Avatar billede kurtr Nybegynder
18. november 2007 - 00:58 Der er 18 kommentarer og
1 løsning

Hvad er det her for en

Hej nogen der kan sige mig hvad det for en
opdaget: trojansk program Trojan-Dropper.Win32.Agent.cob    Mail-vedhæftning: [From:"Rickie Trotter" <artmwtuuai@bordeaux-magnum.com>][Subject:We're watching you][Time:2007/11/17 13:59:53]\call1105-16.rar/call1105.mp3                                                                      .scr
Avatar billede apodic Nybegynder
18. november 2007 - 02:15 #1
skal du vide præcis hvad den trojan gør eller bare hvad en trojan generelt er?
Avatar billede arlet Juniormester
18. november 2007 - 08:04 #2
Avatar billede arlet Juniormester
18. november 2007 - 08:06 #3
Og mere her:
http://www.f-secure.com/v-descs/trojdrop.shtml

Dit antivirus program burde kunne stoppe den..
Avatar billede kurtr Nybegynder
19. november 2007 - 12:08 #4
Hej Arlet
Tak men hvoe ligger den på harddisken, jeg kan ikke finde den. Den skulle være kommet med en vedhæftet fil???.
Avatar billede arlet Juniormester
19. november 2007 - 13:55 #5
Umiddelbart er det svært at sige, men vi kan finde den..

Følg denne vejledning:
1)Lad ccleaner lave en oprydning : www.arlet.dk/ccleaner.htm

2)Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind

3)Hent hijackthis herfra: www.arlet.dk/hijackthis.htm

4)Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

Vi skal se logs fra punkt 2 - 3 - 4
Avatar billede kurtr Nybegynder
19. november 2007 - 17:25 #6
Current date is 2007-11-19 This copy has expired. Please download an updated copy.........lyder meget rigtigt men hvor finder jeg den??, jeg har hentet den på den hjemmeside du henviser til
Avatar billede arlet Juniormester
19. november 2007 - 17:33 #7
Hvis combofix ikke vil køre, så sæt uret tilbage til datoen: 16/11 og hent så combofix igen og sæt derefter datoen frem igen
Avatar billede kurtr Nybegynder
19. november 2007 - 18:39 #8
Hej Arlet
Nu har combofix stået på Completed stage_36 i ca 30 minutter??, men der er noget der blinker engang i mellem
Avatar billede kurtr Nybegynder
19. november 2007 - 19:07 #9
Nu slap tålmodigheden op, strømmen blev taget
Avatar billede arlet Juniormester
19. november 2007 - 19:27 #10
okay, så prøv igen med combo fix, for det plejer den ikke at gøre, bortset fra hvis du har klikket i vinduet
Avatar billede kurtr Nybegynder
19. november 2007 - 19:45 #11
Hej igen
Nu kommer de her
UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/19/2007 at 05:08 PM

Application Version : 3.9.1008

Core Rules Database Version : 3346
Trace Rules Database Version: 1347

Scan type      : Quick Scan
Total Scan Time : 00:00:11

Memory items scanned      : 40
Memory threats detected  : 0
Registry items scanned    : 0
Registry threats detected : 0
File items scanned        : 0
File threats detected    : 0
--------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:08, on 19-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Arcade\PCMService.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\OpenOffice.org 2.3\program\soffice.exe
C:\Programmer\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {ADECBED6-0366-4377-A739-E69DFBA04663} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmer\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Tilføj til Kaspersky Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180796623796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185146921109
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmer\WinPcap\rpcapd.exe

--
End of file - 8278 bytes
og så den sidste


ComboFix 07-11-08.1 - Kurt Rasmussen 2007-11-16 19:09:14.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.564 [GMT 1:00]
Running from: C:\Gem\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-10-16 to 2007-11-16  )))))))))))))))))))))))))))))))
.

2007-11-19 16:48    401,720    --a------    C:\Programmer\HJTrenamed.exe
2007-11-19 16:44    <DIR>    d--------    C:\Documents and Settings\Kurt Rasmussen\Application Data\SUPERAntiSpyware.com
2007-11-19 16:44    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-19 12:31    <DIR>    d--------    C:\Programmer\FLV Player
2007-11-19 11:32    <DIR>    d--------    C:\WINDOWS\system32\Kaspersky Lab
2007-11-18 20:11    <DIR>    d--------    C:\Programmer\Fælles filer\SWF Studio
2007-11-18 10:41    <DIR>    dr-------    C:\Documents and Settings\LocalService\Foretrukne
2007-11-18 00:54    626,688    --a------    C:\WINDOWS\system32\msvcr80.dll
2007-11-08 22:57    1,700,352    --a------    C:\WINDOWS\system32\GdiPlus.dll
2007-11-08 22:57    638,976    --a------    C:\WINDOWS\system32\divx.dll
2007-11-08 22:57    524,288    --a------    C:\WINDOWS\system32\xvidcore.dll
2007-11-08 22:57    438,272    --a------    C:\WINDOWS\system32\vp6vfw.dll
2007-11-08 22:57    413,760    --a------    C:\WINDOWS\system32\mpg4c32.dll
2007-11-08 22:57    261,632    --a------    C:\WINDOWS\system32\mcdvd_32.dll
2007-11-08 22:57    139,264    --a------    C:\WINDOWS\system32\xvidvfw.dll
2007-11-08 22:57    24,576    --a------    C:\WINDOWS\system32\msxml3a.dll
2007-11-06 19:59    <DIR>    d--------    C:\Documents and Settings\Kurt Rasmussen\Application Data\vlc
2007-11-06 19:52    <DIR>    d--------    C:\Programmer\VideoLAN
2007-11-05 05:46    <DIR>    d--------    C:\WINDOWS\Freecorder Toolbar
2007-11-05 05:46    2,293,848    --a------    C:\Programmer\FLV PlayerFCSetup.exe
2007-11-05 05:45    <DIR>    d--------    C:\WINDOWS\FLV Player
2007-10-29 13:06    <DIR>    d--------    C:\Programmer\Nero
2007-10-29 13:06    <DIR>    d--------    C:\Programmer\Fælles filer\Nero
2007-10-29 12:40    <DIR>    d--------    C:\Programmer\NeroInstall.bak
2007-10-23 15:26    <DIR>    d--------    C:\WINDOWS\Downloaded Installations
2007-10-23 12:24    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-22 11:28    <DIR>    d--------    C:\Programmer\Sun

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 16:11    8,279    ----a-w    C:\Programmer\hijackthis.log
2007-11-19 15:51    20,733,472    --sha-w    C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-19 15:44    1,065,248    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-19 11:21    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-18 21:55    280,064    --sha-w    C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-18 21:55    103,424    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-18 12:23    ---------    d-----w    C:\Programmer\MSN Messenger
2007-11-18 11:13    ---------    d-----w    C:\Programmer\Microsoft Visual Studio 8
2007-11-18 00:58    ---------    d-----w    C:\Programmer\Microsoft Visual Studio 9.0
2007-11-16 18:02    ---------    d-----w    C:\Documents and Settings\Kurt Rasmussen\Application Data\OpenOffice.org2
2007-11-16 18:02    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-14 15:23    ---------    d-----w    C:\Programmer\Mozilla Sunbird
2007-11-08 22:37    ---------    d-----w    C:\Programmer\Windows Live Safety Center
2007-11-08 22:17    ---------    d-----w    C:\Programmer\Fælles filer\Tjenester
2007-11-07 15:30    ---------    d-----w    C:\Programmer\Mozilla Thunderbird
2007-10-29 11:45    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Nero
2007-10-28 11:37    ---------    d-----w    C:\Programmer\Logitech
2007-10-28 11:37    ---------    d-----w    C:\Programmer\Fælles filer\LogiShrd
2007-10-25 16:43    8,472,064    ----a-w    C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-23 14:27    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-10-23 10:49    ---------    d-----w    C:\Programmer\RegSupreme Pro
2007-10-22 10:28    ---------    d-----w    C:\Programmer\Java
2007-10-22 10:03    ---------    d-----w    C:\Documents and Settings\Kurt Rasmussen\Application Data\Image Zone Express
2007-10-01 23:50    ---------    d-----w    C:\Documents and Settings\Kurt Rasmussen\Application Data\Nero
2007-10-01 23:39    ---------    d-----w    C:\Programmer\Fælles filer\Ahead
2007-10-01 22:23    ---------    d-----w    C:\Documents and Settings\Kurt Rasmussen\Application Data\Ahead
2007-10-01 09:05    ---------    d-----w    C:\Programmer\OpenOffice.org 2.3
2007-09-25 14:38    ---------    d-----w    C:\Documents and Settings\Kurt Rasmussen\Application Data\ZoomBrowser EX
2007-08-21 06:17    683,520    ----a-w    C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17    683,520    ----a-w    C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:00    824,832    ----a-w    C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:00    671,232    ----a-w    C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:00    63,488    ------w    C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:00    6,058,496    ----a-w    C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:00    52,224    ----a-w    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:00    477,696    ----a-w    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:00    459,264    ----a-w    C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:00    44,544    ----a-w    C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:00    384,512    ----a-w    C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:00    383,488    ----a-w    C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:00    3,584,512    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:00    27,648    ----a-w    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:00    267,776    ----a-w    C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:00    232,960    ----a-w    C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:00    230,400    ----a-w    C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:00    214,528    ----a-w    C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:00    193,024    ----a-w    C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:00    153,088    ----a-w    C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:00    132,608    ----a-w    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:00    124,928    ----a-w    C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:00    105,984    ----a-w    C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:00    102,400    ----a-w    C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:00    1,152,000    ----a-w    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:19    63,488    ----a-w    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:19    625,152    ----a-w    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:19    13,824    ----a-w    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34    161,792    ----a-w    C:\WINDOWS\system32\dllcache\ieakui.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 18:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 18:32]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 22:44]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 22:43]
"PCMService"="C:\Programmer\Arcade\PCMService.exe" [2005-03-09 17:59]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-27 04:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 13:00]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 20:05]
"LManager"="C:\Programmer\Launch Manager\QtZgAcer.EXE" [2005-10-13 10:33]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 09:53]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-07-15 09:53]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 15:41]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 15:45]
"AVP"="C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-03-09 19:50]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 11:00]

C:\Documents and Settings\Kurt Rasmussen\Menuen Start\Programmer\Start\
OpenOffice.org 2.3.lnk - C:\Programmer\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 04:43:54]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-01 20:40:14]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2007-06-25 12:34:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
R2 SQLWriter;SQL Server VSS Writer;"C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys
S3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 04:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 19:11:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-16 19:12:02
C:\ComboFix2.txt ... 2007-10-23 12:41
.
    --- E O F ---
Jeg tror det var Kaspersky der blokerede for Combofix
Avatar billede arlet Juniormester
19. november 2007 - 21:40 #12
Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {ADECBED6-0366-4377-A739-E69DFBA04663} - (no file)

genstart og ny hijackthis log

Hvordan kører den nu??
Avatar billede kurtr Nybegynder
19. november 2007 - 22:05 #13
Hej Arlet

Her kommer så en ny Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:09, on 19-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmer\Arcade\PCMService.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\OpenOffice.org 2.3\program\soffice.exe
C:\Programmer\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmer\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180796623796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185146921109
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmer\WinPcap\rpcapd.exe

--
End of file - 7884 bytes

Jeg syntes den kører godt
Avatar billede arlet Juniormester
19. november 2007 - 22:11 #14
Så ser det bedre ud..

Hjalp kuren??

Kør lige trin 5 og 6 herfra: http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Her kan du læse om vores skudsikre sikkerhedspakke: http://www.malwarecheck.dk/forum/viewtopic.php?t=156 .
Hvis du har nogle spørgsmål, så spørger du bare..
Avatar billede kurtr Nybegynder
19. november 2007 - 22:15 #15
Hej
Så er det udført og ja den er blevet noget hurtigere
TUSING TAK FOR HJÆLPEN
læg et svar så får du dine velfortjente point
Avatar billede arlet Juniormester
19. november 2007 - 22:20 #16
Velbekommen..

Ang point, så fik jeg mine point allerede igår, der accepterede du mit første svar..
Avatar billede kurtr Nybegynder
19. november 2007 - 22:21 #17
smid et mere du har fortjent dem
Avatar billede arlet Juniormester
19. november 2007 - 22:31 #18
Det kan man ikke*S*

Eneste mulighed hvis du vil give mere er at oprette et nyt spørgsmål med overskrift point til arlet..
Avatar billede kurtr Nybegynder
20. november 2007 - 11:01 #19
Det sker så her
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester