Hvilken virus ligger her?

Det ligger på denne IP 64.15.120.233 - hvis det skulle være en hjælp. :)

Ja, det er virut.

http://www.spywarefri.dk/artikel/ramt-af-virut/

Så det er selve serveren der er ramt eller hvad?
Der ligger MANGE sites på den server, men det er kun et enkelst site, hvor den iframe er blevet tilføjet..

Tag et kig her:
http://www.eksperten.dk/spm/880532

Jeg har lavet en combufik log, fra min workstation. Den ser ikke ud til at sige noget om en infection.

Men jeg kan ikke lave en log på serveren, da combofix ikke virker her. Har du et forslag til at program jeg kan bruge?

Jeg har en mistanke om, at det er blevet skrevet ind i sitets filer, via. FTP, og at serveren derfor ikke er ramt. Men jeg vil meget gerne finde ud af om den er ramt eller ikke...
Jeg har ikke fundet scriptet på andre sites end det ene, men her er alle default.asp filer ramt.

Det gik lidt stærkt (jeg har lidt nerver på over det her) Der skulle ikke stå "combufik" men ComboFix.

Du er nødt til at få fjernet scriptet på alle ramte sider.

Combofix kan ikke køres op på serveren, den er kun beregnet til enkeltmaskiner.

Men kopier loggen herind, så kigger vi på den.

Scriptet er fjernet. Og jeg har ikke fundet det på andre sider. Det lå kun på den ene, og det er en af de eneste som der er FTP adgang til. Kan den være blevet inficeret, via. ftp? Hvis en med FTP adgang, har virusset, har den måske smittet der igennem?

Her er min Combofix log:
ComboFix 09-08-10.06 - Jesper 17-08-2009 12:51.2.2 - NTFSx86
Microsoft® Windows Vista™ Business  6.0.6001.1.1252.45.1030.18.2045.1227 [GMT 2:00]
Kører fra: c:\users\jesper\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\jesper\AppData\Local\Temp\catchme.dll

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-07-17 til 2009-08-17  )))))))))))))))))))))))))))))))))))
.

2009-08-17 10:24 . 2009-08-17 10:24    --------    d-----w-    c:\users\jesper\AppData\Roaming\Malwarebytes
2009-08-17 10:23 . 2009-08-03 11:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-17 10:23 . 2009-08-17 10:24    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-08-17 10:23 . 2009-08-17 10:23    --------    d-----w-    c:\programdata\Malwarebytes
2009-08-17 10:23 . 2009-08-03 11:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-08-13 11:58 . 2009-06-15 15:21    499712    ----a-w-    c:\windows\system32\kerberos.dll
2009-08-13 11:58 . 2009-06-15 15:24    175104    ----a-w-    c:\windows\system32\wdigest.dll
2009-08-13 11:58 . 2009-06-15 15:22    213504    ----a-w-    c:\windows\system32\msv1_0.dll
2009-08-13 11:58 . 2009-06-15 15:24    270848    ----a-w-    c:\windows\system32\schannel.dll
2009-08-13 11:58 . 2009-06-15 15:23    1256448    ----a-w-    c:\windows\system32\lsasrv.dll
2009-08-13 11:58 . 2009-06-15 18:20    439896    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2009-08-13 11:58 . 2009-06-15 15:24    72704    ----a-w-    c:\windows\system32\secur32.dll
2009-08-13 11:58 . 2009-06-15 12:57    9728    ----a-w-    c:\windows\system32\lsass.exe
2009-08-11 20:27 . 2009-07-17 14:35    71680    ----a-w-    c:\windows\system32\atl.dll
2009-08-11 20:27 . 2009-06-10 12:12    160256    ----a-w-    c:\windows\system32\wkssvc.dll
2009-08-11 20:27 . 2009-06-04 12:34    2066432    ----a-w-    c:\windows\system32\mstscax.dll
2009-08-11 20:27 . 2009-06-10 12:07    91136    ----a-w-    c:\windows\system32\avifil32.dll
2009-08-11 20:27 . 2009-07-14 13:00    313344    ----a-w-    c:\windows\system32\wmpdxm.dll
2009-08-11 20:27 . 2009-07-14 12:58    7680    ----a-w-    c:\windows\system32\spwmp.dll
2009-08-11 20:27 . 2009-07-14 12:59    4096    ----a-w-    c:\windows\system32\dxmasf.dll
2009-08-11 20:27 . 2009-07-14 10:59    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2009-08-03 07:57 . 2009-08-03 07:57    --------    d-----w-    c:\programdata\Fighters
2009-08-03 07:57 . 2009-08-03 07:57    --------    d-----w-    c:\program files\Fighters

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 10:35 . 2006-11-21 04:49    78592    ----a-w-    c:\windows\system32\perfc006.dat
2009-08-17 10:35 . 2006-11-21 04:49    467844    ----a-w-    c:\windows\system32\perfh006.dat
2009-08-13 03:58 . 2009-02-08 14:53    8268    ----a-w-    c:\users\jesper\AppData\Local\d3d9caps.dat
2009-08-12 01:10 . 2008-05-16 08:44    --------    d-----w-    c:\program files\Microsoft Silverlight
2009-08-12 01:02 . 2008-04-30 11:09    --------    d-----w-    c:\programdata\Microsoft Help
2009-08-10 11:15 . 2008-09-03 09:18    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-08-10 11:15 . 2008-04-25 00:35    --------    d-----w-    c:\program files\Java
2009-08-05 09:02 . 2008-06-09 07:25    --------    d-----w-    c:\users\jesper\AppData\Roaming\FileZilla
2009-07-23 13:27 . 2008-06-06 13:52    --------    d-----w-    c:\users\jesper\AppData\Roaming\Winamp
2009-07-23 08:09 . 2008-10-15 08:43    --------    d-----w-    c:\program files\eclipse
2009-07-23 07:27 . 2008-06-06 11:30    --------    d-----w-    c:\program files\Winamp
2009-07-21 21:52 . 2009-07-28 20:26    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 20:26    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 20:26    71680    ----a-w-    c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 20:26    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2009-07-21 07:47 . 2008-11-05 07:38    --------    d-----w-    c:\users\jesper\AppData\Roaming\Prish
2009-06-15 15:24 . 2009-07-15 03:51    156672    ----a-w-    c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 03:51    72704    ----a-w-    c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 03:51    10240    ----a-w-    c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 03:51    289792    ----a-w-    c:\windows\system32\atmfd.dll
2008-04-25 08:18 . 2008-04-25 08:07    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((  SnapShot@2009-08-17_10.02.48  )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 00:43 . 2009-08-17 11:00    41036              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-17 11:00    66714              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-30 10:39 . 2009-08-17 09:54    16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-30 10:39 . 2009-08-17 10:58    16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-30 10:39 . 2009-08-17 10:58    32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-30 10:39 . 2009-08-17 09:54    32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-30 10:39 . 2009-08-17 10:58    16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-30 10:39 . 2009-08-17 09:54    16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-06 11:09 . 2009-08-17 11:00    7126              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1838177028-3674822148-4269567672-1698_UserData.bin
+ 2006-11-02 10:33 . 2009-08-17 10:35    591664              c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-14 01:13    591664              c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-14 01:13    102484              c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-17 10:35    102484              c:\windows\System32\perfc009.dat
+ 2009-01-31 02:10 . 2009-08-17 10:50    245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-01-31 02:10 . 2009-08-17 08:56    245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-11-29 1282048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-14 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-14 81920]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2007-11-01 308880]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-10 149280]
"PMX Daemon"="ICO.EXE" - c:\windows\System32\ico.exe [2006-11-08 49152]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2007-09-24 23552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-4-30 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{DAFDFD0A-CE4C-4BA1-92BC-3F9F7D8BFF23}c:\\program files\\microsoft office\\office12\\excel.exe"= UDP:c:\program files\microsoft office\office12\excel.exe:Microsoft Office Excel
"UDP Query User{FF5B4960-7031-4A8C-A80E-E6D6E15C4B50}c:\\program files\\microsoft office\\office12\\excel.exe"= TCP:c:\program files\microsoft office\office12\excel.exe:Microsoft Office Excel
"{04D06901-0807-4416-B490-AE0867A27A68}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{3B1FD3BD-D84F-46B6-AAC9-BCC2B375DB56}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8ACF898C-3D23-413F-B785-A54B83A733DF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{402DEAFF-867E-4858-8C3B-6E00A2BE2484}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C99F97C2-6765-4742-940F-7451FBC24175}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{9279CB6D-5E86-4760-8121-9DE8DE98D887}c:\\program files\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:c:\program files\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{DF074CC1-D0CA-41D0-8FAC-5B0B166F2032}c:\\program files\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:c:\program files\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"TCP Query User{2DE8AD7F-5E0F-499A-B2BB-B46AAA7030E2}c:\\program files\\q3\\quake3.exe"= UDP:c:\program files\q3\quake3.exe:quake3
"UDP Query User{19256A1D-56F0-4CFA-BC23-0E0726635C21}c:\\program files\\q3\\quake3.exe"= TCP:c:\program files\q3\quake3.exe:quake3
"TCP Query User{1AA5C339-E797-4AF3-8276-B54EE3751560}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{622F829C-F2EF-4F30-BADE-17342FD4C3CE}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{1AC1B928-6D25-408D-9A61-66E047DDBDD5}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{213B9BD6-0504-407B-8494-BE7EAB132B4D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{69ECF5DD-3CB7-4456-B2DE-AB98E3869B70}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{4A438A75-C674-44DE-ACC4-91A2EE8B523B}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{0CEAFD84-E42E-4890-8DD6-FE60613E315D}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{80C480A7-2E2B-41F8-9F26-15E388A1597A}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{760A919B-58AA-4292-9659-276144FBF75B}c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{4E1924D7-6180-4042-9568-CA2ACF55726E}c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"TCP Query User{C5C67915-AEC8-4A97-B848-51A0EE15F85F}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{1AE0EB3D-3FFC-4E52-AE01-1998330E0997}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [30-03-2009 09:48 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [30-03-2009 09:48 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [30-03-2009 09:47 51792]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [25-04-2008 02:40 358936]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [01-11-2007 17:15 184976]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [25-04-2008 10:22 179712]
S3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxmouse.sys [25-04-2008 02:36 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxusblf.sys [25-04-2008 02:36 19008]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [16-06-2008 09:11 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [16-06-2008 09:12 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [16-06-2008 09:12 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [16-06-2008 09:15 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [16-06-2008 09:13 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [16-06-2008 09:14 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [16-06-2008 09:16 97704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1838177028-3674822148-4269567672-1698Core.job
- c:\users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 08:03]

2009-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1838177028-3674822148-4269567672-1698UA.job
- c:\users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 08:03]

2009-08-17 c:\windows\Tasks\SLOW-PCfighter.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2009-07-23 14:00]

2009-08-17 c:\windows\Tasks\User_Feed_Synchronization-{7BB67384-2A9E-48E9-AEEA-FADF3E64DF6A}.job
- c:\windows\system32\msfeedssync.exe [2009-07-28 20:13]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://google.dk/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {EE2142BF-E390-4855-8086-27A088DBA0DA} = 10.0.0.2
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\users\jesper\AppData\Roaming\Mozilla\Firefox\Profiles\vr0hpmvn.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 12:58
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(2232)
c:\windows\System32\pmxscrll.dll
c:\windows\System32\PMXCOMM.dll
c:\windows\System32\PMXHOOKS.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\pmxmiced.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\CTxfispi.exe
c:\users\jesper\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\System32\msiexec.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Gennemført tid: 2009-08-17 13:08 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-08-17 11:08
ComboFix2.txt  2009-08-17 10:04

Pre-Kørsel: 108.891.258.880 byte ledig
Post-Kørsel: 108.813.426.688 byte ledig

238    --- E O F ---    2009-08-16 13:23

Der er ikke noget i loggen.

Hvordan det er kommet ind, har jeg ikke noget bud på.

Det er helt sikkert via. FTP..

http://www.version2.dk/artikel/11808-tusindvis-af-danske-websider-hacket-til-at-sprede-malware

Der kan du se noget mere om det, tilsyneladende et ret omfattende angreb i weekenden!

Men tak for hjælpen anyway, smid et svar. :)

Velbekomme. :-)