Facebook virus..Hjælp!

Følg denne guide og dine problemer er løst :-)
http://www.eksperten.dk/guide/1232

Velkommen til...

Ja *SUK* Det er den sædvandlige FAcebook VIRUS!!! Som så mange andre ofre!!!

c:\windows\ld14.exe
c:\windows\freddy58.exe
c:\windows\pp11.exe
c:\windows\mstre21.exe

...Malwarebytes Anti-Malware linket duede ikke ... - hvad mener du her ?

Malwarebytes -> http://www.besttechie.net/tools/mbam-setup.exe
Malwarebytes alternativ -> http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Nævnte [Malwarebytes Anti-Malware] kan 'nappe' dette utøj pænt og nydeligt...

Mht.: Vista - HøjreMusseTast - Kør som Administrator på programmet...

Det er nogen gange hurtigere at hente de data ud som man ikke vil miste, og så genindstallere Vista fra bunden.
Du mangler også SP2 og alle opdateringer efterfølgende.

Husk M$ ServicePack2 til Vista -> http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d

Men [Malwarebytes Anti-Malware] proceduren + nævnte Logfiler først !!!

Hej alle
Tak for de hurtige svar, jeg kan dog stadig ikke helt få det til at fungere så her er lidt yderligere forklaring:

Det jeg mente med:
"Malwarebytes Anti-Malware linket duede ikke"
er at når jeg klikker på
"http://www.besttechie.net/tools/mbam-setup.exe" får jeg bare en fejl med at internet explorer kan ikke vise web siden(denne bsked får jeg også bå en hel række andre internet side som jeg ved fungere f.eks microsoft.com).
Når jeg prøver med:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
Når jeg ind på hjemmesiden men uanset hvilke af de 3 downloads jeg vælger får jeg igen en internet explorer kan ikke vise web siden besked.
Det lykkedes mig dog at finde mbam-setup.exe filen på download.com så nu har jeg installeret Malwarebytes Anti-Malware, men jeg før følgende fejlbesked når jeg forsøger at opdatere programmet:
"En fejl er opstået. rapporter venligst denne fejlkode til Malwarebytes' Anti-Malware support team:
Error code 732 (0,0)"

Skal jeg bare køre programmet uden at opdatere det først?

Gør nøjagtig som der står her, ellers vil den infektion stoppe combofix.


--Hent Combofix, og gem den på dit skrivebord som alg.exe
Det er vigtigt at du gemmer den under dette navn.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Der skal du gemme den som alg.exe - du må ikke hente den hjem på  skrivebordet som Combofix.exe og derefter omdøbe den der, så vil den infektion sætte den ud  af spillet.

Luk alle andre vinduer ned.

Kør så Combofix.exe, (alg.exe)  og følg anvisningerne. (Vistabrugere skal klikke med højre-musetast på filen og vælge (Kør som administrator)

Hvis du ikke kan deaktiver antivirus programmet så klik "Forsæt og ok"  så vil combofix forsætte.
Sig "NEJ" til at installer "Genoprettelses konsol"

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Hvis logfilen ikke åbnes så finder du den her c:\combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Vær tålmodig og vent til Combofix ruden lukker ned.

Hej Sullep
Det så ud til at virke jeg fik ihvertfald lov til at køre programmet, så mange tak for det, her er log'en:

ComboFix 09-09-14.02 - Kasper 16-09-2009 17:23.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.45.1030.18.3069.1975 [GMT 2:00]
Kører fra: c:\users\Kasper\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1324568000-1099784444-2463716467-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3760575259-3998885095-2510980084-500
c:\program files\DDnsFilter
c:\program files\DDnsFilter\DDnsFilter.dll
c:\windows\0101120101464857.xe
c:\windows\0101120101464950.xe
c:\windows\0101120101465653.xe
c:\windows\freddy58.exe
c:\windows\ld14.exe
c:\windows\mstre21.exe
c:\windows\pp11.exe
c:\windows\prxid93ps.dat
c:\windows\system32\drivers\DnsFilter.sys

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SfX
-------\Legacy_DnsFilter
-------\Service_ddnsfilter
-------\Service_DnsFilter


(((((((((((((((((((((((((((((  Filer skabt fra 2009-08-16 til 2009-09-16  )))))))))))))))))))))))))))))))))))
.

2009-09-16 15:32 . 2009-09-16 15:32    --------    d-----w-    c:\users\Default\AppData\Local\temp
2009-09-15 15:27 . 2009-09-15 15:27    --------    d-----w-    c:\users\Kasper\AppData\Roaming\Malwarebytes
2009-09-15 15:27 . 2009-09-10 12:54    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 15:27 . 2009-09-15 15:27    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-09-15 15:27 . 2009-09-15 15:27    --------    d-----w-    c:\programdata\Malwarebytes
2009-09-15 15:27 . 2009-09-10 12:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-09-14 21:18 . 2009-09-14 21:18    401720    ----a-w-    c:\users\Kasper\HiJackThis.exe
2009-09-14 20:37 . 2009-09-14 20:37    --------    d-----w-    c:\program files\CCleaner
2009-09-12 19:51 . 2009-09-12 19:51    --------    d-----w-    c:\program files\iPhone Configuration Utility
2009-09-12 19:50 . 2009-05-18 12:17    26600    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-12 19:50 . 2008-04-17 11:12    107368    ----a-w-    c:\windows\system32\GEARAspi.dll
2009-09-12 19:48 . 2009-09-12 19:48    --------    d-----w-    c:\program files\iPod
2009-09-12 19:48 . 2009-09-12 19:50    --------    d-----w-    c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 19:48 . 2009-09-12 19:50    --------    d-----w-    c:\program files\iTunes
2009-09-12 19:45 . 2009-09-12 19:46    --------    d-----w-    c:\program files\QuickTime
2009-08-25 17:13 . 2009-08-25 17:12    410984    ----a-w-    c:\windows\system32\deploytk.dll
2009-08-18 19:50 . 2009-08-18 19:50    1    ----a-w-    c:\windows\ectbbyn.dat
2009-08-18 19:49 . 2009-08-18 21:25    3235    ----a-w-    c:\windows\ex1234.dat
2009-08-18 19:47 . 2009-08-18 19:47    1    ---h--w-    c:\windows\mmsmark2.dat
2009-08-18 19:47 . 2009-08-18 19:47    1    ---h--w-    c:\windows\ex23567.dat
2009-08-17 17:52 . 2009-06-15 15:22    213504    ----a-w-    c:\windows\system32\msv1_0.dll
2009-08-17 17:52 . 2009-06-15 15:21    499712    ----a-w-    c:\windows\system32\kerberos.dll
2009-08-17 17:52 . 2009-06-15 15:24    175104    ----a-w-    c:\windows\system32\wdigest.dll
2009-08-17 17:52 . 2009-06-15 15:24    270848    ----a-w-    c:\windows\system32\schannel.dll
2009-08-17 17:52 . 2009-06-15 15:23    1256448    ----a-w-    c:\windows\system32\lsasrv.dll
2009-08-17 17:52 . 2009-06-15 18:20    439896    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2009-08-17 17:52 . 2009-06-15 12:57    9728    ----a-w-    c:\windows\system32\lsass.exe
2009-08-17 17:52 . 2009-06-15 15:24    72704    ----a-w-    c:\windows\system32\secur32.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 15:34 . 2008-05-01 20:34    12    ----a-w-    c:\windows\bthservsdp.dat
2009-09-15 15:58 . 2008-07-06 16:01    --------    d-----w-    c:\users\Kasper\AppData\Roaming\DNA
2009-09-14 21:01 . 2008-09-17 19:37    --------    d-----w-    c:\program files\Betsson
2009-09-14 16:13 . 2006-11-21 04:49    80496    ----a-w-    c:\windows\system32\perfc006.dat
2009-09-14 16:13 . 2006-11-21 04:49    471508    ----a-w-    c:\windows\system32\perfh006.dat
2009-09-12 19:48 . 2008-07-06 18:51    --------    d-----w-    c:\program files\Common Files\Apple
2009-08-25 17:12 . 2008-05-01 20:44    --------    d-----w-    c:\program files\Java
2009-08-19 06:03 . 2008-08-05 14:59    --------    d-----w-    c:\program files\Safari
2009-08-15 07:35 . 2009-08-15 07:34    --------    d-----w-    c:\program files\Garmin GPS Plugin
2009-08-15 07:34 . 2009-06-17 13:52    --------    d-----w-    c:\program files\DIFX
2009-08-15 07:34 . 2009-08-15 07:34    --------    d-----w-    c:\program files\Garmin
2009-08-13 01:13 . 2008-08-05 15:17    --------    d-----w-    c:\program files\Microsoft Silverlight
2009-08-13 01:04 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2009-07-31 18:35 . 2009-07-31 18:27    --------    d-----w-    c:\users\Kasper\AppData\Roaming\DAEMON Tools Lite
2009-07-31 18:34 . 2009-07-31 18:34    --------    d-----w-    c:\programdata\DAEMON Tools Lite
2009-07-31 18:34 . 2009-07-31 18:33    --------    d-----w-    c:\program files\DAEMON Tools Toolbar
2009-07-31 18:34 . 2009-07-31 18:33    --------    d-----w-    c:\program files\DAEMON Tools Lite
2009-07-31 18:29 . 2009-07-31 18:29    721904    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-07-27 15:19 . 2008-05-09 16:12    68902    ----a-w-    c:\users\Kasper\AppData\Roaming\nvModes.dat
2009-07-21 21:52 . 2009-07-28 21:27    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 21:27    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 21:27    71680    ----a-w-    c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 21:27    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2009-07-20 01:08 . 2008-05-01 21:00    --------    d-----w-    c:\programdata\McAfee
2009-07-19 16:29 . 2008-05-01 21:00    --------    d-----w-    c:\program files\McAfee
2009-07-17 14:35 . 2009-08-12 21:35    71680    ----a-w-    c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 21:35    313344    ----a-w-    c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 21:35    4096    ----a-w-    c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 21:35    7680    ----a-w-    c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 21:35    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2008-05-01 20:51 . 2008-05-01 20:51    74    --sh--r-    c:\windows\CT4CET.bin
2008-05-02 04:20 . 2008-05-02 04:09    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-01 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2008-09-02 8203352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-25 148888]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-01 29744]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-1 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-5-1 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AB907F12-6EC9-40FF-B162-98467989D02E}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{C7252EA3-EA3F-456C-A254-43F4AD0F2E70}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{26227733-8392-40AE-B5E3-C2F4A9828565}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{A5B2F46F-1122-4D9E-8C48-7885290F4FB3}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{020F60B8-DF25-4922-B95D-FC89DFF30D4A}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{1361734E-29C3-48E2-9106-2CC84E2EA41E}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{6E80FFED-516C-4CC2-B7C7-745FE982C0E0}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{82E405FE-6090-488F-A477-DA517ABE27F5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{469A22B5-7DE1-483C-860E-143BFE915F93}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{A8AC939A-FAA1-4F24-9C2A-C821C2ACA6CD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{52936129-BE38-488D-8A75-4D5FD4BB5FED}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{59B9CA98-351B-4F84-ABBE-F29502527398}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9FFB5AD2-464B-4A47-9181-7E1EC484BA3F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{15E279F2-5F8E-4207-AB69-8D9F4282BE94}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A6631CC8-B5BB-4685-82F4-DD887589D4D0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DEDE46CB-9DE4-4142-BF4E-F2D5B6F767BB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [01-05-2008 22:32 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [16-11-2008 15:10 203280]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [02-05-2008 06:26 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [02-05-2008 06:26 7424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ
ddnsfilter    REG_MULTI_SZ      ddnsfilter

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2008-05-01 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-20 09:53]

2008-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-20 09:53]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=2080502
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: danid.dk
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://danid.dk/csp/authenticode/digitalsignatur-csp.exe
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-sysfbtray - c:\windows\freddy58.exe
AddRemove-Creative OEM002 - c:\windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 17:36
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(5884)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\System32\rundll32.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Gennemført tid: 2009-09-16 17:44 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-09-16 15:44

Pre-Kørsel: 194.369.671.168 byte ledig
Post-Kørsel: 193.927.872.512 byte ledig

266    --- E O F ---    2009-08-17 17:58

Håber i kan se noget ud af denne :-)

Jeg vil gerne du afinstaller alle fildelings programmer så længe vi renser din maskine, så gør det.

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind i denne tråd.

>>

Åben Notesblok og kopier følgende (tekst med fed skrift) ind - og gem tekst-filen som CFScript.txt samme sted som du har ComboFix:

Killall::
Snapshot::
File::
c:\windows\ectbbyn.dat
c:\windows\ex1234.dat
c:\windows\mmsmark2.dat
c:\windows\ex23567.dat


Træk CFScript filen over på ComboFix ikonet - det vil starte ComboFix igen (hvis computeren vil genstarte, så lad den gøre det). Se eventuelt her:
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Læg den nye ComboFix log herind.

Kom også med en frisk log fra HijackThis.

Så fik jeg gennemgået ovenstående og det gav følgende Malwarebytes Anti-Malware log:

Malwarebytes' Anti-Malware 1.41
Database version: 2813
Windows 6.0.6001 Service Pack 1

17-09-2009 00:40:48
mbam-log-2009-09-17 (00-40-48).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 231225
Tid tilbagelagt: 1 hour(s), 24 minute(s), 2 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 10

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Qoobox\Quarantine\C\Program Files\DDnsFilter\DDnsFilter.dll.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\freddy58.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\ld14.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\mstre21.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\pp11.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\drivers\DnsFilter.sys.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\ectbbyn.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\ex23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

Og følgende comboFix log:

ComboFix 09-09-14.02 - Kasper 17-09-2009  1:00.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.45.1030.18.3069.2034 [GMT 2:00]
Kører fra: c:\users\Kasper\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Kasper\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"c:\windows\ectbbyn.dat"
"c:\windows\ex1234.dat"
"c:\windows\ex23567.dat"
"c:\windows\mmsmark2.dat"
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ex1234.dat

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-08-16 til 2009-09-16  )))))))))))))))))))))))))))))))))))
.

2009-09-16 23:05 . 2009-09-16 23:07    --------    d-----w-    c:\users\Kasper\AppData\Local\temp
2009-09-16 23:05 . 2009-09-16 23:05    --------    d-----w-    c:\users\Public\AppData\Local\temp
2009-09-16 23:05 . 2009-09-16 23:05    --------    d-----w-    c:\users\Default\AppData\Local\temp
2009-09-16 21:15 . 2009-09-10 12:54    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 21:14 . 2009-09-16 21:15    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-09-16 21:14 . 2009-09-10 12:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-09-15 15:27 . 2009-09-15 15:27    --------    d-----w-    c:\users\Kasper\AppData\Roaming\Malwarebytes
2009-09-15 15:27 . 2009-09-15 15:27    --------    d-----w-    c:\programdata\Malwarebytes
2009-09-14 21:18 . 2009-09-14 21:18    401720    ----a-w-    c:\users\Kasper\HiJackThis.exe
2009-09-14 20:37 . 2009-09-14 20:37    --------    d-----w-    c:\program files\CCleaner
2009-09-12 19:51 . 2009-09-12 19:51    --------    d-----w-    c:\program files\iPhone Configuration Utility
2009-09-12 19:48 . 2009-09-12 19:50    --------    d-----w-    c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 19:45 . 2009-09-12 19:46    --------    d-----w-    c:\program files\QuickTime
2009-08-25 17:13 . 2009-08-25 17:12    410984    ----a-w-    c:\windows\system32\deploytk.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 23:06 . 2008-05-01 20:34    12    ----a-w-    c:\windows\bthservsdp.dat
2009-09-16 21:11 . 2008-07-06 18:51    --------    d-----w-    c:\program files\Common Files\Apple
2009-09-16 21:03 . 2009-07-31 18:33    --------    d-----w-    c:\program files\DAEMON Tools Toolbar
2009-09-15 15:58 . 2008-07-06 16:01    --------    d-----w-    c:\users\Kasper\AppData\Roaming\DNA
2009-09-14 21:01 . 2008-09-17 19:37    --------    d-----w-    c:\program files\Betsson
2009-09-14 16:13 . 2006-11-21 04:49    80496    ----a-w-    c:\windows\system32\perfc006.dat
2009-09-14 16:13 . 2006-11-21 04:49    471508    ----a-w-    c:\windows\system32\perfh006.dat
2009-08-25 17:12 . 2008-05-01 20:44    --------    d-----w-    c:\program files\Java
2009-08-19 06:03 . 2008-08-05 14:59    --------    d-----w-    c:\program files\Safari
2009-08-15 07:35 . 2009-08-15 07:34    --------    d-----w-    c:\program files\Garmin GPS Plugin
2009-08-15 07:34 . 2009-06-17 13:52    --------    d-----w-    c:\program files\DIFX
2009-08-15 07:34 . 2009-08-15 07:34    --------    d-----w-    c:\program files\Garmin
2009-08-13 01:13 . 2008-08-05 15:17    --------    d-----w-    c:\program files\Microsoft Silverlight
2009-08-13 01:04 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2009-07-31 18:35 . 2009-07-31 18:27    --------    d-----w-    c:\users\Kasper\AppData\Roaming\DAEMON Tools Lite
2009-07-31 18:34 . 2009-07-31 18:34    --------    d-----w-    c:\programdata\DAEMON Tools Lite
2009-07-31 18:34 . 2009-07-31 18:33    --------    d-----w-    c:\program files\DAEMON Tools Lite
2009-07-31 18:29 . 2009-07-31 18:29    721904    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-07-27 15:19 . 2008-05-09 16:12    68902    ----a-w-    c:\users\Kasper\AppData\Roaming\nvModes.dat
2009-07-21 21:52 . 2009-07-28 21:27    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 21:27    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 21:27    71680    ----a-w-    c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 21:27    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2009-07-20 01:08 . 2008-05-01 21:00    --------    d-----w-    c:\programdata\McAfee
2009-07-19 16:29 . 2008-05-01 21:00    --------    d-----w-    c:\program files\McAfee
2009-07-17 14:35 . 2009-08-12 21:35    71680    ----a-w-    c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 21:35    313344    ----a-w-    c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 21:35    4096    ----a-w-    c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 21:35    7680    ----a-w-    c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 21:35    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2008-05-01 20:51 . 2008-05-01 20:51    74    --sh--r-    c:\windows\CT4CET.bin
2008-05-02 04:20 . 2008-05-02 04:09    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-01 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2008-09-02 8203352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-25 148888]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-01 29744]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-1 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-5-1 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AB907F12-6EC9-40FF-B162-98467989D02E}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{C7252EA3-EA3F-456C-A254-43F4AD0F2E70}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{26227733-8392-40AE-B5E3-C2F4A9828565}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{A5B2F46F-1122-4D9E-8C48-7885290F4FB3}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{020F60B8-DF25-4922-B95D-FC89DFF30D4A}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{1361734E-29C3-48E2-9106-2CC84E2EA41E}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{6E80FFED-516C-4CC2-B7C7-745FE982C0E0}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{82E405FE-6090-488F-A477-DA517ABE27F5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{469A22B5-7DE1-483C-860E-143BFE915F93}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{A8AC939A-FAA1-4F24-9C2A-C821C2ACA6CD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{52936129-BE38-488D-8A75-4D5FD4BB5FED}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{59B9CA98-351B-4F84-ABBE-F29502527398}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9FFB5AD2-464B-4A47-9181-7E1EC484BA3F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{15E279F2-5F8E-4207-AB69-8D9F4282BE94}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [02-05-2008 06:26 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [02-05-2008 06:26 7424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2008-05-01 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-20 09:53]

2008-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-20 09:53]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=2080502
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: danid.dk
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://danid.dk/csp/authenticode/digitalsignatur-csp.exe
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

SafeBoot-Wdf01000.sys



**************************************************************************
scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer:

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(3968)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\AEstSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2009-09-16  1:13 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-09-16 23:13
ComboFix2.txt  2009-09-16 15:44

Pre-Kørsel: 191.696.330.752 byte ledig
Post-Kørsel: 191.694.741.504 byte ledig

220    --- E O F ---    2009-08-17 17:58

Og til sidst hijackThis log'en:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:17:53, on 17-09-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Kasper\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=2080502
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://danid.dk/csp/authenticode/digitalsignatur-csp.exe
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop-administrator 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9759 bytes

PS: Vista bruger skal højreklikke på filen > Kør  som administrator.
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab


Tryk på windows tast + R. > Skriv services.msc
Find disse service > Højreklik på dem > Vælg "Stop" > Højreklik igen > Egenskaber > Ret "Starttype" til "Manuelt" > Klik "Anvend > ok.

Andrea ST Filters Service (AESTFilters)
Apple Mobile Device
Bonjour-tjeneste (Bonjour Service)
Google Software Updater (gusvc)
Apple Mobile Device


>>


Åben Notesblok og kopier følgende (tekst med fed skrift) ind - og gem tekst-filen som CFScript.txt samme sted som du har ComboFix:


Killall::
Snapshot::
Folder::
c:\program files\DNA
c:\program files\BitTorrent
c:\users\Kasper\AppData\Roaming\DNA
Registry::
HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Træk CFScript filen over på ComboFix ikonet - det vil starte ComboFix igen (hvis computeren vil genstarte, så lad den gøre det). Se eventuelt her:
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Læg den nye ComboFix log herind.

Hvordan kører din pc nu ?

Så har jeg gennemført ovenstående, undrede mig dog lidt over at Apple Mobile Device stod to gange under de services som jeg skulle stoppe.
umiddelbart kører min computer godt, jeg kan komme ind på alle hjemmesider får ikke mærkelige pop ups og internettet kører med almindelig hastighed igen, så det ser ud tila at virke.

Her er comboFix log'en:

ComboFix 09-09-16.05 - Kasper 17-09-2009 17:48.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.45.1030.18.3069.2002 [GMT 2:00]
Kører fra: c:\users\Kasper\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Kasper\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\users\Kasper\AppData\Roaming\DNA
c:\users\Kasper\AppData\Roaming\DNA\dht.dat
c:\users\Kasper\AppData\Roaming\DNA\dht.dat.old
c:\users\Kasper\AppData\Roaming\DNA\dna.lng
c:\users\Kasper\AppData\Roaming\DNA\resume.dat
c:\users\Kasper\AppData\Roaming\DNA\resume.dat.old
c:\users\Kasper\AppData\Roaming\DNA\rss.dat
c:\users\Kasper\AppData\Roaming\DNA\rss.dat.old
c:\users\Kasper\AppData\Roaming\DNA\settings.dat
c:\users\Kasper\AppData\Roaming\DNA\settings.dat.old

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-08-17 til 2009-09-17  )))))))))))))))))))))))))))))))))))
.

2009-09-17 15:53 . 2009-09-17 15:55    --------    d-----w-    c:\users\Kasper\AppData\Local\temp
2009-09-17 15:53 . 2009-09-17 15:53    --------    d-----w-    c:\users\Public\AppData\Local\temp
2009-09-17 15:53 . 2009-09-17 15:53    --------    d-----w-    c:\users\Default\AppData\Local\temp
2009-09-17 15:34 . 2009-09-17 15:34    --------    d-----w-    c:\users\Kasper\backups
2009-09-16 23:25 . 2009-06-22 10:22    2048    ----a-w-    c:\windows\system32\tzres.dll
2009-09-16 21:15 . 2009-09-10 12:54    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 21:14 . 2009-09-16 21:15    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-09-16 21:14 . 2009-09-10 12:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-09-16 21:14 . 2009-08-14 17:07    897608    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2009-09-16 21:14 . 2009-08-14 16:29    104960    ----a-w-    c:\windows\system32\netiohlp.dll
2009-09-16 21:14 . 2009-08-14 14:16    27136    ----a-w-    c:\windows\system32\NETSTAT.EXE
2009-09-16 21:14 . 2009-08-14 14:16    9728    ----a-w-    c:\windows\system32\TCPSVCS.EXE
2009-09-16 21:14 . 2009-08-14 14:16    19968    ----a-w-    c:\windows\system32\ARP.EXE
2009-09-16 21:14 . 2009-08-14 14:16    11264    ----a-w-    c:\windows\system32\MRINFO.EXE
2009-09-16 21:14 . 2009-08-14 14:16    8704    ----a-w-    c:\windows\system32\HOSTNAME.EXE
2009-09-16 21:14 . 2009-08-14 14:16    10240    ----a-w-    c:\windows\system32\finger.exe
2009-09-16 21:14 . 2009-08-14 14:16    17920    ----a-w-    c:\windows\system32\ROUTE.EXE
2009-09-16 21:14 . 2009-08-14 16:29    17920    ----a-w-    c:\windows\system32\netevent.dll
2009-09-16 21:13 . 2009-07-11 19:32    293376    ----a-w-    c:\windows\system32\wlanmsm.dll
2009-09-16 21:13 . 2009-07-11 19:29    127488    ----a-w-    c:\windows\system32\L2SecHC.dll
2009-09-16 21:13 . 2009-07-11 19:32    513024    ----a-w-    c:\windows\system32\wlansvc.dll
2009-09-16 21:13 . 2009-07-11 19:32    302592    ----a-w-    c:\windows\system32\wlansec.dll
2009-09-16 21:13 . 2009-06-10 12:11    2868224    ----a-w-    c:\windows\system32\mf.dll
2009-09-15 15:27 . 2009-09-15 15:27    --------    d-----w-    c:\users\Kasper\AppData\Roaming\Malwarebytes
2009-09-15 15:27 . 2009-09-15 15:27    --------    d-----w-    c:\programdata\Malwarebytes
2009-09-14 21:18 . 2009-09-14 21:18    401720    ----a-w-    c:\users\Kasper\HiJackThis.exe
2009-09-14 20:37 . 2009-09-14 20:37    --------    d-----w-    c:\program files\CCleaner
2009-09-12 19:51 . 2009-09-12 19:51    --------    d-----w-    c:\program files\iPhone Configuration Utility
2009-09-12 19:48 . 2009-09-12 19:50    --------    d-----w-    c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 19:45 . 2009-09-12 19:46    --------    d-----w-    c:\program files\QuickTime
2009-08-25 17:13 . 2009-08-25 17:12    410984    ----a-w-    c:\windows\system32\deploytk.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 15:53 . 2008-05-01 20:34    12    ----a-w-    c:\windows\bthservsdp.dat
2009-09-16 23:22 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2009-09-16 23:21 . 2008-08-05 15:17    --------    d-----w-    c:\program files\Microsoft Silverlight
2009-09-16 21:11 . 2008-07-06 18:51    --------    d-----w-    c:\program files\Common Files\Apple
2009-09-16 21:03 . 2009-07-31 18:33    --------    d-----w-    c:\program files\DAEMON Tools Toolbar
2009-09-14 21:01 . 2008-09-17 19:37    --------    d-----w-    c:\program files\Betsson
2009-09-14 16:13 . 2006-11-21 04:49    80496    ----a-w-    c:\windows\system32\perfc006.dat
2009-09-14 16:13 . 2006-11-21 04:49    471508    ----a-w-    c:\windows\system32\perfh006.dat
2009-08-25 17:12 . 2008-05-01 20:44    --------    d-----w-    c:\program files\Java
2009-08-19 06:03 . 2008-08-05 14:59    --------    d-----w-    c:\program files\Safari
2009-08-15 07:35 . 2009-08-15 07:34    --------    d-----w-    c:\program files\Garmin GPS Plugin
2009-08-15 07:34 . 2009-06-17 13:52    --------    d-----w-    c:\program files\DIFX
2009-08-15 07:34 . 2009-08-15 07:34    --------    d-----w-    c:\program files\Garmin
2009-07-31 18:35 . 2009-07-31 18:27    --------    d-----w-    c:\users\Kasper\AppData\Roaming\DAEMON Tools Lite
2009-07-31 18:34 . 2009-07-31 18:34    --------    d-----w-    c:\programdata\DAEMON Tools Lite
2009-07-31 18:34 . 2009-07-31 18:33    --------    d-----w-    c:\program files\DAEMON Tools Lite
2009-07-31 18:29 . 2009-07-31 18:29    721904    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-07-27 15:19 . 2008-05-09 16:12    68902    ----a-w-    c:\users\Kasper\AppData\Roaming\nvModes.dat
2009-07-21 21:52 . 2009-07-28 21:27    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 21:27    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 21:27    71680    ----a-w-    c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 21:27    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2009-07-20 01:08 . 2008-05-01 21:00    --------    d-----w-    c:\programdata\McAfee
2009-07-19 16:29 . 2008-05-01 21:00    --------    d-----w-    c:\program files\McAfee
2009-07-17 14:35 . 2009-08-12 21:35    71680    ----a-w-    c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 21:35    313344    ----a-w-    c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 21:35    4096    ----a-w-    c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 21:35    7680    ----a-w-    c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 21:35    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2008-05-01 20:51 . 2008-05-01 20:51    74    --sh--r-    c:\windows\CT4CET.bin
2008-05-02 04:20 . 2008-05-02 04:09    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-01 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2008-09-02 8203352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-25 148888]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-1 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-5-1 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AB907F12-6EC9-40FF-B162-98467989D02E}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{C7252EA3-EA3F-456C-A254-43F4AD0F2E70}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{26227733-8392-40AE-B5E3-C2F4A9828565}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{A5B2F46F-1122-4D9E-8C48-7885290F4FB3}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{020F60B8-DF25-4922-B95D-FC89DFF30D4A}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{1361734E-29C3-48E2-9106-2CC84E2EA41E}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{6E80FFED-516C-4CC2-B7C7-745FE982C0E0}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{82E405FE-6090-488F-A477-DA517ABE27F5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{469A22B5-7DE1-483C-860E-143BFE915F93}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{A8AC939A-FAA1-4F24-9C2A-C821C2ACA6CD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{52936129-BE38-488D-8A75-4D5FD4BB5FED}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{59B9CA98-351B-4F84-ABBE-F29502527398}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9FFB5AD2-464B-4A47-9181-7E1EC484BA3F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{15E279F2-5F8E-4207-AB69-8D9F4282BE94}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2008-05-01 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-20 09:53]

2008-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-20 09:53]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=2080502
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: danid.dk
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://danid.dk/csp/authenticode/digitalsignatur-csp.exe
.

**************************************************************************
scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer:

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(4056)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\windows\System32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2009-09-17 18:00 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-09-17 16:00
ComboFix2.txt  2009-09-16 23:13
ComboFix3.txt  2009-09-16 15:44

Pre-Kørsel: 190.562.734.080 byte ledig
Post-Kørsel: 190.954.704.896 byte ledig

237    --- E O F ---    2009-09-16 23:27

Der er  en nøgle fra BitTorrent i reg basen som combofix ikke fik fjernet, den har kun kosmetisk betydning, så fred være med den.

Der er ikke mere at komme efter,

Tryk på windows tast + R. > Skriv combofix /u

Bemærk mellemrum mellem X og /U, det skal være der.

Ovennævnte procedure vil:
Slette følgende:
ComboFix og tilhørende filer og mapper.
Nulstille uret indstillinger.
Skjule filtypenavne, hvis det kræves.
Skjule System / Skjulte filer, hvis det kræves.

Du skal rydde op i systemgendannelses filerne.

Deaktiver systemgendannelsen > Gentart > Aktiver systemgendannelsen igen.
Du kan læse her hvordan i Vista.

http://windowshelp.microsoft.com/Windows/da-DK/help/517d3b8e-3379-46c1-b479-05b30d6fb3f01030.mspx#ELBAC


Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

God fornøjelse.

Tak for hjælpen den havde jeg aldrig klaret selv.

Selv tak, det er derfor vi er her.
Du skal lige gå til "Windows Update" der ligger en SP2 + andre opdateringer.