Uha det var noget af en omgang.....
Og håber jeg har ramt den rigtige til Silbidore med point denne gang ellers skal jeg vist over knæet...
HERE WE GO !!
Malware..
Malwarebytes' Anti-Malware 1.32
Database version: 1652
Windows 5.1.2600 Service Pack 3
14-01-2009 17:53:44
mbam-log-2009-01-14 (17-53-37).txt
Skan type: Fuldstændig skanning (C:\|D:\|F:\|G:\|)
Objekter skannet: 116189
Tid tilbagelagt: 44 minute(s), 55 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 10
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 3
Inficerede Mapper: 0
Inficerede Filer: 9
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\mlJDTmLc.dll (Trojan.Vundo.H) -> No action taken.
Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0939766d-66e0-4485-833a-a6c1fdbc127a} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0939766d-66e0-4485-833a-a6c1fdbc127a} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d47bec5-1851-4fcd-8609-04b3f74aa37b} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8d47bec5-1851-4fcd-8609-04b3f74aa37b} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8d47bec5-1851-4fcd-8609-04b3f74aa37b} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljdtmlc -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljdtmlc -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
Inficerede Mapper:
(Ingen mistænkelige filer fundet)
Inficerede Filer:
C:\WINDOWS\system32\hfcdvq.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mlJDTmLc.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\cLmTDJlm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\cLmTDJlm.ini2 (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Lis\Lokale indstillinger\Temporary Internet Files\Content.IE5\AFY22OQK\InstallAVg_770522164888[2].exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{5D9D0717-7A1A-42B8-865D-D0ABC1633890}\RP66\A0012814.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5D9D0717-7A1A-42B8-865D-D0ABC1633890}\RP66\A0012822.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5D9D0717-7A1A-42B8-865D-D0ABC1633890}\RP66\A0013010.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
Hijack this..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:53, on 14-01-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Browser MOUSE\mouse32a.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\PPSOFT.DK\PP_MailCheck\mailck.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Erik\Skrivebord\HiJackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/ig?hl=daR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {A3047B1E-14F2-4EE4-880A-357F6C19CF66} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {F2CB9CA2-00CC-4E23-A268-5062E5987DDC} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmer\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MailCheck] C:\Programmer\PPSOFT.DK\PP_MailCheck\mailck.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] NOT_IN_USE_DUMMY_PATH
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Google Updater] C:\Programmer\Google\Google Updater\GoogleUpdater.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Google Updater] C:\Programmer\Google\Google Updater\GoogleUpdater.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search -
res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dk.msn.com/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) -
https://www.sparnord.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) -
http://www.streamplug.com/StreamPlug/beta/SP.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227988601062O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll hfcdvq.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: nnnMdAro - nnnMdAro.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Desktop-administrator 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9259 bytes
Håber du får noget ud af det her, og jeg har nu Hijackthis til og stå med dens scanning på hvad gør jeg med dette..