CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede ChefStyle Nybegynder
28. juli 2010 - 11:27 Der er 5 kommentarer og
1 løsning

Rootkit virus.... hjælp!!!

Min pc gik amok med malaware doctor advarsler igår aftes...
har kørt en malawarebytes, Combofix og hijackthis!
Håber der er nogen der vil kigge logen igennem og fortælle om jeg er blevet ren igen... eller hvad jeg skal gøre! Tak


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27-07-2010 21:58:53
mbam-log-2010-07-27 (21-58-53).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 173293
Tid gået: 48 minut(ter), 18 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 1
Registreringsdatabasenøgler Inficeret: 12
Registreringsdatabaseværdier Inficeret: 3
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 1
Inficerede Filer: 8

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
C:\WINDOWS\system32\enrwp.dll (Adware.EZlife) -> Delete on reboot.

Registreringsdatabasenøgler Inficeret:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c9a116b-5486-49d9-85c6-ed3b48ff11c5} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c9a116b-5486-49d9-85c6-ed3b48ff11c5} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5c9a116b-5486-49d9-85c6-ed3b48ff11c5} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c9a116b-5486-49d9-85c6-ed3b48ff11c5} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uxyycjpf (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uxyycjpf (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
C:\Documents and Settings\Nicklas Buus Nielsen\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\WINDOWS\system32\enrwp.dll (Adware.EZlife) -> Delete on reboot.
C:\Documents and Settings\Nicklas Buus Nielsen\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicklas Buus Nielsen\Menuen Start\Programmer\Start\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\neuygptck\vljnkudtssd.exe (Rogue.AntivirusSuite.Gen) -> Delete on reboot.
C:\Documents and Settings\Nicklas Buus Nielsen\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicklas Buus Nielsen\Skrivebord\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicklas Buus Nielsen\Menuen Start\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicklas Buus Nielsen\Lokale indstillinger\temp\xosmrcaewn.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

ComboFix 10-07-27.02 - Nicklas Buus Nielsen 28-07-2010  10:38:09.5.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.3062.2611 [GMT 2:00]
Kører fra: c:\documents and settings\Nicklas Buus Nielsen\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Nicklas Buus Nielsen\Skrivebord\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nicklas Buus Nielsen\Application Data\8E81E9B136C69AE32BA53BD9A0601058
c:\documents and settings\Nicklas Buus Nielsen\Application Data\8E81E9B136C69AE32BA53BD9A0601058\enemies-names.txt
c:\documents and settings\Nicklas Buus Nielsen\Application Data\8E81E9B136C69AE32BA53BD9A0601058\local.ini
c:\documents and settings\Nicklas Buus Nielsen\Application Data\8E81E9B136C69AE32BA53BD9A0601058\lsrslt.ini
c:\documents and settings\Nicklas Buus Nielsen\Application Data\8E81E9B136C69AE32BA53BD9A0601058\releaseversion70700.exe
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe

Inficeret kopi af c:\windows\system32\Drivers\avgtdix.sys blev fundet og desinficeret
Genskabt kopi fra - Kitty had a snack :p
.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-06-28 til 2010-07-28  )))))))))))))))))))))))))))))))))))
.

2010-07-28 08:35 . 2010-07-17 09:23    242896    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2010-07-28 08:23 . 2010-03-29 22:46    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 08:23 . 2010-07-28 08:23    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-07-28 08:23 . 2010-03-29 22:45    20824    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-07-27 20:01 . 2010-07-28 08:45    17408    ----a-w-    c:\windows\system32\rpcnetp.dll
2010-07-27 20:00 . 2010-07-28 08:44    17408    ----a-w-    c:\windows\system32\rpcnetp.exe
2010-07-27 17:40 . 2010-07-27 20:00    --------    d-----w-    c:\documents and settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\neuygptck
2010-07-17 09:22 . 2010-07-17 09:22    12536    ----a-w-    c:\windows\system32\avgrsstx.dll
2010-07-16 04:11 . 2010-07-16 04:11    246784    ----a-w-    c:\windows\system32\anrwp.dll
2010-07-14 10:45 . 2010-06-14 14:31    744448    -c----w-    c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 00:43 . 2010-07-14 00:43    40581    ----a-w-    c:\windows\system32\rnrwp.exe
2010-07-09 10:33 . 2010-07-09 10:33    89831    ----a-w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\Dropbox\bin\Uninstall.exe
2010-07-09 10:33 . 2010-07-28 08:51    --------    d-----w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\Dropbox
2010-07-02 09:29 . 2010-07-02 09:29    --------    d-----w-    c:\programmer\Fælles filer\Skype

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 17:28 . 2009-10-25 11:45    664    ----a-w-    c:\windows\system32\d3d9caps.dat
2010-07-27 17:26 . 2009-12-22 23:55    --------    d-----w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\vlc
2010-07-27 16:15 . 2010-04-03 06:19    44544    ----a-w-    c:\windows\system32\agremove.exe
2010-07-17 09:21 . 2009-10-21 23:54    216400    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2010-07-12 22:32 . 2010-02-20 16:58    --------    d-----w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\Skype
2010-07-11 21:23 . 2010-02-21 07:45    --------    d-----w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\skypePM
2010-06-24 19:51 . 2006-03-02 12:00    91038    ----a-w-    c:\windows\system32\perfc006.dat
2010-06-24 19:51 . 2006-03-02 12:00    479278    ----a-w-    c:\windows\system32\perfh006.dat
2010-06-14 14:31 . 2009-10-21 15:31    744448    ----a-w-    c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 12:39 . 2010-01-07 11:06    0    ----a-w-    c:\documents and settings\Nicklas Buus Nielsen\temp.dat
2010-06-09 08:06 . 2010-06-09 08:06    976832    ----a-w-    c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\27116\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06    70584    ----a-w-    c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\27116\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06    331176    ----a-w-    c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\27116\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06    331176    ----a-w-    c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\27116\AcrobatUpdater.exe
2010-06-08 20:52 . 2010-05-11 14:31    57344    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-08 20:52 . 2010-05-11 13:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\DivX
2010-06-08 15:26 . 2010-06-08 15:26    56765    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-08 15:26 . 2009-11-10 17:10    --------    d-----w-    c:\programmer\Fælles filer\DivX Shared
2010-06-08 15:26 . 2009-11-10 17:10    --------    d-----w-    c:\programmer\DivX
2010-06-08 15:26 . 2010-06-08 15:26    56997    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-08 15:26 . 2010-06-08 15:26    53600    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-08 15:26 . 2010-06-08 15:26    57715    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-08 15:25 . 2010-06-08 15:25    54153    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-08 15:25 . 2010-06-08 15:25    54128    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-08 15:25 . 2010-06-08 15:25    54644    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-08 15:25 . 2010-06-08 15:25    54101    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-08 15:24 . 2010-05-11 13:59    1062184    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-08 15:24 . 2010-05-11 13:59    895256    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-06 13:08 . 2009-11-21 09:56    --------    d-----w-    c:\programmer\Microsoft Silverlight
2010-06-03 06:19 . 2009-10-21 23:54    29584    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2010-05-30 18:45 . 2009-10-24 16:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-11 13:58 . 2010-05-11 13:58    84040    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-11 13:58 . 2010-05-11 13:58    57054    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-11 13:58 . 2010-05-11 13:58    54166    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-11 13:58 . 2010-05-11 13:58    57532    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-11 13:58 . 2010-05-11 13:58    56458    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-11 13:58 . 2010-05-11 13:58    54174    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-11 13:58 . 2010-05-11 13:58    57409    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-11 13:58 . 2010-05-11 13:58    52963    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-11 13:57 . 2010-05-11 13:57    54073    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-11 13:57 . 2010-05-11 13:57    56969    ----a-w-    c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-09 11:23 . 2006-03-02 12:00    578560    ----a-w-    c:\windows\system32\user32.dll
2010-05-06 10:34 . 2006-03-02 12:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2006-03-02 12:00    1851264    ----a-w-    c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-03 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\programmer\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"MChk"="c:\windows\system32\rnrwp.exe" [2010-07-14 40581]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Nicklas Buus Nielsen\Menuen Start\Programmer\Start\
Dropbox.lnk - c:\documents and settings\Nicklas Buus Nielsen\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-07-15 05:13    159744    ----a-w-    c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 09:22    12536    ----a-w-    c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2009-05-21 18:48    34080    ----a-w-    c:\programmer\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmer\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmer\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Nicklas Buus Nielsen\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22-10-2009 01:54 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28-07-2010 10:35 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmer\AVG\AVG9\avgemc.exe [17-07-2010 11:21 921952]
R2 avg9wd;AVG Free WatchDog;c:\programmer\AVG\AVG9\avgwdsvc.exe [17-07-2010 11:22 308136]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [15-07-2008 07:13 106496]
R2 FNF5SVC;Fn+F5 Service;c:\programmer\Lenovo\HOTKEY\FnF5svc.exe [24-10-2009 19:32 54560]
RUnknown rpcnetp;rpcnetp; [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [30-10-2006 10:57 37296]
S3 fs2_1394;fs2_1394;c:\windows\system32\drivers\fs2_1394.sys [18-11-2009 23:22 71936]
S3 fs2_avs;fs2_avs;c:\windows\system32\drivers\fs2_avs.sys [18-11-2009 23:22 24576]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [28-07-2010 10:23 38224]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [24-10-2009 18:23 40448]
.
Indhold af mappen 'Planlagte Opgaver'

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-152049171-682003330-1003Core.job
- c:\documents and settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-03-03 13:09]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-152049171-682003330-1003UA.job
- c:\documents and settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-03-03 13:09]
.
.
------- Yderligere scanning -------
.
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {12D945EB-C405-4BEC-8C45-AB38CFDF7511} = 208.67.222.222,208.67.220.220
TCP: {99279106-1236-4B5A-85E0-41E34D59AAEA} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Nicklas Buus Nielsen\Application Data\Mozilla\Firefox\Profiles\otb6zye7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Nicklas Buus Nielsen\Application Data\Mozilla\Firefox\Profiles\otb6zye7.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - component: c:\programmer\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\programmer\Mozilla Firefox\extensions\{e150c600-6124-04b3-bb61-c606946a0b32}\components\29212c19.dll
FF - plugin: c:\documents and settings\Nicklas Buus Nielsen\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmer\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmer\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{026ABD7C-59C4-4DE5-864E-9D7DF8BBC290} - (no file)
HKCU-Run-releaseversion70700.exe - c:\documents and settings\Nicklas Buus Nielsen\Application Data\8E81E9B136C69AE32BA53BD9A0601058\releaseversion70700.exe
HKLM-Run-sta - enrwp.dll
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-28 10:50
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\FpWinLogonNp.dll
c:\programmer\Lenovo Fingerprint Software\ATCSSINT.dll
c:\programmer\Lenovo Fingerprint Software\SharedResources.dll
c:\programmer\Lenovo Fingerprint Software\FPResource.dll
c:\programmer\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'explorer.exe'(3848)
c:\documents and settings\Nicklas Buus Nielsen\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Intel\Wireless\Bin\S24EvMon.exe
c:\programmer\AVG\AVG9\avgchsvx.exe
c:\programmer\AVG\AVG9\avgrsx.exe
c:\programmer\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\agrsmsvc.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Intel\Wireless\Bin\EvtEng.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Lenovo\PM Driver\PMSveH.exe
c:\programmer\AVG\AVG9\avgnsx.exe
c:\programmer\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\rpcnetp.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\AVG\AVG9\avgcsrvx.exe
c:\documents and settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
.
**************************************************************************
.
Gennemført tid: 2010-07-28  10:55:06 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-07-28 08:55
ComboFix2.txt  2010-05-09 17:00

Pre-Kørsel: 34.404.847.616 byte ledig
Post-Kørsel: 35.819.560.960 byte ledig

- - End Of File - - 275B9607A9B367DC97D60BBF92639D07

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:08, on 28-07-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\AVG\AVG9\avgchsvx.exe
C:\Programmer\AVG\AVG9\avgrsx.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\AVG\AVG9\avgwdsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Lenovo\PM Driver\PMSveH.exe
C:\Programmer\AVG\AVG9\avgnsx.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\rpcnetp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\Programmer\DivX\DivX Update\DivXUpdate.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Nicklas Buus Nielsen\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmer\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\rnrwp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Nicklas Buus Nielsen\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12D945EB-C405-4BEC-8C45-AB38CFDF7511}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{99279106-1236-4B5A-85E0-41E34D59AAEA}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{12D945EB-C405-4BEC-8C45-AB38CFDF7511}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: PMSveH - Lenovo - C:\Programmer\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 5799 bytes
Avatar billede Computer Hjælp (Gratis) Mester
28. juli 2010 - 13:36 #1
Principielt bør (skal) du opdatere MalwareBytes's database (fanen [Opdater] og en ny kørsel...

Jo - du ser ud til at have klaret det... denne gang *S* ...

---

Kan iøvrigt anbefale ->
http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/ (Specielt punktet [Register]...)
http://www.ccleaner.com/download/builds/downloading-slim
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.

http://www.alt-til-windows.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763

Med CCleaner - Værktøjer - Opstart - Her kan du disable/fjern følgende (i oprydnings øjemed!):

* [DivXUpdate]
* [msnmsgr] (Eller bruger du Messenger hele tiden ?)
* [Google Update]
* [Windows Search]

---

Afinstall
* Bonjour-tjeneste (Bonjour Service)
* Google Updater Service (gusvc)

---
Avatar billede ChefStyle Nybegynder
28. juli 2010 - 15:32 #2
Takker for hjælpen... den er opdateret nu og har kørt en scan som intet viser!  *S*
Avatar billede ChefStyle Nybegynder
28. juli 2010 - 15:33 #3
hov det er da ikke mig der skal have pointene! :-)
Avatar billede Computer Hjælp (Gratis) Mester
28. juli 2010 - 15:49 #4
Ping...

(DETTE er så et [svar]...)
Avatar billede sullep Nybegynder
29. juli 2010 - 11:27 #5
Hvis det var mig slettede jeg denne mappe
c:\documents and settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\neuygptck
Og denne fil.
c:\windows\system32\rnrwp.exe
Avatar billede ChefStyle Nybegynder
30. juli 2010 - 17:37 #6
Hvad er det for mappe og fil?
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
13 min siden pull request Af OBS i C#
I går 12:28 Send mail fra "Outlook New" via VBA i excel Af lonmat i Visual Basic
I går 11:00 DaVinci Resolve Af mort1 i Billedbehandling
I går 08:21 pc npa chater tv Af knuldefar1942 i Fri debat
28/0816:31 Genistallere office men koden melder registreret Af frem-ad i Andet software
White papers
Flere white papers »


Premium
Teaser billede
Regeringen har præsenteret sit udspil til finansloven: Her er de vigtigste digitale nedslagspunkter
Læs mere »
Novo Nordisks CIO og digitale topchef, Anders Romare, forlader selskabet
Snart vil Microsoft automatisk gemme dine Word-filer i clouden
Efter fire års arbejde mangler Skattemininisteriet stadig beredskabsplaner for reetablering af flere kritiske it-systemer
Se alle »
Computerworld
Teaser billede
Apple klar med nye AirPods Pro 3 om få måneder – fans raser over ny funktion
Læs mere »
For bare et år siden var det her en af årtiets mest banebrydende Windows-pc’er – men virkeligheden er en anden nu
Test: Elegant smart-ur proppet med fede funktioner og endda til en pris, der er til at betale
Apples store iPhone-event er lige om hjørnet: Helt ny type af iPhones er i spil
Se alle »
CIO
Teaser billede
Stor kortlægning: Her er de 100 mest magtfulde it-personer i Danmark - se hele listen her
Læs mere »
Novo Nordisks CIO og digitale topchef, Anders Romare, forlader selskabet
Her er Danmarks tre bedste CISO'er lige nu: De er med i opløbet om at blive Årets CISO 2025
Microsoft vil nappe kunder fra VMware med nyt gratis værktøj
Se alle »
Job & Karriere
Teaser billede
Lille dansk it-virksomhed fra Vanløse lander drømmekontrakt, der rækker langt ind i stifterens pension
Læs mere »
Her er fidusen: Sådan fastholder KMD og Twoday deres it-folk i lang tid
Medarbejderflugt? Disse danske it-selskaber har sværest ved at holde på deres it-folk
Næstkommanderende i DSV's kæmpe it-afdeling siger farvel og tak: Skifter til topstilling i dansk transport-kæmpe
Se alle »
White paper
Teaser billede
Revolutionér kundeoplevelsen med AI og automatisering
Læs mere »
Tidsbegrænset kampagne: Overvejer du at udskifte eller tilføje printere i din forretning? Vi kan tilbyde én eller flere maskiner gratis
Sådan får du succes med AI i hele organisationen
NIS2: Sådan styrker du både cybersikkerhed og compliance
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »