Oprettet søn. d. 04. april 2010 kl. 18:04:20
Tjen 30 point | 18 kommentarer
windows security alert
HejJeg har fået en virus tror jeg!!
når jeg går på nettet kommer windows security alert frem og vil lave en scanning og jeg kan ikke fjerne den (har prøvet med spybot
og adaware.
der kommer også sommetider en boks hvor jeg skal skrive noget i, men det er også en virus og den kan jeg heller ikke fjerne.
Er der nogen der kan hjælpe.
Jeg har lavet en hijackthis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:24, on 04-04-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\webserver\webserver.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jes\Application Data\U3\00001623B2724639\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=0061208
R3 - URLSearchHook: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O1 - Hosts: 95.143.192.205 u07012010u#com
O1 - Hosts: 85.13.206.115 u07012010u.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ccagent.exe] C:\Documents and Settings\Jes\Application Data\Control Manager\ccagent.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ (...)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: webserver - Unknown owner - C:\Program Files\webserver\webserver.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10747 bytes
Håber i kan hjælpe
Skrevet søn. d. 04. april 2010 kl. 18:16:58| #1
Der er også nogle 'mistænkelige' elementer...
Gennemfør denne 'pakke' ->
Hent og instalér CCleaner http://www.ccleaner.com/ (...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/ (...)
Lad programmet foretage en oprydning...
--------
Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/ (...)
Eller herfra ->
http://www.majorgeeks.com/ (...)
Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...
Gennemfør denne 'pakke' ->
Hent og instalér CCleaner http://www.ccleaner.com/ (...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/ (...)
Lad programmet foretage en oprydning...
--------
Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/ (...)
Eller herfra ->
http://www.majorgeeks.com/ (...)
Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...
Skrevet søn. d. 04. april 2010 kl. 18:52:12| #2
Lytter med.
(Kan ikke smide tomme kommentarer og derved følge med i det skjulte :()
(Kan ikke smide tomme kommentarer og derved følge med i det skjulte :()
Skrevet søn. d. 04. april 2010 kl. 19:41:57| #3
Skrevet søn. d. 04. april 2010 kl. 19:55:37| #4
Tak... har altid brugt det trick, men det virker ikke pt.
Skrevet søn. d. 04. april 2010 kl. 20:23:39| #5
bigmag (15.540 point)
Nu har jeg kørt de scan du sagde og det ser ud til at virke.
her resultaterne på scanningerne.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3953
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
04-04-2010 20:04:02
mbam-log-2010-04-04 (20-04-02).txt
Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 187398
Tid gået: 45 minut(ter), 36 sekund(er)
Hukommelses Processorer Inficeret: 1
Hukommelses Moduler Inficeret: 2
Registreringsdatabase Nøgler Inficeret: 5
Registreringsdatabase Værdier Inficeret: 3
Registreringsdatabase Data Objekter Inficeret: 0
Inficerede Mapper: 1
Inficerede Filer: 75
Hukommelses Processorer Inficeret:
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Unloaded process successfully.
Hukommelses Moduler Inficeret:
c:\WINDOWS\system32\captcha.dll (Worm.KoobFace) -> Delete on reboot.
c:\WINDOWS\system32\erokosvc.dll (Worm.KoobFace) -> Delete on reboot.
Registreringsdatabase Nøgler Inficeret:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\captcha (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpqoko6 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webserver (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Control Manager (Rogue.ControlManager) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apto6ko (Worm.KoobFace) -> Quarantined and deleted successfully.
Registreringsdatabase Værdier Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\tapisrvs (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccagent.exe (Rogue.ControlManager) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\captcha (Worm.KoobFace) -> Quarantined and deleted successfully.
Registreringsdatabase Data Objekter Inficeret:
(Ingen skadelige objekter blev fundet)
Inficerede Mapper:
C:\Documents and Settings\Jes\Application Data\Control Manager (Rogue.ControlManager) -> Quarantined and deleted successfully.
Inficerede Filer:
c:\WINDOWS\system32\captcha.dll (Worm.KoobFace) -> Delete on reboot.
c:\WINDOWS\system32\erokosvc.dll (Worm.KoobFace) -> Delete on reboot.
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269082860.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269084393.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269084711.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269084729.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269098261.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269098925.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269099241.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269099244.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269165133.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269165446.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269191968.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269192276.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269192283.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269192975.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269193282.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269193286.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1268807600.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1268808078.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269082420.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269194067.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269194371.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269197728.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269198047.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269198049.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269260761.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269261321.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269261631.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269261635.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269278546.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269278861.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269278865.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269283676.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269082767.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269284356.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269844551.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269844873.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269969915.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269971893.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269972202.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269972206.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269973395.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP656\A0137563.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP662\A0138853.exe (Rogue.PClean) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP666\A0141163.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP666\A0141166.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP666\A0141167.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP666\A0141179.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP668\A0141270.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP668\A0141273.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP669\A0141291.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP669\A0141293.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP670\A0141310.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP670\A0141312.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP670\A0142516.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP670\A0142517.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bill104.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\imapioko.sys (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\lgo (Koobface.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\010112010146101115.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\010112010146114101.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\01011201014650115.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\0101120101465198.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1268775793.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269193288.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269282938.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269283239.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269283240.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1270111486.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1270113823.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:35, on 04-04-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=0061208
R3 - URLSearchHook: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O1 - Hosts: 95.143.192.205 u07012010u#com
O1 - Hosts: 85.13.206.115 u07012010u.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ (...)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10526 bytes
Ser det rigtitgt ud
her resultaterne på scanningerne.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3953
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
04-04-2010 20:04:02
mbam-log-2010-04-04 (20-04-02).txt
Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 187398
Tid gået: 45 minut(ter), 36 sekund(er)
Hukommelses Processorer Inficeret: 1
Hukommelses Moduler Inficeret: 2
Registreringsdatabase Nøgler Inficeret: 5
Registreringsdatabase Værdier Inficeret: 3
Registreringsdatabase Data Objekter Inficeret: 0
Inficerede Mapper: 1
Inficerede Filer: 75
Hukommelses Processorer Inficeret:
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Unloaded process successfully.
Hukommelses Moduler Inficeret:
c:\WINDOWS\system32\captcha.dll (Worm.KoobFace) -> Delete on reboot.
c:\WINDOWS\system32\erokosvc.dll (Worm.KoobFace) -> Delete on reboot.
Registreringsdatabase Nøgler Inficeret:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\captcha (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpqoko6 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webserver (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Control Manager (Rogue.ControlManager) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apto6ko (Worm.KoobFace) -> Quarantined and deleted successfully.
Registreringsdatabase Værdier Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\tapisrvs (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccagent.exe (Rogue.ControlManager) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\captcha (Worm.KoobFace) -> Quarantined and deleted successfully.
Registreringsdatabase Data Objekter Inficeret:
(Ingen skadelige objekter blev fundet)
Inficerede Mapper:
C:\Documents and Settings\Jes\Application Data\Control Manager (Rogue.ControlManager) -> Quarantined and deleted successfully.
Inficerede Filer:
c:\WINDOWS\system32\captcha.dll (Worm.KoobFace) -> Delete on reboot.
c:\WINDOWS\system32\erokosvc.dll (Worm.KoobFace) -> Delete on reboot.
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269082860.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269084393.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269084711.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269084729.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269098261.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269098925.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269099241.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269099244.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269165133.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269165446.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269191968.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269192276.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269192283.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269192975.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269193282.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269193286.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1268807600.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1268808078.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269082420.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269194067.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269194371.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269197728.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269198047.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269198049.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269260761.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269261321.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269261631.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269261635.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269278546.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269278861.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269278865.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269283676.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269082767.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269284356.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269844551.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269844873.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269969915.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269971893.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269972202.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269972206.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269973395.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP656\A0137563.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP662\A0138853.exe (Rogue.PClean) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP666\A0141163.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP666\A0141166.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP666\A0141167.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP666\A0141179.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP668\A0141270.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP668\A0141273.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP669\A0141291.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP669\A0141293.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP670\A0141310.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP670\A0141312.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP670\A0142516.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP670\A0142517.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bill104.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\imapioko.sys (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\lgo (Koobface.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\010112010146101115.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\010112010146114101.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\01011201014650115.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\0101120101465198.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1268775793.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269193288.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269282938.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269283239.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269283240.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1270111486.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1270113823.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:35, on 04-04-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=0061208
R3 - URLSearchHook: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O1 - Hosts: 95.143.192.205 u07012010u#com
O1 - Hosts: 85.13.206.115 u07012010u.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ (...)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10526 bytes
Ser det rigtitgt ud
Skrevet søn. d. 04. april 2010 kl. 20:37:34| #6
patrick14 (7.070 point)
Hent Combofix, og gem den på i en mappe, som alg.exe:
http://download.bleepingcomputer.com/ (...)
Åben Notesblok og kopier følgende tekst ind - og gem tekst-filen som CFScript samme sted som du har ComboFix:
...............................................................................
Killall::
Snapshot::
Hosts::
...................................................................................
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Som vist her ->
http://www.fromsej.saknet.dk/ (...)
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Læg den nye ComboFix log herind. Den kan findes her - C:\combofix Txt
Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C: Combofix.txt
Indholdet af denne fil må du gerne lægge herind
http://download.bleepingcomputer.com/ (...)
Åben Notesblok og kopier følgende tekst ind - og gem tekst-filen som CFScript samme sted som du har ComboFix:
...............................................................................
Killall::
Snapshot::
Hosts::
...................................................................................
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Som vist her ->
http://www.fromsej.saknet.dk/ (...)
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Læg den nye ComboFix log herind. Den kan findes her - C:\combofix Txt
Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C: Combofix.txt
Indholdet af denne fil må du gerne lægge herind
Skrevet søn. d. 04. april 2010 kl. 20:49:02| #7
Der er noget jeg ikke fatter...
Plejer der ikke at skulle stå noget efter disse:
Killall::
Snapshot::
Hosts::
???
Åben Notesblok og kopier følgende tekst ind - og gem tekst-filen som CFScript samme sted som du har ComboFix:
...............................................................................
Killall::
Snapshot::
Hosts::
...................................................................................
...............................................................................
Killall::
Snapshot::
Hosts::
...................................................................................
Plejer der ikke at skulle stå noget efter disse:
Killall::
Snapshot::
Hosts::
???
Skrevet søn. d. 04. april 2010 kl. 20:51:05| #8
Nøøøøøj - MalwareBytes fik nappet en del - også de 'mistænkelige' elementer *S* ...
---
Du mangler M$ ServicePack3 til XP -> http://www.microsoft.com/ (...) + efterfølgende MANGE opdateringer !!!
Bla. IE8 (Internet Explorer ver. 8) + efterfølgende opdateringer...
---
Du bør/skal opdatere din AcrobatReader -> http://get.adobe.com/ (...) (FRAklik GoogleToolbar)
---
http://kundeservice.tdc.dk/ (...)
---
En efterfølgede oprydning ->
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.
Det er disse, som skal fixes:
O2 - BHO: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Eller bruger du denne GAMLE Messenger?)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Genstart normalt...
---
Oprydning med CCleaner...
---
Hvordan kører PC'en så nu ?
---
Du mangler M$ ServicePack3 til XP -> http://www.microsoft.com/ (...) + efterfølgende MANGE opdateringer !!!
Bla. IE8 (Internet Explorer ver. 8) + efterfølgende opdateringer...
---
Du bør/skal opdatere din AcrobatReader -> http://get.adobe.com/ (...) (FRAklik GoogleToolbar)
---
http://kundeservice.tdc.dk/ (...)
---
En efterfølgede oprydning ->
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.
Det er disse, som skal fixes:
O2 - BHO: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Eller bruger du denne GAMLE Messenger?)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Genstart normalt...
---
Oprydning med CCleaner...
---
Hvordan kører PC'en så nu ?
Skrevet søn. d. 04. april 2010 kl. 20:54:20| #9
Nåååå - <patrick14> kom lige pludselig ind imellem ??? Der er den 'uskrevne' regel her på E. at den der forespørger efter Logs mm. også bør/skal/kan/må følge op på dem... Helst uden at andre kommer ind imellem for ikke at 'forvirre' spørgeren mere end nødvendigt...
---
---
Skrevet søn. d. 04. april 2010 kl. 21:07:25| #10
Enig med karise.
patrick14> Desuden mangler der "emner" Combofix skal fixe, men siden du anbefaler brugen af programmet, må du lige få rettet denne fejl.
patrick14> Desuden mangler der "emner" Combofix skal fixe, men siden du anbefaler brugen af programmet, må du lige få rettet denne fejl.
Skrevet søn. d. 04. april 2010 kl. 21:15:49| #11
bigmag (15.540 point)
Her er resultatet
ComboFix 10-04-03.02 - Jes 04-04-2010 20:55:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.45.1033.18.1014.427 [GMT 2:00]
Kører fra: c:\documents and settings\Jes\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Jes\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\webserver
c:\windows\AppPatch\AcAdProc.dll
c:\windows\jestertb.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_APTO6KO
-------\Legacy_CAPTCHA
-------\Legacy_CPQOKO6
-------\Legacy_WEBSERVER
((((((((((((((((((((((((((((( Filer skabt fra 2010-03-04 til 2010-04-04 )))))))))))))))))))))))))))))))))))
.
2010-04-04 16:34 . 2010-04-04 16:34 -------- d-----w- c:\documents and settings\Jes\Application Data\Malwarebytes
2010-04-04 16:33 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-04 16:33 . 2010-04-04 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-04 16:33 . 2010-04-04 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-04 16:33 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-04 16:29 . 2010-04-04 16:29 -------- d-----w- c:\program files\CCleaner
2010-04-04 15:35 . 2010-04-04 15:35 -------- d-----w- c:\program files\Trend Micro
2010-04-01 09:13 . 2010-04-01 14:58 -------- d-----w- C:\SmitfraudFix
2010-03-30 17:59 . 2010-03-30 17:50 1872472 ----a-w- C:\SmitfraudFix.exe
2010-03-29 06:30 . 2010-03-29 06:30 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-03-22 12:47 . 2010-03-22 12:47 -------- d-----w- c:\documents and settings\Jes\Application Data\AdobeUM
2010-03-21 18:48 . 2010-03-21 18:54 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-21 18:08 . 2010-03-21 18:13 -------- d-----w- c:\program files\Norton Internet Security
2010-03-21 18:07 . 2010-03-21 18:13 48776 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-21 18:07 . 2010-03-21 18:13 115000 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-21 18:06 . 2010-03-22 18:43 -------- d-----w- c:\program files\Symantec
2010-03-21 17:13 . 2010-03-21 17:13 0 ----a-w- c:\windows\nsreg.dat
2010-03-21 17:13 . 2010-03-21 17:13 -------- d-----w- c:\documents and settings\Jes\Local Settings\Application Data\Mozilla
2010-03-20 11:35 . 2010-04-01 13:50 -------- d-----w- c:\program files\Lavasoft
2010-03-20 09:27 . 2010-03-20 09:27 -------- d-----w- c:\documents and settings\Jes\Application Data\Lavasoft
2010-03-19 18:35 . 2010-03-19 18:35 -------- d--h--w- c:\windows\PIF
2010-03-19 17:42 . 2010-03-30 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-19 17:40 . 2010-03-30 18:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-19 17:32 . 2010-03-19 17:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-18 12:05 . 2010-03-18 12:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-10 10:16 . 2010-03-10 10:16 -------- d-----w- c:\program files\VALVe
2010-03-10 09:26 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 10:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 19:05 . 2009-12-06 16:45 -------- d-----w- c:\program files\Steam
2010-04-04 19:04 . 2010-01-23 22:08 -------- d-----w- c:\documents and settings\Jes\Application Data\Skype
2010-04-04 19:02 . 2006-12-08 15:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-04 18:48 . 2010-02-09 18:50 -------- d-----w- c:\documents and settings\Jes\Application Data\U3
2010-04-04 18:08 . 2010-01-23 22:11 -------- d-----w- c:\documents and settings\Jes\Application Data\skypePM
2010-04-04 16:31 . 2008-07-03 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-01 13:50 . 2008-07-03 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-01 10:43 . 2008-07-04 08:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-30 18:43 . 2009-10-16 15:17 -------- d-----w- c:\program files\RocketDock
2010-03-21 20:12 . 2006-12-08 15:01 -------- d-----w- c:\program files\Google
2010-03-21 18:13 . 2010-03-21 18:07 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-21 18:13 . 2010-03-21 18:07 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-20 11:27 . 2006-12-08 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-19 17:34 . 2008-10-03 17:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-03-16 21:35 . 2009-12-02 15:40 -------- d-----w- c:\documents and settings\Jes\Application Data\vlc
2010-03-11 19:43 . 2010-02-22 12:41 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-03-11 10:45 . 2009-11-18 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-21 00:39 . 2009-10-16 15:34 -------- d-----w- c:\program files\LimeWire
2010-02-21 00:04 . 2009-10-16 15:35 -------- d-----w- c:\documents and settings\Jes\Application Data\LimeWire
2010-02-17 14:40 . 2010-02-17 14:40 -------- d-----w- c:\program files\Games_Bar_1
2010-02-17 11:20 . 2009-12-02 15:41 -------- d-----w- c:\documents and settings\Jes\Application Data\dvdcss
2010-01-26 17:00 . 2010-01-26 17:00 503808 ----a-w- c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c89f251-n\msvcp71.dll
2010-01-26 17:00 . 2010-01-26 17:00 348160 ----a-w- c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c89f251-n\msvcr71.dll
2010-01-26 17:00 . 2010-01-26 17:00 61440 ----a-w- c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-20072725-n\decora-sse.dll
2010-01-26 17:00 . 2010-01-26 17:00 499712 ----a-w- c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c89f251-n\jmc.dll
2010-01-26 17:00 . 2010-01-26 17:00 12800 ----a-w- c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-20072725-n\decora-d3d.dll
2010-01-26 16:58 . 2010-01-26 16:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-23 22:11 . 2010-01-23 22:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-13 11:40 . 2007-09-30 17:09 168 --sh--r- c:\windows\system32\25A15EAE1B.sys
2009-10-13 11:40 . 2007-09-30 17:09 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\Games_Bar_1\tbGame.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-02-21 1217872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-23 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-13 771704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-12-8 7168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"8085:TCP"= 8085:TCP:*:Disabled:OKOToGate
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [21-03-2010 20:12 102712]
S2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2010 10:22 135664]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [29-07-2008 15:23 206336]
--- Andre Services/Drivers i Hukommelsen ---
*NewlyCreated* - COMHOST
.
Indhold af mappen 'Planlagte Opgaver'
2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:12]
2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:12]
2010-03-22 c:\windows\Tasks\Norton Internet Security - Kør fuld systemskanning - Jes.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://google.dk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Jes\Application Data\Mozilla\Firefox\Profiles\dc6b9y34.default\
FF - prefs.js: browser.startup.homepage - hxxp://tdconline.dk/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLITIKKER ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - TOMME GENVEJE FJERNET - - - -
HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 21:02
Windows 5.1.2600 Service Pack 2 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'explorer.exe'(3188)
c:\windows\system32\btneighborhood.dll
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\CSH.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Gennemført tid: 2010-04-04 21:08:20 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-04-04 19:08
Pre-Kørsel: 9.937.534.976 bytes free
Post-Kørsel: 9.839.267.840 bytes free
- - End Of File - - D513FBADF6CECD47D03E9461C2CD07B5
ComboFix 10-04-03.02 - Jes 04-04-2010 20:55:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.45.1033.18.1014.427 [GMT 2:00]
Kører fra: c:\documents and settings\Jes\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Jes\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\webserver
c:\windows\AppPatch\AcAdProc.dll
c:\windows\jestertb.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_APTO6KO
-------\Legacy_CAPTCHA
-------\Legacy_CPQOKO6
-------\Legacy_WEBSERVER
((((((((((((((((((((((((((((( Filer skabt fra 2010-03-04 til 2010-04-04 )))))))))))))))))))))))))))))))))))
.
2010-04-04 16:34 . 2010-04-04 16:34 -------- d-----w- c:\documents and settings\Jes\Application Data\Malwarebytes
2010-04-04 16:33 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-04 16:33 . 2010-04-04 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-04 16:33 . 2010-04-04 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-04 16:33 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-04 16:29 . 2010-04-04 16:29 -------- d-----w- c:\program files\CCleaner
2010-04-04 15:35 . 2010-04-04 15:35 -------- d-----w- c:\program files\Trend Micro
2010-04-01 09:13 . 2010-04-01 14:58 -------- d-----w- C:\SmitfraudFix
2010-03-30 17:59 . 2010-03-30 17:50 1872472 ----a-w- C:\SmitfraudFix.exe
2010-03-29 06:30 . 2010-03-29 06:30 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-03-22 12:47 . 2010-03-22 12:47 -------- d-----w- c:\documents and settings\Jes\Application Data\AdobeUM
2010-03-21 18:48 . 2010-03-21 18:54 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-21 18:08 . 2010-03-21 18:13 -------- d-----w- c:\program files\Norton Internet Security
2010-03-21 18:07 . 2010-03-21 18:13 48776 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-21 18:07 . 2010-03-21 18:13 115000 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-21 18:06 . 2010-03-22 18:43 -------- d-----w- c:\program files\Symantec
2010-03-21 17:13 . 2010-03-21 17:13 0 ----a-w- c:\windows\nsreg.dat
2010-03-21 17:13 . 2010-03-21 17:13 -------- d-----w- c:\documents and settings\Jes\Local Settings\Application Data\Mozilla
2010-03-20 11:35 . 2010-04-01 13:50 -------- d-----w- c:\program files\Lavasoft
2010-03-20 09:27 . 2010-03-20 09:27 -------- d-----w- c:\documents and settings\Jes\Application Data\Lavasoft
2010-03-19 18:35 . 2010-03-19 18:35 -------- d--h--w- c:\windows\PIF
2010-03-19 17:42 . 2010-03-30 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-19 17:40 . 2010-03-30 18:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-19 17:32 . 2010-03-19 17:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-18 12:05 . 2010-03-18 12:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-10 10:16 . 2010-03-10 10:16 -------- d-----w- c:\program files\VALVe
2010-03-10 09:26 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 10:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 19:05 . 2009-12-06 16:45 -------- d-----w- c:\program files\Steam
2010-04-04 19:04 . 2010-01-23 22:08 -------- d-----w- c:\documents and settings\Jes\Application Data\Skype
2010-04-04 19:02 . 2006-12-08 15:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-04 18:48 . 2010-02-09 18:50 -------- d-----w- c:\documents and settings\Jes\Application Data\U3
2010-04-04 18:08 . 2010-01-23 22:11 -------- d-----w- c:\documents and settings\Jes\Application Data\skypePM
2010-04-04 16:31 . 2008-07-03 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-01 13:50 . 2008-07-03 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-01 10:43 . 2008-07-04 08:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-30 18:43 . 2009-10-16 15:17 -------- d-----w- c:\program files\RocketDock
2010-03-21 20:12 . 2006-12-08 15:01 -------- d-----w- c:\program files\Google
2010-03-21 18:13 . 2010-03-21 18:07 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-21 18:13 . 2010-03-21 18:07 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-20 11:27 . 2006-12-08 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-19 17:34 . 2008-10-03 17:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-03-16 21:35 . 2009-12-02 15:40 -------- d-----w- c:\documents and settings\Jes\Application Data\vlc
2010-03-11 19:43 . 2010-02-22 12:41 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-03-11 10:45 . 2009-11-18 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-21 00:39 . 2009-10-16 15:34 -------- d-----w- c:\program files\LimeWire
2010-02-21 00:04 . 2009-10-16 15:35 -------- d-----w- c:\documents and settings\Jes\Application Data\LimeWire
2010-02-17 14:40 . 2010-02-17 14:40 -------- d-----w- c:\program files\Games_Bar_1
2010-02-17 11:20 . 2009-12-02 15:41 -------- d-----w- c:\documents and settings\Jes\Application Data\dvdcss
2010-01-26 17:00 . 2010-01-26 17:00 503808 ----a-w- c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c89f251-n\msvcp71.dll
2010-01-26 17:00 . 2010-01-26 17:00 348160 ----a-w- c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c89f251-n\msvcr71.dll
2010-01-26 17:00 . 2010-01-26 17:00 61440 ----a-w- c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-20072725-n\decora-sse.dll
2010-01-26 17:00 . 2010-01-26 17:00 499712 ----a-w- c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c89f251-n\jmc.dll
2010-01-26 17:00 . 2010-01-26 17:00 12800 ----a-w- c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-20072725-n\decora-d3d.dll
2010-01-26 16:58 . 2010-01-26 16:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-23 22:11 . 2010-01-23 22:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-13 11:40 . 2007-09-30 17:09 168 --sh--r- c:\windows\system32\25A15EAE1B.sys
2009-10-13 11:40 . 2007-09-30 17:09 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\Games_Bar_1\tbGame.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-02-21 1217872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-23 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-13 771704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-12-8 7168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"8085:TCP"= 8085:TCP:*:Disabled:OKOToGate
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [21-03-2010 20:12 102712]
S2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2010 10:22 135664]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [29-07-2008 15:23 206336]
--- Andre Services/Drivers i Hukommelsen ---
*NewlyCreated* - COMHOST
.
Indhold af mappen 'Planlagte Opgaver'
2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:12]
2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:12]
2010-03-22 c:\windows\Tasks\Norton Internet Security - Kør fuld systemskanning - Jes.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://google.dk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Jes\Application Data\Mozilla\Firefox\Profiles\dc6b9y34.default\
FF - prefs.js: browser.startup.homepage - hxxp://tdconline.dk/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLITIKKER ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - TOMME GENVEJE FJERNET - - - -
HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 21:02
Windows 5.1.2600 Service Pack 2 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'explorer.exe'(3188)
c:\windows\system32\btneighborhood.dll
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\CSH.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Gennemført tid: 2010-04-04 21:08:20 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-04-04 19:08
Pre-Kørsel: 9.937.534.976 bytes free
Post-Kørsel: 9.839.267.840 bytes free
- - End Of File - - D513FBADF6CECD47D03E9461C2CD07B5
Skrevet søn. d. 04. april 2010 kl. 21:15:59| #12
patrick14 (7.070 point)
Nej
Kilall::
Snapshot::
Hosts::
nulstiller hostfilen, desuden kan jeg se mere i en combofix log end at jeg kan i hijackthis, så scriptet ER rigtigt.
Kilall::
Snapshot::
Hosts::
nulstiller hostfilen, desuden kan jeg se mere i en combofix log end at jeg kan i hijackthis, så scriptet ER rigtigt.
Skrevet søn. d. 04. april 2010 kl. 21:30:27| #13
patrick14 (7.070 point)
Åben Notesblok og kopier følgende tekst ind - og gem tekst-filen som CFScript samme sted som du har ComboFix:
Killall::
Snapshot::
Folder::
c:\documents and settings\All Users\Application Data\McAfee
c:\program files\Games_Bar_1
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\Games_Bar_1\tbGame.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]
Killall::
Snapshot::
Folder::
c:\documents and settings\All Users\Application Data\McAfee
c:\program files\Games_Bar_1
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\Games_Bar_1\tbGame.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]
Skrevet søn. d. 04. april 2010 kl. 21:32:58| #14
patrick14 (7.070 point)
Upload denne fil til virusscan.jotti.org c:\windows\system32\25A15EAE1B.sys
Skrevet tir. d. 06. april 2010 kl. 12:52:31| #15
f-arn (21.535 point)
Dette CFScript er ikke rigtigt patric1-14
Skrevet tir. d. 06. april 2010 kl. 14:48:08| #16
patrick14 (7.070 point)
f-arn du er velkommen til at rette i det samt køre tråden videre
Skrevet ons. d. 07. april 2010 kl. 07:18:55| #17
f-arn (21.535 point)
Da det er karise_larrys "tråd" vil jeg lade ham fortsætte.
@patrick14
Hvis du vil lave logløsning med Comboofix, bør du lære noget om regedit.
@patrick14
Hvis du vil lave logløsning med Comboofix, bør du lære noget om regedit.
Skrevet ons. d. 07. april 2010 kl. 08:16:15| #18
Afinstall
* LIMEWIRE
http://www.spywarefri.dk/ (...)
samt SLET mapperne ->
c:\program files\LimeWire
c:\documents and settings\Jes\Application Data\LimeWire
---
Find og opload denne fil:
c:\windows\system32\25A15EAE1B.sys
Til scanneren Jotti, så vi kan få sat navn på infektionen:
http://virusscan.jotti.org/
og/eller
http://www.virustotal.com/ (...)
http://www.ctrlaltdel.dk/ (...)
Vend tilbage, og fortæl os hvad scanneren sagde.
---
<f-arn>: Du må gerne bidrage med evt. ComboFix Script procedure...
* LIMEWIRE
http://www.spywarefri.dk/ (...)
samt SLET mapperne ->
c:\program files\LimeWire
c:\documents and settings\Jes\Application Data\LimeWire
---
Find og opload denne fil:
c:\windows\system32\25A15EAE1B.sys
Til scanneren Jotti, så vi kan få sat navn på infektionen:
http://virusscan.jotti.org/
og/eller
http://www.virustotal.com/ (...)
http://www.ctrlaltdel.dk/ (...)
Vend tilbage, og fortæl os hvad scanneren sagde.
---
<f-arn>: Du må gerne bidrage med evt. ComboFix Script procedure...
Log ind
Seneste spørgsmål
GFXHasherVerification[4].htm mm. virus hjælp
Oprettet den 18. maj 2013 kl. 12.00
Tobi97 giver 60 point for svar | Giv et svar »
Fjerne instant savings fra win7
Oprettet den 16. maj 2013 kl. 21.22
knagen7100 giver 100 point for svar | Giv et svar »
Seneste guides
Seneste nyheder
Tips & Tricks fra PC World
Her er seks Google Labs-funktioner, som du skal slå til med det samme
Gmail Labs giver dig adgang til en masse smarte funktioner, som Googles ingeniører leger med i øjeblikket.
Anmeldelser fra PC World
Test: Samsung Galaxy S4 er et hit - trods gøglertricks
Kan Samsung beholde førertrøjen i det store Android-race? Galaxy S4 er smækfyldt med innovative funktioner, men også med en del gøgl. Er det for meget? Få vores dom over Samsungs nye topmodel.
Seneste blogindlæg
Tvangslukke spørgsmål: Hvad er den bedste løsning?
Hej Vi har mange åbne spørgsmål på Eksperten. Vi ville gerne tvangslukke dem - så et spørgsmål efter f.eks. 6 måneder lukkes. Men der er et par uklarheder som ville være gode at få lidt input til:...
Nyheder fra PC World
Ny opfindelse: Oplad din mobil på 20 sekunder
Måske er det snart slut med at lade mobilen op hver aften. Med ny opfindelse kan telefonen få fuld energi på sølle 20 sekunder.
Nyheder fra Computerworld
Mail-system i sort hos stor dansk operatør - massevis af danskere ramt
Et af Danmarks helt store mail-tjenester i sort. Massevis af danskere ramt.
IT Kurser
Samarbejdspartnere
Udgiver · © 2013 IDG Danmark A/S · Hørkær 18 · 2730 Herlev · Tlf.: 77 300 300 · Fax: 77 300 301 · Brug af personoplysninger