CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede Christian_Belgien Novice
08. januar 2010 - 12:14 Der er 15 kommentarer og
1 løsning

Malware og HiJack

Jeg arbejder som frivillig paa et velfaerdscenter (i Belgien) for at faa lidt erfaring med informatik.  Der er der en PC (med Windows XP) der havde noget snavs.  I et spoergsmaal fornyligt blev jeg af Karise_Larry raadet til at installere og koere ccleaner, Malwarebytes, og HiJackThis.  Jeg proevede det foerst af, med success, paa min egen laptop (ligeledes med XP).  Der var ingen virus/spyvare, men der var et antal filer paa HiJackThis rapporten som jeg blev raadet til at slette.

Nu sidder jeg paa centeret. Jeg har koert ccleaner.  Jeg har ogsaa koert MalwareBytes.  Der fik jeg en besked om at indsaette DVDen for at loade XP fordi der var nogle ikke-genkendte filer.  Da jeg ikke havde adgang til DVDen (og den der har ikke er her i dag) valgte jeg det fra og haaber det gaar godt.  Jeg fik en logfil fra MalwareBytes som jeg viser nedenfor.

Men jeg synes ikke at kunne faa HiJackThis i tale.  Jeg bruger dette link:  http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe.  Jeg faar valget mellem at udfoere og at bevare den, og efter raad bevarer jeg den.  Jeg faar saa en fil der hedder HiJackThis (398KB).  Naar jeg klikker paa den faar jeg en alert der spoerger om jeg vil udfoere den, og naar jeg klikker for ja sker der ingenting.  Er der nogen der har forslag til hvordan jeg kommer videre?

Her er saa logfilen fra Malware.  En kritisk gennemgang vil blive meget vaerdsat.

Malwarebytes' Anti-Malware 1.44
Database versie: 3515
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

8/01/2010 11:04:58
mbam-log-2010-01-08 (11-04-58).txt

Scan type: Volledige Scan (C:\|)
Objecten gescand: 249901
Verstreken tijd: 38 minute(s), 0 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 1
Registersleutels geïnfecteerd: 102
Registerwaarden geïnfecteerd: 11
Registerdata bestanden geïnfecteerd: 8
Mappen geïnfecteerd: 5
Bestanden geïnfecteerd: 43

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\1025a.dll (Trojan.Vundo) -> Delete on reboot.

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{c5f43bef-ce2f-afe6-46d8-a647bacd1f09} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\homeantivirus2010 (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.Exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASecurityCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpi32 (SpamTool.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ati64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i386si (SpamTool.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\port135sik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\securentm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Systemntmi (SpamTool.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\home antivirus 2010 (Rogue.HomeAntivirus) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Worm.Ecard) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Worm.Ecard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\18243754 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010 (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\data (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\Microsoft.VC80.CRT (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Centrum Kauwenberg\Menu Start\Programma's\HomeAntivirus2010 (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
C:\WINDOWS\system32\1025a.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe (Rogue.HomeAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\htmlayout.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\wscui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\0.exe (Worm.Ecard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\359.exe (Worm.Ecard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\421.exe (Worm.Ecard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\acpi32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\amd64si.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\netsik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\nicsk32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\fips32cup.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\i386si.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\securentm.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ksi32sk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\port135sik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ws2_32sik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati64si.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\lizkavd.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\seres.exe (Worm.Ecard) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\svcst.exe (Worm.Ecard) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\POCABPE6\Install[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\AVEngn.dll (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\pthreadVC2.dll (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\data\daily.cvd (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Centrum Kauwenberg\Menu Start\Programma's\HomeAntivirus2010\HomeAntivirus2010.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Centrum Kauwenberg\Menu Start\Programma's\HomeAntivirus2010\Uninstall.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Centrum Kauwenberg\Bureaublad\HomeAntivirus2010.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Centrum Kauwenberg\Application Data\Microsoft\Internet Explorer\Quick Launch\HomeAntivirus2010.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Centrum Kauwenberg\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\765.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
Avatar billede Computer Hjælp (Gratis) Mester
08. januar 2010 - 12:34 #1
Hold da fest *S* - der er noget for MalwareBytes; mere end der kan stå her i tråden...

Den er jo et pænt 'skræk'eksempel på hvad der kan være på en sådan 'fri' PC ...


Prøv at hente HiJackThis nu EFTER ovenstående er gennemført
eller
Hent HiJackThis.exe via en anden PC

(Du burde have nævnte værktøjer på passende andet medie - USB 'pen' ell. lign. ...)
Avatar billede sullep Nybegynder
08. januar 2010 - 12:51 #2
Det link du har brugt til HijackThis virker ikke, brug denne.

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Med de infektioner du har vil jeg anbefale du kører Combofix.


--Hent Combofix, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Luk alle andre vinduer ned.

Kør så Combofix.exe,  og følg anvisningerne. (Vistabrugere skal klikke med højre-musetast på filen og vælge (Kør som administrator)

Vigtigt-> Deaktiver dit antivirus/antispyware program.
Hvis du ikke kan deaktiver programmet, så klikker du bare "OK" så vil combofix forsætte

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Hvis logfilen ikke åbnes så finder du den her c:\combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Avatar billede Christian_Belgien Novice
08. januar 2010 - 19:19 #3
Tak for input.  Det bliver tirsdag foer jeg kan foelge det op (jeg skulle kun komme en dag om ugen, men jeg tog derop (120 km) ekstra idag for at begynde at rydde op i malware problemet.  Traaden maa saa forblive aaben intil da.
Avatar billede Christian_Belgien Novice
09. januar 2010 - 17:17 #4
karise_larry, ja, naturligvis, jeg skal bringe de vaerktoejer til centeret paa min usb-stick saa jeg ikke er afhaengig af at kunne downloade dem der.  Jeg nu kopieret dem, og derefter har jeg koert dem fra usb-sticken for at vaere sikker paa at de virkede (malwaren koerte jeg kun lidt af for at spare tid efter at jeg lavede en komplet skan for et par dage siden.)  Jeg har et spoergsmaal jeg glemte forleden:  paa ccleaner faar man paa et tidspunkt en liste af alle cockies og kan flytte dem man vil bevare over i hoejre halvdel.  Men jeg kan ikke se hvordan man faar fjernet de cockies man ikke har brug for.  Jeg ser ingen knap med "clean" eller lignende.  Jeg har proevet at highlighte cockierne og hoejre-klikket og trykket paa delete, men der sker ingenting, saa jeg har stadig cockierne.  Hvad har jeg ikke set?

Sulliep, jeg gaar i gang med at afprove hvad du anbefaler paa min egen laptop for at oeve mig inden jeg paa tirsdag slipper det loes paa centeret.  Hvis jeg render ind i problemer raaber jeg om hjaelp.
Avatar billede Christian_Belgien Novice
09. januar 2010 - 18:07 #5
Sullep, jeg downloadede og gemte ComboFix.  Efter jeg saa havde klikket paa ComboFix.exe fik jeg et hoejt bip og der blev vist en "Disclamer of warranty on software:

The following websites are not in any way affiliated to ComboFix:  http://www.combofix.org/, http://www.combofixdownload.com/.  If you have purchased anything fromthem, I suggest yu instruct your financiers to cancel the transaction.

A guide on proper ComboFix usage may be found at:  http://www.bleepingcomuter.com/combofix/how-to-use-combofix.

ComboFix is meant for private use.  It should never be used in an unsupervised environment.  If infections are found, it will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.

This software is provided 'as is', without warranty of any kind.  All implied warranties are expressly disclaimed.  If you do not agree to the above terms please click No to exit."

Er der noget jeg skal vaere bekymret om eller skal jeg bare fortsaette ved at trykke paa "Yes"?
Avatar billede Computer Hjælp (Gratis) Mester
09. januar 2010 - 18:43 #6
Yes !
Avatar billede Christian_Belgien Novice
09. januar 2010 - 19:10 #7
Yes jeg skal vaere bekymret eller jeg skal trykke paa Yes?
Avatar billede Computer Hjælp (Gratis) Mester
09. januar 2010 - 19:27 #8
...trykke paa Yes? *S*
Avatar billede Christian_Belgien Novice
09. januar 2010 - 21:57 #9
OK, jeg har koert ComboFix paa min laptop for at proeve den af.  Loggen har jeg lagt paa http://christianjorgensen.be/ComboFix.txt (er for stor til at passe i et indlaeg.)  Et gennemsyn ville vaere meget vaerdsat.

Jeg bruger AVG som anti virus program og jeg fandt ikke nogen maade at deaktivere det paa saa jeg koerte videre, som sullep sagde, men den bippede hoejt og sagde at jeg fortsatte paa egen risiko.
Avatar billede Computer Hjælp (Gratis) Mester
09. januar 2010 - 23:07 #10
ComboFix 10-01-04.01 - Jorgensen 09/01/2010  21:38:05.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1386 [GMT 1:00]
Running from: c:\documents and settings\Jorgensen\My Documents\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((  Files Created from 2009-12-09 to 2010-01-09  )))))))))))))))))))))))))))))))
.

2010-01-09 20:37 . 2010-01-09 20:37    12568    ----a-w-    c:\windows\system32\drivers\PROCEXP113.SYS
2010-01-09 16:34 . 2010-01-09 16:34    --------    d-----w-    c:\documents and settings\All Users\Application Data\nView_Profiles
2010-01-06 21:14 . 2010-01-06 21:14    --------    d-----w-    c:\documents and settings\Jorgensen\Application Data\Malwarebytes
2010-01-06 21:14 . 2009-12-30 13:55    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 21:14 . 2010-01-06 21:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-06 21:14 . 2010-01-06 21:14    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-01-06 21:14 . 2009-12-30 13:54    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-01-06 20:15 . 2010-01-06 20:15    --------    d-----w-    c:\program files\CCleaner
2010-01-01 20:17 . 2010-01-01 20:17    --------    d-----w-    C:\Photoshop
2009-12-17 08:26 . 2009-08-05 23:00    --------    d---a-w-    C:\xampp
2009-12-16 07:18 . 2009-12-16 07:18    --------    d-----w-    c:\windows\Sun
2009-12-14 09:21 . 2010-01-07 14:00    --------    d-----w-    c:\documents and settings\Jorgensen\Local Settings\Application Data\Google
2009-12-14 09:21 . 2009-12-14 09:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\WinZip
2009-12-14 09:19 . 2010-01-07 14:00    --------    d-----w-    c:\program files\Google
2009-12-14 07:54 . 2009-12-14 07:54    --------    d-----w-    c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-14 07:40 . 2009-12-14 07:40    --------    d-----w-    c:\program files\Adobe Media Player
2009-12-14 07:36 . 2009-12-14 07:36    --------    d-----w-    c:\program files\Common Files\Adobe AIR
2009-12-14 07:35 . 2009-12-14 07:35    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2009-12-14 06:26 . 2010-01-09 20:27    --------    d-----w-    c:\program files\Common Files\Akamai

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 12:19 . 2009-11-26 07:03    69232    ----a-w-    c:\documents and settings\Jorgensen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 20:45 . 2009-11-28 14:18    --------    d-----w-    c:\program files\ToggleDU
2010-01-06 20:41 . 2009-11-26 18:38    --------    d-----w-    c:\program files\Common Files\Adobe
2010-01-05 06:20 . 2009-11-25 15:36    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-29 11:55 . 2009-11-25 14:55    87263    ----a-w-    c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-29 11:04 . 2009-11-29 11:04    --------    d-----w-    c:\program files\OLYMPUS
2009-11-28 15:26 . 2009-11-28 15:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\Adobe Systems
2009-11-28 15:22 . 2009-11-28 15:22    --------    d-----w-    c:\program files\Common Files\Adobe Systems Shared
2009-11-28 14:18 . 2009-11-28 14:18    --------    d-----w-    c:\program files\Conduit
2009-11-28 11:08 . 2009-11-28 11:08    --------    d-----w-    c:\documents and settings\Jorgensen\Application Data\ShredderChess
2009-11-28 11:08 . 2009-11-28 11:08    --------    d-----w-    c:\program files\ShredderChess
2009-11-26 03:46 . 2009-11-26 03:46    --------    d-----w-    c:\program files\MSXML 4.0
2009-11-25 21:52 . 2009-11-25 21:52    0    ----a-w-    c:\windows\nsreg.dat
2009-11-25 16:10 . 2009-11-25 16:10    12464    ----a-w-    c:\windows\system32\avgrsstx.dll
2009-11-25 16:10 . 2009-11-25 16:10    360584    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2009-11-25 16:10 . 2009-11-25 16:10    333192    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2009-11-25 16:10 . 2009-11-25 16:10    28424    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-11-25 16:10 . 2009-11-25 16:10    --------    d-----w-    c:\program files\AVG
2009-11-25 16:10 . 2009-11-25 16:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\avg9
2009-11-25 15:45 . 2009-11-25 15:42    --------    d-----w-    c:\program files\Lexmark 7600 Series
2009-11-25 15:44 . 2009-11-25 15:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\NOS
2009-11-25 15:44 . 2009-11-25 15:44    --------    d-----w-    c:\program files\Lexmark Tools for Office
2009-11-25 15:44 . 2009-11-25 15:44    --------    d-----w-    c:\program files\Lexmark Toolbar
2009-11-25 15:44 . 2009-11-25 15:44    --------    d-----w-    c:\program files\Lexmark Printable Web
2009-11-25 15:39 . 2009-11-25 15:39    --------    d-----w-    c:\program files\Microsoft Works
2009-11-25 15:39 . 2009-11-25 15:39    --------    d-----w-    c:\program files\MSBuild
2009-11-25 15:25 . 2009-11-25 15:25    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-11-25 15:25 . 2009-11-25 15:25    --------    d-----w-    c:\program files\Java
2009-11-25 15:24 . 2009-11-25 15:24    1962544    ----a-w-    c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-11-25 15:24 . 2009-11-25 15:24    152576    ----a-w-    c:\documents and settings\Jorgensen\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 15:22 . 2009-11-25 15:22    79488    ----a-w-    c:\documents and settings\Jorgensen\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-25 15:16 . 2009-11-25 15:16    --------    d-----w-    c:\program files\CONEXANT
2009-11-25 15:14 . 2009-11-25 15:14    --------    d-----w-    c:\program files\SigmaTel
2009-11-25 15:14 . 2009-11-25 15:06    --------    d--h--w-    c:\program files\InstallShield Installation Information
2009-11-25 15:13 . 2009-11-25 15:13    11973    ----a-w-    c:\windows\system32\nvModes.dat
2009-11-25 15:10 . 2009-11-25 15:10    --------    d-----w-    c:\documents and settings\NetworkService\Application Data\Intel
2009-11-25 15:10 . 2009-11-25 15:10    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Intel
2009-11-25 15:10 . 2009-11-25 15:10    --------    d-----w-    c:\documents and settings\Jorgensen\Application Data\Intel
2009-11-25 15:10 . 2009-11-25 15:10    --------    d-----w-    c:\documents and settings\Default User\Application Data\Intel
2009-11-25 15:10 . 2009-11-25 15:10    319488    ----a-w-    c:\windows\system32\AegisI5Installer.exe
2009-11-25 15:10 . 2009-11-25 15:10    21425    ----a-w-    c:\windows\system32\drivers\AegisP.sys
2009-11-25 15:10 . 2009-11-25 15:10    --------    d-----w-    c:\windows\system32\config\systemprofile\Application Data\Intel
2009-11-25 15:09 . 2009-11-25 15:09    --------    d-----w-    c:\documents and settings\All Users\Application Data\Intel
2009-11-25 15:09 . 2009-11-25 15:05    --------    d-----w-    c:\program files\Intel
2009-11-25 15:07 . 2009-11-25 15:07    --------    d-----w-    c:\program files\Broadcom
2009-11-25 15:06 . 2009-11-25 15:06    --------    d-----w-    c:\program files\DIFX
2009-11-25 15:06 . 2009-11-25 15:06    --------    d-----w-    c:\program files\Common Files\InstallShield
2009-11-25 15:03 . 2009-11-25 15:03    45056    ----a-r-    c:\documents and settings\Jorgensen\Application Data\Microsoft\Installer\{2764CA82-DFB9-4498-AF85-719340BF5305}\NewShortcut1_2764CA82DFB94498AF85719340BF5305.exe
2009-11-25 15:03 . 2009-11-25 15:03    10134    ----a-r-    c:\documents and settings\Jorgensen\Application Data\Microsoft\Installer\{2764CA82-DFB9-4498-AF85-719340BF5305}\ARPPRODUCTICON.exe
2009-11-25 15:03 . 2009-11-25 15:03    --------    d-----w-    c:\program files\Dell
2009-11-25 14:57 . 2009-11-25 14:57    --------    d-----w-    c:\program files\microsoft frontpage
2009-11-25 14:53 . 2009-11-25 14:53    21640    ----a-w-    c:\windows\system32\emptyregdb.dat
2009-10-29 07:45 . 2006-03-04 03:33    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 10:00    75776    ----a-w-    c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00    25088    ----a-w-    c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00    265728    ----a-w-    c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 10:00    270336    ----a-w-    c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 10:00    149504    ----a-w-    c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 10:00    79872    ----a-w-    c:\windows\system32\raschap.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"nwiz"="nwiz.exe" [2006-03-21 1519616]
"NVHotkey"="nvHotkey.dll" [2006-03-21 73728]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-25 149280]
"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2008-09-10 676520]
"EzPrint"="c:\program files\Lexmark 7600 Series\ezprint.exe" [2008-09-10 131752]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-25 16:10    12464    ----a-w-    c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08    935288    ----a-r-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08    35696    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxdwcoms.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/11/2009 17:10 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/11/2009 17:10 360584]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/08/2004 11:00 14336]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [25/11/2009 17:10 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [25/11/2009 17:10 285392]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [25/11/2009 16:45 98984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ      Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2102399
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jorgensen\Application Data\Mozilla\Firefox\Profiles\tlgejcn7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 21:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(528)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-01-09  21:41:49
ComboFix-quarantined-files.txt  2010-01-09 20:41

Pre-Run: 84.248.698.880 bytes free
Post-Run: 84.208.898.048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 82B29CED35641ED185E7E08F3F11D7DC
Avatar billede Computer Hjælp (Gratis) Mester
09. januar 2010 - 23:08 #11
(Så kan den ses *S*)
Avatar billede Computer Hjælp (Gratis) Mester
09. januar 2010 - 23:09 #12
(Stik mig også en log fra HiJackThis - for at komplete...)
Avatar billede Christian_Belgien Novice
10. januar 2010 - 07:45 #13
karise_larry, ja, men jeg syntes bare at den fyldte saa ekstremt meget.

Denne Combofix log er fra min egen laptop for at teste hvordan programmet virker.  Siden du ikke giver kommentarer gaar jeg ud fra at det er ok.  Du saa min HiJack for to dage siden. 

Problemet er komputerne i centeret i Antwerpen.  Da jeg koerte Malware forleden paa en af dem kunne jeg ikke loade HiJackThis.  Den har jeg nu paa en stik.  Jeg vil proeve igen tirsdag og vil saa aabne en ny traad med resultatet.  Denne traad er lang nok.  karise_larry og sullep, laeg svar, saa lukker jeg.
Avatar billede Computer Hjælp (Gratis) Mester
10. januar 2010 - 10:36 #14
Du har vist et (ikke nødvendigt) opstartet Winzip icon nederst højre. Det kan du fjerne; HøjreMusseTast på den - Remove...

Samt øverst i [Start] menuen...
Avatar billede Computer Hjælp (Gratis) Mester
10. januar 2010 - 10:36 #15
Ping...
(Det var et [svar]...)
Avatar billede Christian_Belgien Novice
11. januar 2010 - 10:48 #16
Jeg ville lige give sullep 24 timer til at komme med et svar.  Det skete ikke.  Sullep, hvis du kommer ind bagefter finder vi ud af at give points.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:46 fra 23h2 til 24h2 Af valby i Windows
I går 23:26 Skærm skriver aging... Af kurtba i Skærme
I går 18:41 facebook - redigere oplysninger om mig. Af nu_igen i Sociale medier
05/0915:22 googlesites Af Joergen Skaastrup i Andet software
04/0919:10 Samsung Galaxy A21s Af nu_igen i Mobiltelefoner
White papers
Flere white papers »


Premium
Teaser billede
Broadcoms gigantopkøb af VMware kan være tjent hjem om blot tre år – de eneste tabere er kunderne
Læs mere »
Teenagehackere lammer berømt britisk bilproducent: Fabrikker lukket og medarbejdere hjemsendt
De gyldne tider som it-konsulent er forbi: Noget er i gang med at ødelægge den guldrandede forretningsmodel
Særlig aftale udelukker alle andre: Får solo-kontrakt på levering af udstyr til dansk supercomputer for millioner
Se alle »
Computerworld
Teaser billede
Apple er vippet af tronen: Er ikke længere klodens førende smartwatch-producent
Læs mere »
Windows 11 gemmer på gratis adgang til ChatGPT’s premium-funktioner
Trump har indkaldt USA’s it-elite til fællesmøde: En mand mangler
Ugen i tech: Tesla klar med ny, stor performance-bil / Det her ligner kablet over dem alle
Se alle »
CIO
Teaser billede
Tryg skiller sig af med 225 it-medarbejdere: Outsourcer stor del af sin it-drift til indere
Læs mere »
De gyldne tider som it-konsulent er forbi: Noget er i gang med at ødelægge den guldrandede forretningsmodel
Stor kortlægning: Her er de 100 mest magtfulde it-personer i Danmark - se hele listen her
Novo Nordisks CIO og digitale topchef, Anders Romare, forlader selskabet
Se alle »
Job & Karriere
Teaser billede
Tryg skiller sig af med 225 it-medarbejdere: Outsourcer stor del af sin it-drift til indere
Læs mere »
Lille dansk it-virksomhed fra Vanløse lander drømmekontrakt, der rækker langt ind i stifterens pension
Her er fidusen: Sådan fastholder KMD og Twoday deres it-folk i lang tid
Medarbejderflugt? Disse danske it-selskaber har sværest ved at holde på deres it-folk
Se alle »
White paper
Teaser billede
Sådan sikrer du nem og beskyttet adgang til dine ressourcer
Læs mere »
Er I klar til at tage næste skridt på den digitale retailrejse?
Sikre og skalerbare datacentre med fokus på drift, energi og fremtid
Tidsbegrænset kampagne: Overvejer du at udskifte eller tilføje printere i din forretning? Vi kan tilbyde én eller flere maskiner gratis
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »