CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede comeasyouare Nybegynder
14. august 2009 - 22:55 Der er 4 kommentarer og
1 løsning

Check af logfiler

Så kom kæresten lige til at lege virus ekspert, og fik installeret personal antivirus, dum ide. Jg har kørt Ccleaser, Malwarebytes, Combofix og HIjackthis, og umiddelbart ser det ud til at jeg er sluppet ef med programmet, her er log filerne, for et check.

Her er logfilerne fra Malwarebytes, Combofix og HiJackThis

1. Malwarebytes
Malwarebytes' Anti-Malware 1.40
Database version: 2626
Windows 6.0.6001 Service Pack 1

14-08-2009 22:01:00
mbam-log-2009-08-14 (22-01-00).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 203658
Tid tilbagelagt: 57 minute(s), 49 second(s)

Inficerede Hukommelses Processer: 1
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 3
Inficerede Registeringsdatabase Værdier: 3
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 3
Inficerede Filer: 7

Inficerede Hukommelses Processer:
C:\Program Files\PersonalAV\pav.exe (Rogue.PersonalAntiVirus) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
C:\Windows\System32\msxmlm.dll (Trojan.FakeAlert) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msdrv (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Windows\System32\msxmlm.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Windows\System32\NetFilter.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAV\pav.exe (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\PersonalAV\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Users\Louise\Desktop\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

2. Combofix
ComboFix 09-08-10.06 - Louise 14-08-2009 22:14.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic  6.0.6001.1.1252.45.1030.18.2039.1166 [GMT 2:00]
Kører fra: c:\users\Louise\Desktop\Anti-Virus\Installation\ComboFix.exe
Kommandoer benyttet :: c:\users\Louise\Desktop\Anti-Virus\Installation\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3996787161-2825705105-512706276-500



.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-07-14 til 2009-08-14  )))))))))))))))))))))))))))))))))))
.

2009-08-14 19:00 . 2009-08-14 19:00    --------    d-----w-    c:\users\Louise\AppData\Roaming\Malwarebytes
2009-08-14 19:00 . 2009-08-03 11:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 19:00 . 2009-08-14 19:00    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-08-14 19:00 . 2009-08-14 19:00    --------    d-----w-    c:\programdata\Malwarebytes
2009-08-14 19:00 . 2009-08-03 11:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-08-14 18:56 . 2009-08-14 18:56    --------    d-----w-    c:\program files\CCleaner
2009-08-14 18:47 . 2009-06-22 14:58    13312    ----a-w-    c:\windows\system32\drivers\snetcfg.exe
2009-08-14 18:47 . 2009-05-14 09:58    61440    ----a-w-    c:\windows\system32\ndisapi.dll
2009-08-14 16:07 . 2009-08-14 20:01    --------    d-----w-    c:\program files\Common Files\Uninstall
2009-08-14 15:35 . 2009-08-14 20:26    17408    ----a-w-    c:\windows\system32\rpcnetp.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 20:27 . 2009-06-12 15:20    17408    ----a-w-    c:\windows\system32\rpcnetp.dll
2009-08-14 20:25 . 2009-05-11 14:59    12    ----a-w-    c:\windows\bthservsdp.dat
2009-08-14 20:09 . 2008-04-20 01:55    96408    ----a-w-    c:\windows\system32\perfc006.dat
2009-08-14 20:09 . 2008-04-20 01:55    502328    ----a-w-    c:\windows\system32\perfh006.dat
2009-08-11 07:24 . 2009-02-06 00:23    --------    d-----w-    c:\programdata\PDFC
2009-07-21 21:52 . 2009-07-29 06:48    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 06:48    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 06:48    71680    ----a-w-    c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 06:48    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2009-07-16 20:04 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2009-07-06 18:27 . 2009-07-06 18:27    --------    d-----w-    c:\users\Ulrik\AppData\Roaming\PC Suite
2009-07-03 19:41 . 2009-07-03 19:41    --------    d-----w-    c:\program files\Common Files\PCSuite
2009-07-03 19:41 . 2009-07-03 19:40    --------    d-----w-    c:\program files\Common Files\Nokia
2009-07-03 19:41 . 2009-06-28 19:06    --------    d-----w-    c:\program files\Nokia
2009-07-03 19:39 . 2009-06-28 19:10    --------    d-----w-    c:\program files\DIFX
2009-07-03 19:39 . 2009-07-03 19:39    --------    d-----w-    c:\program files\PC Connectivity Solution
2009-07-03 19:35 . 2009-07-03 19:35    95232    ----a-w-    c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-03 19:35 . 2009-07-03 19:35    8192    ----a-w-    c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-03 19:35 . 2009-07-03 19:35    61440    ----a-w-    c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-03 19:35 . 2009-07-03 19:35    10240    ----a-w-    c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-03 19:11 . 2009-06-28 19:05    --------    d-----w-    c:\programdata\Installations
2009-07-03 19:11 . 2009-07-03 19:35    33848696    ----a-w-    c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_dan.exe
2009-06-28 19:49 . 2009-06-28 19:11    --------    d-----w-    c:\users\Louise\AppData\Roaming\PC Suite
2009-06-28 19:13 . 2009-06-28 19:13    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-06-28 19:13 . 2009-06-28 19:11    --------    d-----w-    c:\users\Louise\AppData\Roaming\Nokia
2009-06-28 19:13 . 2009-06-28 19:11    --------    d-----w-    c:\programdata\PC Suite
2009-06-28 19:13 . 2009-06-28 19:13    0    ---ha-w-    c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-28 19:05 . 2009-06-28 19:05    8192    ----a-w-    c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-28 19:05 . 2009-06-28 19:05    61440    ----a-w-    c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-28 19:05 . 2009-06-28 19:05    10240    ----a-w-    c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-28 19:04 . 2009-06-28 19:05    34431608    ----a-w-    c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_dan_web.exe
2009-06-15 15:24 . 2009-07-15 08:19    156672    ----a-w-    c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 08:19    72704    ----a-w-    c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 08:19    10240    ----a-w-    c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 08:19    289792    ----a-w-    c:\windows\system32\atmfd.dll
2009-06-12 08:07 . 2009-06-12 05:51    44544    ----a-w-    c:\windows\system32\agremove.exe
2009-05-28 15:35 . 2009-05-28 15:35    115576    ----a-w-    c:\users\Ulrik\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-06 08:55 . 2009-02-06 08:55    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-10-03 182808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-27 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-27 133656]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-10-16 1310720]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-11 148888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-2-6 197904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7A25B877-49DF-4405-8D6E-B130F6A95018}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{2EB93E74-0D75-41BF-879B-543872D6145D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2EFB6666-9013-4624-A0EF-092DD5364582}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11-05-2009 20:24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11-05-2009 20:24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11-05-2009 20:23 51792]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [27-08-2008 17:52 24880]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [06-02-2009 02:16 354840]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [06-02-2009 02:23 777240]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [06-02-2009 03:04 222512]
RUnknown rpcnetp;rpcnetp; [x]
S2 0316361242062850mcinstcleanup;McAfee Application Installer Cleanup (0316361242062850);c:\users\Louise\AppData\Local\Temp\031636~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\users\Louise\AppData\Local\Temp\031636~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet: NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21-01-2008 04:32 179712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
bthsvcs    REG_MULTI_SZ      BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=91&bd=all&pf=cmnb
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: danid.dk
FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\34m435oq.default\
FF - prefs.js: browser.startup.homepage - google.dk
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 22:27
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(4296)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dan.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\AEADISRV.EXE
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\rpcnetp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Gennemført tid: 2009-08-14 22:36 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-08-14 20:35

Pre-Kørsel: 121.816.256.512 byte ledig
Post-Kørsel: 121.678.295.040 byte ledig

212    --- E O F ---    2009-08-11 20:19

3. Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:01, on 14-08-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\windows\Explorer.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=91&bd=all&pf=cmnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\HP Webcam" UpdateWithCreateOnce "Software\CyberLink\HP Webcam\1.0"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O23 - Service: McAfee Application Installer Cleanup (0316361242062850) (0316361242062850mcinstcleanup) - Unknown owner - C:\Users\Louise\AppData\Local\Temp\031636~1.EXE (file missing)
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7540 bytes
Avatar billede johnstigers Seniormester
14. august 2009 - 23:27 #1
SP2 til Vista er ude...
Avatar billede Computer Hjælp (Gratis) Mester
15. august 2009 - 08:30 #2
BINGO! Malwarebytes mm. har klaret det for dig/jer!!!

Lidt efterfølgende/generel oprydning ->

Klik på Start->Kør skriv Services.msc (C:\Windows\System32\services.msc) og klik OK.
Find Tjenesten (Hvis den er der)
*  McAfee Application Installer Cleanup
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O23 - Service: McAfee Application Installer Cleanup (0316361242062850) (0316361242062850mcinstcleanup) - Unknown owner - C:\Users\Louise\AppData\Local\Temp\031636~1.EXE (file missing)

Genstart normalt...

------------------------------------------------------------------------

Ta' en oprydning med nævnte CCleaner...

------------------------------------------------------------------------

Husk M$ ServicePack2 til Vista -> http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d + efterfølgende opdaterinegr hos WindowsUpdate...

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?
Avatar billede comeasyouare Nybegynder
15. august 2009 - 15:52 #3
Så er det gjort, alt ser ok ud! Tak for hjælpen!
Avatar billede comeasyouare Nybegynder
15. august 2009 - 15:53 #4
Smid et svar :o)
Avatar billede Computer Hjælp (Gratis) Mester
15. august 2009 - 22:45 #5
Ping...
(Det var et [svar]...)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 20:17 vlc viser kegle-icon Af casablanca i Andet software
I går 14:01 Oprette / gemme et par fotos i en mappe - Samsung Galaxy A 14 5G ? Af Ikke-ekspert i Mobiltelefoner
I går 11:14 Bærbar til Sims 3? Af idamarie i PC
I går 10:49 Adobe til excel Af densortehingst i Andet software
I går 09:26 Chrome Af fjorbak i Andet netværk
White papers
Flere white papers »


Premium
Teaser billede
5.000 flyafgange i verden blev aflyst som følge af Crowdstrike-nedbrud: Vil Københavns Lufthavn søge erstatning?
Læs mere »
Hackere udnytter CrowdStrike-nedbruddet: Spreder malware ved hjælp af falske løsninger
Microsoft skyder dele af skylden for CrowdStrike-nedbrud på 15 år gammel EU-aftale
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Samlet platform sikrer sammenhæng, kontrol og sikkerhed i hybrid cloud
Læs mere »
Unbreakable - sådan sikrer du dig vedvarende og uafbrudt adgang til dine data
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
MDR: Transparent sikkerhed og overvågning i realtid
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »