Avatar billede tuep Nybegynder
22. september 2010 - 09:43 Der er 12 kommentarer

Tror sgu´ jeg fik gæster!

Hej Eksperter

Vi fandt i går på arbejde ud af at vi havde fået virus på en af vores hjemmesider (www.hest-online.dk) Nogen havde hacket den og lagt en såkaldte sql-injections på serveren - det er kald til javascript - i flere database-felter, siger IT.
Fint nok og den blev lukket, men jeg stoler sgu´ ikke på at jeg ikke fik virus, da jeg var inde på den.
Her til morgen finder jeg så ud af at min hotmail er blevet misbrugt, så noget er der galt!

Nedenstående en Hijack. Vil ikke sifte password før jeg er sikker på der ikke ligger noget på min maskine. Håber nogen kan finde noget.

På forhånd tak

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:35:10, on 22-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Novell\ZENworks\nalntsrv.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\Novell\ZENworks\wm.exe
C:\Programmer\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Programmer\Network Associates\Common Framework\UdaterUI.exe
C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Programmer\Network Associates\Common Framework\McTray.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\TDI\Lokale indstillinger\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Novell\GroupWise\notify.exe
C:\Documents and Settings\TDI\Application Data\Dropbox\bin\Dropbox.exe
C:\Programmer\Novell\ZENworks\NalAgent.exe
c:\novell\groupwise\grpwise.exe
c:\programmer\internet explorer\iexplore.exe
c:\programmer\internet explorer\iexplore.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
c:\programmer\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
c:\programmer\internet explorer\iexplore.exe
C:\Programmer\Cross\Studio\omnis.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmer\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranetdlm.dansklandbrug.dk/side.asp?p=2&uid=463733894&side=2&color=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranetdlm.dansklandbrug.dk/autologin.asp?initialer=TDI
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmer\myBabylon_English\tbmyB1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmer\myBabylon_English\tbmyB1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmer\myBabylon_English\tbmyB1.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TDI\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\TDI\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Adobe Acrobat Hurtigstart.lnk = ?
O4 - Global Startup: Application Explorer.lnk = C:\Programmer\Novell\ZENworks\NalView.exe
O4 - Global Startup: GroupWise Notifikation.lnk = C:\Novell\GroupWise\notify.exe
O4 - Global Startup: Notifikation.lnk = C:\Novell\GroupWise\notify.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Konverter hyperlinkdestination til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter hyperlinkdestination til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter markering til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter markering til eksisterende PDF-fil - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter valgte hyperlinks til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konverter valgte hyperlinks til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Tilføj til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programmer\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.landbrugsavisen.dk/links/kategorisk.asp
O15 - Trusted Zone: *.nordjyske.dk
O15 - Trusted Zone: *.nordjyske.dk (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249896929218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255949896203
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programmer\Novell\ZENworks\nalntsrv.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programmer\Novell\ZENworks\wm.exe

--
End of file - 14438 bytes
Avatar billede patrick14 Nybegynder
22. september 2010 - 09:57 #1
Hej

Følg venligst denne vejledning:

Hent CCleaner
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner. Husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet.
Klik på kør CCleaner og lad den fjerne hvad den finder, kør indtil at der ikke er mere.
Klik så på Register i venstre side (den blå terning). Klik på Skan efter problemer. Når den er færdig så klik på Udbedre valgte problemer. Klik så på udbedre alle valgte problemer. Kør indtil at den ikke finder mere
Klik på OK. Klik på Luk når den er færdig
Genstart







Hent Malwarebytes Anti-Malware herfra:
2. http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind i denne tråd.
Vigtigt: Du skal, inden du klikker på "Skan" knappen i Malwarebytes Anti-Malware gå op i fanen "Opdater", klik på "Tjek for opdatering", bliv ved til den skriver du har nyeste database, (DET SKAL UDFØRES).

Hent og installere SAS

http://kortlink.dk/3g4f/

Start superantispyware, klik på Tjek for opdateringer.
Klik på Skan din computer, sæt flueben ved alle drev. (Fixed disk betyder harddisk)
Flyt prikken til Udfør komplet skan og klik på Næste, så kører scanningen.


Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log.





Hent HijackThis her, gem den I en mappe så du kan finde den.

http://www.trendmicro.com/ftp/products/hijackthis/HijackThis.exe

Dobbeltklik på det nye HijackThis ikon
Vista og windows 7 bruger skal klikke med højre-musetast på program filen > Vælg "Kør som administrator"
2. På menuen der kommer op, klikker du på: Do a systemscan and save a logfile.
3. Efter et kort øjeblik åbner en logfil i notesblok, kopier teksten herind


Send nu alle tre logfiler ind i forumet.
Avatar billede tuep Nybegynder
22. september 2010 - 14:23 #2
Er du sunshine, det har været en lang dag, men nu er den blevet færdig. Resultat her under:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4669

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22-09-2010 12:10:56
mbam-log-2010-09-22 (12-10-56).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 345874
Tid gået: 1 time(e), 21 minut(ter), 15 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 3
Inficerede Mapper: 0
Inficerede Filer: 4

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
C:\Documents and Settings\All Users\Dokumenter\Musik\Sample Playlists\replycomments.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dokumenter\Musik\Sample Playlists\selecttext.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dokumenter\Musik\Sample Playlists\sendemailreview.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dokumenter\Musik\Sample Playlists\touchupobj.gif (Extension.Mismatch) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/22/2010 at 02:04 PM

Application Version : 4.43.1000

Core Rules Database Version : 5556
Trace Rules Database Version: 3368

Scan type      : Complete Scan
Total Scan Time : 00:54:55

Memory items scanned      : 715
Memory threats detected  : 0
Registry items scanned    : 6147
Registry threats detected : 0
File items scanned        : 28901
File threats detected    : 187

Adware.Tracking Cookie
    C:\Documents and Settings\TDI\Cookies\tdi@adviva[1].txt
    C:\Documents and Settings\TDI\Cookies\tdi@delivery-media.surftown[2].txt
    C:\Documents and Settings\TDI\Cookies\tdi@collective-media[2].txt
    C:\Documents and Settings\TDI\Cookies\tdi@apmebf[1].txt
    C:\Documents and Settings\TDI\Cookies\tdi@atdmt[2].txt
    C:\Documents and Settings\TDI\Cookies\tdi@adtech[1].txt
    C:\Documents and Settings\TDI\Cookies\tdi@borsenrt.112.2o7[1].txt
    C:\Documents and Settings\TDI\Cookies\tdi@doubleclick[1].txt
    C:\Documents and Settings\TDI\Cookies\tdi@ad1.emediate[2].txt
    C:\Documents and Settings\TDI\Cookies\tdi@track.adform[2].txt
    C:\Documents and Settings\TDI\Cookies\tdi@adserver3.openadex[1].txt
    C:\Documents and Settings\TDI\Cookies\tdi@mediaplex[1].txt
    m1.2mdn.net [ C:\Documents and Settings\AWI\Application Data\Macromedia\Flash Player\#SharedObjects\CECW6MPN ]
    media.mtvnservices.com [ C:\Documents and Settings\AWI\Application Data\Macromedia\Flash Player\#SharedObjects\CECW6MPN ]
    C:\Documents and Settings\AWI\Cookies\awi@adviva[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@euroclick[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@adfair[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@superstats[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@tradedoubler[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@matas.112.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@www.machinefinder[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@statse.webtrendslive[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@adserver3.openadex[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@adbrite[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@adrevolver[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@revsci[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@www.promedia[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@ad1.emediate[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@ads.ft[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@invitemedia[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@www.googleadservices[4].txt
    C:\Documents and Settings\AWI\Cookies\awi@www.googleadservices[3].txt
    C:\Documents and Settings\AWI\Cookies\awi@www.googleadservices[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@www.googleadservices[5].txt
    C:\Documents and Settings\AWI\Cookies\awi@www.googleadservices[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@advertising[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@indexstats[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@mediaplex[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@adserver.adservinginternational[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@stats.zmags[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@ads.telegraph.co[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@magasindn.112.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@adserver.fbg[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@adfarm1.adition[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@hitbox[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@www.etracker[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@komtrack[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@ads.dk-kogebogen[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@borsen.112.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@bluestreak[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@adserver.banneradministration[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@10questions.time[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@2o7[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@77tracking[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@ad.yieldmanager[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@ads2.jubii[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@adtech[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@apmebf[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@aller.112.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@bgtpartners.112.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@at.atwola[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@atdmt[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@banner.kristeligt-dagblad[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@banner2.fynskemedier[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@bs.serving-sys[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@casalemedia[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@data.coremetrics[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@edsa.122.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@doubleclick[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@e2.emediate[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@eas.apm.emediate[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@eas4.emediate[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@ehg-oreilly.hitbox[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@eyewonder[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@fastclick[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@freefind[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@fullrate.adservinginternational[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@highbeam.122.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@ia.adserving[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@imrworldwide[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@indextools[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@interclick[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@lookfantastic.112.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@media.adrevolver[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@mediabroker[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@msnbc.112.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@msnportal.112.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@nielsen.112.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@overture[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@politiken.112.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@pentonmedia.122.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@revenue[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@promedia[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@questionmarket[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@s.clickability[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@serving-sys[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@siemens.112.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@specificclick[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@stat.postdanmark[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@statcounter[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@tacoda[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@track.adform[2].txt
    C:\Documents and Settings\AWI\Cookies\awi@track.webtrekk[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@traffictracker[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@usatoday1.112.2o7[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@wsjmediakit[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@xiti[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@yieldmanager[1].txt
    C:\Documents and Settings\AWI\Cookies\awi@zedo[1].txt
    adtrack.suddenly.dk [ C:\Documents and Settings\JAO\Application Data\Macromedia\Flash Player\#SharedObjects\8WZ9386G ]
    macromedia.com [ C:\Documents and Settings\JAO\Application Data\Macromedia\Flash Player\#SharedObjects\8WZ9386G ]
    media1.break.com [ C:\Documents and Settings\JAO\Application Data\Macromedia\Flash Player\#SharedObjects\8WZ9386G ]
    C:\Documents and Settings\JAO\Cookies\jao@ads.skisport[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@fastclick[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@ad.bolddk[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@ad.yieldmanager[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@ehg-ladbrokes.hitbox[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@adtech[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@ads.worldgolfchampionships[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@track.adform[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@ads.clicksor[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@tribalfusion[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@ad1.emediate[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@adopt.specificclick[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@advertising[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@ads.pointroll[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@ads.pga[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@ads.dk-kogebogen[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@adopt.euroclick[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@122.2o7[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@247realmedia[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@2o7[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@ads.betbrain[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@atdmt[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@ads.revsci[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@apmebf[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@atwola[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@b5media[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@bold.adservinginternational[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@bs.serving-sys[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@cbs.112.2o7[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@eas.apm.emediate[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@doubleclick[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@e2.emediate[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@eas4.emediate[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@edsa.122.2o7[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@ehg-nokiafin.hitbox[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@ehg-nyjets.hitbox[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@ehg-twi.hitbox[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@imrworldwide[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@hi3dk.112.2o7[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@hitbox[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@kontera[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@media6degrees[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@mediaplex[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@mediaservices.myspace[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@myroitracking[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@overture[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@politiken.112.2o7[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@questionmarket[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@revenue[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@revsci[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@serving-sys[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@socialmedia[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@specificclick[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@stat.postdanmark[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@statcounter[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@statse.webtrendslive[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@tacoda[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@tradedoubler[2].txt
    C:\Documents and Settings\JAO\Cookies\jao@valueclick[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@viasatsatelliteservices.112.2o7[1].txt
    C:\Documents and Settings\JAO\Cookies\jao@zedo[2].txt
    C:\Documents and Settings\PLS\Cookies\pls@2o7[2].txt
    C:\Documents and Settings\PLS\Cookies\pls@advertising[2].txt
    C:\Documents and Settings\PLS\Cookies\pls@atdmt[1].txt
    C:\Documents and Settings\PLS\Cookies\pls@doubleclick[2].txt
    C:\Documents and Settings\PLS\Cookies\pls@fullrate.adservinginternational[2].txt
    C:\Documents and Settings\PLS\Cookies\pls@msnportal.112.2o7[1].txt
    C:\Documents and Settings\PLS\Cookies\pls@statse.webtrendslive[1].txt
    C:\Documents and Settings\PLS\Cookies\pls@track.adform[2].txt
    C:\Documents and Settings\PLS\Cookies\pls@tradedoubler[2].txt
    C:\Documents and Settings\TDI\Lokale indstillinger\Temp\Cookies\tdi@atdmt[2].txt

Trojan.Agent/Gen-Nullo[Short]
    C:\PROGRAMMER\NOVELL\ZENWORKS\NLS\ENGLISH\WMSCHEDR.DLL
    C:\WINDOWS\$HF_MIG$\KB890859\SP2QFE\NTKRNLMP.EXE
    C:\WINDOWS\$HF_MIG$\KB890859\SP2QFE\NTKRPAMP.EXE
    C:\WINDOWS\$HF_MIG$\KB890859\SP2QFE\NTOSKRNL.EXE


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:20:13, on 22-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Novell\ZENworks\nalntsrv.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\Novell\ZENworks\wm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Programmer\Network Associates\Common Framework\UdaterUI.exe
C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Programmer\Network Associates\Common Framework\McTray.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\TDI\Lokale indstillinger\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmer\Novell\ZENworks\NalAgent.exe
c:\novell\groupwise\grpwise.exe
c:\programmer\internet explorer\iexplore.exe
c:\programmer\internet explorer\iexplore.exe
C:\Novell\GroupWise\notify.exe
C:\Documents and Settings\TDI\Application Data\Dropbox\bin\Dropbox.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
c:\programmer\internet explorer\iexplore.exe
C:\DOCUME~1\TDI\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\BKNXYHX5\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranetdlm.dansklandbrug.dk/side.asp?p=2&uid=463733894&side=2&color=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranetdlm.dansklandbrug.dk/autologin.asp?initialer=TDI
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmer\myBabylon_English\tbmyB1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmer\myBabylon_English\tbmyB1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmer\myBabylon_English\tbmyB1.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TDI\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\TDI\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Adobe Acrobat Hurtigstart.lnk = ?
O4 - Global Startup: Application Explorer.lnk = C:\Programmer\Novell\ZENworks\NalView.exe
O4 - Global Startup: GroupWise Notifikation.lnk = C:\Novell\GroupWise\notify.exe
O4 - Global Startup: Notifikation.lnk = C:\Novell\GroupWise\notify.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Konverter hyperlinkdestination til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter hyperlinkdestination til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter markering til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter markering til eksisterende PDF-fil - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter valgte hyperlinks til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konverter valgte hyperlinks til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Tilføj til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programmer\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.landbrugsavisen.dk/links/kategorisk.asp
O15 - Trusted Zone: *.nordjyske.dk
O15 - Trusted Zone: *.nordjyske.dk (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249896929218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255949896203
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programmer\Novell\ZENworks\nalntsrv.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programmer\Novell\ZENworks\wm.exe

--
End of file - 14574 bytes



Er jeg virus fri nu?
Avatar billede patrick14 Nybegynder
22. september 2010 - 16:06 #3
Hej

Nej det er jeg ikke.

Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFscript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.
Avatar billede tuep Nybegynder
23. september 2010 - 09:27 #4
Så har den kørt en tur og følgende rapport er kommet ud af det:

ComboFix 10-09-22.05 - TDI 23-09-2010  9:00.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.2551.1798 [GMT 2:00]
Kører fra: c:\documents and settings\TDI\Dokumenter\virus slet\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\TDI\Dokumenter\virus slet\CFscript.txt
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active


advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\GroupPolicy\User\Scripts\scripts.ini

----- BITS: Mulige inficerede internetsteder -----

hxxp://wus.ds
.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-08-23 til 2010-09-23  )))))))))))))))))))))))))))))))))))
.

2010-09-23 07:00 . 2010-09-23 07:00    --------    d-----w-    C:\Quarantine
2010-09-22 10:13 . 2010-09-22 10:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-22 10:13 . 2010-09-22 11:06    --------    d-----w-    c:\programmer\SUPERAntiSpyware
2010-09-22 10:13 . 2010-09-22 10:13    --------    d-----w-    c:\documents and settings\TDI\Application Data\SUPERAntiSpyware.com
2010-09-22 10:12 . 2010-09-22 10:12    --------    d-----w-    c:\programmer\Fælles filer\Wise Installation Wizard
2010-09-22 08:40 . 2010-09-22 08:40    --------    d-----w-    c:\documents and settings\TDI\Application Data\Malwarebytes
2010-09-22 08:40 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 08:40 . 2010-09-22 08:40    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-22 08:40 . 2010-09-22 08:40    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-09-22 08:40 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-22 08:22 . 2010-09-22 08:22    --------    d-----w-    c:\programmer\CCleaner
2010-09-22 07:33 . 2010-09-22 07:33    --------    d-----w-    c:\programmer\Trend Micro
2010-09-14 12:25 . 2010-09-14 12:25    --------    d-----w-    c:\documents and settings\TDI\Lokale indstillinger\Application Data\Sony Ericsson
2010-09-14 12:25 . 2010-09-14 12:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\BVRP Software
2010-09-14 06:55 . 2010-09-23 06:40    --------    d-----w-    c:\documents and settings\TDI\Application Data\Dropbox

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 07:20 . 2010-08-04 06:54    --------    d-----w-    c:\documents and settings\TDI\Application Data\Skype
2010-09-23 06:39 . 2010-08-04 06:55    --------    d-----w-    c:\documents and settings\TDI\Application Data\skypePM
2010-09-22 11:07 . 2010-09-22 11:07    63488    ----a-w-    c:\documents and settings\TDI\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-22 11:07 . 2010-09-22 11:07    52224    ----a-w-    c:\documents and settings\TDI\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-22 11:07 . 2010-09-22 11:07    117760    ----a-w-    c:\documents and settings\TDI\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-22 07:33 . 2010-09-22 07:33    388096    ----a-r-    c:\documents and settings\TDI\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-21 12:37 . 2008-07-28 08:18    --------    d-----w-    c:\programmer\Google
2010-09-14 12:21 . 2010-09-14 12:21    --------    d-----w-    c:\programmer\Sony Ericsson
2010-09-14 12:21 . 2010-09-14 12:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-09-14 12:21 . 2005-04-04 10:29    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2010-09-14 08:30 . 2009-09-23 12:12    0    ----a-w-    c:\documents and settings\TDI\temp.dat
2010-09-14 06:56 . 2010-09-14 06:56    89831    ----a-w-    c:\documents and settings\TDI\Application Data\Dropbox\bin\Uninstall.exe
2010-09-14 06:43 . 2010-06-03 10:57    --------    d-----w-    c:\programmer\Microsoft Silverlight
2010-09-06 06:56 . 2010-08-06 12:25    --------    d-----w-    c:\programmer\myBabylon_English
2010-08-17 13:17 . 2001-10-09 12:00    58880    ----a-w-    c:\windows\system32\spoolsv.exe
2010-08-12 06:56 . 2010-08-04 06:53    --------    d-----r-    c:\programmer\Skype
2010-08-09 07:59 . 2005-04-04 14:03    --------    d-----w-    c:\programmer\Fælles filer\Java
2010-08-09 07:59 . 2010-08-09 07:59    503808    ----a-w-    c:\documents and settings\TDI\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40f32ce3-n\msvcp71.dll
2010-08-09 07:59 . 2010-08-09 07:59    61440    ----a-w-    c:\documents and settings\TDI\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7b170510-n\decora-sse.dll
2010-08-09 07:59 . 2010-08-09 07:59    499712    ----a-w-    c:\documents and settings\TDI\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40f32ce3-n\jmc.dll
2010-08-09 07:59 . 2010-08-09 07:59    348160    ----a-w-    c:\documents and settings\TDI\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40f32ce3-n\msvcr71.dll
2010-08-09 07:59 . 2010-08-09 07:59    12800    ----a-w-    c:\documents and settings\TDI\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7b170510-n\decora-d3d.dll
2010-08-09 07:59 . 2005-04-04 14:03    --------    d-----w-    c:\programmer\Java
2010-08-06 12:26 . 2010-08-06 12:26    --------    d-----w-    c:\documents and settings\TDI\Application Data\Digsby
2010-08-06 12:26 . 2010-08-06 12:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\Digsby
2010-08-06 12:26 . 2010-08-06 12:26    --------    d-----w-    c:\programmer\Conduit
2010-08-06 12:25 . 2010-08-06 12:25    --------    d-----w-    c:\programmer\Babylon
2010-08-04 06:55 . 2010-08-04 06:55    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2010-08-04 06:53 . 2010-08-04 06:53    --------    d-----w-    c:\programmer\Fælles filer\Skype
2010-08-04 06:53 . 2010-08-04 06:53    --------    d-----w-    c:\documents and settings\All Users\Application Data\Skype
2010-07-22 15:46 . 2001-10-09 12:00    590848    ----a-w-    c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25    5120    ----a-w-    c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-05-12 06:49    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-07-13 08:35 . 2001-10-09 12:00    62474    ----a-w-    c:\windows\system32\perfc006.dat
2010-07-13 08:35 . 2001-10-09 12:00    394772    ----a-w-    c:\windows\system32\perfh006.dat
2010-06-30 12:32 . 2001-10-09 12:00    149504    ----a-w-    c:\windows\system32\schannel.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmer\myBabylon_English\tbmyB1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-09-06 06:56    2735200    ----a-w-    c:\programmer\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmer\myBabylon_English\tbmyB1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\programmer\myBabylon_English\tbmyB1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\TDI\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\TDI\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\TDI\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-01 39408]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\TDI\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Sony Ericsson PC Suite"="c:\programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-22 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmer\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"McAfeeUpdaterUI"="c:\programmer\Network Associates\Common Framework\UdaterUI.exe" [2008-06-25 136512]
"ShStatEXE"="c:\programmer\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"Acrobat Assistant 8.0"="c:\programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-06-16 624056]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-10-20 53248]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-10-20 57344]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
"Google Quick Search Box"="c:\programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-01 122368]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

c:\documents and settings\LOGIN\Menuen Start\Programmer\Start\
GroupWise.lnk - c:\novell\GroupWise\grpwise.exe [2006-3-30 5845052]

c:\documents and settings\JAO\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - c:\programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\TDI\Menuen Start\Programmer\Start\
Dropbox.lnk - c:\documents and settings\TDI\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Acrobat Hurtigstart.lnk - c:\windows\Installer\{AC76BA86-1053-DF00-7760-000000000003}\_SC_Acrobat.exe [2008-7-16 295606]
Application Explorer.lnk - c:\programmer\Novell\ZENworks\NalView.exe [2006-6-13 35840]
GroupWise Notifikation.lnk - c:\novell\GroupWise\notify.exe [2006-3-30 192570]
Notifikation.lnk - c:\novell\GroupWise\notify.exe [2006-3-30 192570]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\programmer\Novell\ZENworks\NalShell.dll" [2006-06-28 446464]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2010-09-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-09-22 11:05    548352    ----a-w-    c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2006-05-02 07:17    24576    ----a-w-    c:\windows\system32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages    REG_MULTI_SZ      msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1013\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1014\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1015\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1016\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1017\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1018\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1019\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1020\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\Programmer\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"c:\\Documents and Settings\\TDI\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [28-07-2008 09:19 34592]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [29-02-2008 16:03 12872]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 67656]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [23-05-2005 14:47 6899]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [14-09-2010 14:21 90112]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [09-05-2006 10:59 167936]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [02-05-2006 09:17 61440]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [23-05-2005 14:11 2773]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [10-12-2009 15:21 135664]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [26-02-2010 10:11 102656]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [14-09-2010 14:21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [14-09-2010 14:21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [14-09-2010 14:21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [14-09-2010 14:21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [14-09-2010 14:21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [14-09-2010 14:21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [14-09-2010 14:21 109736]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 12872]
.
Indhold af mappen 'Planlagte Opgaver'

2010-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-12-10 13:21]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-12-10 13:21]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2885656535-423628669-527726371-1019Core.job
- c:\documents and settings\TDI\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-05-20 13:31]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2885656535-423628669-527726371-1019UA.job
- c:\documents and settings\TDI\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-05-20 13:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://intranetdlm.dansklandbrug.dk/side.asp?p=2&uid=463733894&side=2&color=
uInternet Connection Wizard,ShellNext = hxxp://intranetdlm.dansklandbrug.dk/autologin.asp?initialer=TDI
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Konverter hyperlinkdestination til Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konverter hyperlinkdestination til eksisterende PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Konverter markering til Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konverter markering til eksisterende PDF-fil - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Konverter til Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konverter valgte hyperlinks til Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Konverter valgte hyperlinks til eksisterende PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Tilføj til eksisterende PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: nordjyske.dk
Trusted Zone: nordjyske.dk\tryk
Trusted Zone: nordjyske.dk
Trusted Zone: nordjyske.dk\tryk
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 09:17
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\NETWIN32.DLL
c:\programmer\Novell\ZENworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\ZenMup.dll
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
c:\programmer\Novell\ZENworks\WMNTAPI.DLL
c:\windows\system32\NLS\ENGLISH\MAPBASER.DLL

- - - - - - - > 'Explorer.exe'(6056)
c:\documents and settings\TDI\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\programmer\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\programmer\Novell\ZENworks\NLS\english\NalUIRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Network Associates\Common Framework\FrameworkService.exe
c:\programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\Novell\ZENworks\nalntsrv.exe
c:\programmer\Network Associates\Common Framework\naPrdMgr.exe
c:\programmer\Analog Devices\SoundMAX\SMAgent.exe
c:\programmer\Novell\ZENworks\wm.exe
c:\programmer\Novell\ZENworks\WMRUNDLL.EXE
c:\windows\system32\NWTRAY.EXE
c:\programmer\Network Associates\Common Framework\McTray.exe
c:\documents and settings\TDI\Lokale indstillinger\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\programmer\McAfee\VirusScan Enterprise\Mcshield.exe
c:\programmer\Novell\ZENworks\NalAgent.exe
c:\programmer\Skype\Plugin Manager\skypePM.exe
c:\programmer\internet explorer\iexplore.exe
c:\programmer\internet explorer\iexplore.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-23  09:24:34 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-09-23 07:24

Pre-Kørsel: 54.940.803.072 byte ledig
Post-Kørsel: 55.803.650.048 byte ledig

- - End Of File - - 355BB70F536E7409D9BA400FEA7C2164
Avatar billede patrick14 Nybegynder
24. september 2010 - 13:01 #5
Ud fra hvad at jeg kan se, så er den ren.

Men

* AcrobatReader skal opdateres
* myBabylon English Toolbar ??? (Hvad er det ?)
* Novell\ZENworks + \Novell\GroupWise + OracleOraHome92ClientCache ??? (Er det er firma PC ?)
Avatar billede patrick14 Nybegynder
24. september 2010 - 13:09 #6
Sorry var lidt for hurtig

Find disse filer og upload dem til: http://www.virustotal.com/

c:\windows\system32\rpcrt4.dll
c:\windows\system32\xpsp4res.dll
c:\windows\system32\deployJava1.dll

Send resultatet herind
Avatar billede tuep Nybegynder
27. september 2010 - 09:51 #7
Hej Patrick

Der var ikke mere at komme efter, så jeg er en lykkelig mand og de 120 point er jo helt til grin, set i forhold til dit arbejde med denne opgave.
Jeg bukker og takker for hjælpen. Det har været en meget, meget stor hjælp.

Smid mig et svar, så er point velfortjent dine.
Avatar billede patrick14 Nybegynder
27. september 2010 - 17:20 #8
Som at jeg skriver ovenover så var jeg lidt for hurtig med den første besked. Følg venligst det at der står i den anden.


Find disse filer og upload dem til: http://www.virustotal.com/

c:\windows\system32\rpcrt4.dll
c:\windows\system32\xpsp4res.dll
c:\windows\system32\deployJava1.dll

Send resultatet herind
Avatar billede tuep Nybegynder
28. september 2010 - 09:00 #9
Hej Patrick

Det var fordi jeg havde været dem igennem og der ikke kom nogen udslag på nogen af dem. Men du får dem lige for en ordens skyld her. Til gengæld kan jeg ikke komme af med den der Babylon toolbar. Kan ikke finde den under "afinstal programmer".
Nedenstående rapporter på de 3 nævnte filer:


File name: deployJava1.dll
Submission date: 2010-09-28 06:51:57 (UTC)
Current status: queued queued (#1) analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: - 
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.09.28.00 2010.09.27 -
AntiVir 7.10.12.54 2010.09.27 -
Antiy-AVL 2.0.3.7 2010.09.28 -
Authentium 5.2.0.5 2010.09.28 -
Avast 4.8.1351.0 2010.09.27 -
Avast5 5.0.594.0 2010.09.27 -
AVG 9.0.0.851 2010.09.27 -
BitDefender 7.2 2010.09.28 -
CAT-QuickHeal 11.00 2010.09.28 -
ClamAV 0.96.2.0-git 2010.09.28 -
Comodo 6220 2010.09.28 -
DrWeb 5.0.2.03300 2010.09.28 -
Emsisoft 5.0.0.37 2010.09.28 -
eSafe 7.0.17.0 2010.09.26 -
eTrust-Vet 36.1.7879 2010.09.27 -
F-Prot 4.6.2.117 2010.09.28 -
F-Secure 9.0.15370.0 2010.09.28 -
Fortinet 4.1.143.0 2010.09.26 -
GData 21 2010.09.28 -
Ikarus T3.1.1.90.0 2010.09.28 -
Jiangmin 13.0.900 2010.09.28 -
K7AntiVirus 9.63.2618 2010.09.27 -
Kaspersky 7.0.0.125 2010.09.28 -
McAfee 5.400.0.1158 2010.09.28 -
McAfee-GW-Edition 2010.1C 2010.09.28 -
Microsoft 1.6201 2010.09.28 -
NOD32 5484 2010.09.27 -
Norman 6.06.06 2010.09.27 -
nProtect 2010-09-27.03 2010.09.27 -
Panda 10.0.2.7 2010.09.27 -
PCTools 7.0.3.5 2010.09.28 -
Prevx 3.0 2010.09.28 -
Rising 22.66.06.01 2010.09.27 -
Sophos 4.58.0 2010.09.28 -
Sunbelt 6937 2010.09.28 -
SUPERAntiSpyware 4.40.0.1006 2010.09.28 -
Symantec 20101.1.1.7 2010.09.28 -
TheHacker 6.7.0.0.036 2010.09.27 -
TrendMicro 9.120.0.1004 2010.09.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.28 -
VBA32 3.12.14.1 2010.09.27 -
ViRobot 2010.8.31.4017 2010.09.28 -
VirusBuster 12.66.2.0 2010.09.27 -
Additional informationShow all 
MD5  : 0686cd90e881f84a2950951a305443e7
SHA1  : b17d8fd388542e4a90061c08ce2a80b0fbcf6f95
SHA256: 4eae62ed9f07a4e944ec14f36839f20af8effbb0e95662168727964132603cf3
ssdeep: 6144:5qWfXB/SwTv4gvVgpMFPkYvt9hT7yy8Ru/cSjvFyq:TZ1v4sgpMF1vt9hT7yy8Ru/njNyq
File size : 423656 bytes
First seen: 2010-07-26 22:51:14
Last seen : 2010-09-28 06:51:57
TrID:
DirectShow filter (53.7%)
Windows OCX File (32.9%)
Win32 Executable MS Visual C++ (generic) (10.0%)
Win32 Executable Generic (2.2%)
Generic Win/DOS Executable (0.5%)
sigcheck:
publisher....: Sun Microsystems, Inc.
copyright....: Copyright (c) 2010
product......: Java(TM) Platform SE 6 U21
description..: Java(TM) Platform SE binary
original name: deployJava1.dll
internal name: deployJava1
file version.: 6.0.210.7
comments.....: n/a
signers......: Sun Microsystems, Inc.
VeriSign Class 3 Code Signing 2009 CA
Class 3 Public Primary Certification Authority - G2
signing date.: 2:00 PM 7/17/2010
verified.....: -

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x172E8
timedatestamp....: 0x4C4187B2 (Sat Jul 17 10:36:34 2010)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x20E6C, 0x21000, 6.60, b5528692906f56ec46f8b295e3f62a28
.rdata, 0x22000, 0x79F8, 0x8000, 5.12, a48fac843561c16a5c4513041728dee5
.data, 0x2A000, 0x327C, 0x2000, 3.24, 8b65d120f89d8ff36971e056cc4ae073
.rsrc, 0x2E000, 0x35448, 0x36000, 4.25, aa66b53e8923dbeb5693be2bfc78f3b2
.reloc, 0x64000, 0x327A, 0x4000, 4.91, cbe7d9a3904a2e0461fb618739311461

[[ 14 import(s) ]]
ADVAPI32.dll: RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegQueryValueExA, RegQueryValueA
urlmon.dll: IsValidURL
WININET.dll: InternetCrackUrlA, InternetCloseHandle, InternetReadFile, InternetTimeToSystemTime, HttpQueryInfoA, InternetErrorDlg, HttpSendRequestA, HttpAddRequestHeadersA, InternetTimeFromSystemTime, HttpOpenRequestA, InternetConnectA, InternetOpenA
SHLWAPI.dll: PathIsURLA, PathFileExistsA
COMCTL32.dll: -
WINTRUST.dll: WinVerifyTrust
WSOCK32.dll: -, -, -, -
CRYPT32.dll: CryptMsgGetParam, CertOpenSystemStoreA, CertGetNameStringW, CertCloseStore, CryptMsgClose, CertFindCertificateInStore, CryptQueryObject, CertGetEnhancedKeyUsage
SHELL32.dll: SHGetFileInfoA, ShellExecuteExA
KERNEL32.dll: QueryPerformanceCounter, UnhandledExceptionFilter, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, RaiseException, InitializeCriticalSection, DeleteCriticalSection, MultiByteToWideChar, lstrlenA, GetModuleFileNameA, WideCharToMultiByte, lstrlenW, EnterCriticalSection, LeaveCriticalSection, GetLastError, lstrcmpiA, DisableThreadLibraryCalls, InterlockedIncrement, InterlockedDecrement, lstrcpynA, IsDBCSLeadByte, MulDiv, FreeLibrary, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, GetModuleHandleA, FlushInstructionCache, GetCurrentProcess, GetCurrentThreadId, GetLongPathNameA, WaitForSingleObject, GlobalAlloc, lstrcmpA, GetDiskFreeSpaceA, GetProcAddress, LoadLibraryA, LockResource, GlobalUnlock, GlobalLock, GetTickCount, CloseHandle, GetExitCodeProcess, CreateProcessA, SetLastError, GlobalFree, GlobalHandle, GetTempFileNameA, lstrcatA, WriteFile, SetEndOfFile, SetFilePointer, CompareFileTime, SystemTimeToFileTime, Sleep, FileTimeToSystemTime, GetFileTime, GetFileSize, CreateFileA, lstrcpyA, SetEvent, CreateThread, CreateEventA, GlobalMemoryStatus, InterlockedCompareExchange, HeapFree, GetProcessHeap, HeapAlloc, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, ReadFile, GetCPInfo, GetOEMCP, LCMapStringW, LCMapStringA, SetUnhandledExceptionFilter, TlsGetValue, TlsSetValue, TlsFree, TlsAlloc, HeapSize, TerminateProcess, IsBadWritePtr, HeapCreate, HeapDestroy, ExitProcess, GetCommandLineA, GetSystemTimeAsFileTime, HeapReAlloc, VirtualQuery, GetSystemInfo, VirtualProtect, RtlUnwind, GetCurrentProcessId, IsBadReadPtr, IsBadCodePtr, GetStringTypeA, GetStringTypeW, SetStdHandle, FlushFileBuffers, GetTimeZoneInformation, CompareStringA, CompareStringW, SetEnvironmentVariableA, FindClose, FileTimeToLocalFileTime, GetDriveTypeA, FindFirstFileA, GetFullPathNameA, GetCurrentDirectoryA, GetTempPathA
USER32.dll: GetCursorPos, UnregisterClassA, CharNextA, SetCursor, DefWindowProcA, PtInRect, UnionRect, SetWindowPos, SetWindowRgn, OffsetRect, EqualRect, IntersectRect, ReleaseDC, GetDC, SetWindowLongA, MapDialogRect, SetWindowContextHelpId, GetDlgCtrlID, LoadBitmapA, PostMessageA, EnableWindow, KillTimer, SetTimer, MessageBoxA, DialogBoxIndirectParamA, RegisterWindowMessageA, GetWindowTextLengthA, GetWindowTextA, SetWindowTextA, DestroyWindow, CreateAcceleratorTableA, GetActiveWindow, GetClassNameA, RedrawWindow, GetDlgItem, SendMessageA, DestroyAcceleratorTable, GetDesktopWindow, InvalidateRgn, FillRect, SetCapture, ReleaseCapture, DialogBoxParamA, GetSysColor, SendDlgItemMessageA, GetWindow, GetWindowRect, SystemParametersInfoA, MapWindowPoints, EndDialog, LoadStringA, IsWindowUnicode, GetMessageW, GetMessageA, TranslateMessage, DispatchMessageW, DispatchMessageA, PeekMessageA, RegisterClassExA, GetClassInfoExA, LoadCursorA, wsprintfA, CreateWindowExA, GetParent, SetFocus, ShowWindow, GetFocus, IsChild, BeginPaint, GetClientRect, EndPaint, GetKeyState, InvalidateRect, IsWindow, CallWindowProcA, GetWindowLongA, MsgWaitForMultipleObjects
ole32.dll: CoCreateInstance, OleRegEnumVerbs, OleRegGetUserType, CoTaskMemRealloc, CoTaskMemFree, CoTaskMemAlloc, CreateOleAdviseHolder, OleRegGetMiscStatus, OleLoadFromStream, WriteClassStm, OleSaveToStream, CLSIDFromString, StringFromGUID2, OleLockRunning, CreateStreamOnHGlobal, CoGetClassObject, CLSIDFromProgID, OleInitialize, OleUninitialize
OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
GDI32.dll: CreateCompatibleBitmap, SelectObject, BitBlt, GetObjectA, GetStockObject, CreateSolidBrush, CreateFontIndirectA, DeleteObject, CreateDCA, DPtoLP, ModifyWorldTransform, SetGraphicsMode, StretchBlt, SetBkMode, SetTextColor, GetDeviceCaps, LPtoDP, SaveDC, SetMapMode, SetWindowOrgEx, SetViewportOrgEx, DeleteDC, RestoreDC, CreateCompatibleDC, CreateRectRgnIndirect

[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!





File name: rpcrt4.dll
Submission date: 2010-09-27 07:14:08 (UTC)
Current status: finished
Result: 0 /43 (0.0%)
VT Community

not reviewed
Safety score: - 
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.09.27.01 2010.09.27 -
AntiVir 7.10.12.31 2010.09.26 -
Antiy-AVL 2.0.3.7 2010.09.26 -
Authentium 5.2.0.5 2010.09.27 -
Avast 4.8.1351.0 2010.09.26 -
Avast5 5.0.594.0 2010.09.26 -
AVG 9.0.0.851 2010.09.26 -
BitDefender 7.2 2010.09.27 -
CAT-QuickHeal 11.00 2010.09.27 -
ClamAV 0.96.2.0-git 2010.09.27 -
Comodo 6208 2010.09.27 -
DrWeb 5.0.2.03300 2010.09.27 -
Emsisoft 5.0.0.37 2010.09.27 -
eSafe 7.0.17.0 2010.09.26 -
eTrust-Vet 36.1.7875 2010.09.25 -
F-Prot 4.6.2.117 2010.09.27 -
F-Secure 9.0.15370.0 2010.09.27 -
Fortinet 4.1.143.0 2010.09.26 -
GData 21 2010.09.27 -
Ikarus T3.1.1.88.0 2010.09.27 -
Jiangmin 13.0.900 2010.09.27 -
K7AntiVirus 9.63.2608 2010.09.25 -
Kaspersky 7.0.0.125 2010.09.27 -
McAfee 5.400.0.1158 2010.09.27 -
McAfee-GW-Edition 2010.1C 2010.09.27 -
Microsoft 1.6201 2010.09.27 -
NOD32 5481 2010.09.26 -
Norman 6.06.06 2010.09.26 -
nProtect 2010-09-27.02 2010.09.27 -
Panda 10.0.2.7 2010.09.26 -
PCTools 7.0.3.5 2010.09.27 -
Prevx 3.0 2010.09.27 -
Rising 22.66.06.01 2010.09.27 -
Sophos 4.58.0 2010.09.27 -
Sunbelt 6932 2010.09.27 -
SUPERAntiSpyware 4.40.0.1006 2010.09.27 -
Symantec 20101.1.1.7 2010.09.27 -
TheHacker 6.7.0.0.035 2010.09.27 -
TrendMicro 9.120.0.1004 2010.09.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.27 -
VBA32 3.12.14.1 2010.09.24 -
ViRobot 2010.8.31.4017 2010.09.27 -
VirusBuster 12.65.27.3 2010.09.26 -
Additional informationShow all 
MD5  : 07c04ab52dc357a1d682ac5884bcd9da
SHA1  : 9e4d297d36aab48dd1723b7a56265189782b2d37
SHA256: 0ca9bd077e81b3d048e0efb3690fda6d5833ffb4702e3d0583e8691c190ad0a8
ssdeep: 12288:HbHc6V3DzeNMW1sFZx1CUTd/s2xlqlRtC0UESWPKllyShXMYC3FcG+1t:nZx1LxlqlRs1
94KjyShXMYC3Fcp1t
File size : 590848 bytes
First seen: 2010-09-27 07:14:08
Last seen : 2010-09-27 07:14:08
Magic: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
TrID:
Win32 EXE PECompact compressed (generic) (67.3%)
Win32 Executable Generic (13.8%)
Win32 Dynamic Link Library (generic) (12.2%)
Generic Win/DOS Executable (3.2%)
DOS Executable Generic (3.2%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Remote Procedure Call Runtime
original name: rpcrt4.dll
internal name: rpcrt4.dll
file version.: 5.1.2600.6015 (xpsp_sp3_gdr.100721-1631)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x628F
timedatestamp....: 0x4C4867BB (Thu Jul 22 15:46:03 2010)
machinetype......: 0x14C (Intel I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x83CAB, 0x83E00, 6.65, 8282bafcb599cc3061aa99c4cdb1f5c2
.orpc, 0x85000, 0x693C, 0x6A00, 6.41, 72cded448066199b60ddc4e70927ee83
.data, 0x8C000, 0xED8, 0xC00, 3.63, 1c40327bf3b13378064f3ad85e4299ec
.rsrc, 0x8D000, 0x408, 0x600, 2.5, cf08a196ae66cbf8f02041b5f8fc7593
.reloc, 0x8E000, 0x4558, 0x4600, 6.68, 77f53f472b2e2838eb3ae64c2ce95d58

[[ 4 import(s) ]]
advapi32.dll: InitializeSecurityDescriptor, GetSecurityDescriptorLength, GetSecurityDescriptorControl, IsValidSecurityDescriptor, ImpersonateNamedPipeClient, RegOpenKeyW, RegisterEventSourceW, ReportEventW, DeregisterEventSource, RegDeleteKeyA, RegCreateKeyExA, RegSetValueExA, OpenSCManagerW, OpenServiceW, QueryServiceStatus, StartServiceW, CloseServiceHandle, IsValidSid, EqualSid, GetLengthSid, CopySid, SystemFunction040, SystemFunction041, GetSecurityDescriptorDacl, MakeSelfRelativeSD, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorDacl, LookupAccountNameW, SystemFunction036, RegEnumValueW, RegEnumValueA, RegQueryInfoKeyA, RegQueryValueExW, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegOpenKeyExW, TraceMessage, LookupAccountSidW, RevertToSelf, OpenProcessToken, SetThreadToken, GetTokenInformation, OpenThreadToken
kernel32.dll: TerminateProcess, UnhandledExceptionFilter, CreateEventW, QueryPerformanceCounter, CancelIo, GetOverlappedResult, GlobalFree, WaitForSingleObjectEx, lstrcatA, SetHandleInformation, GetComputerNameA, TransactNamedPipe, CreateFileW, SetNamedPipeHandleState, WaitNamedPipeW, FlushFileBuffers, DisconnectNamedPipe, ConnectNamedPipe, CreateNamedPipeW, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateTimerQueueTimer, DeleteTimerQueueTimer, lstrlenW, GetSystemInfo, TlsSetValue, TlsAlloc, TlsGetValue, IsBadWritePtr, WideCharToMultiByte, GetModuleFileNameA, lstrcmpiA, LoadLibraryA, UnmapViewOfFile, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, SetThreadPriorityBoost, LoadLibraryW, InterlockedCompareExchange, InterlockedIncrement, InterlockedDecrement, SetEvent, ResetEvent, GetLastError, GetCurrentThreadId, Sleep, GetProcAddress, FormatMessageA, FormatMessageW, CloseHandle, GetCurrentThread, lstrlenA, GetTickCount, FreeLibrary, GetCurrentProcess, GetCurrentProcessId, GetComputerNameW, InterlockedExchange, WriteFile, HeapFree, HeapAlloc, GetProcessHeap, SetUnhandledExceptionFilter, RaiseException, CreateThread, DuplicateHandle, QueueUserAPC, GlobalMemoryStatusEx, GetCommandLineW, InterlockedExchangeAdd, CompareStringW, lstrcmpW, lstrcpyA, GetSystemTimeAsFileTime, FileTimeToSystemTime, GetComputerNameExW, GetModuleHandleW, SetCriticalSectionSpinCount, VirtualAlloc, MapViewOfFileEx, WaitForSingleObject, SetLastError, PostQueuedCompletionStatus, VirtualFree, VirtualProtect
ntdll.dll: RtlUnwind, NtDeviceIoControlFile, RtlInitializeCriticalSection, atol, _wtol, _ultoa, RtlIntegerToChar, strtol, _ltoa, atoi, strchr, NtReadFile, NtFsControlFile, wcsstr, _itow, wcstol, sprintf, RtlNtStatusToDosError, RtlUnicodeToMultiByteSize, DbgPrint, RtlIntegerToUnicodeString, _ultow, NtQuerySystemTime, RtlTimeToSecondsSince1980, NtAllocateUuids, RtlFillMemoryUlong, DbgBreakPoint, NtCreateSection, NtSecureConnectPort, RtlFreeHeap, RtlAllocateHeap, wcschr, wcsncpy, NtWriteFile, NtQueryVirtualMemory, RtlUnicodeStringToAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString, _stricmp, RtlFreeAnsiString, wcstoul, wcsrchr, _itoa, RtlCaptureStackBackTrace, NtReplyWaitReceivePortEx, NtReplyWaitReplyPort, NtReadRequestData, NtRequestWaitReplyPort, NtCompleteConnectPort, NtReplyPort, NtRequestPort, NtWriteRequestData, NtClose, wcscat, NtImpersonateAnonymousToken, NtImpersonateClientOfPort, NtConnectPort, NtAcceptConnectPort, RtlInitUnicodeString, NtCreatePort, swprintf, NtPrivilegeCheck, RtlFreeUnicodeString, memmove, NtSetInformationThread, RtlUnicodeToMultiByteN, RtlMultiByteToUnicodeN, RtlTryEnterCriticalSection, _alloca_probe, RtlDllShutdownInProgress, _wcsnicmp, strncpy, NtQueryInformationThread, NtAlertThread, NtDelayExecution, _wcsicmp, wcslen, wcscpy, RtlInitializeCriticalSectionAndSpinCount, RtlDeleteCriticalSection, RtlLeaveCriticalSection, RtlEnterCriticalSection, NtQuerySystemInformation, DbgPrintEx, RtlGetNtProductType
secur32.dll: GetUserNameExW

[[ 514 export(s) ]]
CStdStubBuffer_AddRef, CStdStubBuffer_Connect, CStdStubBuffer_CountRefs, CStdStubBuffer_DebugServerQueryInterface, CStdStubBuffer_DebugServerRelease, CStdStubBuffer_Disconnect, CStdStubBuffer_Invoke, CStdStubBuffer_IsIIDSupported, CStdStubBuffer_QueryInterface, CheckVerificationTrailer, CreateProxyFromTypeInfo, CreateStubFromTypeInfo, DceErrorInqTextA, DceErrorInqTextW, DllGetClassObject, DllRegisterServer, GlobalMutexClearExternal, GlobalMutexRequestExternal, IUnknown_AddRef_Proxy, IUnknown_QueryInterface_Proxy, IUnknown_Release_Proxy, I_RpcAbortAsyncCall, I_RpcAllocate, I_RpcAsyncAbortCall, I_RpcAsyncSetHandle, I_RpcBCacheAllocate, I_RpcBCacheFree, I_RpcBindingCopy, I_RpcBindingHandleToAsyncHandle, I_RpcBindingInqConnId, I_RpcBindingInqDynamicEndpoint, I_RpcBindingInqDynamicEndpointA, I_RpcBindingInqDynamicEndpointW, I_RpcBindingInqLocalClientPID, I_RpcBindingInqSecurityContext, I_RpcBindingInqTransportType, I_RpcBindingInqWireIdForSnego, I_RpcBindingIsClientLocal, I_RpcBindingToStaticStringBindingW, I_RpcClearMutex, I_RpcConnectionInqSockBuffSize, I_RpcConnectionSetSockBuffSize, I_RpcDeleteMutex, I_RpcEnableWmiTrace, I_RpcExceptionFilter, I_RpcFree, I_RpcFreeBuffer, I_RpcFreePipeBuffer, I_RpcGetBuffer, I_RpcGetBufferWithObject, I_RpcGetCurrentCallHandle, I_RpcGetExtendedError, I_RpcIfInqTransferSyntaxes, I_RpcLogEvent, I_RpcMapWin32Status, I_RpcNegotiateTransferSyntax, I_RpcNsBindingSetEntryName, I_RpcNsBindingSetEntryNameA, I_RpcNsBindingSetEntryNameW, I_RpcNsInterfaceExported, I_RpcNsInterfaceUnexported, I_RpcParseSecurity, I_RpcPauseExecution, I_RpcProxyNewConnection, I_RpcReallocPipeBuffer, I_RpcReceive, I_RpcRequestMutex, I_RpcSend, I_RpcSendReceive, I_RpcServerAllocateIpPort, I_RpcServerCheckClientRestriction, I_RpcServerInqAddressChangeFn, I_RpcServerInqLocalConnAddress, I_RpcServerInqTransportType, I_RpcServerRegisterForwardFunction, I_RpcServerSetAddressChangeFn, I_RpcServerUseProtseq2A, I_RpcServerUseProtseq2W, I_RpcServerUseProtseqEp2A, I_RpcServerUseProtseqEp2W, I_RpcSessionStrictContextHandle, I_RpcSetAsyncHandle, I_RpcSsDontSerializeContext, I_RpcSystemFunction001, I_RpcTransConnectionAllocatePacket, I_RpcTransConnectionFreePacket, I_RpcTransConnectionReallocPacket, I_RpcTransDatagramAllocate, I_RpcTransDatagramAllocate2, I_RpcTransDatagramFree, I_RpcTransGetThreadEvent, I_RpcTransIoCancelled, I_RpcTransServerNewConnection, I_RpcTurnOnEEInfoPropagation, I_UuidCreate, MIDL_wchar_strcpy, MIDL_wchar_strlen, MesBufferHandleReset, MesDecodeBufferHandleCreate, MesDecodeIncrementalHandleCreate, MesEncodeDynBufferHandleCreate, MesEncodeFixedBufferHandleCreate, MesEncodeIncrementalHandleCreate, MesHandleFree, MesIncrementalHandleReset, MesInqProcEncodingId, NDRCContextBinding, NDRCContextMarshall, NDRCContextUnmarshall, NDRSContextMarshall, NDRSContextMarshall2, NDRSContextMarshallEx, NDRSContextUnmarshall, NDRSContextUnmarshall2, NDRSContextUnmarshallEx, NDRcopy, NdrAllocate, NdrAsyncClientCall, NdrAsyncServerCall, NdrByteCountPointerBufferSize, NdrByteCountPointerFree, NdrByteCountPointerMarshall, NdrByteCountPointerUnmarshall, NdrCStdStubBuffer2_Release, NdrCStdStubBuffer_Release, NdrClearOutParameters, NdrClientCall, NdrClientCall2, NdrClientContextMarshall, NdrClientContextUnmarshall, NdrClientInitialize, NdrClientInitializeNew, NdrComplexArrayBufferSize, NdrComplexArrayFree, NdrComplexArrayMarshall, NdrComplexArrayMemorySize, NdrComplexArrayUnmarshall, NdrComplexStructBufferSize, NdrComplexStructFree, NdrComplexStructMarshall, NdrComplexStructMemorySize, NdrComplexStructUnmarshall, NdrConformantArrayBufferSize, NdrConformantArrayFree, NdrConformantArrayMarshall, NdrConformantArrayMemorySize, NdrConformantArrayUnmarshall, NdrConformantStringBufferSize, NdrConformantStringMarshall, NdrConformantStringMemorySize, NdrConformantStringUnmarshall, NdrConformantStructBufferSize, NdrConformantStructFree, NdrConformantStructMarshall, NdrConformantStructMemorySize, NdrConformantStructUnmarshall, NdrConformantVaryingArrayBufferSize, NdrConformantVaryingArrayFree, NdrConformantVaryingArrayMarshall, NdrConformantVaryingArrayMemorySize, NdrConformantVaryingArrayUnmarshall, NdrConformantVaryingStructBufferSize, NdrConformantVaryingStructFree, NdrConformantVaryingStructMarshall, NdrConformantVaryingStructMemorySize, NdrConformantVaryingStructUnmarshall, NdrContextHandleInitialize, NdrContextHandleSize, NdrConvert, NdrConvert2, NdrCorrelationFree, NdrCorrelationInitialize, NdrCorrelationPass, NdrCreateServerInterfaceFromStub, NdrDcomAsyncClientCall, NdrDcomAsyncStubCall, NdrDllCanUnloadNow, NdrDllGetClassObject, NdrDllRegisterProxy, NdrDllUnregisterProxy, NdrEncapsulatedUnionBufferSize, NdrEncapsulatedUnionFree, NdrEncapsulatedUnionMarshall, NdrEncapsulatedUnionMemorySize, NdrEncapsulatedUnionUnmarshall, NdrFixedArrayBufferSize, NdrFixedArrayFree, NdrFixedArrayMarshall, NdrFixedArrayMemorySize, NdrFixedArrayUnmarshall, NdrFreeBuffer, NdrFullPointerFree, NdrFullPointerInsertRefId, NdrFullPointerQueryPointer, NdrFullPointerQueryRefId, NdrFullPointerXlatFree, NdrFullPointerXlatInit, NdrGetBuffer, NdrGetDcomProtocolVersion, NdrGetSimpleTypeBufferAlignment, NdrGetSimpleTypeBufferSize, NdrGetSimpleTypeMemorySize, NdrGetTypeFlags, NdrGetUserMarshalInfo, NdrInterfacePointerBufferSize, NdrInterfacePointerFree, NdrInterfacePointerMarshall, NdrInterfacePointerMemorySize, NdrInterfacePointerUnmarshall, NdrMapCommAndFaultStatus, NdrMesProcEncodeDecode, NdrMesProcEncodeDecode2, NdrMesSimpleTypeAlignSize, NdrMesSimpleTypeDecode, NdrMesSimpleTypeEncode, NdrMesTypeAlignSize, NdrMesTypeAlignSize2, NdrMesTypeDecode, NdrMesTypeDecode2, NdrMesTypeEncode, NdrMesTypeEncode2, NdrMesTypeFree2, NdrNonConformantStringBufferSize, NdrNonConformantStringMarshall, NdrNonConformantStringMemorySize, NdrNonConformantStringUnmarshall, NdrNonEncapsulatedUnionBufferSize, NdrNonEncapsulatedUnionFree, NdrNonEncapsulatedUnionMarshall, NdrNonEncapsulatedUnionMemorySize, NdrNonEncapsulatedUnionUnmarshall, NdrNsGetBuffer, NdrNsSendReceive, NdrOleAllocate, NdrOleFree, NdrOutInit, NdrPartialIgnoreClientBufferSize, NdrPartialIgnoreClientMarshall, NdrPartialIgnoreServerInitialize, NdrPartialIgnoreServerUnmarshall, NdrPointerBufferSize, NdrPointerFree, NdrPointerMarshall, NdrPointerMemorySize, NdrPointerUnmarshall, NdrProxyErrorHandler, NdrProxyFreeBuffer, NdrProxyGetBuffer, NdrProxyInitialize, NdrProxySendReceive, NdrRangeUnmarshall, NdrRpcSmClientAllocate, NdrRpcSmClientFree, NdrRpcSmSetClientToOsf, NdrRpcSsDefaultAllocate, NdrRpcSsDefaultFree, NdrRpcSsDisableAllocate, NdrRpcSsEnableAllocate, NdrSendReceive, NdrServerCall, NdrServerCall2, NdrServerContextMarshall, NdrServerContextNewMarshall, NdrServerContextNewUnmarshall, NdrServerContextUnmarshall, NdrServerInitialize, NdrServerInitializeMarshall, NdrServerInitializeNew, NdrServerInitializePartial, NdrServerInitializeUnmarshall, NdrServerMarshall, NdrServerUnmarshall, NdrSimpleStructBufferSize, NdrSimpleStructFree, NdrSimpleStructMarshall, NdrSimpleStructMemorySize, NdrSimpleStructUnmarshall, NdrSimpleTypeMarshall, NdrSimpleTypeUnmarshall, NdrStubCall, NdrStubCall2, NdrStubForwardingFunction, NdrStubGetBuffer, NdrStubInitialize, NdrStubInitializeMarshall, NdrTypeFlags, NdrTypeFree, NdrTypeMarshall, NdrTypeSize, NdrTypeUnmarshall, NdrUnmarshallBasetypeInline, NdrUserMarshalBufferSize, NdrUserMarshalFree, NdrUserMarshalMarshall, NdrUserMarshalMemorySize, NdrUserMarshalSimpleTypeConvert, NdrUserMarshalUnmarshall, NdrVaryingArrayBufferSize, NdrVaryingArrayFree, NdrVaryingArrayMarshall, NdrVaryingArrayMemorySize, NdrVaryingArrayUnmarshall, NdrXmitOrRepAsBufferSize, NdrXmitOrRepAsFree, NdrXmitOrRepAsMarshall, NdrXmitOrRepAsMemorySize, NdrXmitOrRepAsUnmarshall, NdrpCreateProxy, NdrpCreateStub, NdrpGetProcFormatString, NdrpGetTypeFormatString, NdrpGetTypeGenCookie, NdrpMemoryIncrement, NdrpReleaseTypeFormatString, NdrpReleaseTypeGenCookie, NdrpSetRpcSsDefaults, NdrpVarVtOfTypeDesc, RpcAbortAsyncCall, RpcAsyncAbortCall, RpcAsyncCancelCall, RpcAsyncCompleteCall, RpcAsyncGetCallStatus, RpcAsyncInitializeHandle, RpcAsyncRegisterInfo, RpcBindingCopy, RpcBindingFree, RpcBindingFromStringBindingA, RpcBindingFromStringBindingW, RpcBindingInqAuthClientA, RpcBindingInqAuthClientExA, RpcBindingInqAuthClientExW, RpcBindingInqAuthClientW, RpcBindingInqAuthInfoA, RpcBindingInqAuthInfoExA, RpcBindingInqAuthInfoExW, RpcBindingInqAuthInfoW, RpcBindingInqObject, RpcBindingInqOption, RpcBindingReset, RpcBindingServerFromClient, RpcBindingSetAuthInfoA, RpcBindingSetAuthInfoExA, RpcBindingSetAuthInfoExW, RpcBindingSetAuthInfoW, RpcBindingSetObject, RpcBindingSetOption, RpcBindingToStringBindingA, RpcBindingToStringBindingW, RpcBindingVectorFree, RpcCancelAsyncCall, RpcCancelThread, RpcCancelThreadEx, RpcCertGeneratePrincipalNameA, RpcCertGeneratePrincipalNameW, RpcCompleteAsyncCall, RpcEpRegisterA, RpcEpRegisterNoReplaceA, RpcEpRegisterNoReplaceW, RpcEpRegisterW, RpcEpResolveBinding, RpcEpUnregister, RpcErrorAddRecord, RpcErrorClearInformation, RpcErrorEndEnumeration, RpcErrorGetNextRecord, RpcErrorGetNumberOfRecords, RpcErrorLoadErrorInfo, RpcErrorResetEnumeration, RpcErrorSaveErrorInfo, RpcErrorStartEnumeration, RpcFreeAuthorizationContext, RpcGetAsyncCallStatus, RpcGetAuthorizationContextForClient, RpcIfIdVectorFree, RpcIfInqId, RpcImpersonateClient, RpcInitializeAsyncHandle, RpcMgmtEnableIdleCleanup, RpcMgmtEpEltInqBegin, RpcMgmtEpEltInqDone, RpcMgmtEpEltInqNextA, RpcMgmtEpEltInqNextW, RpcMgmtEpUnregister, RpcMgmtInqComTimeout, RpcMgmtInqDefaultProtectLevel, RpcMgmtInqIfIds, RpcMgmtInqServerPrincNameA, RpcMgmtInqServerPrincNameW, RpcMgmtInqStats, RpcMgmtIsServerListening, RpcMgmtSetAuthorizationFn, RpcMgmtSetCancelTimeout, RpcMgmtSetComTimeout, RpcMgmtSetServerStackSize, RpcMgmtStatsVectorFree, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, RpcNetworkInqProtseqsA, RpcNetworkInqProtseqsW, RpcNetworkIsProtseqValidA, RpcNetworkIsProtseqValidW, RpcNsBindingInqEntryNameA, RpcNsBindingInqEntryNameW, RpcObjectInqType, RpcObjectSetInqFn, RpcObjectSetType, RpcProtseqVectorFreeA, RpcProtseqVectorFreeW, RpcRaiseException, RpcRegisterAsyncInfo, RpcRevertToSelf, RpcRevertToSelfEx, RpcServerInqBindings, RpcServerInqCallAttributesA, RpcServerInqCallAttributesW, RpcServerInqDefaultPrincNameA, RpcServerInqDefaultPrincNameW, RpcServerInqIf, RpcServerListen, RpcServerRegisterAuthInfoA, RpcServerRegisterAuthInfoW, RpcServerRegisterIf, RpcServerRegisterIf2, RpcServerRegisterIfEx, RpcServerTestCancel, RpcServerUnregisterIf, RpcServerUnregisterIfEx, RpcServerUseAllProtseqs, RpcServerUseAllProtseqsEx, RpcServerUseAllProtseqsIf, RpcServerUseAllProtseqsIfEx, RpcServerUseProtseqA, RpcServerUseProtseqEpA, RpcServerUseProtseqEpExA, RpcServerUseProtseqEpExW, RpcServerUseProtseqEpW, RpcServerUseProtseqExA, RpcServerUseProtseqExW, RpcServerUseProtseqIfA, RpcServerUseProtseqIfExA, RpcServerUseProtseqIfExW, RpcServerUseProtseqIfW, RpcServerUseProtseqW, RpcServerYield, RpcSmAllocate, RpcSmClientFree, RpcSmDestroyClientContext, RpcSmDisableAllocate, RpcSmEnableAllocate, RpcSmFree, RpcSmGetThreadHandle, RpcSmSetClientAllocFree, RpcSmSetThreadHandle, RpcSmSwapClientAllocFree, RpcSsAllocate, RpcSsContextLockExclusive, RpcSsContextLockShared, RpcSsDestroyClientContext, RpcSsDisableAllocate, RpcSsDontSerializeContext, RpcSsEnableAllocate, RpcSsFree, RpcSsGetContextBinding, RpcSsGetThreadHandle, RpcSsSetClientAllocFree, RpcSsSetThreadHandle, RpcSsSwapClientAllocFree, RpcStringBindingComposeA, RpcStringBindingComposeW, RpcStringBindingParseA, RpcStringBindingParseW, RpcStringFreeA, RpcStringFreeW, RpcTestCancel, RpcUserFree, SimpleTypeAlignment, SimpleTypeBufferSize, SimpleTypeMemorySize, TowerConstruct, TowerExplode, UuidCompare, UuidCreate, UuidCreateNil, UuidCreateSequential, UuidEqual, UuidFromStringA, UuidFromStringW, UuidHash, UuidIsNil, UuidToStringA, UuidToStringW, char_array_from_ndr, char_from_ndr, data_from_ndr, data_into_ndr, data_size_ndr, double_array_from_ndr, double_from_ndr, enum_from_ndr, float_array_from_ndr, float_from_ndr, long_array_from_ndr, long_from_ndr, long_from_ndr_temp, pfnFreeRoutines, pfnMarshallRoutines, pfnSizeRoutines, pfnUnmarshallRoutines, short_array_from_ndr, short_from_ndr, short_from_ndr_temp, tree_into_ndr, tree_peek_ndr, tree_size_ndr



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: xpsp4res.dll
Submission date: 2010-09-28 06:57:39 (UTC)
Current status: queued (#2) queued (#2) analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: - 
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.09.28.00 2010.09.27 -
AntiVir 7.10.12.54 2010.09.27 -
Antiy-AVL 2.0.3.7 2010.09.28 -
Authentium 5.2.0.5 2010.09.28 -
Avast 4.8.1351.0 2010.09.27 -
Avast5 5.0.594.0 2010.09.27 -
AVG 9.0.0.851 2010.09.27 -
BitDefender 7.2 2010.09.28 -
CAT-QuickHeal 11.00 2010.09.28 -
ClamAV 0.96.2.0-git 2010.09.28 -
Comodo 6220 2010.09.28 -
DrWeb 5.0.2.03300 2010.09.28 -
Emsisoft 5.0.0.37 2010.09.28 -
eSafe 7.0.17.0 2010.09.26 -
eTrust-Vet 36.1.7879 2010.09.27 -
F-Prot 4.6.2.117 2010.09.28 -
F-Secure 9.0.15370.0 2010.09.28 -
Fortinet 4.1.143.0 2010.09.26 -
GData 21 2010.09.28 -
Ikarus T3.1.1.90.0 2010.09.28 -
Jiangmin 13.0.900 2010.09.28 -
K7AntiVirus 9.63.2618 2010.09.27 -
Kaspersky 7.0.0.125 2010.09.28 -
McAfee 5.400.0.1158 2010.09.28 -
McAfee-GW-Edition 2010.1C 2010.09.28 -
Microsoft 1.6201 2010.09.28 -
NOD32 5484 2010.09.27 -
Norman 6.06.06 2010.09.27 -
nProtect 2010-09-27.03 2010.09.27 -
Panda 10.0.2.7 2010.09.27 -
PCTools 7.0.3.5 2010.09.28 -
Prevx 3.0 2010.09.28 -
Rising 22.66.06.01 2010.09.27 -
Sophos 4.58.0 2010.09.28 -
Sunbelt 6937 2010.09.28 -
SUPERAntiSpyware 4.40.0.1006 2010.09.28 -
Symantec 20101.1.1.7 2010.09.28 -
TheHacker 6.7.0.0.036 2010.09.27 -
TrendMicro 9.120.0.1004 2010.09.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.28 -
VBA32 3.12.14.1 2010.09.27 -
ViRobot 2010.8.31.4017 2010.09.28 -
VirusBuster 12.66.2.0 2010.09.27 -
Additional informationShow all 
MD5  : 2631bd68e47ded156f1618881cecb833
SHA1  : 61fb23576d68aeb8e8e20fb2cb951230be71b03b
SHA256: 795fabbefe42447879dbbcfaa35a86c943f3f0359d033d1c0a5f681312afff63
ssdeep: 96:Q2NNLOpFic1tE5zEA8abJkXYEX8RSxF6WJThjAvhzi7WdnknAszeWwfaY:QcIibkXYEMRA60
8ZMWdkAszeWnY
File size : 5120 bytes
First seen: 2010-09-15 15:19:18
Last seen : 2010-09-28 06:57:39
TrID:
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Alle rettigheder forbeholdes.
product......: Microsoft_ Windows_ Operativsystem
description..: Service Pack 4-meddelelser
original name: xpsp4res.dll
internal name: xpsp4res.dll
file version.: 5.1.2600.6015 (WinXP.100721-1640)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x0
timedatestamp....: 0x4C47DDC0 (Thu Jul 22 05:57:20 2010)
machinetype......: 0x14c (I386)

[[ 1 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.rsrc, 0x1000, 0x1200, 0x1200, 3.57, 3432ea0e744ab32a773540f0ec34ae5b



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
Avatar billede patrick14 Nybegynder
28. september 2010 - 17:02 #10
Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Folder::
c:\programmer\myBabylon_English
c:\programmer\Babylon
Registry::
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmer\myBabylon_English\tbmyB1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-09-06 06:56    2735200    ----a-w-    c:\programmer\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmer\myBabylon_English\tbmyB1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\programmer\myBabylon_English\tbmyB1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.


Efterfølgende kør en tur med disse onlinescannere:

http://www.einfodaily.com/scan/licence.html

http://www.eset.com/online-scanner
Avatar billede tuep Nybegynder
01. oktober 2010 - 13:46 #11
SÅ er vi vist igennem og jeg har verdens mest rene PC!
Nedenstående rapport efter ComboFix og den ikke noget med de to onlinescannere. Jeg havde lidt problemer med den første scanner, da den skulle have admin adgang, men jeg fik kørt den igennem.

Kast et svar, så skal du velfortjent for dine meget fortjente point :-)
God weekend og stor tak for hjælpen


omboFix 10-09-28.03 - TDI 29-09-2010  9:46.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.2551.1777 [GMT 2:00]
Kører fra: c:\documents and settings\TDI\Skrivebord\virusmappe\Compo\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\TDI\Skrivebord\virusmappe\Compo\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active


advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmer\myBabylon_English
c:\programmer\myBabylon_English\INSTALL.LOG
c:\programmer\myBabylon_English\myBabylon_EnglishToolbarHelper.exe
c:\programmer\myBabylon_English\tbmyB1.dll
c:\programmer\myBabylon_English\tbmyBa.dll
c:\programmer\myBabylon_English\toolbar.cfg
c:\programmer\myBabylon_English\UNWISE.EXE
c:\windows\system32\GroupPolicy\User\Scripts\scripts.ini

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-08-28 til 2010-09-29  )))))))))))))))))))))))))))))))))))
.

2010-09-28 06:39 . 2010-09-28 06:40    --------    d-----w-    c:\programmer\QuickTime
2010-09-28 06:39 . 2010-09-28 06:39    --------    d-----w-    c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-28 06:37 . 2010-09-28 06:37    --------    d-----w-    c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\myBabylon_English
2010-09-23 07:00 . 2010-09-29 07:46    --------    d-----w-    C:\Quarantine
2010-09-22 10:13 . 2010-09-22 10:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-22 10:13 . 2010-09-22 11:06    --------    d-----w-    c:\programmer\SUPERAntiSpyware
2010-09-22 10:13 . 2010-09-22 10:13    --------    d-----w-    c:\documents and settings\TDI\Application Data\SUPERAntiSpyware.com
2010-09-22 10:12 . 2010-09-22 10:12    --------    d-----w-    c:\programmer\Fælles filer\Wise Installation Wizard
2010-09-22 08:40 . 2010-09-22 08:40    --------    d-----w-    c:\documents and settings\TDI\Application Data\Malwarebytes
2010-09-22 08:40 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 08:40 . 2010-09-22 08:40    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-22 08:40 . 2010-09-22 08:40    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-09-22 08:40 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-22 08:22 . 2010-09-22 08:22    --------    d-----w-    c:\programmer\CCleaner
2010-09-22 07:33 . 2010-09-22 07:33    --------    d-----w-    c:\programmer\Trend Micro
2010-09-14 12:25 . 2010-09-14 12:25    --------    d-----w-    c:\documents and settings\TDI\Lokale indstillinger\Application Data\Sony Ericsson
2010-09-14 12:25 . 2010-09-14 12:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\BVRP Software
2010-09-14 06:55 . 2010-09-29 06:47    --------    d-----w-    c:\documents and settings\TDI\Application Data\Dropbox

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 08:03 . 2010-08-04 06:54    --------    d-----w-    c:\documents and settings\TDI\Application Data\Skype
2010-09-29 06:47 . 2010-08-04 06:55    --------    d-----w-    c:\documents and settings\TDI\Application Data\skypePM
2010-09-22 11:07 . 2010-09-22 11:07    63488    ----a-w-    c:\documents and settings\TDI\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-22 11:07 . 2010-09-22 11:07    52224    ----a-w-    c:\documents and settings\TDI\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-22 11:07 . 2010-09-22 11:07    117760    ----a-w-    c:\documents and settings\TDI\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-22 07:33 . 2010-09-22 07:33    388096    ----a-r-    c:\documents and settings\TDI\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-21 12:37 . 2008-07-28 08:18    --------    d-----w-    c:\programmer\Google
2010-09-14 12:21 . 2010-09-14 12:21    --------    d-----w-    c:\programmer\Sony Ericsson
2010-09-14 12:21 . 2010-09-14 12:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-09-14 12:21 . 2005-04-04 10:29    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2010-09-14 08:30 . 2009-09-23 12:12    0    ----a-w-    c:\documents and settings\TDI\temp.dat
2010-09-14 06:56 . 2010-09-14 06:56    89831    ----a-w-    c:\documents and settings\TDI\Application Data\Dropbox\bin\Uninstall.exe
2010-09-14 06:43 . 2010-06-03 10:57    --------    d-----w-    c:\programmer\Microsoft Silverlight
2010-08-17 13:17 . 2001-10-09 12:00    58880    ----a-w-    c:\windows\system32\spoolsv.exe
2010-08-12 06:56 . 2010-08-04 06:53    --------    d-----r-    c:\programmer\Skype
2010-08-09 07:59 . 2005-04-04 14:03    --------    d-----w-    c:\programmer\Fælles filer\Java
2010-08-09 07:59 . 2010-08-09 07:59    503808    ----a-w-    c:\documents and settings\TDI\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40f32ce3-n\msvcp71.dll
2010-08-09 07:59 . 2010-08-09 07:59    61440    ----a-w-    c:\documents and settings\TDI\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7b170510-n\decora-sse.dll
2010-08-09 07:59 . 2010-08-09 07:59    499712    ----a-w-    c:\documents and settings\TDI\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40f32ce3-n\jmc.dll
2010-08-09 07:59 . 2010-08-09 07:59    348160    ----a-w-    c:\documents and settings\TDI\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40f32ce3-n\msvcr71.dll
2010-08-09 07:59 . 2010-08-09 07:59    12800    ----a-w-    c:\documents and settings\TDI\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7b170510-n\decora-d3d.dll
2010-08-09 07:59 . 2005-04-04 14:03    --------    d-----w-    c:\programmer\Java
2010-08-06 12:26 . 2010-08-06 12:26    --------    d-----w-    c:\documents and settings\TDI\Application Data\Digsby
2010-08-06 12:26 . 2010-08-06 12:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\Digsby
2010-08-06 12:26 . 2010-08-06 12:26    --------    d-----w-    c:\programmer\Conduit
2010-08-04 06:55 . 2010-08-04 06:55    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2010-08-04 06:53 . 2010-08-04 06:53    --------    d-----w-    c:\programmer\Fælles filer\Skype
2010-08-04 06:53 . 2010-08-04 06:53    --------    d-----w-    c:\documents and settings\All Users\Application Data\Skype
2010-07-22 15:46 . 2001-10-09 12:00    590848    ----a-w-    c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25    5120    ----a-w-    c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-05-12 06:49    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-07-13 08:35 . 2001-10-09 12:00    62474    ----a-w-    c:\windows\system32\perfc006.dat
2010-07-13 08:35 . 2001-10-09 12:00    394772    ----a-w-    c:\windows\system32\perfh006.dat
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\TDI\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\TDI\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\TDI\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-01 39408]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\TDI\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Sony Ericsson PC Suite"="c:\programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-22 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmer\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"McAfeeUpdaterUI"="c:\programmer\Network Associates\Common Framework\UdaterUI.exe" [2008-06-25 136512]
"ShStatEXE"="c:\programmer\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"Acrobat Assistant 8.0"="c:\programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-06-16 624056]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-10-20 53248]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-10-20 57344]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
"Google Quick Search Box"="c:\programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-01 122368]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

c:\documents and settings\LOGIN\Menuen Start\Programmer\Start\
GroupWise.lnk - c:\novell\GroupWise\grpwise.exe [2006-3-30 5845052]

c:\documents and settings\JAO\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - c:\programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\TDI\Menuen Start\Programmer\Start\
Dropbox.lnk - c:\documents and settings\TDI\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Acrobat Hurtigstart.lnk - c:\windows\Installer\{AC76BA86-1053-DF00-7760-000000000003}\_SC_Acrobat.exe [2008-7-16 295606]
Application Explorer.lnk - c:\programmer\Novell\ZENworks\NalView.exe [2006-6-13 35840]
GroupWise Notifikation.lnk - c:\novell\GroupWise\notify.exe [2006-3-30 192570]
Notifikation.lnk - c:\novell\GroupWise\notify.exe [2006-3-30 192570]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\programmer\Novell\ZENworks\NalShell.dll" [2006-06-28 446464]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2010-09-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-09-22 11:05    548352    ----a-w-    c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2006-05-02 07:17    24576    ----a-w-    c:\windows\system32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages    REG_MULTI_SZ      msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1013\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1014\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1015\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1016\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1017\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1018\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1019\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2885656535-423628669-527726371-1020\Scripts\Logon\0\0]
"Script"=\\zendns1\DATA\LoginScripts\FONTSRV_SetUSER.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\Programmer\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"c:\\Documents and Settings\\TDI\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [28-07-2008 09:19 34592]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [29-02-2008 16:03 12872]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 67656]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [23-05-2005 14:47 6899]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [14-09-2010 14:21 90112]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [09-05-2006 10:59 167936]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [02-05-2006 09:17 61440]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [23-05-2005 14:11 2773]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [10-12-2009 15:21 135664]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [26-02-2010 10:11 102656]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [14-09-2010 14:21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [14-09-2010 14:21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [14-09-2010 14:21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [14-09-2010 14:21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [14-09-2010 14:21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [14-09-2010 14:21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [14-09-2010 14:21 109736]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 12872]
.
Indhold af mappen 'Planlagte Opgaver'

2010-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-12-10 13:21]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-12-10 13:21]

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2885656535-423628669-527726371-1019Core.job
- c:\documents and settings\TDI\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-05-20 13:31]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2885656535-423628669-527726371-1019UA.job
- c:\documents and settings\TDI\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-05-20 13:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://intranetdlm.dansklandbrug.dk/side.asp?p=2&uid=463733894&side=2&color=
uInternet Connection Wizard,ShellNext = hxxp://intranetdlm.dansklandbrug.dk/autologin.asp?initialer=TDI
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Konverter hyperlinkdestination til Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konverter hyperlinkdestination til eksisterende PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Konverter markering til Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konverter markering til eksisterende PDF-fil - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Konverter til Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konverter valgte hyperlinks til Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Konverter valgte hyperlinks til eksisterende PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Tilføj til eksisterende PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: nordjyske.dk
Trusted Zone: nordjyske.dk\tryk
Trusted Zone: nordjyske.dk
Trusted Zone: nordjyske.dk\tryk
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
.
- - - - TOMME GENVEJE FJERNET - - - -

URLSearchHooks-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\programmer\myBabylon_English\tbmyB1.dll
BHO-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\programmer\myBabylon_English\tbmyB1.dll
Toolbar-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\programmer\myBabylon_English\tbmyB1.dll
WebBrowser-{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - c:\programmer\myBabylon_English\tbmyB1.dll
AddRemove-myBabylon_English Toolbar - c:\progra~1\MYBABY~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 09:59
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\NETWIN32.DLL
c:\programmer\Novell\ZENworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\ZenMup.dll
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
c:\programmer\Novell\ZENworks\WMNTAPI.DLL
c:\windows\system32\NLS\ENGLISH\MAPBASER.DLL

- - - - - - - > 'Explorer.exe'(5680)
c:\documents and settings\TDI\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\programmer\Novell\ZENworks\NLS\english\NalUIRes.dll
c:\programmer\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Network Associates\Common Framework\FrameworkService.exe
c:\programmer\McAfee\VirusScan Enterprise\Mcshield.exe
c:\programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\Novell\ZENworks\nalntsrv.exe
c:\programmer\Network Associates\Common Framework\naPrdMgr.exe
c:\programmer\Analog Devices\SoundMAX\SMAgent.exe
c:\programmer\Novell\ZENworks\wm.exe
c:\programmer\Novell\ZENworks\WMRUNDLL.EXE
c:\windows\system32\NWTRAY.EXE
c:\programmer\Network Associates\Common Framework\McTray.exe
c:\documents and settings\TDI\Lokale indstillinger\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\programmer\Novell\ZENworks\NalAgent.exe
c:\programmer\internet explorer\iexplore.exe
c:\programmer\internet explorer\iexplore.exe
c:\programmer\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-29  10:07:34 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-09-29 08:07
ComboFix2.txt  2010-09-23 07:24

Pre-Kørsel: 56.781.012.992 byte ledig
Post-Kørsel: 56.902.660.096 byte ledig

- - End Of File - - 4B0E8CF406B268F0D89F4BB79EF06DFF
Avatar billede tuep Nybegynder
10. marts 2011 - 22:15 #12
jeg mangler et svar, så jeg kan takke og lukke.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester