CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede johnstigers Seniormester
01. december 2011 - 16:31 Der er 5 kommentarer og
1 løsning

PUP.Casino

Har haft denne virus.
Vil gerne være sikker på der ikke er mere at komme efter, så her er logs fra Malwarebytes, Combofix og Hijackthis:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8285

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

01-12-2011 15:40:11
mbam-log-2011-12-01 (15-40-11).txt

Skanningstype: Hurtig skanning
Objekter skannet: 178989
Tid gået: 4 minut(ter), 4 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
c:\Users\John\downloads\setupcasino.exe_d48a9a.exe (PUP.Casino) -> Quarantined and deleted successfully.




ComboFix 11-12-01.01 - John 01-12-2011  16:10:21.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.45.1033.18.3583.2389 [GMT 1:00]
Kører fra: c:\users\John\Desktop\Scannings logs\ComboFix.exe
Kommandoer benyttet :: c:\users\John\Desktop\Scannings logs\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{67cdd5a0-c572-4d2c-a354-6492b51f4138}\setup.msi
c:\windows\IsUn0406.exe
c:\windows\system32\RT0DB03871.exe
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-11-01 til 2011-12-01  )))))))))))))))))))))))))))))))))))
.
.
2011-12-01 15:16 . 2011-12-01 15:19    --------    d-----w-    c:\users\John\AppData\Local\temp
2011-12-01 15:16 . 2011-12-01 15:16    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-12-01 14:51 . 2011-12-01 14:51    56200    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD0145D4-145D-410A-8352-2414DAA9B6CB}\offreg.dll
2011-12-01 14:44 . 2011-12-01 14:44    388096    ----a-r-    c:\users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-01 14:44 . 2011-12-01 14:44    --------    d-----w-    c:\program files\Hijack
2011-11-30 18:49 . 2011-11-30 18:49    --------    d-----w-    c:\program files\coverXP
2011-11-29 05:48 . 2011-10-07 03:48    6668624    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD0145D4-145D-410A-8352-2414DAA9B6CB}\mpengine.dll
2011-11-27 12:17 . 2011-11-27 12:17    --------    d-----w-    c:\users\John\AppData\Local\http___www.julien-manici
2011-11-22 17:40 . 2011-11-22 17:51    --------    d-----w-    c:\users\John\.android
2011-11-22 16:37 . 2011-11-22 16:37    --------    d-----w-    c:\program files\Android
2011-11-22 16:37 . 2011-11-22 16:37    --------    d-----w-    c:\program files\Common Files\Java
2011-11-21 18:38 . 2011-12-01 14:51    --------    d-----w-    c:\users\John\AppData\Roaming\Skype
2011-11-21 18:38 . 2011-11-21 18:38    --------    d-----r-    c:\program files\Skype
2011-11-21 18:38 . 2011-11-21 18:38    --------    d-----w-    c:\programdata\Skype
2011-11-21 16:09 . 2011-11-21 16:09    --------    d-----w-    c:\users\John\AppData\Roaming\GetRightToGo
2011-11-19 15:22 . 2011-11-19 15:23    --------    d-----w-    c:\users\John\.gimp-2.6
2011-11-19 13:35 . 2008-08-26 09:26    18816    ----a-w-    c:\windows\system32\drivers\pccsmcfd.sys
2011-11-19 13:35 . 2011-11-19 13:35    --------    d-----w-    c:\program files\PC Connectivity Solution
2011-11-17 14:45 . 2010-06-02 03:55    74072    ----a-w-    c:\windows\system32\XAPOFX1_5.dll
2011-11-17 14:45 . 2010-06-02 03:55    527192    ----a-w-    c:\windows\system32\XAudio2_7.dll
2011-11-17 14:45 . 2010-06-02 03:55    239960    ----a-w-    c:\windows\system32\xactengine3_7.dll
2011-11-17 14:45 . 2010-05-26 10:41    470880    ----a-w-    c:\windows\system32\d3dx10_43.dll
2011-11-17 14:45 . 2010-05-26 10:41    248672    ----a-w-    c:\windows\system32\d3dx11_43.dll
2011-11-17 14:45 . 2010-05-26 10:41    2106216    ----a-w-    c:\windows\system32\D3DCompiler_43.dll
2011-11-17 14:45 . 2010-05-26 10:41    1998168    ----a-w-    c:\windows\system32\D3DX9_43.dll
2011-11-17 14:45 . 2010-05-26 10:41    1868128    ----a-w-    c:\windows\system32\d3dcsx_43.dll
2011-11-17 14:45 . 2010-02-04 09:01    74072    ----a-w-    c:\windows\system32\XAPOFX1_4.dll
2011-11-17 14:45 . 2010-02-04 09:01    528216    ----a-w-    c:\windows\system32\XAudio2_6.dll
2011-11-17 14:45 . 2010-02-04 09:01    238936    ----a-w-    c:\windows\system32\xactengine3_6.dll
2011-11-17 14:45 . 2010-02-04 09:01    22360    ----a-w-    c:\windows\system32\X3DAudio1_7.dll
2011-11-15 08:09 . 2011-11-15 08:09    --------    d-----w-    c:\program files\SlimDrivers
2011-11-12 20:25 . 2011-11-22 20:09    --------    d-----w-    c:\program files\MSECACHE
2011-11-12 19:22 . 2011-11-12 19:23    --------    d-----w-    c:\users\John\AppData\Roaming\.minecraft
2011-11-11 17:37 . 2011-11-11 17:41    --------    d-----w-    C:\Casino
2011-11-10 08:41 . 2011-11-10 08:41    --------    d-----w-    c:\programdata\Uniblue
2011-11-10 08:36 . 2011-11-11 05:31    --------    d-----w-    c:\users\John\AppData\Local\OpenCandy
2011-11-10 08:36 . 2011-11-10 08:36    --------    d-----w-    c:\users\John\AppData\Roaming\OpenCandy
2011-11-10 08:36 . 2011-11-29 05:43    --------    d-----w-    c:\program files\CDBurnerXP
2011-11-09 05:35 . 2011-09-29 15:43    1285488    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2011-11-09 05:35 . 2011-10-01 04:43    708608    ----a-w-    c:\program files\Common Files\System\wab32.dll
2011-11-09 05:35 . 2011-09-29 04:20    2339840    ----a-w-    c:\windows\system32\win32k.sys
2011-11-08 20:37 . 2011-11-08 20:37    --------    d-----w-    c:\program files\Wimp
2011-11-06 21:10 . 2011-11-23 05:51    --------    d-----w-    c:\users\UpdatusUser
2011-11-06 21:10 . 2011-12-01 15:18    --------    d-----w-    c:\programdata\NVIDIA
2011-11-06 21:09 . 2011-10-15 08:53    6350144    ----a-w-    c:\windows\system32\nvcpl.dll
2011-11-06 21:09 . 2011-10-15 08:53    3840320    ----a-w-    c:\windows\system32\nvsvc.dll
2011-11-06 21:09 . 2011-10-15 08:53    3074368    ----a-w-    c:\windows\system32\nvsvcr.dll
2011-11-06 21:09 . 2011-10-15 08:53    203072    ----a-w-    c:\windows\system32\nvmctray.dll
2011-11-06 21:09 . 2011-10-15 08:53    123712    ----a-w-    c:\windows\system32\nvshext.dll
2011-11-06 21:09 . 2011-10-15 08:53    1136448    ----a-w-    c:\windows\system32\nvvsvc.exe
2011-11-06 21:09 . 2011-10-15 08:53    602432    ----a-w-    c:\windows\system32\easyupdatusapiu.dll
2011-11-06 21:09 . 2011-11-06 21:09    --------    d-----w-    c:\programdata\NVIDIA Corporation
2011-11-06 21:04 . 2011-10-15 08:53    919872    ----a-w-    c:\windows\system32\nvdispco32.dll
2011-11-06 21:04 . 2011-10-15 08:53    877376    ----a-w-    c:\windows\system32\nvgenco32.dll
2011-11-06 21:04 . 2011-10-15 08:53    7041856    ----a-w-    c:\windows\system32\nvwgf2um.dll
2011-11-06 21:04 . 2011-10-15 08:53    61248    ----a-w-    c:\windows\system32\OpenCL.dll
2011-11-06 21:04 . 2011-10-15 08:53    5578560    ----a-w-    c:\windows\system32\nvcuda.dll
2011-11-06 21:04 . 2011-10-15 08:53    2458432    ----a-w-    c:\windows\system32\nvapi.dll
2011-11-06 21:04 . 2011-10-15 08:53    2401088    ----a-w-    c:\windows\system32\nvcuvid.dll
2011-11-06 21:04 . 2011-10-15 08:53    2099520    ----a-w-    c:\windows\system32\nvcuvenc.dll
2011-11-06 21:04 . 2011-10-15 08:53    18871616    ----a-w-    c:\windows\system32\nvoglv32.dll
2011-11-06 21:04 . 2011-10-15 08:53    17248576    ----a-w-    c:\windows\system32\nvcompiler.dll
2011-11-06 21:04 . 2011-10-15 08:53    13205312    ----a-w-    c:\windows\system32\nvd3dum.dll
2011-11-06 21:04 . 2011-10-15 08:53    10327360    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-22 16:36 . 2011-07-13 18:54    544656    ----a-w-    c:\windows\system32\deployJava1.dll
2011-11-16 05:47 . 2011-07-13 18:46    414368    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 08:09 . 2011-07-13 19:33    12984    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2011-10-28 15:30 . 2011-10-28 15:30    48648    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-10-28 15:30 . 2011-10-28 15:30    335168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-24 13:29 . 2011-10-24 13:29    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2011-10-14 23:54 . 2011-10-14 23:54    321856    ----a-w-    c:\windows\system32\nvStreaming.exe
2011-10-03 15:25 . 2011-08-25 15:34    138056    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2011-10-03 15:25 . 2011-08-25 15:34    138056    ----a-w-    c:\users\John\AppData\Roaming\PnkBstrK.sys
2011-10-03 15:25 . 2011-08-25 15:34    189248    ----a-w-    c:\windows\system32\PnkBstrB.exe
2011-10-03 15:25 . 2011-08-25 15:34    189248    ----a-w-    c:\windows\system32\PnkBstrB.ex0
2011-10-03 15:25 . 2011-08-25 15:34    75136    ----a-w-    c:\windows\system32\PnkBstrA.exe
2011-09-21 14:00 . 2011-09-21 14:00    234768    ----a-w-    c:\windows\system32\PnkBstrB.xtr
2011-09-19 04:25 . 2010-06-24 09:33    18328    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-06 20:45 . 2011-07-13 18:34    41184    ----a-w-    c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-02-26 20:55    199304    ----a-w-    c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-07-13 18:34    442200    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-02-26 20:55    320856    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-02-26 20:55    34392    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-02-26 20:55    52568    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-02-26 20:55    54616    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2010-02-26 20:55    20568    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2011-11-09 18:24 . 2011-07-27 14:42    134104    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45    122512    ----a-w-    c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLAN Optimizer"="d:\backup\xxx\WLAN Optimizer.exe" [2009-08-07 109056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Steam"="c:\program files\Valve\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tarantula"="c:\program files\Razer\Tarantula\razerhid.exe" [2006-09-30 176128]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 10029672]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-12-23 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMCWUSB-G 802.11g Wireless USB Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SMCWUSB-G 802.11g Wireless USB Utility.lnk
backup=c:\windows\pss\SMCWUSB-G 802.11g Wireless USB Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-09-12 15:31    357384    ----a-w-    c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59    937920    ----a-r-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58    37296    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22    59240    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54    91520    ----a-w-    c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-23 17:15    135664    ----atw-    c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 12:25    2363392    ----a-w-    c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-09-12 15:30    5048488    ----a-w-    c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Tjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 136176]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [2007-07-05 873472]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\DRIVERS\SMCWGU.sys [2005-12-16 408064]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-11-15 12984]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-13 1343400]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2009-12-25 902432]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-12-25 2326920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-12-25 159168]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-02-08 9856]
S3 JMCF;JMCF;c:\windows\system32\DRIVERS\jmcf.sys [2000-01-01 68720]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2010-07-27 945504]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 340072]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-09-30 10240]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32    8192    ----a-w-    c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 15:35]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 15:35]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119583570-140365876-1373665399-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 17:15]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119583570-140365876-1373665399-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 17:15]
.
.
------- Yderligere scanning -------
.
uStart Page = about:Tabs
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\John\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\John\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: S&end til OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: danid.dk
Trusted Zone: danid.dk
TCP: DhcpNameServer = 212.10.10.4 212.10.10.5
TCP: Interfaces\{B7909C52-1F60-43EA-AE82-34DC488EC4F7}: NameServer = 194.239.134.83,193.162.153.164
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f27g21nf.default\
.
- - - - TOMME GENVEJE FJERNET - - - -
.
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
AddRemove-648 opskrifter fra Karolines Køkken - c:\windows\IsUn0406.exe
.
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\S-1-5-21-1119583570-140365876-1373665399-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b3,ab,03,67,ae,e4,91,76,88,22,7b,bc,41,ef,27,8f,f1,0e,d9,81,f9,22,02,
  0c,9e,36,1f,29,cc,fc,a8,70,90,17,4e,9e,f2,32,e5,ff,da,24,a7,67,71,87,e8,88,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Razer\DeathAdder\razertra.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\program files\Razer\DeathAdder\vdDaemon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2011-12-01  16:25:32 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2011-12-01 15:25
.
Pre-Kørsel: 561.878.233.088 byte ledig
Post-Kørsel: 561.451.331.584 byte ledig
.
- - End Of File - - 6D562075FC58A10769E901B0433D0314





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:30, on 01-12-2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Razer\Tarantula\razerhid.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Backup\xxx\WLAN Optimizer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Razer\DeathAdder\vdDaemon.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WLAN Optimizer] D:\Backup\xxx\WLAN Optimizer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-21-1119583570-140365876-1373665399-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1119583570-140365876-1373665399-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\John\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\John\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: S&end til OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O15 - Trusted IP range: http://192.168.2.1
O15 - ESC Trusted IP range: http://192.168.2.1
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7909C52-1F60-43EA-AE82-34DC488EC4F7}: NameServer = 194.239.134.83,193.162.153.164
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Tjeneste (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 7785 bytes
Avatar billede johnstigers Seniormester
01. december 2011 - 16:33 #1
Før scanning, blev der kørt Ccleaner.
Avatar billede johnstigers Seniormester
01. december 2011 - 18:35 #2
Går ud fra den er ren!
Avatar billede Computer Hjælp (Gratis) Mester
02. december 2011 - 07:10 #3
[WLAN Optimizer] D:\Backup\xxx\WLAN Optimizer.exe
Kører fra din D backup ???

Bruger du [Nero BackItUp] ?
Avatar billede johnstigers Seniormester
02. december 2011 - 10:08 #4
Karise, det er blot der programmet ligger og det jeg har valgt at kalde drev D.
Mit backup drev er E, er eksternt og sjældent tændt :)
Avatar billede johnstigers Seniormester
02. december 2011 - 10:09 #5
Nope, bruger ikke Nero overhovedet. Det er alt for langsomt og besværligt.
Avatar billede Computer Hjælp (Gratis) Mester
02. december 2011 - 13:22 #6
Så afinstall  [Nero BackItUp]  ...

Så er den væk fra "Services" ...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 21:30 Kan man det Af viborg2000 i Excel
I går 18:40 Pc vil ikke vågne efter Slumre Af frem-ad i PC
I går 01:27 Fejl ved betaling på website Af TTA i Browsere
19/0816:24 win. 11 - ingen lyd i højttaler... Af bsn i Windows
19/0813:27 redigere i pdf fil Af lurup i Office & Kontorpakker
White papers
Flere white papers »


Premium
Teaser billede
Kendt dansk proteinpulver-producent ramt af hackerangreb: Har haft adgang til it-system
Læs mere »
Sidder tungt på alle rettigheder: Energinet nødt til at betale millioner til Microsoft for support i et år
Microsoft Danmark rokerer rundt i ledelsen og indsætter ny COO: Her er den nye direktion
ERP-kæmpe ramt af stort databrud: Er faldet i samme fælde som Pandora og Google
Se alle »
Computerworld
Teaser billede
Guldager: På europæisk sommerferie i elbilen - med apps fra helvede
Læs mere »
Test: Den britiske sportsvogn er genfødt som åben elbil – og den lever faktisk op til sin arv
Microsofts seneste opdatering driller: Drev på drev står af
Microsoft trodser sine egne systemkrav: Windows 10-brugere tilbydes uventet Windows 11-opgradering
Se alle »
CIO
Teaser billede
Han styrer sikkerheden for mere end 10.000 ansatte: En særlig gimmick har vist sig at have stor effekt
Læs mere »
160 statsansatte danske it-folk får med storaftale ny arbejdsgiver: Flyttes om få måneder
I næste måned træder ny stor datalov i kraft: Danske virksomheder skal være klar
Dansk kommune dropper tech-giganter og udvikler i stedet sin egen AI-assistent til 28.000 ansatte
Se alle »
Job & Karriere
Teaser billede
Lille dansk it-virksomhed fra Vanløse lander drømmekontrakt, der rækker langt ind i stifterens pension
Læs mere »
Her er fidusen: Sådan fastholder KMD og Twoday deres it-folk i lang tid
Medarbejderflugt? Disse danske it-selskaber har sværest ved at holde på deres it-folk
Næstkommanderende i DSV's kæmpe it-afdeling siger farvel og tak: Skifter til topstilling i dansk transport-kæmpe
Se alle »
White paper
Teaser billede
Cybersikkerhed 2025: Er din branche blandt de mest udsatte?
Læs mere »
Specialister med særlige evner: Din skjulte konkurrencefordel
Udnyt Genesys Cloud CX optimalt og styrk kundeoplevelsen
NIS2: Sådan styrker du både cybersikkerhed og compliance
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »