CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede askhoej Praktikant
01. april 2010 - 11:31 Der er 8 kommentarer

Hijackthis.log - hjælp til at fjerne malware

Hej

Min computer er blevet inficeret - her er hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:32, on 01-04-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Intel\AMT\LMS.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\Programmer\Symantec AntiVirus\SavRoam.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Fælles filer\Intel\Privacy Icon\UNS\UNS.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programmer\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\5051,34.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmer\Fælles filer\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Winamp\winampa.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\System32\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\larsen\Menuen Start\Programmer\Start\AutoLogin.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\PowerDes.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PereSvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\larsen\Skrivebord\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 217.145.57.60 owa2007.ensimunify.dk owa2007
O1 - Hosts: 217.145.57.60 ENSIMFEEXC2.ensim.local ENSIMFEEXC2
O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Programmer\VirtualCamera\VirtualCameraMenu.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmer\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Programmer\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe"
O4 - HKLM\..\Run: [TPHOTKEY] "C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe"
O4 - HKLM\..\Run: [TPFNF7] "C:\Programmer\Lenovo\NPDIRECT\TPFNF7SP.exe" /r
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [SynTPEnh] "C:\Programmer\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Programmer\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [ACTray] "C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe"
O4 - HKLM\..\Run: [ACWLIcon] "C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [picon] "C:\Programmer\Fælles filer\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] "C:\Programmer\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe"
O4 - HKLM\..\Run: [Message Center Plus] "C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe" /start
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmer\Fælles filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\larsen\LOKALE~1\Temp\Hrg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutoLogin.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O4 - Global Startup: Service Manager.lnk = C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Programmer\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Programmer\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236766023182
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = subdomain.local
O17 - HKLM\Software\..\Telephony: DomainName = subdomain.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = subdomain.local
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Programmer\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Programmer\Intel\AMT\LMS.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Programmer\lotus\notes\ntmulti.exe
O23 - Service: peresvc  Service (peresvc) - Neto systems - C:\WINDOWS\system32\PereSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Programmer\Lenovo\System Update\SUService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Programmer\Fælles filer\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 16418 bytes
Avatar billede f-arn Guru
01. april 2010 - 11:33 #1
Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe

Eller her ->
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Hurtig skan" under fanebladet "skanner"
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://download.bleepingcomputer.com/sUBs/dds.scr

eller her: http://www.forospyware.com/sUBs/dds

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet

NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.
Avatar billede f-arn Guru
01. april 2010 - 11:38 #2
du bør iøvrigt afinstallere Ask Toolbar - den har et noget tvivlsomt rygte.
Avatar billede askhoej Praktikant
01. april 2010 - 11:52 #3
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3940

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01-04-2010 11:50:14
mbam-log-2010-04-01 (11-50-14).txt

Skanningstype: Hurtig skanning
Objekter skannet: 154824
Tid gået: 3 minut(ter), 42 sekund(er)

Hukommelses Processorer Inficeret: 2
Hukommelses Moduler Inficeret: 1
Registreringsdatabase Nøgler Inficeret: 3
Registreringsdatabase Værdier Inficeret: 11
Registreringsdatabase Data Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 16

Hukommelses Processorer Inficeret:
C:\WINDOWS\system32\PowerDes.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Unloaded process successfully.

Hukommelses Moduler Inficeret:
C:\WINDOWS\system32\BtwSvc.dll (Backdoor.Bot) -> Delete on reboot.

Registreringsdatabase Nøgler Inficeret:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peresvc (Backdoor.Bot) -> Quarantined and deleted successfully.

Registreringsdatabase Værdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udpe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully.

Registreringsdatabase Data Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
C:\WINDOWS\system32\PowerDes.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BtwSvc.dll (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\larsen\Lokale indstillinger\Temp\Hrg.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opear.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ms.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\t1p0_275965678316.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\t1p0_509305660705.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\t1p0_786715871310.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\t1p0_91320145289.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\larsen\Lokale indstillinger\Temp\Hrf.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\t4m0_241293446108.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\t4m0_341682877307.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\t4m0_617698668969.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\t4m0_742558777248.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\t4m0_805225493272.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.



****************




DDS (Ver_10-03-17.01) - NTFSx86 
Run by larsen at 11:50:47,17 on 01-04-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.3066.1997 [GMT 2:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)  {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Intel\AMT\LMS.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\Programmer\Symantec AntiVirus\SavRoam.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Fælles filer\Intel\Privacy Icon\UNS\UNS.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programmer\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\5051,34.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmer\Fælles filer\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Winamp\winampa.exe
C:\WINDOWS\System32\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\larsen\Menuen Start\Programmer\Start\AutoLogin.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\larsen\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: VirtualCamera IEMenu Class: {0246a1a7-820a-469a-85a7-7b7f01eb808c} - c:\programmer\virtualcamera\VirtualCameraMenu.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\programmer\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\programmer\google\chrome frame\application\5.0.366.0\npchrome_frame.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [TVT Scheduler Proxy] "c:\programmer\fælles filer\lenovo\scheduler\scheduler_proxy.exe"
mRun: [TPHOTKEY] "c:\programmer\lenovo\hotkey\TPOSDSVC.exe"
mRun: [TPFNF7] "c:\programmer\lenovo\npdirect\TPFNF7SP.exe" /r
mRun: [TPKMAPHELPER] "c:\programmer\thinkpad\utilities\TpKmapAp.exe" -helper
mRun: [SynTPEnh] "c:\programmer\synaptics\syntp\SynTPEnh.exe"
mRun: [StartCCC] "c:\programmer\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [FingerPrintSoftware] "c:\programmer\lenovo fingerprint software\fpapp.exe" \s
mRun: [ACTray] "c:\programmer\thinkpad\connectutilities\ACTray.exe"
mRun: [ACWLIcon] "c:\programmer\thinkpad\connectutilities\ACWLIcon.exe"
mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ccApp] "c:\programmer\fælles filer\symantec shared\ccApp.exe"
mRun: [vptray] "c:\progra~1\symant~1\VPTray.exe"
mRun: [picon] "c:\programmer\fælles filer\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
mRun: [Corel File Shell Monitor] "c:\programmer\corel\corel paint shop pro photo x2\CorelIOMonitor.exe"
mRun: [Message Center Plus] "c:\programmer\lenovo\message center plus\MCPLaunch.exe" /start
mRun: [WinampAgent] c:\programmer\winamp\winampa.exe
mRun: [AdobeCS4ServiceManager] "c:\programmer\fælles filer\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [Easy Synchronization] c:\programmer\logitech\easy synchronization\LogitechEasySync.exe
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programmer\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Easy Synchronization] c:\programmer\logitech\easy synchronization\LogitechEasySync.exe --ports
mRunOnce: [Malwarebytes' Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\larsen\menuen start\programmer\start\AutoLogin.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\digita~1.lnk - c:\programmer\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\servic~1.lnk - c:\programmer\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\programmer\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236766023182
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\programmer\google\chrome frame\application\5.0.366.0\npchrome_frame.dll
Notify: ACNotify - ACNotify.dll
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: tpfnf2 - c:\programmer\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\programmer\lenovo\hotkey\tphklock.dll
SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\programmer\logitech\easy synchronization\shellexecutehook.dll
LSA: Notification Packages = scecli ACGina
Hosts: 217.145.57.60    owa2007.ensimunify.dk    owa2007
Hosts: 217.145.57.60    ENSIMFEEXC2.ensim.local    ENSIMFEEXC2
Hosts: 192.168.150.60    submain.subdomain.local

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\larsen\applic~1\mozilla\firefox\profiles\8whzd5iu.default\
FF - plugin: c:\documents and settings\larsen\application data\mozilla\firefox\profiles\8whzd5iu.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programmer\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmer\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\programmer\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\programmer\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\programmer\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-26 1676536]
R2 ccEvtMgr;Symantec Event Manager;c:\programmer\fælles filer\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\programmer\fælles filer\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-26 122880]
R2 SavRoam;SAVRoam;c:\programmer\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\programmer\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programmer\fælles filer\intel\privacy icon\uns\UNS.exe [2009-3-5 2058776]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-3-5 72448]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-3-5 482176]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-19 243856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmer\fælles filer\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-5 102448]
R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\drivers\lnvobus.sys [2009-3-5 302464]
R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\drivers\lnvocard.sys [2009-3-5 378496]
R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\lnvogps.sys [2009-3-5 72232]
R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\lnvomdfl.sys [2009-3-5 15104]
R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\drivers\lnvomdfl2.sys [2009-3-5 15104]
R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\lnvomdm.sys [2009-3-5 387072]
R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\drivers\lnvomdm2.sys [2009-3-5 431488]
R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\drivers\lnvond5.sys [2009-3-5 25984]
R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\drivers\lnvounic.sys [2009-3-5 402944]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-8 38224]
R3 NAVENG;NAVENG;c:\progra~1\fllesf~1\symant~1\virusd~1\20100323.002\naveng.sys [2010-3-24 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\fllesf~1\symant~1\virusd~1\20100323.002\navex15.sys [2010-3-24 1324720]
R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\lnvoscard.sys [2009-3-5 24232]
RUnknown BtwSvc;BtwSvc; [x]
S2 gupdate;Google Update Service (gupdate);c:\programmer\google\update\GoogleUpdate.exe [2009-11-14 135664]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-26 135168]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-10-26 143360]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [2009-7-5 323584]
S3 MsDepSvc;Web Deployment Agent Service;c:\programmer\iis\microsoft web deploy\MsDepSvc.exe [2009-4-8 42888]
S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\programmer\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmer\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
SUnknown peresvc;peresvc; [x]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-04-01 09:12:38    54016    ----a-w-    c:\windows\system32\drivers\jjbm.sys
2010-04-01 08:48:54    238920    ----a-w-    c:\windows\system32\5051,34.exe
2010-04-01 08:48:39    169814    ----a-w-    c:\windows\system32\2311,823.exe
2010-04-01 08:37:16    1024    ----a-w-    C:\.rnd
2010-04-01 07:56:16    0    d-----w-    c:\programmer\CCleaner
2010-04-01 07:38:21    238920    ----a-w-    c:\windows\system32\4506,144.exe
2010-04-01 07:38:13    45568    ----a-w-    c:\windows\system32\so.bin
2010-04-01 07:38:13    169814    ----a-w-    c:\windows\system32\5697,291.exe
2010-03-31 08:01:28    44544    ----a-w-    c:\windows\system32\t1p0_65479891803.b1k
2010-03-31 08:01:28    44544    ----a-w-    c:\windows\system32\t1p0_26250823392.b1k
2010-03-31 08:01:07    238920    ----a-w-    c:\windows\system32\8382,029.exe
2010-03-31 08:00:53    169675    ----a-w-    c:\windows\system32\7687,799.exe
2010-03-31 07:38:45    44544    ----a-w-    c:\windows\system32\t1p0_676260116864.b1k
2010-03-31 07:38:44    44544    ----a-w-    c:\windows\system32\t1p0_750301321112.b1k
2010-03-31 07:38:05    0    d-----w-    c:\windows\system32\GroupPolicy
2010-03-31 07:37:29    238920    ----a-w-    c:\windows\system32\4923,625.exe
2010-03-31 07:37:11    169675    ----a-w-    c:\windows\system32\2793,848.exe
2010-03-24 15:09:02    135168    ----a-w-    c:\temp\SubRMSPublic.dll
2010-03-23 19:14:43    122950154    ----a-w-    C:\3692 Skoda Yeti relancering DM.rar
2010-03-19 08:12:10    0    d-----w-    c:\temp\controls
2010-03-19 08:07:35    0    d-----w-    c:\temp\bin
2010-03-11 06:59:36    3583488    -c----w-    c:\windows\system32\dllcache\moviemk.exe
2010-03-05 18:37:56    317952    ------w-    c:\windows\system32\browserchoice.exe

==================== Find3M  ====================

2010-04-01 08:49:49    603600    ----a-w-    c:\windows\system32\perfh006.dat
2010-04-01 08:49:49    141294    ----a-w-    c:\windows\system32\perfc006.dat
2010-04-01 08:35:36    2855    ----a-w-    c:\windows\bthservsdp.dat
2010-03-29 13:24:58    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 13:24:46    20824    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-03-26 15:01:17    3452    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2009-05-01 08:06:23    88    --sh--r-    c:\windows\system32\3285DA34D6.sys
2009-07-02 22:23:16    88    --sh--r-    c:\windows\system32\ACD6D7E923.sys
2009-03-11 11:19:51    32768    --sha-w-    c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012009030220090309\index.dat
2009-03-11 11:19:51    32768    --sha-w-    c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012009031120090312\index.dat

============= FINISH: 11:51:29,50 ===============
Avatar billede f-arn Guru
01. april 2010 - 12:57 #4
Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Kopier det fremhævede ind i et notesblok-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

Killall::
Snapshot::
Driver::
peresvc

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede askhoej Praktikant
01. april 2010 - 15:28 #5
Jeg for følgende fejlbesked:

!! ALERT !! It is NOT SAFE to continue!

The contents of the ComboFix package has been compromised.
Please download a fresh copy from:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus 'Virut'
Avatar billede f-arn Guru
01. april 2010 - 16:24 #6
Jeg kan se en del "snavs", men jeg kan ikke lige se tegn på den slags.
Slet den combofix du har og gør dette:

Hent og gem Combofix på dit skrivebord som svchost.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Start svchost.exe og følg anvisningerne.

Vigtigt—> Deaktiver dit antivirusprogram da det kan forstyrrer combofix.

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede askhoej Praktikant
01. april 2010 - 16:39 #7
desværre, samme fejlbesked
Avatar billede f-arn Guru
01. april 2010 - 16:48 #8
Er det den PC du sidder ved nu, eller har du en anden?
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
pop up black friday Af Malm i Virus 3 I går 20:49 I dag 01:12
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 20:49 pop up black friday Af Malm i Virus
I går 18:31 Hvor finder jeg en netværksdriver? Af jcr18 i Wifi
I går 16:49 Identificér og hent del af tekststreng Af TheLibrarian i Excel
I går 16:30 Smart vægt til fitness tracking Af Henrik i Fitness & Smartwatches
I går 08:08 touchpad virker ikke Af Malm i PC
White papers
Flere white papers »


Premium
Teaser billede
Vil købe tele-løsninger til det offentlige for 370 millioner kroner
Læs mere »
Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"
Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen
Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet
Se alle »
Computerworld
Teaser billede
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Læs mere »
Test: Audi Q6 er en super fed SUV - men gør dig selv en tjeneste og kast flere penge efter den
Test: Prøv kun disse B&O-hovedtelefoner, hvis du har råd
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Se alle »
CIO
Teaser billede
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Læs mere »
Kæmpe-opgave for Danske Bank har banet vej for fuldautomatiseret migrering til cloud: Nu udbredes metoden i hele AWS
Stor sag mod Microsoft kan være på vej: Beskyldes for at låse Azure-kunder fast med ulovlige metoder
Microsofts store årlige event: De tre vigtigste nøglebudskaber fra Satya Nadella om Microsofts fremtid
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Tre Norlys-topchefer fratræder med omgående virkning: Internet-forretningen er udfordret - vil have mere fart i integrationen af Telia Danmark
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Se alle »
White paper
Teaser billede
Er din cybersikkerhed klar til AI-revolutionen?
Læs mere »
Vær proaktiv og prioritér IT-sikkerheden – før det er for sent
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
MDR: Transparent sikkerhed og overvågning i realtid
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »