CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

split87 Nybegynder

22. september 2009 - 18:12 Der er 14 kommentarer og
1 løsning

INFICERET virus fra trick-mail. Trojan.Zlob og W32.Klez.H@mm

Min Windows XP Pc,er blevet inficeret gennem en vedhæftet fil I en email, som lignede en mail angående en levering fra DHL Express..

Trojan.Zlob og W32.Klez.H@mm

Mit Norton 360 fandt virus og smed dem i karantæne. I karantæne-arkivet kan jeg se at Trojan.Zlob også har været sat i karantæne 2 gange i efteråret 2008 - så om der blir ved at være bruddele af denne er jeg usikker på.

Begge virus er af Norton 360 kategoriseret som Høj-risiko inden for alle kriterier.

Hvad gør jeg for at sikre mig pc'en er 'clean'??

På forhånd tak!
-Anders

Synes godt om

split87 Nybegynder

22. september 2009 - 18:16 #1

Her er min logfil:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:05, on 22-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Launchy\Launchy.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
C:\Programmer\SkoleKom\fcc32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FLLESF~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Launchy.lnk = C:\Programmer\Launchy\Launchy.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} (Anark Client 3.0 ActiveX Control) - http://install.anark.com/client/version3/windows-ie/en/AMClient.cab
O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} (IlosoftMultipleImageCtrl Class) - https://www.one.com/static/controls/IlosoftMultipleImageUpload.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {358DFA15-D48C-4296-8D16-7405F918333B} (Fronter Open-Edit-Save Control (VersionControl)) - http://fronter.com/fyn/links/Fronter_oes_prj.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://andersjeppesen1987.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128367746796
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://andersjeppesen1987.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.com/clients/ImageUploader3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.stinusjeppesen.dk/controls/IlosoftImageUpload.dll
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp12.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hedenvantinge.skoleintra.dk/Li/_includes/XUpload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisk LiveUpdate-planlægning (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Programmer\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 15623 bytes

Synes godt om

f-arn Guru

22. september 2009 - 18:50 #2

Hent "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer og start programmet, opdater, lav "Hurtig skan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://download.bleepingcomputer.com/sUBs/dds.scr

eller her: http://www.forospyware.com/sUBs/dds

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet

NB Når du opdaterer Malwarebytes, så klik på "opdater" til den skriver at der ikke er flere opdateringer.

Synes godt om

split87 Nybegynder

22. september 2009 - 20:52 #3

Malwarebytes' Anti-Malware 1.41
Database version: 2843
Windows 5.1.2600 Service Pack 3

22-09-2009 20:47:31
mbam-log-2009-09-22 (20-47-31).txt

Skan type: Hurtig skanning
Objekter skannet: 126759
Tid tilbagelagt: 7 minute(s), 30 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

DDS:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Ejer at 20:50:24,79 on 22-09-2009
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\programmer\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\programmer\fælles filer\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\fllesf~1\symant~1\ids\IPSBHO.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmer\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\programmer\fælles filer\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Acme.PCHButton] c:\progra~1\hppavi~1\pavilion\xphwwbp4\plugin\bin\pchbutton.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BackupNotify] c:\programmer\hp\digital imaging\bin\backupnotify.exe
uRun: [msnmsgr] "c:\progra~1\wi1f86~1\messen~1\msnmsgr.exe" /background
uRun: [swg] "c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ccApp] "c:\programmer\fælles filer\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\programmer\norton 360\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\programmer\fælles filer\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\programmer\fælles filer\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [StartCCC] "c:\programmer\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [HP Software Update] c:\programmer\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\programmer\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\programmer\fælles filer\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\programmer\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [Malwarebytes' Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: &Windows Live Search - c:\programmer\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programmer\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programmer\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} - hxxp://install.anark.com/client/version3/windows-ie/en/AMClient.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxps://www.one.com/static/controls/IlosoftMultipleImageUpload.dll
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://www.cult3d.com/download/cult.cab
DPF: {358DFA15-D48C-4296-8D16-7405F918333B} - hxxp://fronter.com/fyn/links/Fronter_oes_prj.cab
DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.bgbank.dk/html/activex/BG/Menu.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://andersjeppesen1987.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://www.ea.com/downloads/rtpatch/EARTPX.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128367746796
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://andersjeppesen1987.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - hxxp://www.pixdiscount.com/clients/ImageUploader3.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38138.9992476852
DPF: {A590956F-AE99-4419-BB39-3C721276C625} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.stinusjeppesen.dk/controls/IlosoftImageUpload.dll
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp12.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.hedenvantinge.skoleintra.dk/Li/_includes/XUpload.ocx
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmer\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fllesf~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-09-22 20:27 <DIR> --d----- c:\docume~1\ejer\applic~1\Malwarebytes
2009-09-22 20:27 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 20:27 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-22 20:27 <DIR> --d----- c:\programmer\Malwarebytes' Anti-Malware
2009-09-22 20:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-22 18:14 <DIR> --d----- c:\programmer\Trend Micro
2009-09-19 01:44 <DIR> --d----- c:\programmer\iPod
2009-09-19 01:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 12:24 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-03 18:35 <DIR> --d----- c:\programmer\Bonjour

==================== Find3M ====================

2009-09-19 02:24 460,658 a------- c:\windows\system32\perfh006.dat
2009-09-19 02:24 84,248 a------- c:\windows\system32\perfc006.dat
2009-09-19 02:15 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-19 02:15 103,736 a------- c:\windows\system32\PnkBstrB.exe
2009-09-04 23:16 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-08-05 11:00 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 21:03 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 18:59 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 10:26 731,648 a------- c:\windows\system32\lsasrv.dll
2009-06-25 10:26 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 10:26 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 10:26 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 10:26 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 10:26 54,272 a------- c:\windows\system32\wdigest.dll
2008-07-07 23:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008070820080709\index.dat

============= FINISH: 20:51:41,96 ===============

Synes godt om

f-arn Guru

22. september 2009 - 21:55 #4

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier indholdet mellem linierne ind og gem filen som
CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

--------------

Killall::
Snapshot::
DDS::
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: 1 (0x1) - No File
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

--------------

Da Combofix kan konflikte med din antivirus er det vigtigt at du deaktiverer den.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

Computer Hjælp (Gratis) Mester

22. september 2009 - 22:38 #5

Til evt. andres orientering ->
http://www.spywarefri.dk/artikel/dhl-spam-meget-udbredt-180909/

Synes godt om

split87 Nybegynder

22. september 2009 - 23:06 #6

ComboFix 09-09-22.01 - Ejer 22-09-2009 22:36.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1023.421 [GMT 2:00]
Kører fra: c:\documents and settings\Ejer\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Ejer\Skrivebord\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dokumenter\ZbThumbnail.info
c:\documents and settings\All Users\Menuen Start\HP Image Zone .lnk
c:\documents and settings\Ejer\Dokumenter\ZbThumbnail.info
c:\documents and settings\Martin\Dokumenter\ZbThumbnail.info
c:\windows\Installer\1043567.msp
c:\windows\Installer\147ef89.msp
c:\windows\Installer\147ef8a.msp
c:\windows\Installer\1516446.msi
c:\windows\Installer\22576.msi
c:\windows\Installer\2257d.msi
c:\windows\Installer\c64274.msi
c:\windows\patch.exe
c:\windows\system32\ps2.bat
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-08-22 til 2009-09-22 )))))))))))))))))))))))))))))))))))
.

2009-09-22 18:27 . 2009-09-22 18:27 -------- d-----w- c:\documents and settings\Ejer\Application Data\Malwarebytes
2009-09-22 18:27 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 18:27 . 2009-09-22 18:27 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2009-09-22 18:27 . 2009-09-22 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-22 18:27 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 16:14 . 2009-09-22 16:14 -------- d-----w- c:\programmer\Trend Micro
2009-09-21 21:20 . 2009-09-21 21:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-18 23:44 . 2009-09-18 23:44 -------- d-----w- c:\programmer\iPod
2009-09-18 23:44 . 2009-09-18 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 10:24 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-03 16:35 . 2009-09-03 16:35 -------- d-----w- c:\programmer\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 20:48 . 2004-01-01 16:21 -------- d-----w- c:\programmer\Fælles filer\Symantec Shared
2009-09-22 14:13 . 2008-07-07 22:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-22 14:13 . 2005-01-06 19:27 -------- d-----w- c:\programmer\SpywareBlaster
2009-09-21 21:17 . 2004-05-31 17:48 -------- d-----w- c:\programmer\Paint Shop Pro 6
2009-09-21 20:51 . 2007-06-29 12:52 -------- d-----w- c:\documents and settings\Ejer\Application Data\ZoomBrowser EX
2009-09-21 05:15 . 2007-12-01 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-09-19 00:24 . 2004-01-02 11:28 460658 ----a-w- c:\windows\system32\perfh006.dat
2009-09-19 00:24 . 2004-01-02 11:28 84248 ----a-w- c:\windows\system32\perfc006.dat
2009-09-19 00:15 . 2007-08-21 16:11 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-19 00:15 . 2007-08-21 16:11 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-18 23:45 . 2008-10-17 21:00 -------- d-----w- c:\programmer\iTunes
2009-09-18 23:44 . 2007-07-02 10:29 -------- d-----w- c:\programmer\Fælles filer\Apple
2009-09-18 23:41 . 2006-09-28 18:57 -------- d-----w- c:\programmer\QuickTime
2009-09-16 10:49 . 2008-06-29 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-10 19:14 . 2009-05-23 10:20 -------- d-----w- c:\programmer\Microsoft Silverlight
2009-09-04 21:16 . 2007-08-21 16:10 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-04 20:38 . 2004-01-01 16:52 -------- d--h--w- c:\programmer\InstallShield Installation Information
2009-08-10 20:50 . 2004-01-02 04:15 -------- d-----w- c:\programmer\Java
2009-08-05 09:00 . 2002-12-12 06:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 03:23 . 2008-11-27 17:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:03 . 2004-02-24 14:34 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-01-02 04:13 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-02-06 16:07 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:26 . 2004-02-24 14:39 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-02-24 14:38 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-02-24 14:38 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-02-24 14:38 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-02-24 14:37 731648 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-02-24 14:37 301568 ----a-w- c:\windows\system32\kerberos.dll
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-10-18 5724184]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-23 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ccApp"="c:\programmer\Fælles filer\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\programmer\Norton 360\osCheck.exe" [2008-02-26 988512]
"StartCCC"="c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Software Update"="c:\programmer\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Hurtig start.lnk - c:\programmer\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Launchy.lnk - c:\programmer\Launchy\Launchy.exe [2006-6-19 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Games\\Battlefield Vietnam\\BfVietnam.exe"=
"c:\\Programmer\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\SightSpeed\\SightSpeed.exe"=
"c:\\Programmer\\Steam\\SteamApps\\svinehammen\\day of defeat\\hl.exe"=
"c:\\Programmer\\Maguma Open Studio\\tools\\DbgListener.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 LiveUpdate Notice;LiveUpdate Notice;c:\programmer\Fælles filer\Symantec Shared\CCSVCHST.EXE [18-02-2008 13:37 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmer\Fælles filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27-08-2009 06:53 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12-01-2008 20:32 23888]
S3 gsplittm;gsplittm;\??\c:\docume~1\Anders\LOKALE~1\Temp\gsplittm.sys --> c:\docume~1\Anders\LOKALE~1\Temp\gsplittm.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [06-09-2007 18:19 32000]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-22 c:\windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- c:\programmer\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Yderligere scanning -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\programmer\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} - hxxp://install.anark.com/client/version3/windows-ie/en/AMClient.cab
DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxps://www.one.com/static/controls/IlosoftMultipleImageUpload.dll
DPF: {358DFA15-D48C-4296-8D16-7405F918333B} - hxxp://fronter.com/fyn/links/Fronter_oes_prj.cab
DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.bgbank.dk/html/activex/BG/Menu.cab
DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - hxxp://www.pixdiscount.com/clients/ImageUploader3.cab
DPF: {A590956F-AE99-4419-BB39-3C721276C625} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.stinusjeppesen.dk/controls/IlosoftImageUpload.dll
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp12.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

HKCU-Run-Acme.PCHButton - c:\progra~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
HKCU-Run-BackupNotify - c:\programmer\HP\Digital Imaging\bin\backupnotify.exe
HKLM-Run-Symantec PIF AlertEng - c:\programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-Steam App 10 - c:\documents and settings\Anders\Dokumenter\steam.exe
AddRemove-Steam App 30 - c:\documents and settings\Anders\Dokumenter\steam.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 22:48
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3676)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7Debug\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\programmer\HP\Digital Imaging\bin\hpqimzone.exe
c:\programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Gennemført tid: 2009-09-22 22:55 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-09-22 20:55

Pre-Kørsel: 26.633.228.288 byte ledig
Post-Kørsel: 26.618.859.520 byte ledig

241 --- E O F --- 2009-09-13 19:10

Synes godt om

f-arn Guru

23. september 2009 - 03:28 #7

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier indholdet mellem linierne ind og gem filen som
CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

--------------

Killall::
Snapshot::
File::
c:\docume~1\Anders\LOKALE~1\Temp\gsplittm.sys
Filelook::
c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe
Driver::
gsplittm

--------------

Da Combofix kan konflikte med din antivirus er det vigtigt at du deaktiverer den.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

split87 Nybegynder

23. september 2009 - 13:40 #8

ComboFix 09-09-22.01 - Ejer 23-09-2009 13:17.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1023.487 [GMT 2:00]
Kører fra: c:\documents and settings\Ejer\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Ejer\Skrivebord\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

FILE ::
"c:\docume~1\Anders\LOKALE~1\Temp\gsplittm.sys"
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GSPLITTM
-------\Service_gsplittm

((((((((((((((((((((((((((((( Filer skabt fra 2009-08-23 til 2009-09-23 )))))))))))))))))))))))))))))))))))
.

2009-09-22 18:27 . 2009-09-22 18:27 -------- d-----w- c:\documents and settings\Ejer\Application Data\Malwarebytes
2009-09-22 18:27 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 18:27 . 2009-09-22 18:27 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2009-09-22 18:27 . 2009-09-22 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-22 18:27 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 16:14 . 2009-09-22 16:14 -------- d-----w- c:\programmer\Trend Micro
2009-09-21 21:20 . 2009-09-21 21:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-18 23:44 . 2009-09-18 23:44 -------- d-----w- c:\programmer\iPod
2009-09-18 23:44 . 2009-09-18 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 10:24 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-03 16:35 . 2009-09-03 16:35 -------- d-----w- c:\programmer\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 11:27 . 2004-01-01 16:21 -------- d-----w- c:\programmer\Fælles filer\Symantec Shared
2009-09-22 14:13 . 2008-07-07 22:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-22 14:13 . 2005-01-06 19:27 -------- d-----w- c:\programmer\SpywareBlaster
2009-09-21 21:17 . 2004-05-31 17:48 -------- d-----w- c:\programmer\Paint Shop Pro 6
2009-09-21 20:51 . 2007-06-29 12:52 -------- d-----w- c:\documents and settings\Ejer\Application Data\ZoomBrowser EX
2009-09-21 05:15 . 2007-12-01 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-09-19 00:24 . 2004-01-02 11:28 460658 ----a-w- c:\windows\system32\perfh006.dat
2009-09-19 00:24 . 2004-01-02 11:28 84248 ----a-w- c:\windows\system32\perfc006.dat
2009-09-19 00:15 . 2007-08-21 16:11 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-19 00:15 . 2007-08-21 16:11 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-18 23:45 . 2008-10-17 21:00 -------- d-----w- c:\programmer\iTunes
2009-09-18 23:44 . 2007-07-02 10:29 -------- d-----w- c:\programmer\Fælles filer\Apple
2009-09-18 23:41 . 2006-09-28 18:57 -------- d-----w- c:\programmer\QuickTime
2009-09-16 10:49 . 2008-06-29 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-10 19:14 . 2009-05-23 10:20 -------- d-----w- c:\programmer\Microsoft Silverlight
2009-09-04 21:16 . 2007-08-21 16:10 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-04 20:38 . 2004-01-01 16:52 -------- d--h--w- c:\programmer\InstallShield Installation Information
2009-08-10 20:50 . 2004-01-02 04:15 -------- d-----w- c:\programmer\Java
2009-08-05 09:00 . 2002-12-12 06:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 03:23 . 2008-11-27 17:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:03 . 2004-02-24 14:34 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-01-02 04:13 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-02-06 16:07 915456 ------w- c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe ---
Company: Microsoft Corporation
File Description: Windows Live Messenger
File Version: 8.5.1302.1018
Product Name: Messenger
Copyright: Copyright (c) Microsoft Corporation. All rights reserved.
Original Filename: msnmsgr.exe
File size: 5724184
Created time: 2007-10-18 10:34
Modified time: 2007-10-18 10:34
MD5: A8972A2F9A744DD5EE0BFE429D767F1C
SHA1: 11C8F91DC2D2DB195482B18D71BD33CD913A8259

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-10-18 5724184]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-23 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ccApp"="c:\programmer\Fælles filer\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\programmer\Norton 360\osCheck.exe" [2008-02-26 988512]
"StartCCC"="c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Software Update"="c:\programmer\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Hurtig start.lnk - c:\programmer\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Launchy.lnk - c:\programmer\Launchy\Launchy.exe [2006-6-19 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Games\\Battlefield Vietnam\\BfVietnam.exe"=
"c:\\Programmer\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\SightSpeed\\SightSpeed.exe"=
"c:\\Programmer\\Steam\\SteamApps\\svinehammen\\day of defeat\\hl.exe"=
"c:\\Programmer\\Maguma Open Studio\\tools\\DbgListener.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 LiveUpdate Notice;LiveUpdate Notice;c:\programmer\Fælles filer\Symantec Shared\CCSVCHST.EXE [18-02-2008 13:37 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmer\Fælles filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27-08-2009 06:53 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12-01-2008 20:32 23888]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [06-09-2007 18:19 32000]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-23 c:\windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- c:\programmer\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Yderligere scanning -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\programmer\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} - hxxp://install.anark.com/client/version3/windows-ie/en/AMClient.cab
DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxps://www.one.com/static/controls/IlosoftMultipleImageUpload.dll
DPF: {358DFA15-D48C-4296-8D16-7405F918333B} - hxxp://fronter.com/fyn/links/Fronter_oes_prj.cab
DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.bgbank.dk/html/activex/BG/Menu.cab
DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - hxxp://www.pixdiscount.com/clients/ImageUploader3.cab
DPF: {A590956F-AE99-4419-BB39-3C721276C625} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.stinusjeppesen.dk/controls/IlosoftImageUpload.dll
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp12.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-23 13:29
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7Debug\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programmer\HP\Digital Imaging\bin\hpqimzone.exe
c:\programmer\HP\Digital Imaging\bin\hpqste08.exe
c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Gennemført tid: 2009-09-23 13:36 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-09-23 11:35
ComboFix2.txt 2009-09-22 20:55

Pre-Kørsel: 26.474.225.664 byte ledig
Post-Kørsel: 26.450.984.960 byte ledig

236 --- E O F --- 2009-09-13 19:10

Synes godt om

f-arn Guru

23. september 2009 - 15:15 #9

Nu er vi vist ved at være der.

Hent og installer denne scanner:
http://www.superantispyware.com/superantispywarefreevspro.html

Start superantispyware, klik på Check for updates, når det er opdateret skal du lade det skanne din computer
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.

Start så superantispyware, klik på preferences, statistics/logs, view log. Indholdet af denne log må du gerne kopiere herind sammen med en ny HijackThis log.

En anden ting. Den Norton 360 du har. Jeg synes det ligner en version 1. Hvis det er korrekt bør du måske lige se her:
http://updatecenter.norton.com/?NUCLANG=da

Synes godt om

split87 Nybegynder

23. september 2009 - 22:12 #10

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/23/2009 at 09:42 PM

Application Version : 4.29.1002

Core Rules Database Version : 4119
Trace Rules Database Version: 2059

Scan type : Complete Scan
Total Scan Time : 01:01:43

Memory items scanned : 840
Memory threats detected : 0
Registry items scanned : 8228
Registry threats detected : 0
File items scanned : 46045
File threats detected : 71

Adware.Tracking Cookie
C:\Documents and Settings\Ejer\Cookies\ejer@adserver3.openadex[1].txt
C:\Documents and Settings\Ejer\Cookies\ejer@track.adform[2].txt
C:\Documents and Settings\Anders\Cookies\anders@eas8.emediate[2].txt
C:\Documents and Settings\Anders\Cookies\anders@atdmt[2].txt
C:\Documents and Settings\Anders\Cookies\anders@track.adform[2].txt
C:\Documents and Settings\Anders\Cookies\anders@adserver3.openadex[2].txt
C:\Documents and Settings\Martin\Cookies\martin@revsci[1].txt
C:\Documents and Settings\Martin\Cookies\martin@247realmedia[1].txt
C:\Documents and Settings\Martin\Cookies\martin@ad1.emediate[1].txt
C:\Documents and Settings\Martin\Cookies\martin@ads.skisport[1].txt
C:\Documents and Settings\Martin\Cookies\martin@e2.emediate[1].txt
C:\Documents and Settings\Martin\Cookies\martin@tracking.veille-referencement[1].txt
C:\Documents and Settings\Martin\Cookies\martin@mediaprovider.adservinginternational[1].txt
C:\Documents and Settings\Martin\Cookies\martin@clickski[1].txt
C:\Documents and Settings\Martin\Cookies\martin@banner2.fynskemedier[1].txt
C:\Documents and Settings\Martin\Cookies\martin@adserver.banneradministration[2].txt
C:\Documents and Settings\Martin\Cookies\martin@eas4.emediate[1].txt
C:\Documents and Settings\Martin\Cookies\martin@www.clickmanage[2].txt
C:\Documents and Settings\Martin\Cookies\martin@ads.karbon[1].txt
C:\Documents and Settings\Martin\Cookies\martin@clicksalg[2].txt
C:\Documents and Settings\Martin\Cookies\martin@indexstats[2].txt
C:\Documents and Settings\Martin\Cookies\martin@adserver.adservinginternational[2].txt
C:\Documents and Settings\Martin\Cookies\martin@atdmt[2].txt
C:\Documents and Settings\Martin\Cookies\martin@untracked[1].txt
C:\Documents and Settings\Martin\Cookies\martin@uk.adservinginternational[2].txt
C:\Documents and Settings\Martin\Cookies\martin@qxl.banneradministration[2].txt
C:\Documents and Settings\Martin\Cookies\martin@stats.interface-stockholm[1].txt
C:\Documents and Settings\Martin\Cookies\martin@kuoniscandinavia.122.2o7[1].txt
C:\Documents and Settings\Martin\Cookies\martin@traffictracker[1].txt
C:\Documents and Settings\Martin\Cookies\martin@www.googleadservices[7].txt
C:\Documents and Settings\Martin\Cookies\martin@adtech[1].txt
C:\Documents and Settings\Martin\Cookies\martin@adfair[1].txt
C:\Documents and Settings\Martin\Cookies\martin@fullrate.adservinginternational[2].txt
C:\Documents and Settings\Martin\Cookies\martin@account.live[2].txt
C:\Documents and Settings\Martin\Cookies\martin@www.googleadservices[1].txt
C:\Documents and Settings\Martin\Cookies\martin@www.googleadservices[2].txt
C:\Documents and Settings\Martin\Cookies\martin@autocom.112.2o7[1].txt
C:\Documents and Settings\Martin\Cookies\martin@www.clickski[1].txt
C:\Documents and Settings\Martin\Cookies\martin@mediametrics.mpsa[2].txt
C:\Documents and Settings\Martin\Cookies\martin@ad.proxad[2].txt
C:\Documents and Settings\Martin\Cookies\martin@bs.serving-sys[1].txt
C:\Documents and Settings\Martin\Cookies\martin@valueclick[1].txt
C:\Documents and Settings\Martin\Cookies\martin@ww3.shoshkeles[1].txt
C:\Documents and Settings\Martin\Cookies\martin@danskespil.112.2o7[1].txt
C:\Documents and Settings\Martin\Cookies\martin@2o7[2].txt
C:\Documents and Settings\Martin\Cookies\martin@spa.adservinginternational[2].txt
C:\Documents and Settings\Martin\Cookies\martin@fynskemedieradmin.adservinginternational[2].txt
C:\Documents and Settings\Martin\Cookies\martin@bizrate[1].txt
C:\Documents and Settings\Martin\Cookies\martin@ads2.jubii[1].txt
C:\Documents and Settings\Martin\Cookies\martin@ia.adserving[2].txt
C:\Documents and Settings\Martin\Cookies\martin@stat.onestat[2].txt
C:\Documents and Settings\Martin\Cookies\martin@subarucom.112.2o7[1].txt
C:\Documents and Settings\Martin\Cookies\martin@at.atwola[2].txt
C:\Documents and Settings\Martin\Cookies\martin@ads.fotosidan[2].txt
C:\Documents and Settings\Martin\Cookies\martin@serving-sys[1].txt
C:\Documents and Settings\Martin\Cookies\martin@www.bannerbasen[2].txt
C:\Documents and Settings\Martin\Cookies\martin@coopdev.112.2o7[1].txt
C:\Documents and Settings\Martin\Cookies\martin@track.adform[2].txt
C:\Documents and Settings\Martin\Cookies\martin@specificclick[2].txt
C:\Documents and Settings\Martin\Cookies\martin@track.adform[3].txt
C:\Documents and Settings\Martin\Cookies\martin@eas.apm.emediate[2].txt
C:\Documents and Settings\Martin\Cookies\martin@adfarm1.adition[1].txt
C:\Documents and Settings\Martin\Cookies\martin@adserver.karamco[2].txt
C:\Documents and Settings\Martin\Cookies\martin@mediavizion.112.2o7[1].txt
C:\Documents and Settings\Martin\Cookies\martin@server.iad.liveperson[3].txt
C:\Documents and Settings\Martin\Cookies\martin@bold.adservinginternational[1].txt
C:\Documents and Settings\Martin\Cookies\martin@ads.hojmark[2].txt
C:\Documents and Settings\Martin\Cookies\martin@findpriser[1].txt
C:\Documents and Settings\Martin\Cookies\martin@tacoda[1].txt
C:\Documents and Settings\Martin\Cookies\martin@www.untracked[1].txt
C:\Documents and Settings\Martin\Cookies\martin@zbox.zanox[1].txt

og hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:04, on 23-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\QTTask.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Launchy\Launchy.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FLLESF~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Launchy.lnk = C:\Programmer\Launchy\Launchy.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} (Anark Client 3.0 ActiveX Control) - http://install.anark.com/client/version3/windows-ie/en/AMClient.cab
O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} (IlosoftMultipleImageCtrl Class) - https://www.one.com/static/controls/IlosoftMultipleImageUpload.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {358DFA15-D48C-4296-8D16-7405F918333B} (Fronter Open-Edit-Save Control (VersionControl)) - http://fronter.com/fyn/links/Fronter_oes_prj.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://andersjeppesen1987.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128367746796
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://andersjeppesen1987.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.com/clients/ImageUploader3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.stinusjeppesen.dk/controls/IlosoftImageUpload.dll
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp12.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hedenvantinge.skoleintra.dk/Li/_includes/XUpload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisk LiveUpdate-planlægning (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Programmer\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 15012 bytes

Synes godt om

split87 Nybegynder

23. september 2009 - 22:31 #11

og mht. Norton 360. - Det er version 2.5.0.5
Men om dette er den nyeste ved jeg ikke..?

Synes godt om

f-arn Guru

24. september 2009 - 09:33 #12

Lidt oprydning!

Start hijackthis, klik på "do a system scan only" og sæt flueben ved linierne her under, luk alle vinduer undtaget Hijackthis og klik på fix checked.

R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -
C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -
C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing

-----------

Hent og installér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Den bør du sige nej til.
Lad programmer foretage en oprydning.

http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763

-----------

Hvad angår Norton 360 så er den seneste Version 3.x
Prøv at gå ind på det link jeg lagde tidligere

Synes godt om

split87 Nybegynder

24. september 2009 - 22:39 #13

Det var det... det hele spiller :)
Der var ikke mere der skulle gøres vel? Ingen ny log eller noget..

Synes godt om

f-arn Guru

24. september 2009 - 22:53 #14

Klik start, kør og kopier dette ind combofix /u
Det vil fjerne combofix. De andre programmer kan du afinstallere på normal måde. Hvis det var mig, ville jeg dog nok beholde malwarebytes, og skanne med den engang imellem. Efter opdatering naturligvis :)

Synes godt om

f-arn Guru

24. september 2009 - 23:02 #15

DDS sletter du bare. Den skal ikke afinstalleres.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
pop up black friday Af Malm i Virus	10	I går 20:49	I dag 10:46
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

22/11

Test: Den snusfornuftige Volkswagen ID.3 blevet til lidt af el-bisse

22/11

Vil købe tele-løsninger til det offentlige for 370 millioner kroner

22/11

Nørgaard: Det er de neuro-divergente originalers tid

22/11

Sker helt åbenlyst: Ansatte i den kinesiske stat sælger borgernes personlige data på hemmelige internet-fora

22/11

Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"

22/11

Derfor bliver den amerikanske tvangs-opdeling af Google nok ikke til noget

22/11

Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen

22/11

Vi har fundet 10 ledige it-stillinger, som du kan søge netop nu

22/11

Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet

22/11

Kombit gør klar til at købe it-konsulenter for 140 millioner kroner - her er planen

22/11

Droner i krig - sådan anvendes de mest effektivt på slagmarken

Vis flere artikler

IT-JOB

Netcompany A/S

Data Management Consultant

Dynamicweb Software A/S

Solution Tech Lead

KMD A/S

Senior Java Developer

Region Midtjylland

Infrastrukturarkitekt til Digitalisering og It i Region Midtjylland

Paychex Europe

Web Application Security Specialist to Paychex Europe

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I dag 15:56	Navigation i Peugeot 3-2008 fra 2017 Af arnepedersen i Andet software
I dag 14:10	Outlook henter ikke mails Af TTA i Office & Kontorpakker
I dag 13:58	vise billeder i kartotek med store ikoner inklusive optagelsesdato Af Malm i Billedbehandling
I dag 13:35	Adobe Elements 2019, Organizer Crasher Af mort1 i Billedbehandling
I går 20:49	pop up black friday Af Malm i Virus