Avatar billede Slettet bruger
07. december 2010 - 23:26 Der er 15 kommentarer

security tools

aarde
aarde (300 point)
jeg er også røget i gyngen med security tools og har nu en meget forsinket pc, hvor jeg ikke kan komme af med s.t.
jeg har fulgt karise_larrys råd og sidder nu med de to logssom jeg kopiuerer og paster herunder.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5262

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07-12-2010 19:02:34
mbam-log-2010-12-07 (19-02-34).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 307124
Tid gået: 1 time(e), 20 minut(ter), 19 sekund(er)

Hukommelses Processorer Inficeret: 2
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 25
Registreringsdatabaseværdier Inficeret: 15
Registreringsdatabasedata Objekter Inficeret: 1
Inficerede Mapper: 27
Inficerede Filer: 26

Hukommelses Processorer Inficeret:
c:\documents and settings\hanne&henrik\application data\MSA\mscj.exe (Backdoor.Bot) -> 4028 -> Unloaded process successfully.
c:\documents and settings\hanne&henrik\application data\MSA\mscj.exe (Backdoor.Bot) -> 1928 -> Unloaded process successfully.

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CLASSES_ROOT\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8113B5DE-F7EB-4154-A311-497FB80D8BD0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8113B5DE-F7EB-4154-A311-497FB80D8BD0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\58FA5318502C61E40BB21991AECB25E5 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61BEF09E2D118194E96583C90B1516AC (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E5EAD8FA251C5A45A24533A7762DC9E (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DE13AA5855D8404B8E108518D8A827B (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC59F3451579E1940A4C1D66DF324D81 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3FBC9A707FA89D43A63227C7E3B0B6D (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E6F73C824F88EB9409FCF5976F4C9C4B (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscj.exe (Backdoor.Bot) -> Value: mscj.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscj (Backdoor.Bot) -> Value: mscj -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\9565335418 (Rogue.Installer) -> Value: 9565335418 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8113B5DE-F7EB-4154-A311-497FB80D8BD0} (Trojan.Zlob) -> Value: {8113B5DE-F7EB-4154-A311-497FB80D8BD0} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8113B5DE-F7EB-4154-A311-497FB80D8BD0} (Trojan.Zlob) -> Value: {8113B5DE-F7EB-4154-A311-497FB80D8BD0} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Value: {9034A523-D068-4BE8-A284-9DF278BE776E} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Value: {9034A523-D068-4BE8-A284-9DF278BE776E} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8113B5DE-F7EB-4154-A311-497FB80D8BD0} (Trojan.Zlob) -> Value: {8113B5DE-F7EB-4154-A311-497FB80D8BD0} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8113B5DE-F7EB-4154-A311-497FB80D8BD0} (Trojan.Zlob) -> Value: {8113B5DE-F7EB-4154-A311-497FB80D8BD0} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Value: *.securewebinfo.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Value: *.safetyincludes.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Value: *.securemanaging.com -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.3.37.0 (Adware.Zango) -> Value: Zango 10.3.37.0 -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
c:\documents and settings\Emil\application data\registrysmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Emil\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\application data\registrysmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\application data\registrysmart\registry backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Emil\application data\Zango (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Emil\application data\Zango\v3.0 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Emil\application data\Zango\v3.0\Zango (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Emil\application data\Zango\v3.0\Zango\static (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Emil\application data\Zango\v3.0\Zango\static\1 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\application data\Zango (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\application data\Zango\v3.0 (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\application data\Zango\v3.0\Zango (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\application data\Zango\v3.0\Zango\static (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\application data\Zango\v3.0\Zango\static\1 (Adware.Zango) -> Quarantined and deleted successfully.
c:\programmer\adwarealert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\programmer\online add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\programmer\registrysmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\programmer\Sotfone (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\programmer\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\892267 (Trojan.BHO) -> Quarantined and deleted successfully.

Inficerede Filer:
c:\documents and settings\hanne&henrik\application data\MSA\mscj.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\lokale indstillinger\application data\9565335418.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\application data\MSA\781.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\lokale indstillinger\application data\88156256.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\lokale indstillinger\Temp\0.30602193094561825.exe (Trojan.Vilsel) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\Weather.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\zangosaax.dll (Adware.Zango) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\zangosahook.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fdff6704-b445-46dc-a83c-5857ed410a5e}\RP850\A0138673.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\menuen start\programmer\security tool.lnk (Rogue.SecurityTool) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\registrysmart scheduled scan.job (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Emil\application data\registrysmart\Log\2008 sep 23 - 10_39_22 am_296.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\application data\registrysmart\Log\2008 oct 12 - 09_18_23 pm_843.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\application data\registrysmart\registry backups\2008-04-14_19-19-30.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\hanne&henrik\application data\registrysmart\registry backups\2008-04-14_20-56-22.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\programmer\online add-on\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\programmer\online add-on\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\programmer\registrysmart\DataBase.ref (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\programmer\registrysmart\regcleaner.dll (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\programmer\registrysmart\registrysmart.url (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\arrow.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\copyright.txt (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\link.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\firefox\extensions\chrome.manifest (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\firefox\extensions\install.rdf (Adware.180Solutions) -> Quarantined and deleted successfully.
c:\programmer\Zango\bin\10.3.37.0\firefox\extensions\components\npclntax.xpt (Adware.180Solutions) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:26, on 07-12-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmer\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Canon\MyPrinter\BJMyPrt.exe
C:\Programmer\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\SilverCrest OML807 Driver\MouClient_FD2_9063RL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\RayV\RayV\RayV.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Hanne&Henrik\Application Data\MSA\mscj.exe
C:\documents and settings\hanne&henrik\application data\msa\mscj.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Mozilla Firefox\plugin-container.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Uniblue\RegistryBooster\rbmonitor.exe
C:\Programmer\Uniblue\RegistryBooster\registrybooster.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Hanne&Henrik\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - (no file)
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmer\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmer\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmer\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch SilverCrest OML807] C:\Programmer\SilverCrest OML807 Driver\MouClient_FD2_9063RL.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RayV] C:\Programmer\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [mscj.exe] C:\Documents and Settings\Hanne&Henrik\Application Data\MSA\mscj.exe
O4 - HKCU\..\Run: [mscj] c:\documents and settings\hanne&henrik\application data\msa\mscj.exe
O4 - HKCU\..\RunOnce: [9565335418] "C:\Documents and Settings\Hanne&Henrik\Lokale indstillinger\Application Data\9565335418.exe" 4 27 64C665BE-4DE7-423B-A6B6-BC0172B25DF2
O4 - HKCU\..\RunOnce: [RegistryBooster] "C:\Programmer\Uniblue\RegistryBooster\launcher.exe" -w
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fcplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmer\Fælles filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Programmer/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/DK/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130600261343
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Programmer/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2219074-D47C-4454-A032-1C5B70DCB933}: NameServer = 208.67.223.233,208.67.220.220
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fcplugin.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmer\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12202 bytes

Hvad gør jeg så herefter?

Mange hilsner
aarde
Avatar billede f-arn Guru
08. december 2010 - 06:16 #1
Hent og gem ComboFix på dit skrivebord som svchost.exe

Start svchost.exe og følg anvisningerne.

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Så skulle ComboFix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
08. december 2010 - 06:36 #2
*Enig* - Desude bør (skal) det være en HiJackThis log EFTER MalwareBytes kørsel; det er ikke tilfældet her...

Hvilket seriøst Sikkerhedsprogram kører du/I med ?
Avatar billede Slettet bruger
09. december 2010 - 17:58 #3
ComboFix 10-12-08.04 - Hanne&Henrik 09-12-2010  17:42:18.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.1022.237 [GMT 1:00]
Kører fra: c:\documents and settings\Hanne&Henrik\Dokumenter\Downloads\ComboFix.exe
AV: VIRUSfighter *On-access scanning disabled* (Updated) {F16C9013-991A-461a-A680-841CCEE65E7D}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ErrLog.txt
c:\programmer\Helper
c:\programmer\NetProject
c:\programmer\NetProject\ot.ico
c:\programmer\NetProject\ts.ico
c:\windows\system\oeminfo.ini
c:\windows\TEMP\0swpew60.vbt

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc


(((((((((((((((((((((((((((((  Filer skabt fra 2010-11-09 til 2010-12-09  )))))))))))))))))))))))))))))))))))
.

2010-12-09 14:33 . 2010-12-09 14:33    --------    d-----w-    c:\programmer\Fælles filer\Common Toolkit Suite
2010-12-09 14:32 . 2010-12-09 14:33    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{E8209D1A-D3F1-48A0-ADE8-8782D5032279}
2010-12-07 16:39 . 2010-12-07 16:39    --------    d-----w-    c:\documents and settings\Hanne&Henrik\Application Data\Malwarebytes
2010-12-07 16:36 . 2010-11-29 16:42    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 16:36 . 2010-12-07 16:36    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-07 16:36 . 2010-11-29 16:42    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-12-07 16:36 . 2010-12-07 16:36    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-12-07 16:23 . 2010-12-08 20:22    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2010-12-07 16:12 . 2010-12-07 16:12    --------    d-----w-    c:\programmer\CCleaner
2010-12-07 16:07 . 2010-12-07 16:07    --------    d-----w-    c:\programmer\ReviverSoft
2010-12-07 16:06 . 2010-12-07 16:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\ReviverSoft
2010-12-07 15:25 . 2010-12-07 15:25    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}
2010-12-07 12:28 . 2010-12-07 18:02    --------    d-----w-    c:\documents and settings\Hanne&Henrik\Application Data\MSA

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 16:20 . 2010-09-23 16:20    10264    ----a-w-    c:\windows\system32\drivers\avfsfilter.sys
2010-09-18 10:23 . 2004-08-27 12:00    974848    ----a-w-    c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-27 12:00    974848    ----a-w-    c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-27 12:00    953856    ----a-w-    c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2004-08-27 12:00    954368    ----a-w-    c:\windows\system32\mfc40.dll
2009-02-24 19:34 . 2009-02-24 19:34    1044480    ----a-w-    c:\programmer\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34    200704    ----a-w-    c:\programmer\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RayV"="c:\programmer\RayV\RayV\RayV.exe" [2010-04-18 2561320]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"nwiz"="nwiz.exe" [2005-09-22 1519616]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-27 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCMService"="c:\programmer\Home Cinema\PowerCinema\PCMService.exe" [2005-10-28 139264]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"CanonSolutionMenu"="c:\programmer\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\programmer\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmer\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Launch SilverCrest OML807"="c:\programmer\SilverCrest OML807 Driver\MouClient_FD2_9063RL.exe" [2010-08-30 860160]
"VFPROguard"="c:\programmer\Fighters\VIRUSfighter\VFPROTray.exe" [2010-09-23 1077896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"pubevjudzkheebkgycmwTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04    39792    ----a-w-    c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
2005-08-22 21:05    258048    ----a-w-    c:\programmer\CA\Etrust Antivirus\Register.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUCRRun]
2005-08-04 18:55    237568    ----a-w-    c:\windows\system32\CmUCREye.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
2003-07-22 05:28    5577216    ----a-w-    c:\windows\CNYHKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17    421888    ----a-w-    c:\programmer\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
2010-04-18 15:13    2561320    ----a-w-    c:\programmer\RayV\RayV\RayV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43    248040    ----a-w-    c:\programmer\Fælles filer\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\Messenger\\msmsgs.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"c:\\Programmer\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Programmer\\WiFiConnector\\NintendoWFCReg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmer\\SopCast\\SopCast.exe"=
"c:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmer\\TVAnts\\Tvants.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmer\\Robolab29\\Robolab29.exe"=
"c:\\Programmer\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmer\\RayV\\RayV\\RayV.dll"=
"c:\\Programmer\\RayV\\RayV\\RayV.exe"=
"c:\\Documents and Settings\\Hanne&Henrik\\Application Data\\RayV\\Viewer\\RayV.dll"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 NGS;Norman General Security Driver;c:\virusfighter\NVC\Bin\ngs.sys [27-02-2009 16:14 25032]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [27-08-2004 13:00 14336]
R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVScanningService.exe [23-09-2010 17:20 760768]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [23-04-2003 20:15 107102]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [18-04-2003 13:45 36463]
R2 Suite Service;Suite Service;c:\programmer\Fighters\FighterSuiteService.exe [23-09-2010 17:39 1130120]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18-10-2005 14:01 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [20-10-2005 08:27 69248]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\drivers\InputFilter_FlexDef2b.sys [25-10-2010 18:36 14848]
S0 rseb;rseb; [x]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [23-09-2010 17:20 10264]
S3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [04-11-2008 15:09 39936]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\HANNE&~1\LOKALE~1\Temp\mdxgthkn.sys --> c:\docume~1\HANNE&~1\LOKALE~1\Temp\mdxgthkn.sys [?]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [24-06-2003 18:41 17920]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [25-12-2007 16:26 41984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ      Akamai
.
Indhold af mappen 'Planlagte Opgaver'

2010-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-12-09 c:\windows\Tasks\RegistryBooster.job
- c:\programmer\Uniblue\RegistryBooster\rbmonitor.exe [2010-11-29 15:26]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: filmstriben.dk\www
TCP: {D2219074-D47C-4454-A032-1C5B70DCB933} = 208.67.223.233,208.67.220.220
DPF: {9C196458-4145-46AF-8A77-1506878DFECA} - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\Hanne&Henrik\Application Data\Mozilla\Firefox\Profiles\4es0ply0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - plugin: c:\documents and settings\Hanne&Henrik\Application Data\Mozilla\Firefox\Profiles\4es0ply0.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
FF - plugin: c:\documents and settings\Hanne&Henrik\Application Data\Mozilla\Firefox\Profiles\4es0ply0.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programmer\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmer\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: c:\programmer\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\programmer\Veetle\Player\npvlc.dll
FF - plugin: c:\programmer\Veetle\plugins\npVeetle.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmer\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\programmer\Java\jre6\lib\deploy\jqs\ff
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-swg - c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-WeatherDPA - c:\programmer\Zango\bin\10.3.37.0\Weather.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 17:52
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(1648)
c:\programmer\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\programmer\Canon\IJPLM\IJPLMSVC.EXE
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programmer\CyberLink\Shared Files\RichVideo.exe
c:\programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\nipalsm.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\programmer\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Gennemført tid: 2010-12-09  17:58:06 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-12-09 16:58

Pre-Kørsel: 25.772.376.064 byte ledig
Post-Kørsel: 27.415.326.720 byte ledig

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9C3967435E616B8DD5402F1CAC314C1D
Avatar billede Slettet bruger
09. december 2010 - 18:01 #4
skal jeg leve en HJT nu eller skal jeg følge jeres nye råd og benytte Combofix?

Jeg har Virusfighter
Avatar billede f-arn Guru
09. december 2010 - 18:44 #5
Start HJT.
Klik Misc Tools.
Klik Uninstall manager.
Klik Save list.
Kopier den herind.

PS Du skal ikke selv lægge "Svar"
Avatar billede Slettet bruger
09. december 2010 - 21:32 #6
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3 - Dansk
Adobe Shockwave Player
Age of Empires III
Age of Mythology
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudioConverter
AusLogics Disk Defrag
AusLogics Registry Defrag
Bonjour
Byki
Byki Express
Canon MP Navigator EX 1.0
Canon MP520 series
Canon MP520 series Brugerregistrering
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
C-Media Card Reader Driver USB2.0
C-Media USB2.0 Card Reader
Creatix V.92 Data Fax Modem
Digital Signatur
Digital Signatur
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
docXConverter 3.1.2
EA SPORTS online 2007
Envisioneer Express 3.0
eTrust Registration
GBA Media Version 1.3
Google SketchUp 7
HighMAT-udvidelse til Guiden Cd-skrivning til Microsoft Windows XP
HijackThis 2.0.2
Hotfix til Windows XP (KB2158563)
Hotfix til Windows XP (KB952287)
Hotfix til Windows XP (KB970653-v3)
Hotfix til Windows XP (KB976098-v2)
Hotfix til Windows XP (KB979306)
Hotfix til Windows XP (KB981793)
HP Image Zone Express
HTC Touch Pro2 User Guide
iPod for Windows 2005-02-07
iPod for Windows 2005-03-23
iPod for Windows 2006-06-28
iPod To Computer Transfer 4.6
iTunes
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 18
Kompatibilitetspakke til Office 2007-systemet
LEGO MINDSTORMS NXT Driver
LG USB Modem driver
M+ versjon 1.5.0.4
Mahjong Escape - Ancient Japan
Malwarebytes' Anti-Malware
MediaShow 3.0
Medion Info Display
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Danish Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft ActiveSync
Microsoft Age of Empires II
Microsoft AutoRoute 2006
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image 2006 Standard Edition
Microsoft Encarta Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Works
Microsoft Works Suite-tilføjelsesprogram til Microsoft Word
Mozilla Firefox (3.6.12)
MP3 Converter 4.2.28
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
National Instruments Software
Nero Suite
NewLive All Media To Mp3 Converter 5.2
NVIDIA Drivers
Opdatering til Windows Internet Explorer 8 (KB976662)
Opdatering til Windows Internet Explorer 8 (KB980182)
Opdatering til Windows Internet Explorer 8 (KB980302)
Opdatering til Windows XP (KB2141007)
Opdatering til Windows XP (KB2345886)
Opdatering til Windows XP (KB951072-v2)
Opdatering til Windows XP (KB951978)
Opdatering til Windows XP (KB955759)
Opdatering til Windows XP (KB955839)
Opdatering til Windows XP (KB967715)
Opdatering til Windows XP (KB968389)
Opdatering til Windows XP (KB971737)
Opdatering til Windows XP (KB973687)
Opdatering til Windows XP (KB973815)
PhotoNow! 1.0
Picasa 3
PIXMA Extended Survey Program
Politikens Danskordbog
PowerCinema
PowerCinema Linux 4.7
PowerDirector
PowerDVD
PowerProducer
På ekspedition i Bibelen
QuickTime
RayV TV
RealPlayer
Realtek High Definition Audio Driver
Registreringsværktøj til Nintendo Wi-Fi USB Connector
RegistryReviver
RegistryReviver
Robolab 2.9
RT2500 USB Wireless LAN Card
Safari
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Sikkerhedskopiering til Windows
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127-v2)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB963027)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2183461)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2360131)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB971961)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB978207)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB981332)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB982381)
Sikkerhedsopdatering til Windows Media Player (KB2378111)
Sikkerhedsopdatering til Windows Media Player (KB952069)
Sikkerhedsopdatering til Windows Media Player (KB954155)
Sikkerhedsopdatering til Windows Media Player (KB968816)
Sikkerhedsopdatering til Windows Media Player (KB973540)
Sikkerhedsopdatering til Windows Media Player (KB975558)
Sikkerhedsopdatering til Windows Media Player (KB978695)
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
Sikkerhedsopdatering til Windows XP (KB2079403)
Sikkerhedsopdatering til Windows XP (KB2115168)
Sikkerhedsopdatering til Windows XP (KB2121546)
Sikkerhedsopdatering til Windows XP (KB2160329)
Sikkerhedsopdatering til Windows XP (KB2229593)
Sikkerhedsopdatering til Windows XP (KB2259922)
Sikkerhedsopdatering til Windows XP (KB2279986)
Sikkerhedsopdatering til Windows XP (KB2286198)
Sikkerhedsopdatering til Windows XP (KB2296011)
Sikkerhedsopdatering til Windows XP (KB2347290)
Sikkerhedsopdatering til Windows XP (KB2360937)
Sikkerhedsopdatering til Windows XP (KB2387149)
Sikkerhedsopdatering til Windows XP (KB923561)
Sikkerhedsopdatering til Windows XP (KB938464)
Sikkerhedsopdatering til Windows XP (KB938464-v2)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB946648)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951066)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951698)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952004)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB953155)
Sikkerhedsopdatering til Windows XP (KB953838)
Sikkerhedsopdatering til Windows XP (KB953839)
Sikkerhedsopdatering til Windows XP (KB954211)
Sikkerhedsopdatering til Windows XP (KB954459)
Sikkerhedsopdatering til Windows XP (KB954600)
Sikkerhedsopdatering til Windows XP (KB955069)
Sikkerhedsopdatering til Windows XP (KB956391)
Sikkerhedsopdatering til Windows XP (KB956572)
Sikkerhedsopdatering til Windows XP (KB956744)
Sikkerhedsopdatering til Windows XP (KB956802)
Sikkerhedsopdatering til Windows XP (KB956803)
Sikkerhedsopdatering til Windows XP (KB956841)
Sikkerhedsopdatering til Windows XP (KB956844)
Sikkerhedsopdatering til Windows XP (KB957095)
Sikkerhedsopdatering til Windows XP (KB957097)
Sikkerhedsopdatering til Windows XP (KB958644)
Sikkerhedsopdatering til Windows XP (KB958687)
Sikkerhedsopdatering til Windows XP (KB958690)
Sikkerhedsopdatering til Windows XP (KB958869)
Sikkerhedsopdatering til Windows XP (KB959426)
Sikkerhedsopdatering til Windows XP (KB960225)
Sikkerhedsopdatering til Windows XP (KB960715)
Sikkerhedsopdatering til Windows XP (KB960803)
Sikkerhedsopdatering til Windows XP (KB960859)
Sikkerhedsopdatering til Windows XP (KB961371)
Sikkerhedsopdatering til Windows XP (KB961373)
Sikkerhedsopdatering til Windows XP (KB961501)
Sikkerhedsopdatering til Windows XP (KB968537)
Sikkerhedsopdatering til Windows XP (KB969059)
Sikkerhedsopdatering til Windows XP (KB969898)
Sikkerhedsopdatering til Windows XP (KB969947)
Sikkerhedsopdatering til Windows XP (KB970238)
Sikkerhedsopdatering til Windows XP (KB970430)
Sikkerhedsopdatering til Windows XP (KB971468)
Sikkerhedsopdatering til Windows XP (KB971486)
Sikkerhedsopdatering til Windows XP (KB971557)
Sikkerhedsopdatering til Windows XP (KB971633)
Sikkerhedsopdatering til Windows XP (KB971657)
Sikkerhedsopdatering til Windows XP (KB972270)
Sikkerhedsopdatering til Windows XP (KB973346)
Sikkerhedsopdatering til Windows XP (KB973354)
Sikkerhedsopdatering til Windows XP (KB973507)
Sikkerhedsopdatering til Windows XP (KB973525)
Sikkerhedsopdatering til Windows XP (KB973869)
Sikkerhedsopdatering til Windows XP (KB973904)
Sikkerhedsopdatering til Windows XP (KB974112)
Sikkerhedsopdatering til Windows XP (KB974318)
Sikkerhedsopdatering til Windows XP (KB974392)
Sikkerhedsopdatering til Windows XP (KB974571)
Sikkerhedsopdatering til Windows XP (KB975025)
Sikkerhedsopdatering til Windows XP (KB975467)
Sikkerhedsopdatering til Windows XP (KB975560)
Sikkerhedsopdatering til Windows XP (KB975561)
Sikkerhedsopdatering til Windows XP (KB975562)
Sikkerhedsopdatering til Windows XP (KB975713)
Sikkerhedsopdatering til Windows XP (KB977165)
Sikkerhedsopdatering til Windows XP (KB977816)
Sikkerhedsopdatering til Windows XP (KB977914)
Sikkerhedsopdatering til Windows XP (KB978037)
Sikkerhedsopdatering til Windows XP (KB978251)
Sikkerhedsopdatering til Windows XP (KB978262)
Sikkerhedsopdatering til Windows XP (KB978338)
Sikkerhedsopdatering til Windows XP (KB978542)
Sikkerhedsopdatering til Windows XP (KB978601)
Sikkerhedsopdatering til Windows XP (KB979309)
Sikkerhedsopdatering til Windows XP (KB979482)
Sikkerhedsopdatering til Windows XP (KB979559)
Sikkerhedsopdatering til Windows XP (KB979683)
Sikkerhedsopdatering til Windows XP (KB979687)
Sikkerhedsopdatering til Windows XP (KB980195)
Sikkerhedsopdatering til Windows XP (KB980218)
Sikkerhedsopdatering til Windows XP (KB980232)
Sikkerhedsopdatering til Windows XP (KB980436)
Sikkerhedsopdatering til Windows XP (KB981322)
Sikkerhedsopdatering til Windows XP (KB981852)
Sikkerhedsopdatering til Windows XP (KB981957)
Sikkerhedsopdatering til Windows XP (KB981997)
Sikkerhedsopdatering til Windows XP (KB982132)
Sikkerhedsopdatering til Windows XP (KB982214)
Sikkerhedsopdatering til Windows XP (KB982665)
Sikkerhedsopdatering til Windows XP (KB982802)
SilverCrest OML807 Driver
SopCast 2.0.4
Star Wars(TM): Knights of the Old Republic (TM)
Startprogram til Microsoft Works Suite 2006 Installation
SWAN Games Bridge Client
Tabulex 14.1
Tele2 Signup
TVAnts 1.0
TVUPlayer 2.4.7.2
Uniblue RegistryBooster
Uniblue RegistryBooster
Unity Web Player
USB Wireless Keyboard Driver
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.15
videon
Vigtig opdatering til Windows Media Player 11 (KB959772)
VIRUSfighter
VIRUSfighter
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinVDIG 0.99
Word Magic Translator Professional Plus 5.6
X10 Hardware(TM)
Avatar billede f-arn Guru
11. december 2010 - 08:16 #7
c:\documents and settings\Hanne&Henrik\Dokumenter\Downloads\ComboFix.exe

Når jeg skriver "Hent og gem ComboFix på dit skrivebord" mener jeg det.

------

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
Filelook::
c:\programmer\SilverCrest OML807 Driver\MouClient_FD2_9063RL.exe
Registry::
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"pubevjudzkheebkgycmwTaskMgr"=-
Driver::
mdxgthk


Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede Slettet bruger
13. december 2010 - 16:41 #8
ComboFix 10-12-12.03 - Hanne&Henrik 13-12-2010  16:25:46.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.1022.482 [GMT 1:00]
Kører fra: c:\documents and settings\Hanne&Henrik\Dokumenter\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Hanne&Henrik\Skrivebord\CFScript
AV: VIRUSfighter *Disabled/Updated* {F16C9013-991A-461a-A680-841CCEE65E7D}
* Dannede nyt systemgendannelsespunkt
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\k0s5qwmo.vbt

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-11-13 til 2010-12-13  )))))))))))))))))))))))))))))))))))
.

2010-12-09 14:33 . 2010-12-09 14:33    --------    d-----w-    c:\programmer\Fælles filer\Common Toolkit Suite
2010-12-09 14:32 . 2010-12-09 14:33    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{E8209D1A-D3F1-48A0-ADE8-8782D5032279}
2010-12-07 16:39 . 2010-12-07 16:39    --------    d-----w-    c:\documents and settings\Hanne&Henrik\Application Data\Malwarebytes
2010-12-07 16:36 . 2010-11-29 16:42    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 16:36 . 2010-12-07 16:36    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-07 16:36 . 2010-11-29 16:42    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-12-07 16:36 . 2010-12-07 16:36    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-12-07 16:23 . 2010-12-08 20:22    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2010-12-07 16:12 . 2010-12-07 16:12    --------    d-----w-    c:\programmer\CCleaner
2010-12-07 16:07 . 2010-12-07 16:07    --------    d-----w-    c:\programmer\ReviverSoft
2010-12-07 16:06 . 2010-12-07 16:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\ReviverSoft
2010-12-07 15:25 . 2010-12-07 15:25    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}
2010-12-07 12:28 . 2010-12-07 18:02    --------    d-----w-    c:\documents and settings\Hanne&Henrik\Application Data\MSA

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 16:20 . 2010-09-23 16:20    10264    ----a-w-    c:\windows\system32\drivers\avfsfilter.sys
2010-09-18 10:23 . 2004-08-27 12:00    974848    ----a-w-    c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-27 12:00    974848    ----a-w-    c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-27 12:00    953856    ----a-w-    c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2004-08-27 12:00    954368    ----a-w-    c:\windows\system32\mfc40.dll
2009-02-24 19:34 . 2009-02-24 19:34    1044480    ----a-w-    c:\programmer\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34    200704    ----a-w-    c:\programmer\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RayV"="c:\programmer\RayV\RayV\RayV.exe" [2010-04-18 2561320]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"nwiz"="nwiz.exe" [2005-09-22 1519616]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-27 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCMService"="c:\programmer\Home Cinema\PowerCinema\PCMService.exe" [2005-10-28 139264]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"CanonSolutionMenu"="c:\programmer\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\programmer\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmer\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Launch SilverCrest OML807"="c:\programmer\SilverCrest OML807 Driver\MouClient_FD2_9063RL.exe" [2010-08-30 860160]
"VFPROguard"="c:\programmer\Fighters\VIRUSfighter\VFPROTray.exe" [2010-09-23 1077896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"pubevjudzkheebkgycmwTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04    39792    ----a-w-    c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
2005-08-22 21:05    258048    ----a-w-    c:\programmer\CA\Etrust Antivirus\Register.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUCRRun]
2005-08-04 18:55    237568    ----a-w-    c:\windows\system32\CmUCREye.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
2003-07-22 05:28    5577216    ----a-w-    c:\windows\CNYHKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17    421888    ----a-w-    c:\programmer\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
2010-04-18 15:13    2561320    ----a-w-    c:\programmer\RayV\RayV\RayV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43    248040    ----a-w-    c:\programmer\Fælles filer\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\Messenger\\msmsgs.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"c:\\Programmer\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Programmer\\WiFiConnector\\NintendoWFCReg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmer\\SopCast\\SopCast.exe"=
"c:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmer\\TVAnts\\Tvants.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmer\\Robolab29\\Robolab29.exe"=
"c:\\Programmer\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmer\\RayV\\RayV\\RayV.dll"=
"c:\\Programmer\\RayV\\RayV\\RayV.exe"=
"c:\\Documents and Settings\\Hanne&Henrik\\Application Data\\RayV\\Viewer\\RayV.dll"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 NGS;Norman General Security Driver;c:\virusfighter\NVC\Bin\ngs.sys [27-02-2009 16:14 25032]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [27-08-2004 13:00 14336]
R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVScanningService.exe [23-09-2010 17:20 760768]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [23-04-2003 20:15 107102]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [18-04-2003 13:45 36463]
R2 Suite Service;Suite Service;c:\programmer\Fighters\FighterSuiteService.exe [23-09-2010 17:39 1130120]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18-10-2005 14:01 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [20-10-2005 08:27 69248]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\drivers\InputFilter_FlexDef2b.sys [25-10-2010 18:36 14848]
S0 rseb;rseb; [x]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [23-09-2010 17:20 10264]
S3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [04-11-2008 15:09 39936]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\HANNE&~1\LOKALE~1\Temp\mdxgthkn.sys --> c:\docume~1\HANNE&~1\LOKALE~1\Temp\mdxgthkn.sys [?]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [24-06-2003 18:41 17920]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [25-12-2007 16:26 41984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ      Akamai
.
Indhold af mappen 'Planlagte Opgaver'

2010-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-12-13 c:\windows\Tasks\RegistryBooster.job
- c:\programmer\Uniblue\RegistryBooster\rbmonitor.exe [2010-11-29 15:26]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: filmstriben.dk\www
TCP: {D2219074-D47C-4454-A032-1C5B70DCB933} = 208.67.223.233,208.67.220.220
DPF: {9C196458-4145-46AF-8A77-1506878DFECA} - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\Hanne&Henrik\Application Data\Mozilla\Firefox\Profiles\4es0ply0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmer\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmer\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 16:34
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(3984)
c:\programmer\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\programmer\Canon\IJPLM\IJPLMSVC.EXE
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programmer\CyberLink\Shared Files\RichVideo.exe
c:\programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\nipalsm.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\programmer\Microsoft ActiveSync\wcescomm.exe
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Gennemført tid: 2010-12-13  16:40:08 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-12-13 15:40
ComboFix2.txt  2010-12-09 16:58

Pre-Kørsel: 27.445.911.552 byte ledig
Post-Kørsel: 27.425.968.128 byte ledig

- - End Of File - - 6886CB59685BC6D8491F98C018EAF3EA
Avatar billede f-arn Guru
13. december 2010 - 18:30 #9
Når jeg skriver "Hent og gem ComboFix på dit skrivebord" mener jeg det.

Vil du godt flytte ComboFix !

------

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

Killall::
Snapshot::
Filelook::
c:\programmer\SilverCrest OML807 Driver\MouClient_FD2_9063RL.exe
Registry::
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"pubevjudzkheebkgycmwTaskMgr"=-
Driver::
mdxgthk


Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede Slettet bruger
13. december 2010 - 22:06 #10
Combofix ligger som genvej på skrivebordet - er det ikke ok.

Når jeg kiopierer det fremhævede og fører det over svchost.exe går ComboFix  igang og efter genstart dannes denne tekstfil:

10-12-13.02 - Hanne&Henrik 13-12-2010  21:46:30.3.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.1022.483 [GMT 1:00]
Kører fra: c:\documents and settings\Hanne&Henrik\Dokumenter\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Hanne&Henrik\Skrivebord\CFScript.txt
AV: VIRUSfighter *Disabled/Updated* {F16C9013-991A-461a-A680-841CCEE65E7D}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\yiad8goq.vbt

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-11-13 til 2010-12-13  )))))))))))))))))))))))))))))))))))
.

2010-12-09 14:33 . 2010-12-09 14:33    --------    d-----w-    c:\programmer\Fælles filer\Common Toolkit Suite
2010-12-09 14:32 . 2010-12-09 14:33    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{E8209D1A-D3F1-48A0-ADE8-8782D5032279}
2010-12-07 16:39 . 2010-12-07 16:39    --------    d-----w-    c:\documents and settings\Hanne&Henrik\Application Data\Malwarebytes
2010-12-07 16:36 . 2010-11-29 16:42    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 16:36 . 2010-12-07 16:36    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-07 16:36 . 2010-11-29 16:42    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-12-07 16:36 . 2010-12-07 16:36    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-12-07 16:23 . 2010-12-08 20:22    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2010-12-07 16:12 . 2010-12-07 16:12    --------    d-----w-    c:\programmer\CCleaner
2010-12-07 16:07 . 2010-12-07 16:07    --------    d-----w-    c:\programmer\ReviverSoft
2010-12-07 16:06 . 2010-12-07 16:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\ReviverSoft
2010-12-07 15:25 . 2010-12-07 15:25    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}
2010-12-07 12:28 . 2010-12-07 18:02    --------    d-----w-    c:\documents and settings\Hanne&Henrik\Application Data\MSA

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 16:20 . 2010-09-23 16:20    10264    ----a-w-    c:\windows\system32\drivers\avfsfilter.sys
2010-09-18 10:23 . 2004-08-27 12:00    974848    ----a-w-    c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-27 12:00    974848    ----a-w-    c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-27 12:00    953856    ----a-w-    c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2004-08-27 12:00    954368    ----a-w-    c:\windows\system32\mfc40.dll
2009-02-24 19:34 . 2009-02-24 19:34    1044480    ----a-w-    c:\programmer\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34    200704    ----a-w-    c:\programmer\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RayV"="c:\programmer\RayV\RayV\RayV.exe" [2010-04-18 2561320]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"nwiz"="nwiz.exe" [2005-09-22 1519616]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-27 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCMService"="c:\programmer\Home Cinema\PowerCinema\PCMService.exe" [2005-10-28 139264]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"CanonSolutionMenu"="c:\programmer\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\programmer\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmer\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Launch SilverCrest OML807"="c:\programmer\SilverCrest OML807 Driver\MouClient_FD2_9063RL.exe" [2010-08-30 860160]
"VFPROguard"="c:\programmer\Fighters\VIRUSfighter\VFPROTray.exe" [2010-09-23 1077896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"pubevjudzkheebkgycmwTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04    39792    ----a-w-    c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
2005-08-22 21:05    258048    ----a-w-    c:\programmer\CA\Etrust Antivirus\Register.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUCRRun]
2005-08-04 18:55    237568    ----a-w-    c:\windows\system32\CmUCREye.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
2003-07-22 05:28    5577216    ----a-w-    c:\windows\CNYHKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17    421888    ----a-w-    c:\programmer\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
2010-04-18 15:13    2561320    ----a-w-    c:\programmer\RayV\RayV\RayV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43    248040    ----a-w-    c:\programmer\Fælles filer\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\Messenger\\msmsgs.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"c:\\Programmer\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Programmer\\WiFiConnector\\NintendoWFCReg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmer\\SopCast\\SopCast.exe"=
"c:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmer\\TVAnts\\Tvants.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmer\\Robolab29\\Robolab29.exe"=
"c:\\Programmer\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmer\\RayV\\RayV\\RayV.dll"=
"c:\\Programmer\\RayV\\RayV\\RayV.exe"=
"c:\\Documents and Settings\\Hanne&Henrik\\Application Data\\RayV\\Viewer\\RayV.dll"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 NGS;Norman General Security Driver;c:\virusfighter\NVC\Bin\ngs.sys [27-02-2009 16:14 25032]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [27-08-2004 13:00 14336]
R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVScanningService.exe [23-09-2010 17:20 760768]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [23-04-2003 20:15 107102]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [18-04-2003 13:45 36463]
R2 Suite Service;Suite Service;c:\programmer\Fighters\FighterSuiteService.exe [23-09-2010 17:39 1130120]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18-10-2005 14:01 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [20-10-2005 08:27 69248]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\drivers\InputFilter_FlexDef2b.sys [25-10-2010 18:36 14848]
S0 rseb;rseb; [x]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [23-09-2010 17:20 10264]
S3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [04-11-2008 15:09 39936]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\HANNE&~1\LOKALE~1\Temp\mdxgthkn.sys --> c:\docume~1\HANNE&~1\LOKALE~1\Temp\mdxgthkn.sys [?]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [24-06-2003 18:41 17920]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [25-12-2007 16:26 41984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ      Akamai
.
Indhold af mappen 'Planlagte Opgaver'

2010-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-12-13 c:\windows\Tasks\RegistryBooster.job
- c:\programmer\Uniblue\RegistryBooster\rbmonitor.exe [2010-11-29 15:26]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: filmstriben.dk\www
TCP: {D2219074-D47C-4454-A032-1C5B70DCB933} = 208.67.223.233,208.67.220.220
DPF: {9C196458-4145-46AF-8A77-1506878DFECA} - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\Hanne&Henrik\Application Data\Mozilla\Firefox\Profiles\4es0ply0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmer\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmer\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 21:55
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(3508)
c:\programmer\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\programmer\Canon\IJPLM\IJPLMSVC.EXE
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programmer\CyberLink\Shared Files\RichVideo.exe
c:\programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\nipalsm.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\programmer\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Gennemført tid: 2010-12-13  22:00:45 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-12-13 21:00
ComboFix2.txt  2010-12-13 15:40
ComboFix3.txt  2010-12-09 16:58

Pre-Kørsel: 27.501.731.840 byte ledig
Post-Kørsel: 27.480.952.832 byte ledig

- - End Of File - - 997DCCF7524DF335910227947CA29599
Avatar billede f-arn Guru
14. december 2010 - 07:38 #11
Combofix ligger som genvej på skrivebordet - er det ikke ok.

Nej, for så den gør ikke det jeg be'r den om!!!
Avatar billede Slettet bruger
14. december 2010 - 16:23 #12
Nu skulle det være i orden, så jeg lægger filen her:

ComboFix 10-12-13.07 - Hanne&Henrik 14-12-2010  16:07:55.4.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.1022.490 [GMT 1:00]
Kører fra: c:\documents and settings\Hanne&Henrik\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Hanne&Henrik\Skrivebord\CFScript.txt
AV: VIRUSfighter *Disabled/Updated* {F16C9013-991A-461a-A680-841CCEE65E7D}
.

(((((((((((((((((((((((((((((  Filer skabt fra 2010-11-14 til 2010-12-14  )))))))))))))))))))))))))))))))))))
.

2010-12-09 14:33 . 2010-12-09 14:33    --------    d-----w-    c:\programmer\Fælles filer\Common Toolkit Suite
2010-12-09 14:32 . 2010-12-09 14:33    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{E8209D1A-D3F1-48A0-ADE8-8782D5032279}
2010-12-07 16:39 . 2010-12-07 16:39    --------    d-----w-    c:\documents and settings\Hanne&Henrik\Application Data\Malwarebytes
2010-12-07 16:36 . 2010-11-29 16:42    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 16:36 . 2010-12-07 16:36    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-07 16:36 . 2010-11-29 16:42    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-12-07 16:36 . 2010-12-07 16:36    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-12-07 16:23 . 2010-12-08 20:22    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2010-12-07 16:12 . 2010-12-07 16:12    --------    d-----w-    c:\programmer\CCleaner
2010-12-07 16:07 . 2010-12-07 16:07    --------    d-----w-    c:\programmer\ReviverSoft
2010-12-07 16:06 . 2010-12-07 16:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\ReviverSoft
2010-12-07 15:25 . 2010-12-07 15:25    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}
2010-12-07 12:28 . 2010-12-07 18:02    --------    d-----w-    c:\documents and settings\Hanne&Henrik\Application Data\MSA

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 16:20 . 2010-09-23 16:20    10264    ----a-w-    c:\windows\system32\drivers\avfsfilter.sys
2010-09-18 10:23 . 2004-08-27 12:00    974848    ----a-w-    c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-27 12:00    974848    ----a-w-    c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-27 12:00    953856    ----a-w-    c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2004-08-27 12:00    954368    ----a-w-    c:\windows\system32\mfc40.dll
2009-02-24 19:34 . 2009-02-24 19:34    1044480    ----a-w-    c:\programmer\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34    200704    ----a-w-    c:\programmer\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\programmer\SilverCrest OML807 Driver\MouClient_FD2_9063RL.exe ---
Company: Siliten
File Description: MouClient_FD2
File Version: 1, 0, 0, 1
Product Name: Siliten MouClient_FD2
Copyright: Copyright (C) 2000 - 2010
Original Filename: MouClient_FD2.EXE
File size: 860160
Created time: 2010-10-25 17:35
Modified time: 2010-08-30 18:44
MD5: 4D5EB8794F15A1A18B7BE60A78A7D184
SHA1: A380066F92A0E8DB43E707FFD92552BD51EC7E74


(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RayV"="c:\programmer\RayV\RayV\RayV.exe" [2010-04-18 2561320]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"nwiz"="nwiz.exe" [2005-09-22 1519616]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-27 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCMService"="c:\programmer\Home Cinema\PowerCinema\PCMService.exe" [2005-10-28 139264]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"CanonSolutionMenu"="c:\programmer\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\programmer\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmer\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Launch SilverCrest OML807"="c:\programmer\SilverCrest OML807 Driver\MouClient_FD2_9063RL.exe" [2010-08-30 860160]
"VFPROguard"="c:\programmer\Fighters\VIRUSfighter\VFPROTray.exe" [2010-09-23 1077896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"pubevjudzkheebkgycmwTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04    39792    ----a-w-    c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
2005-08-22 21:05    258048    ----a-w-    c:\programmer\CA\Etrust Antivirus\Register.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUCRRun]
2005-08-04 18:55    237568    ----a-w-    c:\windows\system32\CmUCREye.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
2003-07-22 05:28    5577216    ----a-w-    c:\windows\CNYHKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17    421888    ----a-w-    c:\programmer\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
2010-04-18 15:13    2561320    ----a-w-    c:\programmer\RayV\RayV\RayV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43    248040    ----a-w-    c:\programmer\Fælles filer\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\Messenger\\msmsgs.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"c:\\Programmer\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Programmer\\WiFiConnector\\NintendoWFCReg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmer\\SopCast\\SopCast.exe"=
"c:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmer\\TVAnts\\Tvants.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmer\\Robolab29\\Robolab29.exe"=
"c:\\Programmer\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmer\\RayV\\RayV\\RayV.dll"=
"c:\\Programmer\\RayV\\RayV\\RayV.exe"=
"c:\\Documents and Settings\\Hanne&Henrik\\Application Data\\RayV\\Viewer\\RayV.dll"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 NGS;Norman General Security Driver;c:\virusfighter\NVC\Bin\ngs.sys [27-02-2009 16:14 25032]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [27-08-2004 13:00 14336]
R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVScanningService.exe [23-09-2010 17:20 760768]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [23-04-2003 20:15 107102]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [18-04-2003 13:45 36463]
R2 Suite Service;Suite Service;c:\programmer\Fighters\FighterSuiteService.exe [23-09-2010 17:39 1130120]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18-10-2005 14:01 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [20-10-2005 08:27 69248]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\drivers\InputFilter_FlexDef2b.sys [25-10-2010 18:36 14848]
S0 rseb;rseb; [x]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [23-09-2010 17:20 10264]
S3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [04-11-2008 15:09 39936]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\HANNE&~1\LOKALE~1\Temp\mdxgthkn.sys --> c:\docume~1\HANNE&~1\LOKALE~1\Temp\mdxgthkn.sys [?]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [24-06-2003 18:41 17920]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [25-12-2007 16:26 41984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ      Akamai
.
Indhold af mappen 'Planlagte Opgaver'

2010-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-12-14 c:\windows\Tasks\RegistryBooster.job
- c:\programmer\Uniblue\RegistryBooster\rbmonitor.exe [2010-11-29 15:26]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: filmstriben.dk\www
TCP: {D2219074-D47C-4454-A032-1C5B70DCB933} = 208.67.223.233,208.67.220.220
DPF: {9C196458-4145-46AF-8A77-1506878DFECA} - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\Hanne&Henrik\Application Data\Mozilla\Firefox\Profiles\4es0ply0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmer\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmer\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 16:19
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(2548)
c:\programmer\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\programmer\Canon\IJPLM\IJPLMSVC.EXE
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programmer\CyberLink\Shared Files\RichVideo.exe
c:\programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\nipalsm.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\programmer\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Gennemført tid: 2010-12-14  16:23:16 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-12-14 15:23
ComboFix2.txt  2010-12-13 21:00
ComboFix3.txt  2010-12-13 15:40
ComboFix4.txt  2010-12-09 16:58

Pre-Kørsel: 27.486.769.152 byte ledig
Post-Kørsel: 27.468.091.392 byte ledig

- - End Of File - - 0B73D2455AE9C98B5A860D4913F03A34
Avatar billede f-arn Guru
15. december 2010 - 07:24 #13
Find og upload nedenstående hos Jotti eller Virustotal:

c:\programmer\SilverCrest OML807 Driver\MouClient_FD2_9063RL.exe
c:\windows\system32\drivers\nidimk.dll
c:\windows\system32\drivers\nipxirmk.dll


http://virusscan.jotti.org/ - http://www.virustotal.com/

Du skal måske slå vis skjulte filer og mapper til.
Hvis du ikke ved hvordan så se her:

http://www.it-artikler.dk/2008/03/05/vis-skjulte-filer-og-mapper/

Kopier resultatet herind som link eller MD5 Checksum.
Avatar billede Slettet bruger
15. december 2010 - 14:49 #14
til alle tre filer skriver Jotti "found nothing"

hvis du alligevel gerne vil se resultaterne, hvordan laver jeg så en MD5 Checksum?
Avatar billede f-arn Guru
17. december 2010 - 03:55 #15
MD5 står på resultat siden.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester





White paper
Tidsbegrænset kampagne: Overvejer du at udskifte eller tilføje printere i din forretning? Vi kan tilbyde én eller flere maskiner gratis