98
C:\ComboFix.txt ... 06-12-05 22:36
C:\ComboFix3.txt ... 06-12-05 17:02
C:\ComboFix2.txt ... 06-12-05 17:08

---

HVa skal jeg så??

---

Du må kun have et antivirus af gangen, så fjern det "#%¤%& Norton i Tilføj/Fjern programmer. Genstart, og gå her ind og fjern resterne http://service1.symantec.com/support/inter/tsgeninfointl.nsf/dk_docid/20050411155241924

Bagefter så fjern Ewido, og hent nyeste version her http://www.ewido.net/en/

Fjern også BS(BullShit) player da den er forpestet med WhenU spyware. Du får to super gode playere med i denne pakke http://www.cccp-project.net/wiki/index.php?title=Main_Page Det er meget bedre, og uden snavs.

Kom lige med en frisk HijackThis.

---

Den skriver jeg ikk kan det er det der link til at fjerne norton, den skriver fordi liveupdate kører, men kan ikk lige finde det :S

---

Har du afinstalleret Norton, og genstartet først ? Hvis du har, så søg på mappen Liveupdate og slet den med Unlocker. Vær sikker på at det er en Norton eller Symantec mappe du sletter. Tjek det ved at højreklikke på den og tjekke "egenskaber".

---

HAr afinstalleret og genstartet, prøver lige det med unlocker

---

De sidste 4 i den mappe kan jeg ikk låse op

---

Eller joh

---

Er den væk nu ?

---

Ja den er, har os fjernet resterne

---

Fint nok, så prøv lige det sidste jeg foreslår i min kommentar 05-12-06 23:09

---

Logfile of HijackThis v1.99.1
Scan saved at 00:14:39, on 06-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Aminova\WordSeeker\WordSeeker.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Unlocker\UnlockerAssistant.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuard.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Daniel Madsen\Skrivebord\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Aminova WordSeeker] "C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" SHORTCUT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmer\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\BullGuard.exe"
O4 - Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Startup: Deer Hunter 2005 Registration.lnk = D:\Games\Deer hunter 2005\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

---

BEhøver vel ikk lige hente playerne lige nu??

---

Bingo, så blev den ren .

For lige at fjerne de sidste rester af Norton, så gør dette:

Kør en scanning med HijackThis, så du kan se alle filer. Luk alle vinduer, sæt flueben ved disse linier, og klik fix checked.

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

Alle farlige ting fra MSN ormen burde være væk nu, men der kan ligge lidt smårester. Kør lige for en sikkerheds skyld dette fix:

Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

Bagefter så opdater lige AVG antispy og SuperantiSpyware, og kør en scanning med dem.

Til allersidst skal rense ud i systemgendannelsen http://spywareinfo.dk/tip-og-tricks/deaktiver_systemgendannelse.htm

Og så vil jeg sige at det var flot klaret af dig. Det var ikke lige nemt det hele.

---

---

Mange tak, der sker vil ingenting ved jeg først gør alt det der imorgen, skal i skole imorgen og er kommet for sent de sidste 2 dage

---

Nej da, vent du roligt til i morgen

---

sov sødt daxxa og kom så ikke forsent imorgen er du ikke glad for at du ikke gav op ??

---

Okay skriver nok lige imorgen, og endnu engang mange tak for hjælpen....

---

Jo det er dejligt, men har ikk lige testet om det kører fint endny, men det m først blive imorgen 3 dage forsent i træk vil ikke være så godt

---

skrup så iseng med dig -

---

Miritdk har talt, og så lystrer vi allesammen

---

Kom ikke forsent idag :P Heh..

Går igang med det du skrev igår

---

Kan jeg godt installere Messenger igen??
OG kan love jer for jeg er blevet klogere

Åbner kun noget hvis de skriver til mig over mobil

---

du kan godt installere messengeren igen - men tag dig i agt når der kommer links og se lige her hvad du skal gøre for at sikre dig en lille smule mod kendt snavs
http://sptlarsenserious.googlepages.com/usikrefilerilivemessenger

Men vent lige til stl_s har sikret sig du er helt fri efter combofixet han skrev igår aftes

godt du ikke kom forsent idag

Dato : 06-12-06 00:43...... <---------- er det du lige skal igennem først

---

Dato : 06-12-06 00:43...... <---------- er det du lige skal igennem først


Ja det er den jeg skal igennem

---

Ved du om jeg skal smide den Log fra combofix herind??

---

det vil i hvertfald være en sikkerhed for at se om noget måske hænger som rester

---

Okay den kommer lige lidt senere er ved at scanne med Avg

---

SDFix er blevet lavet lidt om, så det er denne vejledning du skal følge:

Hent og dobbeltklik denne fil. Den pakker sig ud til C:\SDFix:
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

Gå så ind i mappen SDFix på C drevet. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.

Jeg behøver ikke at se andre logs.

---

Har stadig virus :S

Bullguard finder inficerede filer i C/ Web

---

SDFix: Version 1.45
****************

06-12-2006 - 15:14:10,29

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\DANIEL~1\SKRIVE~1\SDFix\SDFix

Stage One - Safe Mode
Checking Services...

Service Name:


File Path:



Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------


Backing Up and Removing any Files Found...

Final Check:

Services:
---------


Authorized Applications Key Export:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
C:\pdwpamt.exe   REG_SZ   C:\pdwpamt.exe:*:Enabled:Server


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
C:\pdwpamt.exe   REG_SZ   C:\pdwpamt.exe:*:Enabled:Server

Authorized Applications Key Not Found

Full SharedAccess Key Export:



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
Start   REG_DWORD   0x2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters

Files:
------

Backups Folder: - C:\DOCUME~1\DANIEL~1\SKRIVE~1\SDFix\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\WINDOWS\system32\NTICDMK7.dll
C:\WINDOWS\system32\NTIMPEG2.dll
C:\WINDOWS\system32\NTIMP3.dll
C:\WINDOWS\system32\NTIFCD3.dll
C:\WINDOWS\system32\NTIBUN4.dll
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\Programmer\Messenger\msmsgs.exe
C:\hiberfil.sys
C:\pagefile.sys
C:\MSDOS.SYS
C:\IO.SYS
C:\Documents and Settings\All Users\Application Data\BullGuard\Temp\wtslist.tmpp

FINISHED!

---

Hvad er det præcist Bullguard finder, og præcist hvor er det ?

Det kan nemlig være backups fra de andre fixprogrammer den finder.

Din Windows firewall skal lige fixes lidt. Hent denne fil. Pak den ud, og dobbeltklik fwfix.reg og sig ok til regeditor http://sptlarsenserious.googlepages.com/fwfix.reg.zip

---

Nåhh det kan egentligt godt være det er det bullguard fandt, fordi det var i Dr web

---

Ok, jamen så er vi ved at have styr på det. Du er velkommen til lige at komme med en HijackThis, for at se at alt er helt som det skal være.

Kører maskinen ok ?

---

Den kører fint nok, men det går lidt langsomt

---

Logfile of HijackThis v1.99.1
Scan saved at 17:50:52, on 06-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Aminova\WordSeeker\WordSeeker.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Unlocker\UnlockerAssistant.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuard.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Daniel Madsen\Skrivebord\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Aminova WordSeeker] "C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" SHORTCUT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmer\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\BullGuard.exe"
O4 - Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Startup: Deer Hunter 2005 Registration.lnk = D:\Games\Deer hunter 2005\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

---

Efter et virus/spyware angreb, er det altid en god ide at rydde op i systemgendannelses filerne. Deaktiver systemgendannelse http://spywareinfo.dk/tip-og-tricks/deaktiver_systemgendannelse.htm - genstart din computer - aktiver systemgendannelse.

Hent ATF Cleaner her fra http://www.atribune.org/content/view/19/2/

Start ATF Cleaner. Sæt flueben i "Select all" (du kan undlade cookies, hvis du vil). Klik "Empty selected".

Du kan slette værktøjerne du hentede, Dr.Web osv, og deres backup mapper.

Det er ikke ualmindeligt der er lidt sløvhed efter et så stort angreb. Prøv lige denne "kur".

Kør en diskdefragmentering: Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskdefragmentering. Kør den, den godt tage noget tid.

Hent Pagedfrag her http://www.microsoft.com/technet/sysinternals/Utilities/PageDefrag.mspx

Sæt prik i "Defragment at next boot" og genstart maskinen. Den kører så ved boot, og kan godt risikere at tage et stykke tid, hvis der er meget den skal arbejde med.

Prøv så bagefter at hente og køre Memory Cleaner herfra http://www.evonsoft.com/Download.htm

Fortæl gerne om det har hjulpet.

---

Det diskfragmentering går godt nok ekstremt langsom

---

Ja, men så går det forhåbentligt hurtigere bagefter. Hvis du ikke har defragmenteret før, så er der en del den skal rette.

---

Okay det har jeg ikk..!

Men smutter skal spise

---

HVad er det diskfragmentering gør??

---

http://www.nettips.dk/Default.asp/KatId=103/SubId=103/id=718/text=Problemer+med+diskdefragmentering%3F

---

3 % puhhhh

---

14 % :/

---

Man kan da ikk lukke puteren ned uden at anullere diskdefragmentering ned, kan man???

---

Du kan da lade den køre natten over. Det er der mange der gør.

---

Kan jeg egentligt godt installere messenger igen??

---

Det kan du roligt gøre. Slet lige mappen MSN Messenger i "Programmer" først, så du får en helt frisk installation.

---

Skal jeg også slette den der bare hedder Messenger

---

Min computer kører fint, mange tak stl_s :D

---

synes stl_s har gjort et mega flot stykke arbejde her - så hvis du accepterer svaret og giver 5 stjerner så er alt godt

---

Godt det lykkedes, og du slap for formatteringen .

---

Jeps mange tak acceptere ligee

---

Mange tak for svaret stl_s.

Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.