Søg
Avatar billede varmeskud Praktikant
27. juli 2008 - 00:14 Der er 5 kommentarer og
1 løsning

Hjælp til at tjekke log, da jeg har virus

Hej

Har læst og fuldt denne super guide
http://www.eksperten.dk/artikler/1123

Jeg har nemlig fået noget virus et eller andet ind på min pc efter jeg så nogle film på youtupe :-(

Men da jeg åbenbart ikke har licens kode til SUPERAntiSpyware Professional, kan jeg ikke bruge det program.

Men er er mine to andre log.

ComboFix 08-07-26.1 - kim p 2008-07-27  0:05:11.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1589 [GMT 2:00]
Running from: C:\Documents and Settings\kim p\Skrivebord\virus\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\kim p\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Documents and Settings\kim p\Menuen Start\Programmer\Antivirus 2008 PRO
C:\Documents and Settings\kim p\Menuen Start\Programmer\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\WINDOWS\evgratsm.dll
C:\WINDOWS\system32\215651
C:\WINDOWS\system32\byXPFYRl.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\ekhghiht.dll
C:\WINDOWS\system32\fyyaidvl.ini
C:\WINDOWS\system32\jieopafg.ini
C:\WINDOWS\system32\khkhoyjo.dll
C:\WINDOWS\system32\lhhnlw.dll
C:\WINDOWS\system32\LRrBdMoq.ini
C:\WINDOWS\system32\LRrBdMoq.ini2
C:\WINDOWS\system32\oahfktnd.ini
C:\WINDOWS\system32\sneqvo.dll
C:\WINDOWS\system32\sqfjyeie.dll
C:\WINDOWS\system32\wydzoa.dll

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Service_clbdriver


(((((((((((((((((((((((((  Files Created from 2008-06-26 to 2008-07-26  )))))))))))))))))))))))))))))))
.

2008-07-26 23:53 . 2008-07-26 23:53    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-07-26 23:49 . 2008-07-26 23:49    <DIR>    d--------    C:\Programmer\CCleaner
2008-07-26 10:39 . 2008-07-26 10:39    95,360    --a------    C:\WINDOWS\system32\dntkfhao.dll
2008-07-25 10:37 . 2008-07-25 10:37    94,848    --a------    C:\WINDOWS\system32\gfapoeij.dll
2008-07-25 00:06 . 2006-03-02 14:00    4,224    --a------    C:\WINDOWS\system32\beep.sys
2008-07-07 23:07 . 2008-07-07 23:07    <DIR>    d--------    C:\Documents and Settings\kim p\Application Data\vlc
2008-07-07 23:06 . 2008-07-07 23:06    <DIR>    d--------    C:\Programmer\VideoLAN

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 21:53    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-26 21:53    ---------    d-----w    C:\Documents and Settings\kim p\Application Data\SUPERAntiSpyware.com
2008-07-24 22:33    ---------    d-----w    C:\Programmer\Fælles filer\NSV
2008-04-29 21:31    160    ---ha-w    C:\Documents and Settings\kim p\hpothb07.dat
2008-04-29 21:30    0    ---ha-w    C:\Documents and Settings\Administrator\hpothb07.dat
.

(((((((((((((((((((((((((((((  snapshot@2008-04-11_17.13.49.40  )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-20 13:44:04    379,704    ----a-w    C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
+ 2007-01-09 06:30:20    110,592    ----a-w    C:\WINDOWS\Downloaded Program Files\PURda-dk.dll
+ 2006-06-20 13:44:02    117,560    ----a-w    C:\WINDOWS\Downloaded Program Files\PURen-us.dll
+ 2007-02-28 12:21:04    142,248    ----a-w    C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll
+ 2005-10-20 18:02:28    163,328    ----a-w    C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-04-11 14:23:27    34,304    ----a-r    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2008-07-26 21:53:51    34,304    ----a-r    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
- 2000-08-31 06:00:00    28,160    ----a-w    C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00    28,672    ----a-w    C:\WINDOWS\Nircmd.exe
+ 2008-02-08 19:38:02    2,426    ----a-w    C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2006-03-02 12:00:00    2,000    ----a-w    C:\WINDOWS\system\KEYBOARD.DRV
+ 2006-03-02 12:00:00    2,032    ----a-w    C:\WINDOWS\system\MOUSE.DRV
+ 1998-03-10 22:31:02    5,888    ----a-w    C:\WINDOWS\system\Plap30.dll
+ 2006-03-02 12:00:00    1,744    ----a-w    C:\WINDOWS\system\SOUND.DRV
+ 1993-04-27 23:00:00    394,384    ----a-w    C:\WINDOWS\system\Vbrun300.dll
+ 2006-03-02 12:00:00    2,176    ----a-w    C:\WINDOWS\system\VGA.DRV
- 2008-03-29 17:45:49    1,146,232    ----a-w    C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43    1,152,888    ----a-w    C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 17:23:22    95,608    ----a-w    C:\WINDOWS\system32\AVASTSS.scr
+ 2008-05-15 23:12:36    95,608    ----a-w    C:\WINDOWS\system32\AVASTSS.scr
- 2008-03-08 22:48:25    16,384    ----a-w    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-26 21:18:28    32,768    ----a-w    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-08 22:48:25    32,768    ----a-w    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat
+ 2008-07-26 21:18:28    884,736    ----a-w    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat
+ 2008-07-25 18:52:08    49,152    ----a-w    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008072520080726\index.dat
+ 2008-07-26 21:19:08    606,208    ----a-w    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008072620080727\index.dat
- 2008-03-08 22:48:25    32,768    ----a-w    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-26 21:19:36    1,294,336    ----a-w    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
+ 2006-03-02 12:00:00    1,788    ----a-w    C:\WINDOWS\system32\Dcache.bin
- 2003-04-23 16:34:16    638,976    ----a-w    C:\WINDOWS\system32\divx.dll
+ 2008-03-31 21:25:46    682,496    ----a-w    C:\WINDOWS\system32\divx.dll
+ 2008-03-31 21:25:52    161,096    ----a-w    C:\WINDOWS\system32\DivXCodecVersionChecker.exe
+ 2006-03-02 12:00:00    6,144    -c--a-w    C:\WINDOWS\system32\dllcache\kbd101b.dll
+ 2006-03-02 12:00:00    6,144    -c--a-w    C:\WINDOWS\system32\dllcache\kbd101c.dll
+ 2006-03-02 12:00:00    5,632    -c--a-w    C:\WINDOWS\system32\dllcache\kbd103.dll
+ 2006-03-02 12:00:00    6,144    -c--a-w    C:\WINDOWS\system32\dllcache\kbd106.dll
+ 2006-03-02 12:00:00    8,704    -c--a-w    C:\WINDOWS\system32\dllcache\kbdjpn.dll
+ 2006-03-02 12:00:00    8,192    -c--a-w    C:\WINDOWS\system32\dllcache\kbdkor.dll
+ 2006-03-02 12:00:00    2,000    -c--a-w    C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2006-03-02 12:00:00    2,560    -c--a-w    C:\WINDOWS\system32\dllcache\lz32.dll
+ 2006-03-02 12:00:00    2,032    -c--a-w    C:\WINDOWS\system32\dllcache\mouse.drv
+ 2006-03-02 12:00:00    2,944    -c--a-w    C:\WINDOWS\system32\dllcache\null.sys
+ 2006-03-02 12:00:00    1,744    -c--a-w    C:\WINDOWS\system32\dllcache\sound.drv
+ 2006-03-02 12:00:00    2,176    -c--a-w    C:\WINDOWS\system32\dllcache\vga.drv
+ 2006-03-02 12:00:00    2,864    -c--a-w    C:\WINDOWS\system32\dllcache\winsock.dll
+ 2006-03-02 12:00:00    2,112    -c--a-w    C:\WINDOWS\system32\dllcache\winspool.exe
+ 2006-03-02 12:00:00    2,736    -c--a-w    C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2008-03-21 20:28:54    81,920    ----a-w    C:\WINDOWS\system32\dpl100.dll
- 2008-03-29 17:35:49    20,560    ----a-w    C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06    20,560    ----a-w    C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-03-29 17:35:21    94,544    ----a-w    C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33    94,416    ----a-w    C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 17:29:08    23,152    ----a-w    C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29    23,152    ----a-w    C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 17:31:34    75,856    ----a-w    C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32    78,416    ----a-w    C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 17:27:33    42,912    ----a-w    C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11    42,912    ----a-w    C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2006-03-02 12:00:00    2,944    ----a-w    C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2006-03-02 12:00:00    2,944    ----a-w    C:\WINDOWS\system32\drivers\null.sys
- 2008-03-29 17:26:52    26,944    ----a-w    C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26    26,944    ----a-w    C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-03-28 17:41:32    7,680    ----a-w    C:\WINDOWS\system32\ff_vfw.dll
+ 2004-05-18 18:16:42    39,936    ----a-w    C:\WINDOWS\system32\huffyuv.dll
+ 1997-04-07 17:19:00    391,680    ----a-w    C:\WINDOWS\system32\I263_32.drv
+ 1998-11-18 13:33:16    144,384    ----a-w    C:\WINDOWS\system32\Iacenc.dll
+ 2006-03-02 12:00:00    2,000    ----a-w    C:\WINDOWS\system32\keyboard.drv
+ 2004-05-14 14:53:08    57,344    ----a-w    C:\WINDOWS\system32\lfbmp13n.dll
+ 2004-05-14 14:53:08    401,408    ----a-w    C:\WINDOWS\system32\lfcmp13n.dll
+ 2003-11-04 13:10:40    69,632    ----a-w    C:\WINDOWS\system32\lfgif13n.dll
+ 2004-05-14 14:53:10    299,008    ----a-w    C:\WINDOWS\system32\ltdis13n.dll
+ 2004-01-12 00:09:42    206,336    ----a-w    C:\WINDOWS\system32\ltefx13n.dll
+ 2004-05-14 14:53:10    163,840    ----a-w    C:\WINDOWS\system32\ltfil13n.dll
+ 2004-05-14 14:53:12    450,560    ----a-w    C:\WINDOWS\system32\ltimg13n.dll
+ 2004-05-14 14:53:12    462,848    ----a-w    C:\WINDOWS\system32\ltkrn13n.dll
+ 2006-03-02 12:00:00    2,560    ----a-w    C:\WINDOWS\system32\lz32.dll
+ 2006-03-02 12:00:00    2,032    ----a-w    C:\WINDOWS\system32\mouse.drv
+ 2006-03-02 12:00:00    2,656    ----a-w    C:\WINDOWS\system32\netware.drv
- 2004-04-20 21:00:00    172,032    ----a-w    C:\WINDOWS\system32\OptimFROG.dll
+ 2005-07-02 12:14:54    172,032    ----a-w    C:\WINDOWS\system32\OptimFROG.dll
- 2003-11-25 22:32:02    123,392    ----a-w    C:\WINDOWS\system32\pncrt.dll
+ 2008-04-14 03:00:00    278,528    ----a-w    C:\WINDOWS\system32\pncrt.dll
+ 2008-04-14 03:00:00    6,656    ----a-w    C:\WINDOWS\system32\pndx5016.dll
+ 2008-04-14 03:00:00    5,632    ----a-w    C:\WINDOWS\system32\pndx5032.dll
+ 2007-04-24 15:30:28    60,273    ----a-w    C:\WINDOWS\system32\pthreadGC2.dll
+ 2008-03-21 20:30:08    3,596,288    ----a-w    C:\WINDOWS\system32\qt-dx331.dll
- 2008-02-12 16:01:51    46,748    ----a-w    C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-07-25 18:42:30    104,424    ----a-w    C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-04-14 03:00:00    185,688    ----a-w    C:\WINDOWS\system32\rmoc3260.dll
+ 2006-03-02 12:00:00    1,744    ----a-w    C:\WINDOWS\system32\sound.drv
+ 2007-09-04 16:56:10    164,352    ----a-w    C:\WINDOWS\system32\unrar.dll
+ 2006-03-02 12:00:00    2,176    ----a-w    C:\WINDOWS\system32\vga.drv
+ 2004-12-10 08:03:02    438,272    ----a-w    C:\WINDOWS\system32\vp6vfw.dll
+ 2006-04-02 12:47:06    630,784    ----a-w    C:\WINDOWS\system32\vp7vfw.dll
+ 2006-03-02 12:00:00    2,864    ----a-w    C:\WINDOWS\system32\winsock.dll
+ 2006-03-02 12:00:00    2,112    ----a-w    C:\WINDOWS\system32\winspool.exe
+ 2006-03-02 12:00:00    2,736    ----a-w    C:\WINDOWS\system32\wowdeb.exe
+ 2008-04-01 22:28:48    2,102,272    ----a-w    C:\WINDOWS\system32\x264vfw.dll
- 2004-06-05 10:56:16    679,936    ----a-w    C:\WINDOWS\system32\xvidcore.dll
+ 2008-01-10 12:15:30    755,027    ----a-w    C:\WINDOWS\system32\xvidcore.dll
- 2004-06-06 10:53:42    155,648    ----a-w    C:\WINDOWS\system32\xvidvfw.dll
+ 2008-01-10 12:16:20    159,839    ----a-w    C:\WINDOWS\system32\xvidvfw.dll
+ 2004-01-25 16:18:44    217,088    ----a-w    C:\WINDOWS\system32\yv12vfw.dll
+ 2008-07-26 22:07:55    16,384    ----atw    C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
DMX 6fire 2496 ControlPanel.lnk - C:\Programmer\TerraTec\DMX 6fire\DMX6Fire.exe [2008-02-07 19:43:11 335872]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2008-02-07 19:00:08 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wined18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingu03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmx62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpk86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winre78.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winru52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winth75.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintm11.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^RAID Manager.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\RAID Manager.lnk
backup=C:\WINDOWS\pss\RAID Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
C:\DOCUME~1\KIMP~1\LOKALE~1\Temp\scksexde.exe/r [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Programmer\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 13:35 90112 C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-07-23 18:58 12288 C:\Programmer\Winamp3\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-06-01 11:19]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 dmxfire;DMX6fire WDM Audio;C:\WINDOWS\system32\drivers\dmx6fire.sys [2003-08-29 10:30]
R3 dmxsens;dmxsens;C:\WINDOWS\system32\drivers\dmxsens.sys [2003-07-22 15:07]
S0 Wined18;Wined18;C:\WINDOWS\system32\Drivers\Wined18.sys []
S0 Wingu03;Wingu03;C:\WINDOWS\system32\Drivers\Wingu03.sys []
S0 Winpk86;Winpk86;C:\WINDOWS\system32\Drivers\Winpk86.sys []
S0 Winru52;Winru52;C:\WINDOWS\system32\Drivers\Winru52.sys []
S0 Wintm11;Wintm11;C:\WINDOWS\system32\Drivers\Wintm11.sys []
.
Contents of the 'Scheduled Tasks' folder
2008-07-09 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1202410189.job - s !?C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "#Hewlett-Packard#hp psc 1200 series#1202410189"kim p0 []
.
- - - - ORPHANS REMOVED - - - -

Notify-geBrpqqQ - geBrpqqQ.dll
MSConfigStartUp-38124f57 - C:\WINDOWS\system32\lvdiayyf.dll
MSConfigStartUp-swg - C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.varmeskud.dk/foretrukne/1.htm
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
C:\WINDOWS\Downloaded Program Files\e-Safekey.inf
C:\WINDOWS\Downloaded Program Files\e-Safekey.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 00:08:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\kim p\Lokale indstillinger\Application Data\Microsoft\Messenger\varmeskud@msn.com\SharingMetadata\Working\database_5038_126B_3812_4FF8\$db_clean$ 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\SoftwareDistribution\Download\25f7ffccc2740d94d8ff814097b14fcb\update\update.exe
.
**************************************************************************
.
Completion time: 2008-07-27  0:10:24 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-26 22:10:20

Pre-Run: 16,258,306,048 byte ledig
Post-Run: 16,133,824,512 byte ledig

285    --- E O F ---    2008-07-26 22:09:59




Logfile of HijackThis v1.99.1
Scan saved at 00:02:46, on 27-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\TerraTec\DMX 6fire\DMX6Fire.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\kim p\Skrivebord\virus\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.varmeskud.dk/foretrukne/1.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: geBrpqqQ - geBrpqqQ.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Avatar billede fromsej Praktikant
27. juli 2008 - 07:56 #1
Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html


Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).

Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Genstart.
---------------------------------------
Åbn et Notesblokvindue, kopiér indholdet mellem de bølgede linier ind i dokumentet, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::
Snapshot::
File::
C:\WINDOWS\system32\dntkfhao.dll
C:\WINDOWS\system32\gfapoeij.dll
C:\WINDOWS\system32\beep.sys
Driver::
Wined18
Wingu03
Winpk86
Winru52
Wintm11
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wined18.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingu03.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmx62.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpk86.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winre78.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winru52.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winth75.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintm11.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
---------------------------------------
Vi skal se en frisk hijackthislog, loggen fra Malwarebytes, samt den nye combofixlog.
Avatar billede varmeskud Praktikant
27. juli 2008 - 22:20 #2
ComboFix 08-07-26.1 - kim p 2008-07-27 22:14:15.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1685 [GMT 2:00]
Running from: C:\Documents and Settings\kim p\Skrivebord\virus\ComboFix.exe
Command switches used :: C:\Documents and Settings\kim p\Skrivebord\virus\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\dntkfhao.dll
C:\WINDOWS\system32\gfapoeij.dll
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\beep.sys

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Wined18
-------\Service_Wingu03
-------\Service_Winpk86
-------\Service_Winru52
-------\Service_Wintm11


(((((((((((((((((((((((((  Files Created from 2008-06-27 to 2008-07-27  )))))))))))))))))))))))))))))))
.

2008-07-27 19:26 . 2008-07-27 19:26    <DIR>    d--------    C:\Programmer\Malwarebytes' Anti-Malware
2008-07-27 19:26 . 2008-07-27 19:26    <DIR>    d--------    C:\Documents and Settings\kim p\Application Data\Malwarebytes
2008-07-27 19:26 . 2008-07-27 19:26    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 19:26 . 2008-07-23 20:09    38,472    --a------    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-27 19:26 . 2008-07-23 20:09    17,144    --a------    C:\WINDOWS\system32\drivers\mbam.sys
2008-07-26 23:49 . 2008-07-26 23:49    <DIR>    d--------    C:\Programmer\CCleaner
2008-07-07 23:07 . 2008-07-07 23:07    <DIR>    d--------    C:\Documents and Settings\kim p\Application Data\vlc
2008-07-07 23:06 . 2008-07-07 23:06    <DIR>    d--------    C:\Programmer\VideoLAN

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 22:59    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-26 22:59    ---------    d-----w    C:\Documents and Settings\kim p\Application Data\SUPERAntiSpyware.com
2008-07-24 22:33    ---------    d-----w    C:\Programmer\Fælles filer\NSV
2008-04-29 21:31    160    ---ha-w    C:\Documents and Settings\kim p\hpothb07.dat
2008-04-29 21:30    0    ---ha-w    C:\Documents and Settings\Administrator\hpothb07.dat
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
DMX 6fire 2496 ControlPanel.lnk - C:\Programmer\TerraTec\DMX 6fire\DMX6Fire.exe [2008-02-07 19:43:11 335872]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2008-02-07 19:00:08 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^RAID Manager.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\RAID Manager.lnk
backup=C:\WINDOWS\pss\RAID Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Programmer\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 13:35 90112 C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-07-23 18:58 12288 C:\Programmer\Winamp3\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-06-01 11:19]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 dmxfire;DMX6fire WDM Audio;C:\WINDOWS\system32\drivers\dmx6fire.sys [2003-08-29 10:30]
R3 dmxsens;dmxsens;C:\WINDOWS\system32\drivers\dmxsens.sys [2003-07-22 15:07]
.
Contents of the 'Scheduled Tasks' folder
2008-07-09 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1202410189.job - s !?C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "#Hewlett-Packard#hp psc 1200 series#1202410189"kim p0 []
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 22:17:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-07-27 22:18:53 - machine was rebooted [kim p]
ComboFix-quarantined-files.txt  2008-07-27 20:18:50
ComboFix2.txt  2008-07-26 22:10:25

Pre-Run: 16,131,842,048 byte ledig
Post-Run: 16,128,544,768 byte ledig

127    --- E O F ---    2008-07-27 01:00:15





Malwarebytes' Anti-Malware 1.23
Database version: 999
Windows 5.1.2600 Service Pack 2

22:02:27 27-07-2008
mbam-log-7-27-2008 (22-02-27).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|F:\|G:\|H:\|)
Objekter skannet: 113991
Tid tilbagelagt: 42 minute(s), 23 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 4
Inficerede Filer: 24

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Programmer\WinRAR\Default.SFX (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\byXPFYRl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\khkhoyjo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\sneqvo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\sqfjyeie.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wydzoa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP156\A0010556.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP157\A0010579.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP157\A0010581.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP157\A0010659.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP157\A0011883.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP158\A0011944.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP159\A0011961.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP159\A0011963.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP159\A0011965.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP159\A0011966.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18D1AB9C-7DF5-4BFB-AD30-E3874287B278}\RP159\A0011967.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfapoeij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dntkfhao.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Disk (Trojan.Agent) -> Delete on reboot.



Logfile of HijackThis v1.99.1
Scan saved at 22:20:38, on 27-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\TerraTec\DMX 6fire\DMX6Fire.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\kim p\Skrivebord\virus\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.varmeskud.dk/foretrukne/1.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Avatar billede fromsej Praktikant
28. juli 2008 - 15:35 #3
Din log er ren. Hvis dine problemer er væk, så er det tid til lidt oprydning. Hent denne lille fil og gem den i roden af dit C-drev (C:\SWF_oprydning.exe):

http://www.ctrlaltdel.dk/SWF_oprydning.exe

Dobbeltklik på SWF_oprydning.exe og følg vejledningen som programmet giver (de programmer vi har bedt dig om at hente, vil blive fjernet). Når programmet er færdigt med at rydde op vil Notesblok åbne en log så du kan se, hvad der er blevet fjernet.

Genstart din computer for at afslutte oprydningen....

Når det er gjort skal du rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=4&PN=1) - vent et par minutter - aktiver systemgendannelse. Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Systemgendannelse og lav et systemgendannelsespunkt, så du har det at vende tilbage til, hvis noget går galt.

Du får et par gode råd om sikker surfing med på vejen:

http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

God fornøjelse
Avatar billede varmeskud Praktikant
28. juli 2008 - 18:54 #4
Jeg siger tusin tak for hjælpen.

Hermed givet point.

Mvh kim
Avatar billede Computer Hjælp (Gratis) Mester
28. juli 2008 - 20:47 #5
PS: <Fromsej>: I dit link http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=4&PN=1 henvises til [Systemgendannelse] -> http://www.fbeej.dk/Systemgendannelse.htm som igen går til http://www.ndparking.com/fbeej.dk ??? Den virker da ikke rigtig ???
Er http://www.fbeej.dk/ "lukket" ???
Avatar billede fromsej Praktikant
31. juli 2008 - 16:03 #6
Ikke hvad jeg ved, men jeg forhører mig lige.
Så skal vi i hvert fald have rettet linket.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36 Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows
White papers
Flere white papers »