Virus Alert ved uret

Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe
Installer og start programmet, opdater, lav "fuld systemskanning" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://www.techsupportforum.com/sectools/sUBs/dds

eller her: http://download.bleepingcomputer.com/sUBs/dds.scr

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt herind.

OBS - DDS skal gemmes på på computeren og ikke køres fra nettet

Her er logfilen som er givet efter jeg har skannet med Malwarebytes:

Malwarebytes' Anti-Malware 1.33
Database version: 1738
Windows 5.1.2600 Service Pack 3

08-02-2009 16:32:17
mbam-log-2009-02-08 (16-32-17).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|N:\|)
Objekter skannet: 292226
Tid tilbagelagt: 2 hour(s), 25 minute(s), 9 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 13
Inficerede Registeringsdatabase Værdier: 10
Inficerede Registeringsdatabase Filer: 16
Inficerede Mapper: 3
Inficerede Filer: 5

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\fqbewlna.bfqt (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.toolbar.1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{30acfaa9-78d6-4c11-845c-804af8aac89f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{30acfaa9-78d6-4c11-845c-804af8aac89f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mxlivemedia (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c008628e (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85be017f-1459-4c71-8fc0-8f5136904717} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85be017f-1459-4c71-8fc0-8f5136904717} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{30acfaa9-78d6-4c11-845c-804af8aac89f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f3b49b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur62.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur63.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur62.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur63.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-OEM-0083593-09241) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Program Files\PopsMedia Site Adviser (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP (Rogue.XPAntivirus) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\WINDOWS\system32\xbjjqlowlbiebo.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\TmpRecentIcons\Micro Antivirus 2009.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Flemming\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Flemming\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Flemming\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

Loggen fra DDS kommer senere.

Her er DDS loggen. Hvad kan den bruges til? Forøvrigt - efter jeg har kørt skanningen med Malwarebytes, er "Virus Alert" forsvundet nede ved siden af uret.


DDS (Ver_09-02-01.01) - NTFSx86 
Run by HP_Administrator at 17:43:24,09 on 08-02-2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1033.18.2047.1412 [GMT 1:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\abit\abit uGuru\AirPaceWifi.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\59BSY7HJ\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.dk/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=64&bd=PAVILION&pf=desktop
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={AC0F3C13-3089-44B9-9556-7E316EF60114}; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" -"http://www.berlingske.dk/article/20081229/spil/81219041/"
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [AirPaceWifi] "c:\program files\abit\abit uguru\AirPaceWifi.exe" -nogui
mRun: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Åbn på ny baggrundsfane - c:\program files\windows live toolbar\components\da-dk\msntabres.dll.mui/229?a673bb0043a84db392835a86387a24b6
IE: Åbn på ny forgrundsfane - c:\program files\windows live toolbar\components\da-dk\msntabres.dll.mui/230?a673bb0043a84db392835a86387a24b6
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: gratis6.dk\film
Trusted Zone: gratis6.dk\prefix.film
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174497884343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxps://pixelprint.dk/da/ImageUploader3.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
Notify: 593901b3382 - c:\windows\system32\__c0081890.dat
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: mgxfebsq - {199646E4-6358-4116-96CA-1D6BD9370449} - c:\windows\mgxfebsq.dll
SSODL: dtseqrxk - {BB8380AB-574D-443D-AA69-4FCB447E5FCC} - c:\windows\dtseqrxk.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-1-3 2829696]
R3 AR2425;abit AirPace Wi-Fi Wireless Network Adapter Service;c:\windows\system32\drivers\aw5006.sys [2008-5-17 556832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-2 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090207.021\NAVENG.SYS [2009-2-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090207.021\NAVEX15.SYS [2009-2-8 876112]
R3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2007-8-21 196409]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-7-22 167808]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-2-2 1245064]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2006-12-23 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2006-12-23 498464]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-1-3 468768]
S3 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 607576]

=============== Created Last 30 ================

2009-02-08 13:10    <DIR>    --d-----    c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-02-08 13:09    15,504    a-------    c:\windows\system32\drivers\mbam.sys
2009-02-08 13:09    38,496    a-------    c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-08 13:09    <DIR>    --d-----    c:\program files\Malwarebytes' Anti-Malware
2009-02-08 13:09    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-03 21:27    266,360    a-------    c:\windows\system32\TweakUI.exe
2009-02-03 21:27    160,217    a-------    c:\windows\system32\PowerToysLicense.rtf
2009-02-02 20:02    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-02 19:40    <DIR>    --d-----    c:\program files\Norton 360
2009-02-02 19:38    124,464    a-------    c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-02 19:38    60,808    a-------    c:\windows\system32\S32EVNT1.DLL
2009-02-02 19:38    10,635    a-------    c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-02 19:38    806    a-------    c:\windows\system32\drivers\SYMEVENT.INF
2009-02-02 19:38    <DIR>    --d-----    c:\program files\Symantec
2009-02-02 19:12    46,640    a-------    c:\windows\system32\msln.exe
2009-02-02 18:40    <DIR>    --d-----    c:\docume~1\hp_adm~1\applic~1\Symantec
2009-02-02 18:34    <DIR>    --d-----    c:\docume~1\hp_adm~1\applic~1\AVGTOOLBAR
2009-02-01 11:17    626,688    a----r--    c:\windows\system32\msvcr80.dll
2009-02-01 11:17    95,744    a----r--    c:\windows\system32\atl80.dll
2009-02-01 11:17    1,079,808    a----r--    c:\windows\system32\mfc80u.dll
2009-02-01 11:17    548,864    a----r--    c:\windows\system32\msvcp80.dll
2009-02-01 11:14    <DIR>    --d-----    c:\program files\OLYMPUS
2009-01-31 21:16    1,409    a-------    c:\windows\TWAPHON.FOT
2009-01-31 21:16    1,409    a-------    c:\windows\TWAOTHER.FOT

==================== Find3M  ====================

2009-02-07 09:45    0    a-------    c:\documents and settings\hp_administrator\temp.dat
2008-12-27 10:42    3,736    a-------    c:\windows\system32\ealregsnapshot1.reg
2008-12-13 07:40    3,593,216    a-------    c:\windows\system32\dllcache\mshtml.dll
2008-12-12 22:47    3,751,995    a-------    c:\windows\system32\GPhotos.scr
2008-12-11 11:57    333,952    a-------    c:\windows\system32\drivers\srv.sys
2008-12-11 11:57    333,952    a-------    c:\windows\system32\dllcache\srv.sys
2007-12-25 23:52    20    ac--h---    c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2007-12-25 23:52    20    ac--h---    c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2006-12-27 19:32    0    ac------    c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2008-08-27 17:55    32,768    a--sh---    c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat
2008-05-04 14:08    16,384    ac-sh---    c:\windows\temp\history\history.ie5\index.dat

============= FINISH: 17:44:01,59 ===============

Nok til at sige at den med 99,9% sikkerhed ikke er 'ren'

Hent denne fil, og pak den ud til en mappe på skrivebordet:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)

genstart i fejlsikret tilstand og gå ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en tast for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind og fortæl hvordan tingene ser ud nu

Jamen nu synes jeg computeren ser ud som dengang den blev født. Nu er teksten "Virus Alert!" væk, jeg har som administrator fået adgang til kontrolpanelet igen og alle de ikoner som var blevet slettet fra min computer er nu blevet gendannet og jeg har nu igen fået adgang til alle programmer fra "Start" menuen. Jeg er totalt novice når det handler om IT - men for mig ser det ud som om at computeren er som ny igen - og alle de funktionaliteter jeg ikke havde tidligere på dagen ser det ud so om jeg har fået tilbage - så med mindre du finder noget faretruende alvorligt i rapporten nedenfor, så vil jeg tillade mig at takke 1.000 gange for din hjælp.

Stor hilsen

Flemming



catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 20:31:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:c8be8680
"s2"=dword:23476833
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3f,79,1f,a5,79,d0,ce,5a,c5,4c,bf,bd,87,63,b7,26,66,39,c8,7b,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,27,7b,f5,d6,7a,b1,5e,99,e5,fb,6c,07,50,cc,5d,4f,..
"khjeh"=hex:35,52,7b,cf,cf,59,5a,a6,63,2c,44,1e,7e,e6,0d,c9,08,52,95,f0,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a4,ef,ff,a8,01,a6,8f,a1,64,10,0d,01,e5,15,ea,6c,b9,01,cb,b1,33,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:e5,7d,70,a1,d2,11,f6,25,6d,9f,da,3a,b9,27,f0,3d,4d,07,7b,de,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3f,79,1f,a5,79,d0,ce,5a,c5,4c,bf,bd,87,63,b7,26,66,39,c8,7b,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,27,7b,f5,d6,7a,b1,5e,99,e5,fb,6c,07,50,cc,5d,4f,..
"khjeh"=hex:35,52,7b,cf,cf,59,5a,a6,63,2c,44,1e,7e,e6,0d,c9,08,52,95,f0,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a4,ef,ff,a8,01,a6,8f,a1,64,10,0d,01,e5,15,ea,6c,b9,01,cb,b1,33,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:e5,7d,70,a1,d2,11,f6,25,6d,9f,da,3a,b9,27,f0,3d,4d,07,7b,de,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3f,79,1f,a5,79,d0,ce,5a,c5,4c,bf,bd,87,63,b7,26,66,39,c8,7b,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,27,7b,f5,d6,7a,b1,5e,99,e5,fb,6c,07,50,cc,5d,4f,..
"khjeh"=hex:35,52,7b,cf,cf,59,5a,a6,63,2c,44,1e,7e,e6,0d,c9,08,52,95,f0,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a4,ef,ff,a8,01,a6,8f,a1,64,10,0d,01,e5,15,ea,6c,b9,01,cb,b1,33,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:e5,7d,70,a1,d2,11,f6,25,6d,9f,da,3a,b9,27,f0,3d,4d,07,7b,de,bc,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

<Harmony2860>: Joooo - der ER stadig 'snavs' - <f-arn> skal nok guide dig videre...

<f-arn>:
Notify: 593901b3382 - c:\windows\system32\__c0081890.dat
SSODL: mgxfebsq - {199646E4-6358-4116-96CA-1D6BD9370449} - c:\windows\mgxfebsq.dll
SSODL: dtseqrxk - {BB8380AB-574D-443D-AA69-4FCB447E5FCC} - c:\windows\dtseqrxk.dll
???
-> (SmitfraudFix?)

OK - Karise_larry og f-arn.....jeg er som sagt totalt novice på dette felt, så jeg må helt og holdent læne mig op af jeres vurderinger - men maskinen ser som sagt på overfladen "ren" ud. Jeg er naturligvis interesseret i at få den helt rengjort - så jeg afventer med spænding de videre tiltag I vil foreslå jeg skal foretage mig.

Stor hilsen
Harmony2860

Hent og GEM Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Start notesblok og kopier indholdet mellem de stiplede linier ind og gem filen i samme mappe som Combofix ligger med navnet CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt
--------------
Killall::

Snapshot::

-------------

Da Combofix kan konflikte med din antivirus er det vigtigt at du deaktiverer den.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.malwarecheck.dk/billeder/CFScriptB-4_da.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Indholdet af denne fil må du gerne lægge herind.

Hej f-arn. Jeg forstår sådan set godt opgaven - bortset fra en lille detalje - og det er ordren "start notesblok og ........". Jeg er muligvis både tonedøv og komplet idiot - men jeg er altså i tvivl om hvor "notesblok" er og hvordan jeg finder den. Du må lige give mig nærmere besked herom inden jeg starter jobbet.....????!!! Men ellers tak for din vedholdenhed og store hjælp.

Mvh Harmony2860

[Start][Programmer][Tilbehør][Notesblok] ...

Hvis du ikke kan finde den så: klik start->kør og skriv:        %SystemRoot%\system32\notepad.exe

Noget går galt......jeg deaktiverer mit antivirusprogram og  aktiverer derefter følgende link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe,
og for mig ser det også ud som om at et eler andet bliver downloaded til computeren, men når jeg trykker på "kør" for at danne den fil I beder mig om, så får jeg følgende fejl: "Du kan ikke omdøbe ComboFix til:          Venligst benyt et andet navn, benyt kun tal og bogstaver i filnavnet". I am lost!

Mvh Harmony2860

Når du klikke på http://download.bleepingcomputer.com/sUBs/ComboFix.exe skal du GEMME filen [ComboFix.exe] et sted du kan finde igen bagefter.

Derefter lukke alle åbne programmer; så vidt mulig deaktivere dit antivirusprogram og SÅ køre [ComboFix.exe] fra det sted du gemte den for et øjeblik siden...

Så 'glem' denne [CFScript.txt] i denne omgang...

---------

Der er ikke nogen der har sagt du skal omdøbe noget ???

Så har jeg kørt [ComboFix.exe], hvilket der er kommet en meget lang log ud af.........Hva' ska' jeg så gøre?.....smil.

Mvh
Harmony2860

Så vil jeg da gerne se den.