CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede askhoej Praktikant
01. april 2010 - 11:31 Der er 8 kommentarer

Hijackthis.log - hjælp til at fjerne malware

Hej

Min computer er blevet inficeret - her er hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:32, on 01-04-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Intel\AMT\LMS.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\Programmer\Symantec AntiVirus\SavRoam.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Fælles filer\Intel\Privacy Icon\UNS\UNS.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programmer\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\5051,34.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmer\Fælles filer\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Winamp\winampa.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\System32\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\larsen\Menuen Start\Programmer\Start\AutoLogin.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\PowerDes.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PereSvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\larsen\Skrivebord\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 217.145.57.60 owa2007.ensimunify.dk owa2007
O1 - Hosts: 217.145.57.60 ENSIMFEEXC2.ensim.local ENSIMFEEXC2
O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Programmer\VirtualCamera\VirtualCameraMenu.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmer\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Programmer\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe"
O4 - HKLM\..\Run: [TPHOTKEY] "C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe"
O4 - HKLM\..\Run: [TPFNF7] "C:\Programmer\Lenovo\NPDIRECT\TPFNF7SP.exe" /r
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [SynTPEnh] "C:\Programmer\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Programmer\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [ACTray] "C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe"
O4 - HKLM\..\Run: [ACWLIcon] "C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [picon] "C:\Programmer\Fælles filer\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] "C:\Programmer\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe"
O4 - HKLM\..\Run: [Message Center Plus] "C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe" /start
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmer\Fælles filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\larsen\LOKALE~1\Temp\Hrg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutoLogin.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O4 - Global Startup: Service Manager.lnk = C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Programmer\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Programmer\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236766023182
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = subdomain.local
O17 - HKLM\Software\..\Telephony: DomainName = subdomain.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = subdomain.local
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Programmer\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Programmer\Intel\AMT\LMS.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Programmer\lotus\notes\ntmulti.exe
O23 - Service: peresvc  Service (peresvc) - Neto systems - C:\WINDOWS\system32\PereSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Programmer\Lenovo\System Update\SUService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Programmer\Fælles filer\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 16418 bytes
Avatar billede f-arn Guru
01. april 2010 - 11:33 #1
Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe

Eller her ->
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Hurtig skan" under fanebladet "skanner"
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://download.bleepingcomputer.com/sUBs/dds.scr

eller her: http://www.forospyware.com/sUBs/dds

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet

NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.
Avatar billede f-arn Guru
01. april 2010 - 11:38 #2
du bør iøvrigt afinstallere Ask Toolbar - den har et noget tvivlsomt rygte.
Avatar billede askhoej Praktikant
01. april 2010 - 11:52 #3
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3940

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01-04-2010 11:50:14
mbam-log-2010-04-01 (11-50-14).txt

Skanningstype: Hurtig skanning
Objekter skannet: 154824
Tid gået: 3 minut(ter), 42 sekund(er)

Hukommelses Processorer Inficeret: 2
Hukommelses Moduler Inficeret: 1
Registreringsdatabase Nøgler Inficeret: 3
Registreringsdatabase Værdier Inficeret: 11
Registreringsdatabase Data Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 16

Hukommelses Processorer Inficeret:
C:\WINDOWS\system32\PowerDes.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Unloaded process successfully.

Hukommelses Moduler Inficeret:
C:\WINDOWS\system32\BtwSvc.dll (Backdoor.Bot) -> Delete on reboot.

Registreringsdatabase Nøgler Inficeret:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peresvc (Backdoor.Bot) -> Quarantined and deleted successfully.

Registreringsdatabase Værdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udpe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully.

Registreringsdatabase Data Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
C:\WINDOWS\system32\PowerDes.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BtwSvc.dll (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\larsen\Lokale indstillinger\Temp\Hrg.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opear.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ms.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\t1p0_275965678316.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\t1p0_509305660705.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\t1p0_786715871310.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\t1p0_91320145289.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\larsen\Lokale indstillinger\Temp\Hrf.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\t4m0_241293446108.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\t4m0_341682877307.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\t4m0_617698668969.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\t4m0_742558777248.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\t4m0_805225493272.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.



****************




DDS (Ver_10-03-17.01) - NTFSx86 
Run by larsen at 11:50:47,17 on 01-04-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.3066.1997 [GMT 2:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)  {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Intel\AMT\LMS.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\Programmer\Symantec AntiVirus\SavRoam.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Fælles filer\Intel\Privacy Icon\UNS\UNS.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programmer\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\5051,34.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmer\Fælles filer\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Winamp\winampa.exe
C:\WINDOWS\System32\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\larsen\Menuen Start\Programmer\Start\AutoLogin.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\larsen\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: VirtualCamera IEMenu Class: {0246a1a7-820a-469a-85a7-7b7f01eb808c} - c:\programmer\virtualcamera\VirtualCameraMenu.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\programmer\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\programmer\google\chrome frame\application\5.0.366.0\npchrome_frame.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [TVT Scheduler Proxy] "c:\programmer\fælles filer\lenovo\scheduler\scheduler_proxy.exe"
mRun: [TPHOTKEY] "c:\programmer\lenovo\hotkey\TPOSDSVC.exe"
mRun: [TPFNF7] "c:\programmer\lenovo\npdirect\TPFNF7SP.exe" /r
mRun: [TPKMAPHELPER] "c:\programmer\thinkpad\utilities\TpKmapAp.exe" -helper
mRun: [SynTPEnh] "c:\programmer\synaptics\syntp\SynTPEnh.exe"
mRun: [StartCCC] "c:\programmer\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [FingerPrintSoftware] "c:\programmer\lenovo fingerprint software\fpapp.exe" \s
mRun: [ACTray] "c:\programmer\thinkpad\connectutilities\ACTray.exe"
mRun: [ACWLIcon] "c:\programmer\thinkpad\connectutilities\ACWLIcon.exe"
mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ccApp] "c:\programmer\fælles filer\symantec shared\ccApp.exe"
mRun: [vptray] "c:\progra~1\symant~1\VPTray.exe"
mRun: [picon] "c:\programmer\fælles filer\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
mRun: [Corel File Shell Monitor] "c:\programmer\corel\corel paint shop pro photo x2\CorelIOMonitor.exe"
mRun: [Message Center Plus] "c:\programmer\lenovo\message center plus\MCPLaunch.exe" /start
mRun: [WinampAgent] c:\programmer\winamp\winampa.exe
mRun: [AdobeCS4ServiceManager] "c:\programmer\fælles filer\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [Easy Synchronization] c:\programmer\logitech\easy synchronization\LogitechEasySync.exe
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programmer\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Easy Synchronization] c:\programmer\logitech\easy synchronization\LogitechEasySync.exe --ports
mRunOnce: [Malwarebytes' Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\larsen\menuen start\programmer\start\AutoLogin.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\digita~1.lnk - c:\programmer\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\servic~1.lnk - c:\programmer\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\programmer\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236766023182
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\programmer\google\chrome frame\application\5.0.366.0\npchrome_frame.dll
Notify: ACNotify - ACNotify.dll
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: tpfnf2 - c:\programmer\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\programmer\lenovo\hotkey\tphklock.dll
SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\programmer\logitech\easy synchronization\shellexecutehook.dll
LSA: Notification Packages = scecli ACGina
Hosts: 217.145.57.60    owa2007.ensimunify.dk    owa2007
Hosts: 217.145.57.60    ENSIMFEEXC2.ensim.local    ENSIMFEEXC2
Hosts: 192.168.150.60    submain.subdomain.local

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\larsen\applic~1\mozilla\firefox\profiles\8whzd5iu.default\
FF - plugin: c:\documents and settings\larsen\application data\mozilla\firefox\profiles\8whzd5iu.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programmer\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmer\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\programmer\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\programmer\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\programmer\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-26 1676536]
R2 ccEvtMgr;Symantec Event Manager;c:\programmer\fælles filer\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\programmer\fælles filer\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-26 122880]
R2 SavRoam;SAVRoam;c:\programmer\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\programmer\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programmer\fælles filer\intel\privacy icon\uns\UNS.exe [2009-3-5 2058776]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-3-5 72448]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-3-5 482176]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-19 243856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmer\fælles filer\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-5 102448]
R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\drivers\lnvobus.sys [2009-3-5 302464]
R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\drivers\lnvocard.sys [2009-3-5 378496]
R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\lnvogps.sys [2009-3-5 72232]
R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\lnvomdfl.sys [2009-3-5 15104]
R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\drivers\lnvomdfl2.sys [2009-3-5 15104]
R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\lnvomdm.sys [2009-3-5 387072]
R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\drivers\lnvomdm2.sys [2009-3-5 431488]
R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\drivers\lnvond5.sys [2009-3-5 25984]
R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\drivers\lnvounic.sys [2009-3-5 402944]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-8 38224]
R3 NAVENG;NAVENG;c:\progra~1\fllesf~1\symant~1\virusd~1\20100323.002\naveng.sys [2010-3-24 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\fllesf~1\symant~1\virusd~1\20100323.002\navex15.sys [2010-3-24 1324720]
R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\lnvoscard.sys [2009-3-5 24232]
RUnknown BtwSvc;BtwSvc; [x]
S2 gupdate;Google Update Service (gupdate);c:\programmer\google\update\GoogleUpdate.exe [2009-11-14 135664]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-26 135168]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-10-26 143360]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [2009-7-5 323584]
S3 MsDepSvc;Web Deployment Agent Service;c:\programmer\iis\microsoft web deploy\MsDepSvc.exe [2009-4-8 42888]
S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\programmer\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmer\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
SUnknown peresvc;peresvc; [x]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-04-01 09:12:38    54016    ----a-w-    c:\windows\system32\drivers\jjbm.sys
2010-04-01 08:48:54    238920    ----a-w-    c:\windows\system32\5051,34.exe
2010-04-01 08:48:39    169814    ----a-w-    c:\windows\system32\2311,823.exe
2010-04-01 08:37:16    1024    ----a-w-    C:\.rnd
2010-04-01 07:56:16    0    d-----w-    c:\programmer\CCleaner
2010-04-01 07:38:21    238920    ----a-w-    c:\windows\system32\4506,144.exe
2010-04-01 07:38:13    45568    ----a-w-    c:\windows\system32\so.bin
2010-04-01 07:38:13    169814    ----a-w-    c:\windows\system32\5697,291.exe
2010-03-31 08:01:28    44544    ----a-w-    c:\windows\system32\t1p0_65479891803.b1k
2010-03-31 08:01:28    44544    ----a-w-    c:\windows\system32\t1p0_26250823392.b1k
2010-03-31 08:01:07    238920    ----a-w-    c:\windows\system32\8382,029.exe
2010-03-31 08:00:53    169675    ----a-w-    c:\windows\system32\7687,799.exe
2010-03-31 07:38:45    44544    ----a-w-    c:\windows\system32\t1p0_676260116864.b1k
2010-03-31 07:38:44    44544    ----a-w-    c:\windows\system32\t1p0_750301321112.b1k
2010-03-31 07:38:05    0    d-----w-    c:\windows\system32\GroupPolicy
2010-03-31 07:37:29    238920    ----a-w-    c:\windows\system32\4923,625.exe
2010-03-31 07:37:11    169675    ----a-w-    c:\windows\system32\2793,848.exe
2010-03-24 15:09:02    135168    ----a-w-    c:\temp\SubRMSPublic.dll
2010-03-23 19:14:43    122950154    ----a-w-    C:\3692 Skoda Yeti relancering DM.rar
2010-03-19 08:12:10    0    d-----w-    c:\temp\controls
2010-03-19 08:07:35    0    d-----w-    c:\temp\bin
2010-03-11 06:59:36    3583488    -c----w-    c:\windows\system32\dllcache\moviemk.exe
2010-03-05 18:37:56    317952    ------w-    c:\windows\system32\browserchoice.exe

==================== Find3M  ====================

2010-04-01 08:49:49    603600    ----a-w-    c:\windows\system32\perfh006.dat
2010-04-01 08:49:49    141294    ----a-w-    c:\windows\system32\perfc006.dat
2010-04-01 08:35:36    2855    ----a-w-    c:\windows\bthservsdp.dat
2010-03-29 13:24:58    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 13:24:46    20824    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-03-26 15:01:17    3452    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2009-05-01 08:06:23    88    --sh--r-    c:\windows\system32\3285DA34D6.sys
2009-07-02 22:23:16    88    --sh--r-    c:\windows\system32\ACD6D7E923.sys
2009-03-11 11:19:51    32768    --sha-w-    c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012009030220090309\index.dat
2009-03-11 11:19:51    32768    --sha-w-    c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012009031120090312\index.dat

============= FINISH: 11:51:29,50 ===============
Avatar billede f-arn Guru
01. april 2010 - 12:57 #4
Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Kopier det fremhævede ind i et notesblok-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

Killall::
Snapshot::
Driver::
peresvc

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede askhoej Praktikant
01. april 2010 - 15:28 #5
Jeg for følgende fejlbesked:

!! ALERT !! It is NOT SAFE to continue!

The contents of the ComboFix package has been compromised.
Please download a fresh copy from:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus 'Virut'
Avatar billede f-arn Guru
01. april 2010 - 16:24 #6
Jeg kan se en del "snavs", men jeg kan ikke lige se tegn på den slags.
Slet den combofix du har og gør dette:

Hent og gem Combofix på dit skrivebord som svchost.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Start svchost.exe og følg anvisningerne.

Vigtigt—> Deaktiver dit antivirusprogram da det kan forstyrrer combofix.

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede askhoej Praktikant
01. april 2010 - 16:39 #7
desværre, samme fejlbesked
Avatar billede f-arn Guru
01. april 2010 - 16:48 #8
Er det den PC du sidder ved nu, eller har du en anden?
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Google ser ud til at være malware, lyder advarsel på alle vore mobiler! Af vbr i Virus 9 30/10/202312:12 15/12/202310:17
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:32 Formler der blev væk Af Klaus W i Excel
I går 15:22 Hent array key Af nemlig i PHP
16/0523:46 Er det journalisten Ole Ryborg? Af ErikHg i Fri debat
16/0521:25 find bestemt indehold i et felt Af gylling i Access
16/0518:08 Firefox adresse fra Firefox ned på proceslinjen Af valby i Windows
White papers
Flere white papers »


Premium
Teaser billede
Her er de nye medlemmer af Statens It-råd: Skal vurdere it-projekter på over 15 millioner kroner
Læs mere »
Antallet af anmeldelser af ulovligt indhold på beskedtjenester stiger: Regeringen skubber ansvaret videre til EU og Belgien
Efter masser af kritik af store prisstigninger: VMware åbner for gratis licenser - ændrer i licens-strukturen
Seks store selskaber med på årets image-liste for første gang: Kæmper alle med lav kendskabsgrad
Se alle »
Computerworld
Teaser billede
Nyopdaget sårbarhed rammer næsten alle VPN'er: Gør dem usikre og nærmest ubrugelige
Læs mere »
Om under en uge går det løs: Pc’en bliver aldrig den samme igen
Guide: Sådan surfer du under hackernes radarer – via en VPN-forbindelse
Opdater din browser med det samme: Stor sårbarhed rammer Chrome og en række andre browsere
Se alle »
CIO
Teaser billede
Nu begynder den største GDPR-retssag mod dansk myndighed nogensinde: Står over for million-bøde
Læs mere »
Lukker it-systemerne ned i to uger på grund af implementering: Den bedste måde at sikre, at ingen data går tabt
Sådan har Coop sagt farvel til mainframen - sparer et to-cifret millionbeløb årligt på licenser
Hundredevis af selskaber klager over Microsofts licens-policy: Vi er låst fast og bundet
Se alle »
Job & Karriere
Teaser billede
Her er Danmarks fem bedste CIO’er lige nu: Se de fem nominerede til prisen som Årets CIO 2024
Læs mere »
Medarbejderne fik udleveret badetøfler ved indflytningen: Kom med inden for i IBM Danmarks nye topmoderne hovedkontor
Så meget tjener dine kollegaer: Her er alle data fra Computerworlds store it-lønstatistik for 2024
Får du den løn, du fortjener? Få overblikket over hvor meget dine kolleger tjener hver måned
Se alle »
White paper
Teaser billede
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Læs mere »
Cybersikkerhed: Skær antallet af alarmer ned fra tusindvis til blot en håndfuld
Opdag fordelene ved cloud-baseret backup og recovery
SASE: Træf det rette valg – første gang
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »