Oprettet lør. d. 10. april 2010 kl. 21:41:30
200 point uddelt | 21 kommentarer
PC problem -> hijackthis log
Hej,Min søsters bærbare pc vil genstarte hver gang man starter den, plus den kommer med et par underlige systemfejl.. Så derfor har jeg lavet en log til jer it-hajer.
Jeg fandt ud af, jeg kunne få den til ikke at genstarte ved at skrive Kør->shutdown -a
Er der en der vil tjekke loggen? masser af point at hente :-)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:40, on 10-04-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\Programmer\Google\Update\GoogleUpdate.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\UltraVNC\WinVNC.exe
C:\Programmer\McAfee\Common Framework\naPrdMgr.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wininet.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Documents and Settings\Joan\reader_s.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/ (...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe syce.xto nqxwp
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [WinVNC] "C:\Programmer\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MsXSLT] C:\WINDOWS\system32\msxslt3.exe
O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [6.tmp] C:\WINDOWS\system32\6.tmp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [syncman] c:\documents and settings\joan\wuaucldt.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Joan\reader_s.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-220523388-583907252-839522115-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-220523388-583907252-839522115-1010\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe (User '?')
O4 - HKUS\S-1-5-21-220523388-583907252-839522115-1010\..\Run: [reader_s] C:\Documents and Settings\Joan\reader_s.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Opdateringsagent.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/ (...)
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/ (...)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.aarhus.dk/ (...)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/ (...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/ (...)
O16 - DPF: {86702DD4-6E0B-4D72-8715-C963F1BA38B3} (RxClientView Control) - http://www.byggeweb.dk/ (...)
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/ (...)
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/ (...)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/ (...)
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/ (...)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/ (...)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/ (...)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://support.persits.com/ (...)
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/ (...)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.plf.dk/ (...)
O20 - Winlogon Notify: reset5c - C:\WINDOWS\SYSTEM32\reset5c.dll
O21 - SSODL: LGootkitSSO - {42AB8980-EB32-470E-9C3F-B5E5AC67ABE2} - C:\WINDOWS\System32\lmsxsltsso.dll
O21 - SSODL: GootkitSSO - {F033DD9F-88B5-4D51-A74A-560E680028B2} - C:\WINDOWS\System32\msxsltsso.dll
O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\system32\svshost.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programmer\UltraVNC\WinVNC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10784 bytes
Skrevet lør. d. 10. april 2010 kl. 22:16:53| #1
f-arn (21.675 point)
Hej, der er da også noget der ser lidt "underligt ud.
Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/ (...)
Eller her ->
http://www.download.com/ (...)
Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "fuld systemskan" under fanebladet "skanner"
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://download.bleepingcomputer.com/ (...)
eller her: http://www.forospyware.com/ (...)
Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt herind.
OBS - DDS skal gemmes på computeren og ikke køres fra nettet
NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.
Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/ (...)
Eller her ->
http://www.download.com/ (...)
Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "fuld systemskan" under fanebladet "skanner"
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://download.bleepingcomputer.com/ (...)
eller her: http://www.forospyware.com/ (...)
Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt herind.
OBS - DDS skal gemmes på computeren og ikke køres fra nettet
NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.
Skrevet lør. d. 10. april 2010 kl. 22:29:54| #2
Yffer Pyffer - der er >10 meget mistænkelige elementer - og det er dem der umiddelbart er synlige - ifølge din log...
Hvad har du (=din søster) haft gang i ?
Glæder mig *S* til at se/læse reslutatet fra #1 proceduren...
Hvad har du (=din søster) haft gang i ?
Glæder mig *S* til at se/læse reslutatet fra #1 proceduren...
Skrevet lør. d. 10. april 2010 kl. 23:24:26| #3
f-arn (21.675 point)
Efter jeg så karise_larrys indlæg har jeg læst hele loggen og jeg er desværre 99,9% sikker på det er virut.
http://www.spywarefri.dk/ (...)
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Joan\reader_s.exe
http://www.spywarefri.dk/ (...)
Skrevet søn. d. 11. april 2010 kl. 11:56:20| #4
mamme (16.830 point)
tak f-arn, så fik jeg kørt en komplet scan med Malwarebytes, den fandt 26 infected. Det hjalp mærkbart på pc'en at køre den scanning.
Jeg kunne desværre ikke køre en update, da nettet var nede.
Den virut lyder godt nok ret slem, når man læser den side du har linket til..
Her kommer de 2 logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:43, on 11-04-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\UltraVNC\WinVNC.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/ (...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [WinVNC] "C:\Programmer\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Opdateringsagent.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/ (...)
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/ (...)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.aarhus.dk/ (...)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/ (...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/ (...)
O16 - DPF: {86702DD4-6E0B-4D72-8715-C963F1BA38B3} (RxClientView Control) - http://www.byggeweb.dk/ (...)
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/ (...)
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/ (...)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/ (...)
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/ (...)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/ (...)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/ (...)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://support.persits.com/ (...)
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/ (...)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.plf.dk/ (...)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programmer\UltraVNC\WinVNC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8904 bytes
Jeg kunne desværre ikke køre en update, da nettet var nede.
Den virut lyder godt nok ret slem, når man læser den side du har linket til..
Her kommer de 2 logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:43, on 11-04-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\UltraVNC\WinVNC.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/ (...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [WinVNC] "C:\Programmer\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Opdateringsagent.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/ (...)
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/ (...)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.aarhus.dk/ (...)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/ (...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/ (...)
O16 - DPF: {86702DD4-6E0B-4D72-8715-C963F1BA38B3} (RxClientView Control) - http://www.byggeweb.dk/ (...)
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/ (...)
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/ (...)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/ (...)
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/ (...)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/ (...)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/ (...)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://support.persits.com/ (...)
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/ (...)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.plf.dk/ (...)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programmer\UltraVNC\WinVNC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8904 bytes
Skrevet søn. d. 11. april 2010 kl. 11:56:50| #5
mamme (16.830 point)
DDS (Ver_10-03-17.01) - NTFSx86
Run by Joan at 11:42:02,29 on 11-04-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.503.175 [GMT 2:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\UltraVNC\WinVNC.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\programmer\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [McAfeeUpdaterUI] "c:\programmer\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ShStatEXE] "c:\programmer\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [WinVNC] "c:\programmer\ultravnc\WinVNC.exe" -servicehelper
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\opdate~1.lnk - c:\programmer\3\3connect\AutoUpdateSrv.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: mhitp.dk\citrix
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {11818680-FCF6-11D0-9808-0800092A4865} - hxxp://www.kps.dk/Codebase/FormCtl.cab
DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://gis.aarhus.dk/Mapguide%20viewer/v65/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258051879187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201767695571
DPF: {86702DD4-6E0B-4D72-8715-C963F1BA38B3} - hxxp://www.byggeweb.dk/plugin/RxClientView.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab
DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfcrypto.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxps://asp.photoprintit.de/microsite/4066/defaults/activex/ips/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} - hxxp://www.kps.dk/codebase/scriptobject.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://support.persits.com/xupload/XUpload.ocx
DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} - hxxp://www.kps.dk/codebase/fontinstaller.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.plf.dk/greve/ACGM/acgm.cab
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\programmer\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-8-9 58464]
R2 McAfeeFramework;McAfee Framework Service;c:\programmer\mcafee\common framework\FrameworkService.exe [2007-8-9 104000]
R2 McTaskManager;Network Associates Task Manager;c:\programmer\network associates\virusscan\VsTskMgr.exe [2006-6-8 29184]
S1 khtd696;khtd696;c:\windows\system32\drivers\khtd696.sys [2010-4-8 138272]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\google\update\GoogleUpdate.exe [2010-1-26 135664]
S2 McShield;Network Associates McShield;c:\programmer\network associates\virusscan\Mcshield.exe [2006-2-14 221191]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-8-19 102656]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-8-9 116864]
=============== Created Last 30 ================
2010-04-10 23:01:40 0 d-----w- c:\docume~1\joan\applic~1\Malwarebytes
2010-04-10 23:01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-10 23:00:59 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-10 23:00:59 0 d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-04-10 23:00:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-10 17:16:15 0 d-----w- c:\programmer\fælles filer\Wise Installation Wizard
2010-04-10 10:30:08 0 ----a-w- c:\windows\f3lzrri4gqypnhqa900kjda2.ini
2010-04-08 17:59:47 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-04-08 17:58:45 138272 ----a-w- c:\windows\system32\drivers\khtd696.sys
2010-04-07 18:34:18 0 d-----w- c:\docume~1\alluse~1\applic~1\e-Safekey
2010-03-21 08:53:42 293376 ------w- c:\windows\system32\browserchoice.exe
==================== Find3M ====================
2010-04-08 17:59:48 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-04-04 15:45:45 83682 ----a-w- c:\windows\system32\perfc006.dat
2010-04-04 15:45:45 459568 ----a-w- c:\windows\system32\perfh006.dat
2010-02-25 06:18:02 916480 ----a-w- c:\windows\system32\wininet.dll
2007-08-19 00:23:40 1556935 -c--a-w- c:\programmer\freecodecinstaller.zip
2008-01-30 08:03:24 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-01-30 08:03:24 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-01-30 08:03:24 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 11:42:25,70 ===============
Run by Joan at 11:42:02,29 on 11-04-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.503.175 [GMT 2:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\UltraVNC\WinVNC.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\programmer\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [McAfeeUpdaterUI] "c:\programmer\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ShStatEXE] "c:\programmer\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [WinVNC] "c:\programmer\ultravnc\WinVNC.exe" -servicehelper
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\opdate~1.lnk - c:\programmer\3\3connect\AutoUpdateSrv.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: mhitp.dk\citrix
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {11818680-FCF6-11D0-9808-0800092A4865} - hxxp://www.kps.dk/Codebase/FormCtl.cab
DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://gis.aarhus.dk/Mapguide%20viewer/v65/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258051879187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201767695571
DPF: {86702DD4-6E0B-4D72-8715-C963F1BA38B3} - hxxp://www.byggeweb.dk/plugin/RxClientView.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab
DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfcrypto.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxps://asp.photoprintit.de/microsite/4066/defaults/activex/ips/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} - hxxp://www.kps.dk/codebase/scriptobject.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://support.persits.com/xupload/XUpload.ocx
DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} - hxxp://www.kps.dk/codebase/fontinstaller.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.plf.dk/greve/ACGM/acgm.cab
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\programmer\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-8-9 58464]
R2 McAfeeFramework;McAfee Framework Service;c:\programmer\mcafee\common framework\FrameworkService.exe [2007-8-9 104000]
R2 McTaskManager;Network Associates Task Manager;c:\programmer\network associates\virusscan\VsTskMgr.exe [2006-6-8 29184]
S1 khtd696;khtd696;c:\windows\system32\drivers\khtd696.sys [2010-4-8 138272]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\google\update\GoogleUpdate.exe [2010-1-26 135664]
S2 McShield;Network Associates McShield;c:\programmer\network associates\virusscan\Mcshield.exe [2006-2-14 221191]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-8-19 102656]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-8-9 116864]
=============== Created Last 30 ================
2010-04-10 23:01:40 0 d-----w- c:\docume~1\joan\applic~1\Malwarebytes
2010-04-10 23:01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-10 23:00:59 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-10 23:00:59 0 d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-04-10 23:00:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-10 17:16:15 0 d-----w- c:\programmer\fælles filer\Wise Installation Wizard
2010-04-10 10:30:08 0 ----a-w- c:\windows\f3lzrri4gqypnhqa900kjda2.ini
2010-04-08 17:59:47 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-04-08 17:58:45 138272 ----a-w- c:\windows\system32\drivers\khtd696.sys
2010-04-07 18:34:18 0 d-----w- c:\docume~1\alluse~1\applic~1\e-Safekey
2010-03-21 08:53:42 293376 ------w- c:\windows\system32\browserchoice.exe
==================== Find3M ====================
2010-04-08 17:59:48 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-04-04 15:45:45 83682 ----a-w- c:\windows\system32\perfc006.dat
2010-04-04 15:45:45 459568 ----a-w- c:\windows\system32\perfh006.dat
2010-02-25 06:18:02 916480 ----a-w- c:\windows\system32\wininet.dll
2007-08-19 00:23:40 1556935 -c--a-w- c:\programmer\freecodecinstaller.zip
2008-01-30 08:03:24 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-01-30 08:03:24 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-01-30 08:03:24 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 11:42:25,70 ===============
Skrevet søn. d. 11. april 2010 kl. 12:00:26| #6
mamme (16.830 point)
karise_larry - ja nu ved jeg ikke helt præcist hvad hun bruger sin pc til, men ved at hun bruger limewire og et udløbet antivirus program. Så er det måske også kun et spørgsmål om tid, før det går galt..
Skrevet søn. d. 11. april 2010 kl. 13:10:17| #7
f-arn (21.675 point)
Så er det måske også kun et spørgsmål om tid, før det går galt..
Ja, og jeg fryter det er gået rigtig galt!
Jeg skal se den log fra Malwarebyts, så start den og find loggen under fanebladet "Logs". Kopier den herind.
Hent denne scanner.
http://www.freedrweb.com/ (...)
Dr.Web CureIt! - øverst i rækken til venstre.
Dobbeltklik på drweb-cureit.exe, klik på Start - i den boks der popper op, den vil køre en expressscan, det siger du OK til.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Tryk på fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Tryk på - Anvend. Luk Actions - fanebladet ved at trykke på det firkantede kryds i øverste højre hjørne.
Tryk på Scan - fanen. Flyt så prikken i Express Scan ned til Complete Scan,tyk så på den grønne pil til pil til højre så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Når scanningen er færdig, gå op i file - Tryk på- Save Report list. Gem filen på skrivebordet.
Så ligger der en en fil der her hedder "drweb.csv" på skrivebordet.
Luk Programmet.
NB. Under scanningen popper der en boks op med - Buy - den boks lukker du bare ned.
Send drweb.csv loggen herind
Skrevet søn. d. 11. april 2010 kl. 13:46:54| #8
mamme (16.830 point)
Så er Dr.Web CureIt! igang..
Her får du lige loggen fra Malwarebytes' Anti-Malware, som du spugte efter.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11-04-2010 02:28:46
mbam-log-2010-04-11 (02-28-46).txt
Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 240119
Tid gået: 1 time(r), 22 minut(ter), 54 sekund(er)
Hukommelses Processorer Inficeret: 5
Hukommelses Moduler Inficeret: 5
Registreringsdatabase Nøgler Inficeret: 11
Registreringsdatabase Værdier Inficeret: 12
Registreringsdatabase Data Objekter Inficeret: 4
Inficerede Mapper: 1
Inficerede Filer: 28
Hukommelses Processorer Inficeret:
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\wininet.exe (Trojan.Proxy) -> Unloaded process successfully.
C:\Documents and Settings\Joan\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully.
Hukommelses Moduler Inficeret:
C:\WINDOWS\system32\lmsxsltsso.dll (Trojan.GootKit) -> Delete on reboot.
C:\WINDOWS\system32\svshost.dll (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\syce.xto (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\reset5c.dll (Trojan.Agent) -> Delete on reboot.
Registreringsdatabase Nøgler Inficeret:
HKEY_CLASSES_ROOT\CLSID\{d7ffd784-5276-42d1-887b-00267870a4c7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ididp (Trojan.Sasfis) -> Delete on reboot.
Registreringsdatabase Værdier Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6.tmp (Malware.Packer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sysrun (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\lgootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msxslt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
Registreringsdatabase Data Objekter Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe syce.xto nqxwp) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Inficerede Mapper:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Inficerede Filer:
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmsxsltsso.dll (Trojan.GootKit) -> Delete on reboot.
C:\WINDOWS\system32\svshost.dll (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\syce.xto (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\6.tmp (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joan\Lokale indstillinger\Temp\6.tmp (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joan\Lokale indstillinger\Temp\D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Programmer\Internet Explorer\rasadhlp.dll (Trojan.Genome) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B802A7F-FF41-4FA0-A359-5C8820711637}\RP257\A0071314.dll (Trojan.Genome) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winint.exe (Worm.Cutwail) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\YB04T3JW\1[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tmp9942.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joan\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\msxslt3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxslt.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reset5c.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\WINDOWS\system32\wininet.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joan\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joan\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Her får du lige loggen fra Malwarebytes' Anti-Malware, som du spugte efter.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11-04-2010 02:28:46
mbam-log-2010-04-11 (02-28-46).txt
Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 240119
Tid gået: 1 time(r), 22 minut(ter), 54 sekund(er)
Hukommelses Processorer Inficeret: 5
Hukommelses Moduler Inficeret: 5
Registreringsdatabase Nøgler Inficeret: 11
Registreringsdatabase Værdier Inficeret: 12
Registreringsdatabase Data Objekter Inficeret: 4
Inficerede Mapper: 1
Inficerede Filer: 28
Hukommelses Processorer Inficeret:
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\wininet.exe (Trojan.Proxy) -> Unloaded process successfully.
C:\Documents and Settings\Joan\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully.
Hukommelses Moduler Inficeret:
C:\WINDOWS\system32\lmsxsltsso.dll (Trojan.GootKit) -> Delete on reboot.
C:\WINDOWS\system32\svshost.dll (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\syce.xto (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\reset5c.dll (Trojan.Agent) -> Delete on reboot.
Registreringsdatabase Nøgler Inficeret:
HKEY_CLASSES_ROOT\CLSID\{d7ffd784-5276-42d1-887b-00267870a4c7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ididp (Trojan.Sasfis) -> Delete on reboot.
Registreringsdatabase Værdier Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6.tmp (Malware.Packer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sysrun (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\lgootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msxslt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
Registreringsdatabase Data Objekter Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe syce.xto nqxwp) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Inficerede Mapper:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Inficerede Filer:
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmsxsltsso.dll (Trojan.GootKit) -> Delete on reboot.
C:\WINDOWS\system32\svshost.dll (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\syce.xto (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\6.tmp (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joan\Lokale indstillinger\Temp\6.tmp (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joan\Lokale indstillinger\Temp\D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Programmer\Internet Explorer\rasadhlp.dll (Trojan.Genome) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B802A7F-FF41-4FA0-A359-5C8820711637}\RP257\A0071314.dll (Trojan.Genome) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winint.exe (Worm.Cutwail) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\YB04T3JW\1[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tmp9942.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joan\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\msxslt3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxslt.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reset5c.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\WINDOWS\system32\wininet.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joan\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joan\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Skrevet søn. d. 11. april 2010 kl. 18:32:45| #9
mamme (16.830 point)
Her er Dr.Web CureIt! loggen:
1[1].exe C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\NKH2WAUV Trojan.DownLoader.59802 Incurable.Moved.
1[1].exe C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\NUM26D53 Trojan.DownLoad1.34432 Deleted.
1[1].exe C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\RGQFV5RM Trojan.Siggen1.17011 Incurable.Moved.
khtd696.sys C:\WINDOWS\system32\drivers BackDoor.Gootkit.23 Deleted.
ndis.sys C:\WINDOWS\system32\drivers Win32.Lutin Cured.
gtk17.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtk18.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtk19.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtk1A.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtk1B.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtk1C.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtk6.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtkC.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
tmpB64D.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.MulDrop.38374 Deleted.
tmpC735.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.Proxy.13371 Deleted.
tmpD270.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.DownLoad.49872 Deleted.
dont trust me hot new track.mp3 C:\Documents and Settings\Joan\Dokumenter\LimeWire\Saved Trojan.WMALoader Cured.
dont trust me hot new track.mp3 C:\Documents and Settings\jdn\Dokumenter\LimeWire\Saved Trojan.WMALoader Cured.
strun.exe C:\Programmer\StartupRun Tool.StartupRun.122 Renamed.
Dc210.wma C:\RECYCLER\S-1-5-21-1407415224-3194497751-3613112831-1161 Trojan.WMALoader Cured.
Dc211.mp3 C:\RECYCLER\S-1-5-21-1407415224-3194497751-3613112831-1161 Trojan.WMALoader Cured.
Dc219.wma C:\RECYCLER\S-1-5-21-1407415224-3194497751-3613112831-1161 Trojan.WMALoader Cured.
A0080448.exe\strun.exe C:\System Volume Information\_restore{2B802A7F-FF41-4FA0-A359-5C8820711637}\RP259\A0080448.exe Tool.StartupRun.122
A0080448.exe C:\System Volume Information\_restore{2B802A7F-FF41-4FA0-A359-5C8820711637}\RP259 Archive contains infected objects Moved.
A0081892.sys C:\System Volume Information\_restore{2B802A7F-FF41-4FA0-A359-5C8820711637}\RP259 BackDoor.Gootkit.23 Deleted.
A0081894.exe C:\System Volume Information\_restore{2B802A7F-FF41-4FA0-A359-5C8820711637}\RP259 Tool.StartupRun.122 Renamed.
1[1].exe C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\NKH2WAUV Trojan.DownLoader.59802 Incurable.Moved.
1[1].exe C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\NUM26D53 Trojan.DownLoad1.34432 Deleted.
1[1].exe C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\RGQFV5RM Trojan.Siggen1.17011 Incurable.Moved.
khtd696.sys C:\WINDOWS\system32\drivers BackDoor.Gootkit.23 Deleted.
ndis.sys C:\WINDOWS\system32\drivers Win32.Lutin Cured.
gtk17.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtk18.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtk19.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtk1A.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtk1B.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtk1C.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtk6.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
gtkC.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.PWS.Stealer.243 Deleted.
tmpB64D.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.MulDrop.38374 Deleted.
tmpC735.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.Proxy.13371 Deleted.
tmpD270.tmp C:\DOCUME~1\Joan\LOKALE~1\Temp Trojan.DownLoad.49872 Deleted.
dont trust me hot new track.mp3 C:\Documents and Settings\Joan\Dokumenter\LimeWire\Saved Trojan.WMALoader Cured.
dont trust me hot new track.mp3 C:\Documents and Settings\jdn\Dokumenter\LimeWire\Saved Trojan.WMALoader Cured.
strun.exe C:\Programmer\StartupRun Tool.StartupRun.122 Renamed.
Dc210.wma C:\RECYCLER\S-1-5-21-1407415224-3194497751-3613112831-1161 Trojan.WMALoader Cured.
Dc211.mp3 C:\RECYCLER\S-1-5-21-1407415224-3194497751-3613112831-1161 Trojan.WMALoader Cured.
Dc219.wma C:\RECYCLER\S-1-5-21-1407415224-3194497751-3613112831-1161 Trojan.WMALoader Cured.
A0080448.exe\strun.exe C:\System Volume Information\_restore{2B802A7F-FF41-4FA0-A359-5C8820711637}\RP259\A0080448.exe Tool.StartupRun.122
A0080448.exe C:\System Volume Information\_restore{2B802A7F-FF41-4FA0-A359-5C8820711637}\RP259 Archive contains infected objects Moved.
A0081892.sys C:\System Volume Information\_restore{2B802A7F-FF41-4FA0-A359-5C8820711637}\RP259 BackDoor.Gootkit.23 Deleted.
A0081894.exe C:\System Volume Information\_restore{2B802A7F-FF41-4FA0-A359-5C8820711637}\RP259 Tool.StartupRun.122 Renamed.
Skrevet søn. d. 11. april 2010 kl. 20:14:44| #10
mamme (16.830 point)
Det ser sku lidt rodet ud? men måske du kan tyde det..
Skrevet søn. d. 11. april 2010 kl. 20:29:52| #11
...limewire og et udløbet antivirus program. Så er det måske også kun et spørgsmål om tid, før det går galt...
http://www.spywarefri.dk/ (...)
(Du ka' godt give søsteren et rap over fingrene!!!)
---
Det meste blev nappet af [Malwarebytes] ...
<f-arn> forstætter bare ...
http://www.spywarefri.dk/ (...)
(Du ka' godt give søsteren et rap over fingrene!!!)
---
Det meste blev nappet af [Malwarebytes] ...
<f-arn> forstætter bare ...
Skrevet søn. d. 11. april 2010 kl. 21:46:29| #12
f-arn (21.675 point)
Jeg prøvede at lave en Google søgning på "reader_s.exe (Trojan.Agent)":
http://www.google.dk/ (...)
Prøv at læse lidt på resultaterne.
et af dem var dette: http://www.threatexpert.com/ (...)
Sammenholdt med det link jeg lagde til spywarefri
http://www.spywarefri.dk/ (...)
synes jeg du skulle spørge din søster om hun tør stole på den pc eller om den skal geninstalleres.
http://www.google.dk/ (...)
Prøv at læse lidt på resultaterne.
et af dem var dette: http://www.threatexpert.com/ (...)
Sammenholdt med det link jeg lagde til spywarefri
http://www.spywarefri.dk/ (...)
synes jeg du skulle spørge din søster om hun tør stole på den pc eller om den skal geninstalleres.
Skrevet søn. d. 11. april 2010 kl. 22:03:15| #13
f-arn (21.675 point)
Iøvrigt - Win32.Lutin fra dr.web loggen er nok også virut:
http://updates.drweb.com/
http://updates.drweb.com/
Skrevet man. d. 12. april 2010 kl. 18:36:55| #14
mamme (16.830 point)
ja det kan jeg sku godt se.. der er vist ingen anden udvej end at starte fra scrach :-( Jeg får hende til at gemme hendes billeder og så bliver pc'en geninstalleret.
Er det nødvendig at bruge killdisk?
Jeg har tænkt mig at installere Avast! antivirus på den. Hvilke programmer er ellers at overveje? her tænker jeg på anti-spy/malware.
PS. f-arn og karise_larry, tak for hjælp, smid et svar så i kan få point.
Er det nødvendig at bruge killdisk?
Jeg har tænkt mig at installere Avast! antivirus på den. Hvilke programmer er ellers at overveje? her tænker jeg på anti-spy/malware.
PS. f-arn og karise_larry, tak for hjælp, smid et svar så i kan få point.
Skrevet man. d. 12. april 2010 kl. 18:54:09| #15
Sørg bare for at vælge FULD formatering under (gen)instalation.
http://www.eksperten.dk/ (...)
Så husk at få 100% styr på
* Driversoftware passende til Hardwaren
* ServicePack + WindowsUpdate + WindowsUpdate + WindowsUpdate
* Seriøst sikkerhedsprogram + opdatering af samme
* Diverse tillægsprogrammer
* http://kundeservice.tdc.dk/ (...)
* osv osv osv ...
Jooooo - det er ikke bare lige gennemført på ~1 time tid *S*
http://www.eksperten.dk/ (...)
Så husk at få 100% styr på
* Driversoftware passende til Hardwaren
* ServicePack + WindowsUpdate + WindowsUpdate + WindowsUpdate
* Seriøst sikkerhedsprogram + opdatering af samme
* Diverse tillægsprogrammer
* http://kundeservice.tdc.dk/ (...)
* osv osv osv ...
Jooooo - det er ikke bare lige gennemført på ~1 time tid *S*
Skrevet man. d. 12. april 2010 kl. 18:54:51| #16
Accepteret svar!200 point tildelt
Ping...
(Det var et [svar] - deles med <f-arn> !)
(Det var et [svar] - deles med <f-arn> !)
Skrevet man. d. 12. april 2010 kl. 19:20:54| #17
f-arn (21.675 point)
Ok, lad point jægeren karise få de points, men men men....
Jeg ser frem til at der herefter kun behandles malware-bekæmpelse med Combofix, DDS, rootrepeal eller lignende. Det vil jeg ihvertfald påkalde.
Jeg ser frem til at der herefter kun behandles malware-bekæmpelse med Combofix, DDS, rootrepeal eller lignende. Det vil jeg ihvertfald påkalde.
Skrevet tir. d. 13. april 2010 kl. 06:27:34| #18
Takker for Point...
(Du ka' godt give søsteren et rap over fingrene mht. LIMEWIRE...)
(Du ka' godt give søsteren et rap over fingrene mht. LIMEWIRE...)
Skrevet tir. d. 13. april 2010 kl. 13:41:00| #19
f-arn (21.675 point)
@ karise_larry
Ja, du skorede nogle billige points her. Men men men.....
Næste gang du prøver at frikende en inficeret pc alene baseret på HijackThis kan jeg love dig at jeg står klar med krav om andre logs!!!!!!!!
Ja, du skorede nogle billige points her. Men men men.....
Næste gang du prøver at frikende en inficeret pc alene baseret på HijackThis kan jeg love dig at jeg står klar med krav om andre logs!!!!!!!!
Skrevet tir. d. 13. april 2010 kl. 18:42:50| #20
Jeps - selvfølgelig !
(Bruger også altid MalwareBytes...)
(Bruger også altid MalwareBytes...)
Skrevet ons. d. 14. april 2010 kl. 00:49:49| #21
f-arn (21.675 point)
Ja - for du tør ikke bruge seriøse logs. jeg har stadig til gode at se dig bruge Combofix fornuftigt.
Log ind
Seneste spørgsmål
Politiet kongeriget Danmark virussen igen igen.
Oprettet den 19. juni 2013 kl. 22.28
nissen4 giver 100 point for svar | Giv et svar »
Kan man undlade at virusscanne filer
Oprettet den 17. juni 2013 kl. 08.18
nielsnielsen1956 giver 30 point for svar | Giv et svar »
Ukash virus - Er den nu helt væk efter succesfuld...
Oprettet den 13. juni 2013 kl. 01.57
Kristian77 giver 30 point for svar | Giv et svar »
Seneste guides
Seneste nyheder
Udgiver · © 2013 Computerworld A/S · Hørkær 18 · 2730 Herlev · Tlf.: 77 300 300 · Fax: 77 300 301 · Brug af personoplysninger