Hjælp til fjernelse af Antivirus 2009
Kære eksperter!Jeg er som så mange andre blevet angrebet af den meget irriterende Antivirus 2009, og jeg håber meget, at der er en, der kan hjælpe mig med at få det helt ud af systemet. Jeg har fulgt proceduren i en artikel her fra sitet, og nedenfor har jeg kopieret logfilerne fra henholdsvis Hijackthis, SuperAntiSpyware og Combofix ind.
Bedste hilsener, Magnus
(PS: skal jeg bare slette karantænen i SuperAntiSpyware?)
-------------------------------------------------
Først log fra Hijackthis:
---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:59:20, on 25-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Apoint2K\Apoint.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
C:\Programmer\Realtek\Rtl8180\RtlWake.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\Apoint2K\HidFind.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.politiken.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MindManager PDF Writer.lnk = C:\Programmer\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154091734145
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187259237751
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2991A00A-EDBF-4C15-A945-397A48491600}: NameServer = 85.255.114.9,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{670D9E16-19CB-4BB9-9F29-1F683B50D369}: NameServer = 85.255.114.9,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{F530F7A1-7955-459C-80F6-7007AAE52335}: NameServer = 85.255.114.9,85.255.112.204
O17 - HKLM\System\CS1\Services\Tcpip\..\{2991A00A-EDBF-4C15-A945-397A48491600}: NameServer = 85.255.114.9,85.255.112.204
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.9 85.255.112.204
O17 - HKLM\System\CS2\Services\Tcpip\..\{2991A00A-EDBF-4C15-A945-397A48491600}: NameServer = 85.255.114.9,85.255.112.204
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6886 bytes
-----------------------------------------------------------
Dernæst log fra SuperAntiSpyware:
---
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/25/2008 at 03:19 AM
Application Version : 4.15.1000
Core Rules Database Version : 3412
Trace Rules Database Version: 1404
Scan type : Complete Scan
Total Scan Time : 00:46:49
Memory items scanned : 149
Memory threats detected : 0
Registry items scanned : 4772
Registry threats detected : 2
File items scanned : 15618
File threats detected : 40
Adware.SBSoft
HKU\S-1-5-21-2886691319-2372403303-4174061833-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{08BEC6AA-49FC-4379-3587-4B21E286C19E}
Adware.Tracking Cookie
C:\Documents and Settings\Carina\Cookies\carina@ads2.jubii[1].txt
C:\Documents and Settings\Carina\Cookies\carina@statse.webtrendslive[2].txt
C:\Documents and Settings\Carina\Cookies\carina@mediaplex[1].txt
C:\Documents and Settings\Carina\Cookies\carina@ad.yieldmanager[1].txt
C:\Documents and Settings\Carina\Cookies\carina@cgi-bin[2].txt
C:\Documents and Settings\Carina\Cookies\carina@politiken.112.2o7[1].txt
C:\Documents and Settings\Carina\Cookies\carina@track.adform[2].txt
C:\Documents and Settings\Carina\Cookies\carina@advertising[2].txt
C:\Documents and Settings\Carina\Cookies\carina@adtech[1].txt
C:\Documents and Settings\Carina\Cookies\carina@revenue[2].txt
C:\Documents and Settings\Carina\Cookies\carina@doubleclick[1].txt
C:\Documents and Settings\Carina\Cookies\carina@apmebf[1].txt
Browser Hijacker.Favorites
C:\Documents and Settings\All Users\Foretrukne\Download Free Spyware Remover.url
C:\Documents and Settings\All Users\Foretrukne\NEW VIAGRA at Half Price!.url
C:\Documents and Settings\All Users\Foretrukne\Online Chat With Nude Girls.url
C:\Documents and Settings\All Users\Foretrukne\Order CIALIS online without leaving home..url
C:\Documents and Settings\All Users\Foretrukne\PC protection in under 2 minutes!.url
C:\Documents and Settings\All Users\Foretrukne\SEX Dating - Real Girls For Real SEX.url
C:\Documents and Settings\All Users\Foretrukne\Stop PopUps On Your Computer.url
C:\Documents and Settings\All Users\Foretrukne\VIAGRA at incredible low price. Bonus Pills!.url
C:\Documents and Settings\All Users\Foretrukne\View ADULT photos of REAL GIRLS!.url
C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\CHEAPEST VIAGRA ONLINE.url
C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\Cialis at HALF PRICE!.url
C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\Fast Way To Loose Your Weight!.url
C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\Guaranteed low price at Pills..url
C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\SOMA at Special LOW PRICE.url
C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\Tramadol Special Offer!.url
C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy\Try New VIAGRA! Works Faster and Longer!.url
C:\Documents and Settings\All Users\Foretrukne\Online Pharmacy
C:\Documents and Settings\All Users\Foretrukne\Sex and Dating\Meet Girls Who Want To Get Laid!.url
C:\Documents and Settings\All Users\Foretrukne\Sex and Dating\Meet Horny Girls In Your Area!.url
C:\Documents and Settings\All Users\Foretrukne\Sex and Dating\Read profiles and Chat With Nude Girls!.url
C:\Documents and Settings\All Users\Foretrukne\Sex and Dating\SEX Dating - people looking for SEX.url
C:\Documents and Settings\All Users\Foretrukne\Sex and Dating\View XXX photos of Real Sexy Girls..url
C:\Documents and Settings\All Users\Foretrukne\Sex and Dating
C:\Documents and Settings\All Users\Foretrukne\Spyware Uninstall\Easy Detect and Uninstall Spyware..url
C:\Documents and Settings\All Users\Foretrukne\Spyware Uninstall\Free Spyware Scanner..url
C:\Documents and Settings\All Users\Foretrukne\Spyware Uninstall\Search & Destroy Annoying Adware..url
C:\Documents and Settings\All Users\Foretrukne\Spyware Uninstall\Stop PopUps on your PC..url
C:\Documents and Settings\All Users\Foretrukne\Spyware Uninstall
Malware.KillAndClean
HKU\S-1-5-21-2886691319-2372403303-4174061833-1005\Software\KillAndClean
-----------------------------------------------------------
Og endelig log fra ComboFix:
---
ComboFix 08-07-24.1 - Carina 2008-07-25 1:45:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.155 [GMT 2:00]
Running from: C:\Documents and Settings\Carina\Skrivebord\Spyfjernelse\hjælp fra experten\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\{2D26A925-704A-4D49-84F3-888AF7AB9B9E}.exe
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\winsrc.dll
C:\WINDOWS\system32\winsrc.dll.tmp
.
((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.
2008-07-25 01:34 . 2008-07-25 01:34 <DIR> d-------- C:\Programmer\CCleaner
2008-07-25 01:03 . 2008-07-25 01:15 <DIR> d-------- C:\VundoFix Backups
2008-07-25 00:11 . 2008-07-25 00:11 <DIR> d-------- C:\Programmer\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic
2008-07-24 22:11 --------- d-----w C:\Documents and Settings\Carina\Application Data\Lavasoft
2007-09-02 19:10 4,152,852 ----a-w C:\Programmer\Diino_4.1_Setup.exe
2007-08-23 15:02 8,558,587 ----a-w C:\Programmer\Artweaver.exe
2007-07-31 15:18 6,033,701 ----a-w C:\Programmer\allok_wmvconverter.exe
2007-06-25 15:14 5,825,656 ----a-w C:\Programmer\gtk+-2.10.11-setup.exe
2006-03-26 12:14 22,910,832 ----a-w C:\Programmer\AdbeRdr707_da_DK.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programmer\Apoint2K\Apoint.exe" [2003-07-18 23:51 135168]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 19:15 106496]
"Smapp"="C:\Programmer\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57 143360]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [2004-03-15 18:25 151597]
"avgnt"="C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 14:53 266497]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2004-05-21 16:27 98304]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-29 10:58 88363 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 02:53 15360]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Hurtig start.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
MindManager PDF Writer.lnk - C:\Programmer\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe [2003-02-21 14:16:16 61440]
RtlWake.lnk - C:\Programmer\Realtek\Rtl8180\RtlWake.exe [2006-05-09 17:54:21 720896]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
"vidc.mpng"= C:\Programmer\t@b\0.957\686\tabdec.dll
"vidc.mvjp"= C:\Programmer\t@b\0.957\686\tabdec.dll
"vidc.444p"= C:\Programmer\t@b\0.957\686\tabdec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-04-21 11:28 286720 C:\Programmer\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-05-21 16:27 98304 C:\Programmer\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
--a------ 2003-05-29 04:23 294912 C:\WINDOWS\system32\KHOOKER.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\AntiVir PersonalEdition Classic\\avcenter.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\AntiVir PersonalEdition Classic\\avnotify.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Carina\\Skrivebord\\Magnus' tamtam\\spil\\utorrent.exe"=
"C:\\Programmer\\uTorrent\\utorrent.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2008-04-14 23:12]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-07-20 14:53]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2002-11-22 18:57]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-09-01 08:33]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2006-03-03 22:31:36 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2008-07-24 22:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Programmer\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2004-05-22 10:50:00 C:\WINDOWS\Tasks\Registreringspåmindelse 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-05-21 13:49:06 C:\WINDOWS\Tasks\Registreringspåmindelse 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-05-21 13:49:07 C:\WINDOWS\Tasks\Registreringspåmindelse 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-05-21 15:26:19 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{ABF313F2-8F43-516B-2925-E96B89E8BE5D} - JAguAr.dll
MSConfigStartUp-backd - FLKPT.exe
MSConfigStartUp-dialer423 - TRPT.exe
MSConfigStartUp-ftbar - nmdllw.exe
MSConfigStartUp-JAguAr - gabber.exe
MSConfigStartUp-prgsys0984 - jopplerg.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.politiken.dk/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{2991A00A-EDBF-4C15-A945-397A48491600}: NameServer = 85.255.114.9,85.255.112.204
O17 -: HKLM\CCS\Interface\{670D9E16-19CB-4BB9-9F29-1F683B50D369}: NameServer = 85.255.114.9,85.255.112.204
O17 -: HKLM\CCS\Interface\{F530F7A1-7955-459C-80F6-7007AAE52335}: NameServer = 85.255.114.9,85.255.112.204
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
C:\WINDOWS\Downloaded Program Files\e-Safekey.inf
C:\WINDOWS\Downloaded Program Files\e-Safekey.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 01:47:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-25 1:50:01
ComboFix-quarantined-files.txt 2008-07-24 23:49:56
Pre-Run: 1,015,255,040 byte ledig
Post-Run: 1,201,569,792 byte ledig
145 --- E O F --- 2007-12-12 09:37:40
-----------------------------------------------------
Det var det! Jeg glæder mig til at høre, om der er mere skidt på vores computer!
