CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede la-jensen Nybegynder
27. oktober 2011 - 21:52 Der er 11 kommentarer og
1 løsning

En trojaner har fundet vej, del 2

Halløj i gode mennesker hos PC-eksperten.

Jeg har fået samme problem som gutten i "Hvordan slipper jeg af med den fandens Trojaner" JEg har kørt samme programmer som ham, og vil nu gerne bede om lidt hjælp til at kigge følgende 3 logfiler igennem:

fra MalWareBytes Anti Malware, HiJackThis, og Combofix.


Tak, på forhånd, hvis i vil hjælpe lidt, her.

Malware Byte log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8029

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

27-10-2011 16:21:30
mbam-log-2011-10-27 (16-21-30).txt

Skanningstype: Fuldstændig skanning (C:\|E:\|)
Objekter skannet: 255372
Tid gået: 45 minut(ter), 12 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 56
Registreringsdatabaseværdier Inficeret: 3
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 11
Inficerede Filer: 15

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.2.11.0 (Adware.HotBar) -> Value: ShopperReports 3.2.11.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790974B376545333AF97 (Malware.Trace) -> Value: SRS_IT_E8790974B376545333AF97 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
c:\Users\Mads\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.

Inficerede Filer:
c:\program files\shopperreports3\bin\3.2.11.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\downloads\Setup.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\Mads\downloads\Setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Mads\downloads\videoconvertersetup.exe (Adware.InstallCore) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\components\browserextensionff.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\components\browserextensionff.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.


HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:02, on 27-10-2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskhost.exe
C:\Users\Mads\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Mads\Downloads\HiJackThis.exe
C:\Windows\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=50655bc8000000000000002186d5558b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Dropbox.lnk = Mads\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16A55ED6-EDF5-43B9-83F2-26DC5E73E7E4}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{16A55ED6-EDF5-43B9-83F2-26DC5E73E7E4}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{16A55ED6-EDF5-43B9-83F2-26DC5E73E7E4}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6280 bytes


ComboFix log:

ComboFix 11-10-27.05 - Mads 27-10-2011  17:36:25.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.45.1030.18.3070.1799 [GMT 2:00]
Kører fra: E:\Banan.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-09-27 til 2011-10-27  )))))))))))))))))))))))))))))))))))
.
.
2011-10-27 16:02 . 2011-10-27 16:02    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-10-27 15:03 . 2011-10-27 15:03    56200    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D7527B2-5240-45FD-9BDA-74A614073529}\offreg.dll
2011-10-27 14:28 . 2011-10-27 14:28    --------    d-----w-    C:\Mp3 Musik
2011-10-27 14:27 . 2011-10-27 14:27    --------    d-----w-    C:\Softwarelog
2011-10-27 13:03 . 2011-10-27 13:03    --------    d-----w-    c:\users\Mads\AppData\Roaming\Malwarebytes
2011-10-27 13:03 . 2011-10-27 13:03    --------    d-----w-    c:\programdata\Malwarebytes
2011-10-27 13:03 . 2011-10-27 13:03    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-10-27 13:03 . 2011-08-31 15:00    22216    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-10-27 07:17 . 2011-10-27 07:17    --------    d-----w-    c:\program files\CCleaner
2011-10-26 15:35 . 2011-10-07 03:48    6668624    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D7527B2-5240-45FD-9BDA-74A614073529}\mpengine.dll
2011-10-25 20:47 . 2011-10-25 20:48    --------    d-----w-    C:\Maritimt
2011-10-24 05:07 . 2011-10-24 05:07    --------    d-----w-    c:\program files\Common Files\Java
2011-10-24 05:07 . 2011-10-03 03:06    476904    ----a-w-    c:\program files\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-10-22 20:21 . 2011-10-22 20:21    --------    d-----w-    c:\users\Mads\AppData\Roaming\WinAVI
2011-10-22 20:21 . 2011-10-22 20:21    --------    d-----w-    c:\users\Mads\AppData\Local\WinAVI
2011-10-22 20:20 . 2011-10-22 20:20    --------    d-----w-    c:\program files\WinAVI
2011-10-18 19:12 . 2011-10-18 19:12    --------    d-----w-    c:\program files\VideoLAN
2011-10-13 12:12 . 2011-08-17 04:24    465408    ----a-w-    c:\windows\system32\psisdecd.dll
2011-10-13 12:12 . 2011-08-17 04:19    75776    ----a-w-    c:\windows\system32\psisrndr.ax
2011-10-13 12:12 . 2011-08-27 04:26    571904    ----a-w-    c:\windows\system32\oleaut32.dll
2011-10-13 12:12 . 2011-08-27 04:26    233472    ----a-w-    c:\windows\system32\oleacc.dll
2011-10-13 12:12 . 2011-09-06 02:28    2334720    ----a-w-    c:\windows\system32\win32k.sys
2011-10-12 22:07 . 2011-10-19 22:00    --------    d-----w-    c:\users\Mads\AppData\Local\Spotify
2011-10-12 22:06 . 2011-10-19 22:00    --------    d-----w-    c:\users\Mads\AppData\Roaming\Spotify
2011-10-07 13:19 . 2011-10-07 13:24    --------    d-----w-    c:\users\Mads\AppData\Roaming\DivX
2011-10-07 13:19 . 2011-10-18 18:09    --------    d-----w-    c:\program files\Common Files\PX Storage Engine
2011-10-07 13:15 . 2011-10-07 13:18    --------    d-----w-    c:\program files\Google
2011-10-07 13:15 . 2011-10-18 18:09    --------    d-----w-    c:\program files\DivX
2011-10-07 13:14 . 2011-10-18 18:09    --------    d-----w-    c:\programdata\DivX
2011-10-03 19:35 . 2011-10-03 19:37    --------    d-----w-    c:\program files\Amnesia - The Dark Descent Demo
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 19:57 . 2011-07-02 16:27    414368    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2011-02-05 18:37    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-09-13 10:32 . 2011-08-30 08:02    48648    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-09-06 20:45 . 2011-02-07 17:41    41184    ----a-w-    c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-02-07 17:41    199304    ----a-w-    c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-07-02 18:11    442200    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-02-07 17:42    320856    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-02-07 17:42    34392    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-02-07 17:42    52568    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-02-07 17:42    54616    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-02-07 17:42    20568    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2011-09-02 12:54 . 2011-08-28 09:48    48648    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-09-02 12:54 . 2011-09-02 12:54    335168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-08-30 09:54 . 2011-08-30 09:28    139080    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2011-08-30 09:54 . 2011-08-30 09:54    270240    ----a-w-    c:\windows\system32\PnkBstrB.xtr
2011-08-30 09:54 . 2011-08-30 09:27    270240    ----a-w-    c:\windows\system32\PnkBstrB.exe
2011-08-30 09:28 . 2011-08-30 09:28    138056    ----a-w-    c:\users\Mads\AppData\Roaming\PnkBstrK.sys
2011-08-30 09:27 . 2011-08-30 09:27    189248    ----a-w-    c:\windows\system32\PnkBstrB.ex0
2011-08-30 09:27 . 2011-08-30 09:27    75136    ----a-w-    c:\windows\system32\PnkBstrA.exe
2011-08-28 09:48 . 2011-08-28 09:48    335168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-28 07:26 . 2011-08-28 07:26    86528    ----a-w-    c:\windows\system32\iesysprep.dll
2011-08-28 07:26 . 2011-08-28 07:26    76800    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2011-08-28 07:26 . 2011-08-28 07:26    74752    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2011-08-28 07:26 . 2011-08-28 07:26    74752    ----a-w-    c:\windows\system32\iesetup.dll
2011-08-28 07:26 . 2011-08-28 07:26    63488    ----a-w-    c:\windows\system32\tdc.ocx
2011-08-28 07:26 . 2011-08-28 07:26    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2011-08-28 07:26 . 2011-08-28 07:26    420864    ----a-w-    c:\windows\system32\vbscript.dll
2011-08-28 07:26 . 2011-08-28 07:26    367104    ----a-w-    c:\windows\system32\html.iec
2011-08-28 07:26 . 2011-08-28 07:26    35840    ----a-w-    c:\windows\system32\imgutil.dll
2011-08-28 07:26 . 2011-08-28 07:26    23552    ----a-w-    c:\windows\system32\licmgr10.dll
2011-08-28 07:26 . 2011-08-28 07:26    161792    ----a-w-    c:\windows\system32\msls31.dll
2011-08-28 07:26 . 2011-08-28 07:26    152064    ----a-w-    c:\windows\system32\wextract.exe
2011-08-28 07:26 . 2011-08-28 07:26    150528    ----a-w-    c:\windows\system32\iexpress.exe
2011-08-28 07:26 . 2011-08-28 07:26    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2011-08-28 07:26 . 2011-08-28 07:26    1427456    ----a-w-    c:\windows\system32\inetcpl.cpl
2011-08-28 07:26 . 2011-08-28 07:26    11776    ----a-w-    c:\windows\system32\mshta.exe
2011-08-28 07:26 . 2011-08-28 07:26    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2011-08-28 07:26 . 2011-08-28 07:26    101888    ----a-w-    c:\windows\system32\admparse.dll
2011-08-28 07:22 . 2009-07-14 02:05    152576    ----a-w-    c:\windows\system32\msclmd.dll
2011-09-30 16:45 . 2011-07-03 17:37    134104    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22    176936    ----a-w-    c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22    176936    ----a-w-    c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45    122512    ----a-w-    c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Mads\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Mads\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Mads\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-14 1242448]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-10-20 641400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-22 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Mads\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mads\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-07 135664]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-07 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-27 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-11 218688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-22 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RTL8167;Realtek 8167 NT-driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-07 13:15]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-07 13:15]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=50655bc8000000000000002186d5558b
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.255.56.78 83.136.89.6 83.136.89.4
TCP: Interfaces\{16A55ED6-EDF5-43B9-83F2-26DC5E73E7E4}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{16A55ED6-EDF5-43B9-83F2-26DC5E73E7E4}\452554E444E65647: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{16A55ED6-EDF5-43B9-83F2-26DC5E73E7E4}\D456373796: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{16A55ED6-EDF5-43B9-83F2-26DC5E73E7E4}\F62716E67656861667563747F6C656: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Mads\AppData\Roaming\Mozilla\Firefox\Profiles\t13qph5g.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=50655bc8000000000000002186d5558b&tlver=1.4.35.10&affID=100474
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\S-1-5-21-2797536416-1483782370-1851357059-1000\Software\SecuROM\License information*]
"datasecu"=hex:22,68,39,a0,96,30,b3,59,b3,7e,f1,ac,e4,da,d2,59,20,6d,41,4f,c1,
  8b,b1,17,1d,e2,3d,99,ec,bb,7d,55,27,71,61,8a,ea,16,03,c3,71,ce,04,9d,55,65,\
"rkeysecu"=hex:56,40,20,5a,09,14,1d,35,47,35,6d,69,76,7d,53,c4
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2011-10-27  18:10:16
ComboFix-quarantined-files.txt  2011-10-27 16:10
.
Pre-Kørsel: 183.438.802.944 byte ledig
Post-Kørsel: 183.123.607.552 byte ledig
.
- - End Of File - - 6574A1831D38BDBD748A0FF28904CB83
Avatar billede pstidsen Novice
27. oktober 2011 - 23:10 #1
Ingen grund til at smide en Malwarebytes log. Den kan ikke bruges til noget. Hvis den finder noget, så fjern det.

Har du kørt guiden: http://www.eksperten.dk/guide/1232
Avatar billede la-jensen Nybegynder
27. oktober 2011 - 23:40 #2
Hej pstidsen. Ok, med Malwarebyte loggen. Den har jeg så kørt, og har fjernet det den fandt.

Nej, har ikke kørt den guide - det vil da gøre senere, så. (Fjerne torrent programmet.) Tak for hintet.
Avatar billede 220661 Ekspert
28. oktober 2011 - 06:32 #3
#1 Jo man kan da se hvad den har fjernet. Og ud fra dette kan man med de andre værktøjer måske have en ide om hvad der skal kigges efter. Så det er jeg ikke enig i.
Avatar billede la-jensen Nybegynder
28. oktober 2011 - 08:30 #4
Torrent programmet midlertidigt fjernet, ny HiJackThis -log.

- Skriv, hvis jeg skal sende ny Combofix log. Den tager noget længere tid, så, sender den helst kun efter behov.

- Jeg har endnu ikke fået HiJackthis til at fjerne nogle af de programmer, den udvælger - Explorer bruger jeg f.eks. ikke - kan jeg godt bare slette disse henvisninger (R0 og R1, i starten)?

- og i øvrigt, undervejs, beder HiJackThis mig om at åbne et "hosts" bibliotek manuelt med notepad - det har jeg så også gjort, og siger ok, og programmet kører videre... Der kommer et notepad vindue op, hvor der står noget med nogle tal, 127.x.x.x og "localhosts". Ved 100%, om jeg gør det rigtigt, men, her er logfilen:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:25:51, on 28-10-2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Mads\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Mads\Downloads\HiJackThis.exe
C:\Windows\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=50655bc8000000000000002186d5558b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Dropbox.lnk = Mads\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16A55ED6-EDF5-43B9-83F2-26DC5E73E7E4}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{16A55ED6-EDF5-43B9-83F2-26DC5E73E7E4}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{16A55ED6-EDF5-43B9-83F2-26DC5E73E7E4}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5719 bytes
Avatar billede f-arn Guru
28. oktober 2011 - 09:06 #5
Jeg er absolut heller ikke enig med pstidsen!!!!
Avatar billede Computer Hjælp (Gratis) Mester
28. oktober 2011 - 09:34 #6
[uTorrent] ???

www.spywarefri.dk/artikel/farerne-ved-fildeling/
Avatar billede pstidsen Novice
28. oktober 2011 - 21:46 #7
Ja ok. Det kan den være hvis Malwarebytes har fjernet noget, ellers er den da ikke noget værd.
Avatar billede la-jensen Nybegynder
29. oktober 2011 - 10:56 #8
Jeg er godt klar over p2p programmernes farer. Men tak for den "moralske" opsang, karise_larry, m.fl.

Det er godt, at i har glorien på, herinde... Tror ikke, jeg kender nogle i min vennekreds, der ikke bruger p2p programmer.

Nå, har i tid til at hjælpe mig, eller, vil i hellere synge videre?
Avatar billede Computer Hjælp (Gratis) Mester
29. oktober 2011 - 11:10 #9
Disse kan/bør du tihvert ifald "fixe" i HiJackThis ->

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/ (...)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll  (Eller bruger du tit den direkte derfra ?)

---

MalwareBytes har 'nappet' en del utøj (mon det er noget du selv har lagt ind ? Eller er det reslutatet fra et eller andet fra P2P ??? *S*)

---

Oplever du problemer derefter ?
Avatar billede f-arn Guru
29. oktober 2011 - 12:02 #10
... Tror ikke, jeg kender nogle i min vennekreds, der ikke bruger p2p programmer.

Nå, har i tid til at hjælpe mig, eller, vil i hellere synge videre?

Hvis jeg ellers gad, kunne jeg godt rense din PC. Men med den attitude, gider jeg ikke!!!!
Avatar billede la-jensen Nybegynder
30. oktober 2011 - 14:11 #11
Nej, jeg er klar over "attituden". Den må jeg jo så ændre. Nok skrevet i et øjebliks dumhed. Måske på mere permanent basis... Jeg må jo bøje mig, og så slette uTorrent. Så må jeg se, hvordan jeg så kan få lidt underholdning til pc'eren hentet ned, alligevel. Det er en risiko, og jeg har jo også oplevet den flere gange. Beklager indstillingen - indtil videre tak for hjælpen...
Avatar billede la-jensen Nybegynder
25. januar 2012 - 00:34 #12
Sletter hermed denne tråd - ved at give mit eget svar. Pt er problemet heldigvis løst, håber, jeg kan få lov at vende tilbage på et senere tidspunkt. Ha' et godt forår, alle gode pc-eksperter.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:15 Personlige indstillinger på Facebook Af nu_igen i Sociale medier
I går 17:56 Bluetooth Højttalersæt Af valby i Andet hardware
I går 16:52 Flextids registrering Af Kenneth Kirsgart i Excel
I går 14:28 Telenor og Iphone skal genstarte ofte Af Carpathia i Mobilnetværk
I går 13:47 Kan man sælge et ApS Af LHans i Fri debat
White papers
Flere white papers »


Premium
Teaser billede
Efter forbud fra Datatilsynet: Nu ændres data-håndteringen i din kørekort-app
Læs mere »
Halter mange år bagefter: Sløve software-udviklere står i vejen for kæmpe digitalt løft af Billund Lufthavn
Disse 10 it-virksomheder klarer sig bedst i Computerworlds store image-undersøgelse
Rejsekort skal aflevere fuld redegørelse om brug af GPS-data i Rejsekort-appen inden for få uger: Datatilsynet åbner sag
Se alle »
Computerworld
Teaser billede
Softwarefirmaet Teamviewer med 640.000 kunder globalt ramt af avanceret hackerangreb
Læs mere »
En pladesaks, 1000W og et Nvidia-grafikkort til 14.000 kroner - sådan opgraderede jeg min pc
Dansk-stiftet ingeniørfirma blev franarret 178 millioner kroner i deepfake-svindel
Test: Endelig en skærm der er god til alt - lige fra gaming og underholdning til kontorbrug
Se alle »
CIO
Teaser billede
Efter stort hackerangreb mod Teamviewer: Stop dine opdateringer og tjek opsætningen nu
Læs mere »
I dag træder nye de regler om registrering af din arbejdstid i kraft: Er du klar?
Frygtet melding: Russiske hackere har stjålet Microsoft-kunders e-mails
Russisk hack af Microsoft er meget større end først antaget
Se alle »
Job & Karriere
Teaser billede
Bo solgte sit software-system for et treciftret millionbeløb: Brugte pengene på at købe 80 medarbejdere til ny storsatsning
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
Kontorer er ofte øde og tomme - især efter frokost og op til ferier: Nu vil Dell give de ansatte farve-stempler efter deres fremmøde
Se alle »
White paper
Teaser billede
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
Læs mere »
Nemmere overblik, styring og omkostningskontrol i dit multicloud-miljø
Guide: Sådan udvikler du en moderne netværksstrategi
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »