CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede drep Nybegynder
24. april 2012 - 16:26 Der er 12 kommentarer og
1 løsning

Virus logs.

Hej alle, min onkel har fået virus ("FoolProof Protection") på hans computer.

Jeg har fulgt denne guide: http://www.eksperten.dk/guide/1232

og ligger hermed logs'ne ind fra:
1. Malwarebytes
2. Combofix
3. Hijackthis

hvis der er en der gider kigge dem igennem og se om computeren er kommet iorden, ville det være surverænt :-)

1. Malwarebytes

Malwarebytes Anti-Malware (Prøveversion) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
carsten :: CARSTEN-PC [administrator]

Beskyttelse: Slået til

24-04-2012 13:46:55
mbam-log-2012-04-24 (13-46-55).txt

Skanningstype: Fuldstændig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 322823
Tid gået: 30 minut(ter),

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 3
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> Bliver slettet ved genstart.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Bliver slettet ved genstart.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE (Security.Hijack) -> Bliver slettet ved genstart.

Registreringsdatabaseværdier Inficeret: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Inspector (Trojan.FakeAlert.Gen) -> Data: C:\Users\carsten\AppData\Roaming\Protector-upyu.exe -> Sat i karantæne og slettet succesfuldt.

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 0
(Ingen skadelige objekter blev fundet)

(færdig)



2. Combofix

ComboFix 12-04-24.01 - carsten 24-04-2012  14:29:35.2.2 - x64
Microsoft Windows 7 Professional  6.1.7600.0.1252.45.1030.18.3830.2330 [GMT 2:00]
Kører fra: f:\ny mappe\3 ComboFix\ComboFix.exe
Kommandoer benyttet :: f:\ny mappe\3 ComboFix\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Dannede nyt systemgendannelsespunkt
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige Kørsel -------
.
c:\users\carsten\AppData\Roaming\Protector-upyu.exe
c:\users\carsten\AppData\Roaming\result.db
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-03-24 til 2012-04-24  )))))))))))))))))))))))))))))))))))
.
.
2012-04-24 11:40 . 2012-04-24 11:41    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-24 11:40 . 2012-04-24 11:40    --------    d-----w-    c:\programdata\Malwarebytes
2012-04-24 11:40 . 2012-04-04 13:56    24904    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-04-24 11:29 . 2012-04-24 11:29    --------    d-----w-    c:\program files\CCleaner
2012-04-24 11:12 . 2012-01-31 06:57    132320    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2012-04-24 11:12 . 2012-01-31 06:57    97312    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2012-04-24 11:12 . 2011-09-16 14:09    27760    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2012-04-24 11:12 . 2012-04-24 11:12    --------    d-----w-    c:\programdata\Avira
2012-04-24 11:12 . 2012-04-24 11:12    --------    d-----w-    c:\program files (x86)\Avira
2012-04-22 18:06 . 2012-04-22 18:06    --------    d-----w-    c:\program files (x86)\AVG Secure Search
2012-04-22 18:05 . 2012-04-22 18:05    --------    d-----w-    c:\users\carsten\AppData\Local\AVG Secure Search
2012-04-13 20:26 . 2012-04-22 18:05    --------    d-----w-    c:\programdata\AVG Secure Search
2012-04-13 20:26 . 2012-04-22 18:05    --------    d-----w-    c:\program files (x86)\Common Files\AVG Secure Search
2012-04-13 20:25 . 2012-04-13 20:25    --------    d--h--w-    c:\programdata\Common Files
2012-04-13 20:25 . 2012-04-22 18:19    --------    d-----w-    c:\windows\SysWow64\drivers\AVG
2012-04-13 20:24 . 2012-04-22 18:19    --------    d-----w-    c:\programdata\AVG2012
2012-04-13 20:22 . 2012-04-13 20:22    --------    d-----w-    c:\program files (x86)\AVG
2012-04-13 20:15 . 2012-04-22 18:28    --------    d-----w-    c:\programdata\MFAData
2012-04-13 20:15 . 2012-04-22 17:41    --------    d-----w-    c:\programdata\clp
2012-04-13 20:14 . 2012-04-13 20:16    --------    d-----w-    c:\users\carsten\AppData\Roaming\Fighters
2012-04-13 20:14 . 2012-04-13 20:14    --------    d-----w-    c:\programdata\Common Toolkit Suite
2012-04-13 20:13 . 2012-04-22 17:56    --------    d-----w-    c:\programdata\Fighters
2012-04-13 19:18 . 2012-04-13 19:18    --------    d-----w-    c:\windows\system32\EventProviders
2012-04-13 19:18 . 2012-04-13 19:18    --------    d-----w-    C:\f081c48a0df50134cd
2012-04-13 15:18 . 2012-03-14 03:27    8669240    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{042681BF-ABE1-4D51-A7EF-79EAF63FA579}\mpengine.dll
2012-04-12 10:38 . 2012-03-01 06:54    22896    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2012-04-12 10:38 . 2012-03-01 06:45    220672    ----a-w-    c:\windows\system32\wintrust.dll
2012-04-12 10:38 . 2012-03-01 06:40    80896    ----a-w-    c:\windows\system32\imagehlp.dll
2012-04-12 10:38 . 2012-03-01 06:35    5120    ----a-w-    c:\windows\system32\wmi.dll
2012-04-12 10:38 . 2012-03-01 05:49    172544    ----a-w-    c:\windows\SysWow64\wintrust.dll
2012-04-12 10:38 . 2012-03-01 05:45    158720    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2012-04-12 10:38 . 2012-03-01 05:40    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-17 12:09 . 2003-03-19 04:14    499712    ----a-w-    c:\windows\SysWow64\msvcp71.dll
2012-03-17 12:09 . 2003-02-21 12:42    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2012-03-17 11:31 . 2012-03-17 11:31    472808    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2012-03-14 07:35 . 2012-03-14 07:35    91648    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2012-03-14 07:35 . 2012-03-14 07:35    89088    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2012-03-14 07:35 . 2012-03-14 07:35    86528    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2012-03-14 07:35 . 2012-03-14 07:35    85504    ----a-w-    c:\windows\system32\iesetup.dll
2012-03-14 07:35 . 2012-03-14 07:35    76800    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-14 07:35 . 2012-03-14 07:35    76800    ----a-w-    c:\windows\system32\tdc.ocx
2012-03-14 07:35 . 2012-03-14 07:35    74752    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-14 07:35 . 2012-03-14 07:35    74752    ----a-w-    c:\windows\SysWow64\iesetup.dll
2012-03-14 07:35 . 2012-03-14 07:35    63488    ----a-w-    c:\windows\SysWow64\tdc.ocx
2012-03-14 07:35 . 2012-03-14 07:35    603648    ----a-w-    c:\windows\system32\vbscript.dll
2012-03-14 07:35 . 2012-03-14 07:35    49664    ----a-w-    c:\windows\system32\imgutil.dll
2012-03-14 07:35 . 2012-03-14 07:35    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2012-03-14 07:35 . 2012-03-14 07:35    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2012-03-14 07:35 . 2012-03-14 07:35    448512    ----a-w-    c:\windows\system32\html.iec
2012-03-14 07:35 . 2012-03-14 07:35    420864    ----a-w-    c:\windows\SysWow64\vbscript.dll
2012-03-14 07:35 . 2012-03-14 07:35    367104    ----a-w-    c:\windows\SysWow64\html.iec
2012-03-14 07:35 . 2012-03-14 07:35    35840    ----a-w-    c:\windows\SysWow64\imgutil.dll
2012-03-14 07:35 . 2012-03-14 07:35    30720    ----a-w-    c:\windows\system32\licmgr10.dll
2012-03-14 07:35 . 2012-03-14 07:35    23552    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2012-03-14 07:35 . 2012-03-14 07:35    222208    ----a-w-    c:\windows\system32\msls31.dll
2012-03-14 07:35 . 2012-03-14 07:35    173056    ----a-w-    c:\windows\system32\ieUnatt.exe
2012-03-14 07:35 . 2012-03-14 07:35    165888    ----a-w-    c:\windows\system32\iexpress.exe
2012-03-14 07:35 . 2012-03-14 07:35    161792    ----a-w-    c:\windows\SysWow64\msls31.dll
2012-03-14 07:35 . 2012-03-14 07:35    160256    ----a-w-    c:\windows\system32\wextract.exe
2012-03-14 07:35 . 2012-03-14 07:35    152064    ----a-w-    c:\windows\SysWow64\wextract.exe
2012-03-14 07:35 . 2012-03-14 07:35    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2012-03-14 07:35 . 2012-03-14 07:35    142848    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2012-03-14 07:35 . 2012-03-14 07:35    135168    ----a-w-    c:\windows\system32\IEAdvpack.dll
2012-03-14 07:35 . 2012-03-14 07:35    12288    ----a-w-    c:\windows\system32\mshta.exe
2012-03-14 07:35 . 2012-03-14 07:35    11776    ----a-w-    c:\windows\SysWow64\mshta.exe
2012-03-14 07:35 . 2012-03-14 07:35    114176    ----a-w-    c:\windows\system32\admparse.dll
2012-03-14 07:35 . 2012-03-14 07:35    111616    ----a-w-    c:\windows\system32\iesysprep.dll
2012-03-14 07:35 . 2012-03-14 07:35    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2012-03-14 07:35 . 2012-03-14 07:35    101888    ----a-w-    c:\windows\SysWow64\admparse.dll
2012-03-13 09:16 . 2012-03-13 09:16    1022464    ----a-w-    c:\windows\system32\BCMLogon.dll
2012-03-13 09:16 . 2012-03-13 09:16    47632    ----a-w-    c:\windows\system32\drivers\npf.sys
2012-03-13 09:16 . 2012-03-13 09:16    459    ----a-w-    c:\windows\SysWow64\vcredist_x64.bat
2012-03-13 09:16 . 2012-03-13 09:16    22520    ----a-w-    c:\windows\system32\drivers\bcm42rly.sys
2012-03-13 09:16 . 2012-03-13 09:16    73728    ----a-w-    c:\windows\system32\wltrynt.dll
2012-03-13 09:16 . 2012-03-13 09:16    60928    ----a-w-    c:\windows\system32\bcmwlrmt.dll
2012-03-13 09:16 . 2012-03-13 09:16    4961800    ----a-w-    c:\windows\SysWow64\vcredist_x64.exe
2012-03-13 09:16 . 2012-03-13 09:16    4429312    ----a-w-    c:\windows\system32\bcmttls.dll
2012-03-13 09:16 . 2012-03-13 09:16    7754752    ----a-w-    c:\windows\system32\BCMWLCPL.CPL
2012-03-13 09:16 . 2012-03-13 09:16    457    ----a-w-    c:\windows\system32\vcredist_x64.bat
2012-03-13 09:16 . 2012-03-13 09:16    3161088    ----a-w-    c:\windows\system32\vcredist_x64.exe
2012-03-13 09:16 . 2012-03-12 14:35    6656    ----a-w-    c:\windows\system32\bcmwlrc.dll
2012-03-12 15:01 . 2012-03-12 15:01    3120    ----a-w-    c:\windows\SysWow64\drivers\wdfji.sys
2012-03-12 14:34 . 2012-03-12 14:35    95472    ----a-w-    c:\windows\system32\bcmwlcoi.dll
2012-03-12 14:34 . 2012-03-12 14:35    3891200    ----a-w-    c:\windows\system32\bcmihvsrv64.dll
2012-03-12 14:34 . 2012-03-12 14:35    3555840    ----a-w-    c:\windows\system32\bcmihvui64.dll
2012-03-12 14:34 . 2012-03-12 14:35    3058168    ----a-w-    c:\windows\system32\drivers\BCMWL664.SYS
2012-03-12 14:32 . 2012-03-12 14:32    10240    ----a-w-    c:\windows\system32\yk62x64ver.dll
2012-03-12 14:23 . 2012-03-12 14:23    368912    ----a-w-    c:\windows\SysWow64\VBAR332.DLL
2012-03-12 14:23 . 2012-03-12 14:23    252176    ----a-w-    c:\windows\SysWow64\MSRD2X35.DLL
2012-03-12 14:23 . 2012-03-12 14:23    24848    ----a-w-    c:\windows\SysWow64\MSJTER35.DLL
2012-03-12 14:23 . 2012-03-12 14:23    123664    ----a-w-    c:\windows\SysWow64\MSJINT35.DLL
2012-03-12 14:23 . 2012-03-12 14:23    1045776    ----a-w-    c:\windows\SysWow64\MSJET35.DLL
2012-02-23 08:18 . 2012-03-17 11:16    279656    ------w-    c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 18:20    1031680    ----a-w-    c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 18:20    826368    ----a-w-    c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 18:20    204800    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 18:20    23552    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:18 . 2012-03-14 18:31    1541120    ----a-w-    c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-14 18:31    1837568    ----a-w-    c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-14 18:31    902656    ----a-w-    c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-14 18:31    320512    ----a-w-    c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-14 18:31    197120    ----a-w-    c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 18:31    1074176    ----a-w-    c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-14 18:31    218624    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 18:31    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 18:31    1170944    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 18:31    739840    ----a-w-    c:\windows\SysWow64\d2d1.dll
2012-02-07 09:02 . 2012-02-07 09:02    1070352    ----a-w-    c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:16 . 2012-03-14 18:31    3143168    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-22 18:06    2067328    ----a-w-    c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31    1514152    ----a-w-    c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-22 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-08 102400]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-03-17 296056]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-04-22 1116544]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avguard.exe]
"Debugger"=svchost.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avmailc.exe]
"Debugger"=svchost.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\AVWEBGRD.EXE]
"Debugger"=svchost.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 136176]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 136176]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 12:09]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 12:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-04-05 1691192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2012-03-13 5394944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
"Debugger"=svchost.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe]
"Debugger"=svchost.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE]
"Debugger"=svchost.exe
.
------- Yderligere scanning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.dk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 194.239.134.83 193.162.153.164
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
.
- - - - TOMME GENVEJE FJERNET - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Standard) - (no file)
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre kørende processer ------------------------
.
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\windows\system32\atibtmon.exe
.
**************************************************************************
.
Gennemført tid: 2012-04-24  15:01:53 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2012-04-24 13:01
.
Pre-Kørsel: 283.355.803.648 byte ledig
Post-Kørsel: 283.190.181.888 byte ledig
.
- - End Of File - - 88D82164944115B1826AC73D98529470



3. Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:11:53, on 24-04-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - (no file)
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send til Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send til &Bluetooth-enhed... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11565 bytes
Avatar billede johnstigers Seniormester
24. april 2012 - 16:37 #1
Kan se Malwarebytes Anti-Malware ikke er opdateret.
Det er nu version V.2012.04.24.03
Så opdater og ny scanning og log :)
Avatar billede johnstigers Seniormester
24. april 2012 - 16:37 #2
Andre må gerne tjekke log ...
Avatar billede pstidsen Novice
24. april 2012 - 16:40 #3
Du husker vel at genstarte efter Malwarebytes og FØR du kører de andre programmer?

Istemmer med #2 =)
Avatar billede Computer Hjælp (Gratis) Mester
24. april 2012 - 16:49 #4
Kører du - tilsyneladende - både med
* AVG
* Avira

Ikke sundt med to 'kærester' samtidig ...
(Afinstall Avira)

---

Afinstall
* Ask Toolbar
* Google Update
* Google Toolbar (Eller elsker du den ?)

---
Avatar billede drep Nybegynder
24. april 2012 - 18:02 #5
@ john_stigers - den kom med en fejl da jeg ville opdatere, så det kunne desværre kun lade sig gøre med den installation.

@ pstidsen - jeg har fulgt guiden som jeg linkede til.

@ karise_larry - AVG er ikke installeret, tror måske at det er en installation der er fejlet. Det ligger i hvert fald ikke inde under programmer eller kontrolpanelet.
Hvad angår toolbars'ne så er det ikke min computer, men har nu afinstalleret dem.

Computeren er nu begyndt at makke lidt mere ret, så jeg har nu fået opdateret Malwarebytes og lægger en ny log.

Tak for hjælpen indtil videre =)
Avatar billede drep Nybegynder
24. april 2012 - 18:02 #6
Malwarebytes Anti-Malware (Prøveversion) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.24.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
carsten :: CARSTEN-PC [administrator]

Beskyttelse: Slået til

24-04-2012 17:24:59
mbam-log-2012-04-24 (17-24-59).txt

Skanningstype: Fuldstændig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 331756
Tid gået: 32 minut(ter), 47 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 3
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> Bliver slettet ved genstart.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Bliver slettet ved genstart.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE (Security.Hijack) -> Bliver slettet ved genstart.

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 2
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00014.log (Extension.Mismatch) -> Sat i karantæne og slettet succesfuldt.
C:\Qoobox\Quarantine\C\Users\carsten\AppData\Roaming\Protector-upyu.exe.vir (Rogue.FakeAV) -> Sat i karantæne og slettet succesfuldt.

(færdig)
Avatar billede Computer Hjælp (Gratis) Mester
24. april 2012 - 18:25 #7
Hmmm... AVG ser da rimmelig 'aktiv' ud ifølge loggen ?
www.execulink.ca/files/1413/0573/2466/avg8-taskbar_menu.jpg
Avatar billede drep Nybegynder
24. april 2012 - 19:04 #8
Meget mærkeligt, kan ikke finde den nogen steder - men har nu lavet en ny installation af AVG og så afinstalleret det igen, da jeg gerne vil holde mig til Avira (har bedre erfaringer med den).

Ser loggen ellers fin ud nu, er vi kommet af med virussen?
Avatar billede f-arn Guru
27. april 2012 - 12:01 #9
Ser loggen ellers fin ud nu, er vi kommet af med virussen?

Da ingen andre svarer, gør jeg det lige.

Da infektionen gendannes, er det tvivlsomt!

Har i fået løst problemet siden?
Avatar billede drep Nybegynder
06. maj 2012 - 19:43 #10
Hej, det ser ud til at den er i orden igen - den popper i hvert fald ikke op med den tvivlsomme "antivirus" længere.

Jeg vender stærkt tilbage hvis der skulle opstå nogle nye problemer.

Tak for hjælpen, hvis der er nogen der ønsker pointne så smid et svar.
Avatar billede f-arn Guru
06. maj 2012 - 20:43 #11
Så har du gjort noget andet, fo PCen virker ikke "ren".
Avatar billede f-arn Guru
06. maj 2012 - 20:44 #12
fo=for ;)
Avatar billede drep Nybegynder
08. juni 2012 - 07:34 #13
Der har ikke været bøvl med den siden. Jeg lukker tråden her.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 15:56 Kopiering af betinget formatering Af Flinten i Office & Kontorpakker
I dag 09:22 1. linie fra Combobox Af per2edb i Access
I går 15:02 Computer død efter opdatering Af Marie i PC
I går 02:51 Asus TUF VG34VQL3A viser sort i begge sider ved afspilning af Prime, HBO? Af klavil i Skærme
04/0321:59 Formler med Sum.hvis kommer med forkerte resultater Af Peder Lund Nielsen i Excel
White papers
Flere white papers »


Premium
Teaser billede
Broadcom advarer: Kritiske VMware-sårbarheder udnyttes aktivt – patch straks
Læs mere »
Dansk produktionsvirksomhed i kløerne på russisk bande efter angreb
Top-CISO leder efter europæiske alternativer til Microsoft. Men det er ikke så lige til
Hver dag betaler Region Hovedstaden mere end 174.000 kroner for Microsoft-licenser: "Vi betaler rigtig mange penge for at sende en mail"
Se alle »
Computerworld
Teaser billede
Kan man overhovedet droppe amerikansk tech som iPhone, Gmail og Facebook? Her er de europæiske alternativer
Læs mere »
Flere millioner Chrome-brugere ramt af ondsindede udvidelser: Du skal selv afinstallere dem manuelt for at være beskyttet
Vi prøvekører den nye Tesla Model Y: Man kan sige hvad man vil om Elon Musk, men han kan saftsuseme godt bygge biler
Fem amerikanske techgiganter styrer Danmark: Det kan få store konsekvenser
Se alle »
CIO
Teaser billede
Microsoft fuldender sit løfte om europæisk data-opbevaring – men der er en række undtagelser
Læs mere »
Offentlige virksomheder hjemtager ejerskab af deres it: Her er årsagerne
Efter hackerangreb: CISO Roel Schouten besluttede sig for at rydde op i sikkerheds-budgettet - og fyre konsulenterne
Ny CIO i Arla: Her er tre ting, som Mia Heslegrave vil lykkes med som chef
Se alle »
Job & Karriere
Teaser billede
40 år gammelt dansk it-selskab fusionerer med hollandsk firma og skifter navn
Læs mere »
Her er deres månedsløn: Så meget tjener CIO'erne i de danske regioner - den bedst lønnede får mere end digitaliseringsministeren
Microsoft fyrer de dårligst performende ansatte: Disse jobtitler bliver ramt
Carsten advarede som it-sikkerhedschef om problemer og blev fyret: "Det endte med voksen-mobning af værste skuffe"
Se alle »
White paper
Teaser billede
Sikkerhed gjort enkelt: Beskyt din virksomhed direkte i browseren
Læs mere »
TIDSBEGRÆNSET KAMPAGNE: Overvejer du at udskifte eller tilføje printere i din forretning? Vi kan tilbyde én eller flere maskiner GRATIS.
Sådan sikrer du nem og beskyttet adgang til dine ressourcer
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »