windows security alert

Der er også nogle 'mistænkelige' elementer...

Gennemfør denne 'pakke' ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Lytter med.
(Kan ikke smide tomme kommentarer og derved følge med i det skjulte :()

<john_stigers>: http://www.eksperten.dk/faq#faq-4-4 ...

Lad os håbe/tro at <bigmag> vender tilbage ?

Tak... har altid brugt det trick, men det virker ikke pt.

Nu har jeg kørt de scan du sagde og det ser ud til at virke.

her resultaterne på scanningerne.


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3953

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

04-04-2010 20:04:02
mbam-log-2010-04-04 (20-04-02).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 187398
Tid gået: 45 minut(ter), 36 sekund(er)

Hukommelses Processorer Inficeret: 1
Hukommelses Moduler Inficeret: 2
Registreringsdatabase Nøgler Inficeret: 5
Registreringsdatabase Værdier Inficeret: 3
Registreringsdatabase Data Objekter Inficeret: 0
Inficerede Mapper: 1
Inficerede Filer: 75

Hukommelses Processorer Inficeret:
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Unloaded process successfully.

Hukommelses Moduler Inficeret:
c:\WINDOWS\system32\captcha.dll (Worm.KoobFace) -> Delete on reboot.
c:\WINDOWS\system32\erokosvc.dll (Worm.KoobFace) -> Delete on reboot.

Registreringsdatabase Nøgler Inficeret:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\captcha (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpqoko6 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webserver (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Control Manager (Rogue.ControlManager) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apto6ko (Worm.KoobFace) -> Quarantined and deleted successfully.

Registreringsdatabase Værdier Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\tapisrvs (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccagent.exe (Rogue.ControlManager) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\captcha (Worm.KoobFace) -> Quarantined and deleted successfully.

Registreringsdatabase Data Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
C:\Documents and Settings\Jes\Application Data\Control Manager (Rogue.ControlManager) -> Quarantined and deleted successfully.

Inficerede Filer:
c:\WINDOWS\system32\captcha.dll (Worm.KoobFace) -> Delete on reboot.
c:\WINDOWS\system32\erokosvc.dll (Worm.KoobFace) -> Delete on reboot.
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269082860.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269084393.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269084711.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269084729.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269098261.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269098925.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269099241.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269099244.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269165133.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269165446.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269191968.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269192276.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269192283.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269192975.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269193282.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269193286.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1268807600.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1268808078.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269082420.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269194067.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269194371.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269197728.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269198047.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269198049.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269260761.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269261321.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269261631.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269261635.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269278546.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269278861.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269278865.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269283676.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269082767.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269284356.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269844551.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269844873.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269969915.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269971893.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269972202.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269972206.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269973395.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP656\A0137563.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP662\A0138853.exe (Rogue.PClean) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP666\A0141163.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP666\A0141166.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP666\A0141167.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP666\A0141179.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP668\A0141270.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP668\A0141273.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP669\A0141291.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP669\A0141293.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP670\A0141310.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP670\A0141312.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP670\A0142516.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FF1F8C9-94F8-4F81-A453-F4312233C9DC}\RP670\A0142517.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bill104.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\imapioko.sys (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\lgo (Koobface.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\010112010146101115.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\010112010146114101.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\01011201014650115.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\0101120101465198.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1268775793.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269193288.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269282938.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269283239.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1269283240.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1270111486.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jes\Local Settings\Application Data\rdr_1270113823.exe (Worm.KoobFace) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:35, on 04-04-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=0061208
R3 - URLSearchHook: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O1 - Hosts: 95.143.192.205 u07012010u#com
O1 - Hosts: 85.13.206.115 u07012010u.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10526 bytes

Ser det rigtitgt ud

Hent Combofix, og gem den på i en mappe, som alg.exe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Åben Notesblok og kopier følgende tekst ind - og gem tekst-filen som CFScript samme sted som du har ComboFix:


...............................................................................


Killall::
Snapshot::
Hosts::
...................................................................................


Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Som vist her ->

http://www.fromsej.saknet.dk/billeder/swfcombo.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.


Læg den nye ComboFix log herind. Den kan findes her - C:\combofix Txt


Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C: Combofix.txt

Indholdet af denne fil må du gerne lægge herind

Der er noget jeg ikke fatter...


Plejer der ikke at skulle stå noget efter disse:
Killall::
Snapshot::
Hosts::

???

Nøøøøøj - MalwareBytes fik nappet en del - også de 'mistænkelige' elementer *S* ...

---

Du mangler M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da + efterfølgende MANGE opdateringer !!!
Bla. IE8  (Internet Explorer ver. 8) + efterfølgende opdateringer...

---

Du bør/skal opdatere din AcrobatReader -> http://get.adobe.com/dk/reader/ (FRAklik GoogleToolbar)

---

http://kundeservice.tdc.dk/testcenter/

---

En efterfølgede oprydning ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Eller bruger du denne GAMLE Messenger?)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Genstart normalt...

---

Oprydning med CCleaner...

---

Hvordan kører PC'en så nu ?

Nåååå - <patrick14> kom lige pludselig ind imellem ??? Der er den 'uskrevne' regel her på E. at den der forespørger efter Logs mm. også bør/skal/kan/må følge op på dem... Helst uden at andre kommer ind imellem for ikke at 'forvirre' spørgeren mere end nødvendigt...

---

Enig med karise.
patrick14> Desuden mangler der "emner" Combofix skal fixe, men siden du anbefaler brugen af programmet, må du lige få rettet denne fejl.

Her er resultatet


ComboFix 10-04-03.02 - Jes 04-04-2010  20:55:10.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.45.1033.18.1014.427 [GMT 2:00]
Kører fra: c:\documents and settings\Jes\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Jes\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\webserver
c:\windows\AppPatch\AcAdProc.dll
c:\windows\jestertb.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APTO6KO
-------\Legacy_CAPTCHA
-------\Legacy_CPQOKO6
-------\Legacy_WEBSERVER


(((((((((((((((((((((((((((((  Filer skabt fra 2010-03-04 til 2010-04-04  )))))))))))))))))))))))))))))))))))
.

2010-04-04 16:34 . 2010-04-04 16:34    --------    d-----w-    c:\documents and settings\Jes\Application Data\Malwarebytes
2010-04-04 16:33 . 2010-03-29 13:24    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-04 16:33 . 2010-04-04 16:33    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-04-04 16:33 . 2010-04-04 16:33    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-04 16:33 . 2010-03-29 13:24    20824    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-04-04 16:29 . 2010-04-04 16:29    --------    d-----w-    c:\program files\CCleaner
2010-04-04 15:35 . 2010-04-04 15:35    --------    d-----w-    c:\program files\Trend Micro
2010-04-01 09:13 . 2010-04-01 14:58    --------    d-----w-    C:\SmitfraudFix
2010-03-30 17:59 . 2010-03-30 17:50    1872472    ----a-w-    C:\SmitfraudFix.exe
2010-03-29 06:30 . 2010-03-29 06:30    --------    d-s---w-    c:\documents and settings\Administrator\UserData
2010-03-22 12:47 . 2010-03-22 12:47    --------    d-----w-    c:\documents and settings\Jes\Application Data\AdobeUM
2010-03-21 18:48 . 2010-03-21 18:54    --------    d-----w-    c:\windows\SxsCaPendDel
2010-03-21 18:08 . 2010-03-21 18:13    --------    d-----w-    c:\program files\Norton Internet Security
2010-03-21 18:07 . 2010-03-21 18:13    48776    ----a-w-    c:\windows\system32\S32EVNT1.DLL
2010-03-21 18:07 . 2010-03-21 18:13    115000    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-21 18:06 . 2010-03-22 18:43    --------    d-----w-    c:\program files\Symantec
2010-03-21 17:13 . 2010-03-21 17:13    0    ----a-w-    c:\windows\nsreg.dat
2010-03-21 17:13 . 2010-03-21 17:13    --------    d-----w-    c:\documents and settings\Jes\Local Settings\Application Data\Mozilla
2010-03-20 11:35 . 2010-04-01 13:50    --------    d-----w-    c:\program files\Lavasoft
2010-03-20 09:27 . 2010-03-20 09:27    --------    d-----w-    c:\documents and settings\Jes\Application Data\Lavasoft
2010-03-19 18:35 . 2010-03-19 18:35    --------    d--h--w-    c:\windows\PIF
2010-03-19 17:42 . 2010-03-30 18:28    --------    d-----w-    c:\documents and settings\All Users\Application Data\Symantec
2010-03-19 17:40 . 2010-03-30 18:04    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2010-03-19 17:32 . 2010-03-19 17:32    --------    d-----w-    c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-18 12:05 . 2010-03-18 12:05    --------    d-sh--w-    c:\documents and settings\LocalService\IETldCache
2010-03-10 10:16 . 2010-03-10 10:16    --------    d-----w-    c:\program files\VALVe
2010-03-10 09:26 . 2009-10-23 14:27    3555328    ------w-    c:\windows\system32\dllcache\moviemk.exe
2010-03-09 10:06 . 2010-02-12 10:03    293376    ------w-    c:\windows\system32\browserchoice.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 19:05 . 2009-12-06 16:45    --------    d-----w-    c:\program files\Steam
2010-04-04 19:04 . 2010-01-23 22:08    --------    d-----w-    c:\documents and settings\Jes\Application Data\Skype
2010-04-04 19:02 . 2006-12-08 15:04    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2010-04-04 18:48 . 2010-02-09 18:50    --------    d-----w-    c:\documents and settings\Jes\Application Data\U3
2010-04-04 18:08 . 2010-01-23 22:11    --------    d-----w-    c:\documents and settings\Jes\Application Data\skypePM
2010-04-04 16:31 . 2008-07-03 14:41    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-01 13:50 . 2008-07-03 15:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-01 10:43 . 2008-07-04 08:04    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2010-03-30 18:43 . 2009-10-16 15:17    --------    d-----w-    c:\program files\RocketDock
2010-03-21 20:12 . 2006-12-08 15:01    --------    d-----w-    c:\program files\Google
2010-03-21 18:13 . 2010-03-21 18:07    806    ----a-w-    c:\windows\system32\drivers\SYMEVENT.INF
2010-03-21 18:13 . 2010-03-21 18:07    8014    ----a-w-    c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-20 11:27 . 2006-12-08 15:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee
2010-03-19 17:34 . 2008-10-03 17:27    --------    d-----w-    c:\documents and settings\LocalService\Application Data\SACore
2010-03-16 21:35 . 2009-12-02 15:40    --------    d-----w-    c:\documents and settings\Jes\Application Data\vlc
2010-03-11 19:43 . 2010-02-22 12:41    --------    d-----w-    c:\program files\Counter-Strike 1.6
2010-03-11 10:45 . 2009-11-18 11:35    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-21 00:39 . 2009-10-16 15:34    --------    d-----w-    c:\program files\LimeWire
2010-02-21 00:04 . 2009-10-16 15:35    --------    d-----w-    c:\documents and settings\Jes\Application Data\LimeWire
2010-02-17 14:40 . 2010-02-17 14:40    --------    d-----w-    c:\program files\Games_Bar_1
2010-02-17 11:20 . 2009-12-02 15:41    --------    d-----w-    c:\documents and settings\Jes\Application Data\dvdcss
2010-01-26 17:00 . 2010-01-26 17:00    503808    ----a-w-    c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c89f251-n\msvcp71.dll
2010-01-26 17:00 . 2010-01-26 17:00    348160    ----a-w-    c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c89f251-n\msvcr71.dll
2010-01-26 17:00 . 2010-01-26 17:00    61440    ----a-w-    c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-20072725-n\decora-sse.dll
2010-01-26 17:00 . 2010-01-26 17:00    499712    ----a-w-    c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c89f251-n\jmc.dll
2010-01-26 17:00 . 2010-01-26 17:00    12800    ----a-w-    c:\documents and settings\Jes\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-20072725-n\decora-d3d.dll
2010-01-26 16:58 . 2010-01-26 16:59    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-01-23 22:11 . 2010-01-23 22:11    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2009-10-13 11:40 . 2007-09-30 17:09    168    --sh--r-    c:\windows\system32\25A15EAE1B.sys
2009-10-13 11:40 . 2007-09-30 17:09    5642    --sha-w-    c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
2009-12-31 10:53    2349080    ----a-w-    c:\program files\Games_Bar_1\tbGame.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-02-21 1217872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-13 771704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-12-8 7168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"8085:TCP"= 8085:TCP:*:Disabled:OKOToGate

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [21-03-2010 20:12 102712]
S2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10-02-2010 10:22 135664]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [29-07-2008 15:23 206336]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - COMHOST
.
Indhold af mappen 'Planlagte Opgaver'

2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:12]

2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:12]

2010-03-22 c:\windows\Tasks\Norton Internet Security - Kør fuld systemskanning - Jes.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://google.dk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Jes\Application Data\Mozilla\Firefox\Profiles\dc6b9y34.default\
FF - prefs.js: browser.startup.homepage - hxxp://tdconline.dk/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",  1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",      2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",      1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",  25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",    5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - TOMME GENVEJE FJERNET - - - -

HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 21:02
Windows 5.1.2600 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(3188)
c:\windows\system32\btneighborhood.dll
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\CSH.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Gennemført tid: 2010-04-04  21:08:20 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-04-04 19:08

Pre-Kørsel: 9.937.534.976 bytes free
Post-Kørsel: 9.839.267.840 bytes free

- - End Of File - - D513FBADF6CECD47D03E9461C2CD07B5

Nej

Kilall::
Snapshot::
Hosts::

nulstiller hostfilen, desuden kan jeg se mere i en combofix log end at jeg kan i hijackthis, så scriptet ER rigtigt.

Åben Notesblok og kopier følgende tekst ind - og gem tekst-filen som CFScript samme sted som du har ComboFix:




Killall::
Snapshot::
Folder::
c:\documents and settings\All Users\Application Data\McAfee
c:\program files\Games_Bar_1
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
2009-12-31 10:53    2349080    ----a-w-    c:\program files\Games_Bar_1\tbGame.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]

Upload denne fil til virusscan.jotti.org  c:\windows\system32\25A15EAE1B.sys

Dette CFScript er ikke rigtigt patric1-14

f-arn du er velkommen til at rette i det samt køre tråden videre

Da det er karise_larrys "tråd" vil jeg lade ham fortsætte.

@patrick14
Hvis du vil lave logløsning med Comboofix, bør du lære noget om regedit.

Afinstall
* LIMEWIRE
http://www.spywarefri.dk/artikel/farerne-ved-fildeling/

samt SLET mapperne ->
c:\program files\LimeWire
c:\documents and settings\Jes\Application Data\LimeWire

---

Find og opload denne fil:

c:\windows\system32\25A15EAE1B.sys

Til scanneren Jotti, så vi kan få sat navn på infektionen:
http://virusscan.jotti.org/
og/eller
http://www.virustotal.com/en/indexf.html

http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=143&PN=1&TPN=1

Vend tilbage, og fortæl os hvad scanneren sagde.

---

<f-arn>: Du må gerne bidrage med evt. ComboFix Script procedure...