Spywarefri Forum | Security tool

Security tool

[ Ignorer ] Jleth
13.03.2010 12:22:37 Antal indlæg: 6	Jeg har desværre fået møgprogrammet Security Tool på min bærbare HP. Troede først jeg var sluppet af med det igen, hvorfor jeg lukkede computeren helt normalt. Da jeg startede den op igen her til morgen var programmet stadig på maskinen. Nedlukningen har gjort at jeg ikke kan få adgang til skrivebordet, køre de forskellige programmer der kan hjælpe mig osv. Jeg genstartede maskinen - startede op i fejlsikret tilstand og gendannede systemindstillinger til før programmet kom på maskinen. P.t. virker maskinen fint - jeg har dog ikke haft den lukket ned. Mit spørgsmål er nu - er jeg sluppet af med Security Tool - eller vil det dukke op næste jeg computeren starter op, eller evt. senere ? / Leth
[ Ignorer ] [ # 1 ] f-arn TeamSpywarefri
13.03.2010 12:29:39 Administrator Team Spywarefri Antal indlæg: 3474	Hej Hent og kør rkill: Prøv dem en af gangen, til Malwarebytes virker Rkill.exe - http://download.bleepingcomputer.com/grinler/rkill.exe Rkill.com - http://download.bleepingcomputer.com/grinler/rkill.com Rkill.scr - http://download.bleepingcomputer.com/grinler/rkill.scr Rkill.pif - http://download.bleepingcomputer.com/grinler/rkill.pif ——— Hent “Malwarebytes’ Anti-Malware” her: http://www.besttechie.net/tools/mbam-setup.exe Eller her -> http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968 Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav “Fuld system skan” under fanebladet “skanner” Bagefter klik på “vis resultater”, tryk på “Fjern det valgte” gem loggen og send den herind sammen med en log fra DDS som du finder her: http://download.bleepingcomputer.com/sUBs/dds.scr Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt herind. OBS - DDS skal gemmes på computeren og ikke køres fra nettet NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 2 ] Jleth
13.03.2010 14:09:16 Antal indlæg: 6	Havde allerede Malwarebytes installeret - kunne blot ikke få adgang til programmet, før jeg genstartede i fejlsikret tilstand…. Her logfilerne: Attach: ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Reader 7.0.5 - Dansk Adobe Shockwave Player 11.5 Agere Systems HDA Modem Application Installer 4.00.B5 Audacity 1.3.7 avast! Free Antivirus Bet Angel - Basic CCleaner Compatibility Pack for the 2007 Office system Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB976002-v5) Hotfix til Windows Media Player 11 (KB939683) Hotfix til Windows XP (KB952287) Hotfix til Windows XP (KB961118) Hotfix til Windows XP (KB970653-v3) Hotfix til Windows XP (KB976098-v2) Hotfix til Windows XP (KB979306) HP Backup and Recovery Manager Installation HP BIOS Configuration for ProtectTools 2.00 E1 HP Credential Manager for ProtectTools HP Help and Support HP Integrated Module with Bluetooth wireless technology HP Notebook Accessories Product Tour HP ProtectTools Security Manager 2.00 C3 HP Quick Launch Buttons 6.00 H1 HP Software Update HP User Guides 0015 HP Wireless Assistant 2.00 E1 HpSdpAppCoreApp Intel(R) Graphics Media Accelerator Driver InterVideo DVD Check InterVideo WinDVD J2SE Runtime Environment 5.0 Update 6 Java(TM) 6 Update 17 Kompatibilitetspakke til Office 2007-systemet LightScribe 1.4.105.1 Malwarebytes’ Anti-Malware Match Statistics 5.0.3 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Danish Language Pack Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 OGA Notifier 2.0.0048.0 Opdatering til Windows Internet Explorer 7 (KB976749) Opdatering til Windows Internet Explorer 8 (KB976662) Opdatering til Windows Internet Explorer 8 (KB978506) Opdatering til Windows XP (KB951072-v2) Opdatering til Windows XP (KB951978) Opdatering til Windows XP (KB955759) Opdatering til Windows XP (KB955839) Opdatering til Windows XP (KB967715) Opdatering til Windows XP (KB968389) Opdatering til Windows XP (KB971737) Opdatering til Windows XP (KB973687) Opdatering til Windows XP (KB973815) Security Update for CAPICOM (KB931906) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127-v2) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB963027) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB969897) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB972260) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB974455) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB976325) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB978207) Sikkerhedsopdatering til Windows Internet Explorer 8 (KB971961) Sikkerhedsopdatering til Windows Internet Explorer 8 (KB976325) Sikkerhedsopdatering til Windows Internet Explorer 8 (KB978207) Sikkerhedsopdatering til Windows Media Player (KB911564) Sikkerhedsopdatering til Windows Media Player (KB952069) Sikkerhedsopdatering til Windows Media Player (KB954155) Sikkerhedsopdatering til Windows Media Player (KB968816) Sikkerhedsopdatering til Windows Media Player (KB973540) Sikkerhedsopdatering til Windows Media Player 10 (KB936782) Sikkerhedsopdatering til Windows Media Player 11 (KB936782) Sikkerhedsopdatering til Windows Media Player 11 (KB954154) Sikkerhedsopdatering til Windows Media Player 9 (KB911565) Sikkerhedsopdatering til Windows XP (KB923561) Sikkerhedsopdatering til Windows XP (KB923689) Sikkerhedsopdatering til Windows XP (KB923789) Sikkerhedsopdatering til Windows XP (KB938464-v2) Sikkerhedsopdatering til Windows XP (KB938464) Sikkerhedsopdatering til Windows XP (KB941569) Sikkerhedsopdatering til Windows XP (KB946648) Sikkerhedsopdatering til Windows XP (KB950762) Sikkerhedsopdatering til Windows XP (KB950974) Sikkerhedsopdatering til Windows XP (KB951066) Sikkerhedsopdatering til Windows XP (KB951376-v2) Sikkerhedsopdatering til Windows XP (KB951698) Sikkerhedsopdatering til Windows XP (KB951748) Sikkerhedsopdatering til Windows XP (KB952004) Sikkerhedsopdatering til Windows XP (KB952954) Sikkerhedsopdatering til Windows XP (KB953838) Sikkerhedsopdatering til Windows XP (KB953839) Sikkerhedsopdatering til Windows XP (KB954211) Sikkerhedsopdatering til Windows XP (KB954459) Sikkerhedsopdatering til Windows XP (KB954600) Sikkerhedsopdatering til Windows XP (KB955069) Sikkerhedsopdatering til Windows XP (KB956391) Sikkerhedsopdatering til Windows XP (KB956572) Sikkerhedsopdatering til Windows XP (KB956744) Sikkerhedsopdatering til Windows XP (KB956802) Sikkerhedsopdatering til Windows XP (KB956803) Sikkerhedsopdatering til Windows XP (KB956841) Sikkerhedsopdatering til Windows XP (KB956844) Sikkerhedsopdatering til Windows XP (KB957095) Sikkerhedsopdatering til Windows XP (KB957097) Sikkerhedsopdatering til Windows XP (KB958644) Sikkerhedsopdatering til Windows XP (KB958687) Sikkerhedsopdatering til Windows XP (KB958690) Sikkerhedsopdatering til Windows XP (KB958869) Sikkerhedsopdatering til Windows XP (KB959426) Sikkerhedsopdatering til Windows XP (KB960225) Sikkerhedsopdatering til Windows XP (KB960715) Sikkerhedsopdatering til Windows XP (KB960803) Sikkerhedsopdatering til Windows XP (KB960859) Sikkerhedsopdatering til Windows XP (KB961371) Sikkerhedsopdatering til Windows XP (KB961373) Sikkerhedsopdatering til Windows XP (KB961501) Sikkerhedsopdatering til Windows XP (KB968537) Sikkerhedsopdatering til Windows XP (KB969059) Sikkerhedsopdatering til Windows XP (KB969947) Sikkerhedsopdatering til Windows XP (KB970238) Sikkerhedsopdatering til Windows XP (KB970430) Sikkerhedsopdatering til Windows XP (KB971468) Sikkerhedsopdatering til Windows XP (KB971486) Sikkerhedsopdatering til Windows XP (KB971557) Sikkerhedsopdatering til Windows XP (KB971633) Sikkerhedsopdatering til Windows XP (KB971657) Sikkerhedsopdatering til Windows XP (KB971961) Sikkerhedsopdatering til Windows XP (KB972270) Sikkerhedsopdatering til Windows XP (KB973346) Sikkerhedsopdatering til Windows XP (KB973354) Sikkerhedsopdatering til Windows XP (KB973507) Sikkerhedsopdatering til Windows XP (KB973525) Sikkerhedsopdatering til Windows XP (KB973869) Sikkerhedsopdatering til Windows XP (KB973904) Sikkerhedsopdatering til Windows XP (KB974112) Sikkerhedsopdatering til Windows XP (KB974318) Sikkerhedsopdatering til Windows XP (KB974392) Sikkerhedsopdatering til Windows XP (KB974571) Sikkerhedsopdatering til Windows XP (KB975025) Sikkerhedsopdatering til Windows XP (KB975467) Sikkerhedsopdatering til Windows XP (KB975560) Sikkerhedsopdatering til Windows XP (KB975713) Sikkerhedsopdatering til Windows XP (KB977165) Sikkerhedsopdatering til Windows XP (KB977914) Sikkerhedsopdatering til Windows XP (KB978037) Sikkerhedsopdatering til Windows XP (KB978251) Sikkerhedsopdatering til Windows XP (KB978262) Sikkerhedsopdatering til Windows XP (KB978706) Sonic Audio Module Sonic Copy Module Sonic Data Module Sonic DLA Sonic Express Labeler Sonic MyDVD Plus Sonic Update Manager SopCast 3.2.4 SoundMAX Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI Trend Micro OfficeScan Client Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Veetle TV 0.9.16 Vigtig opdatering til Windows Media Player 11 (KB959772) WebFldrs XP Windows Defender Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 ==== End Of File =========================== DDS: DDS (Ver_09-12-01.01) - NTFSx86 Run by Administrator at 12:58:11,10 on 13-03-2010 Internet Explorer: 8.0.6001.18702 ============== Running Processes =============== C:\Programmer\Windows Defender\MsMpEng.exe C:\Programmer\HPQ\IAM\bin\asghost.exe C:\WINDOWS\system32\DllHost.exe C:\Programmer\Analog Devices\Core\smax4pnp.exe C:\Programmer\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programmer\Windows Defender\MSASCui.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programmer\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programmer\Internet Explorer\iexplore.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\msdtc.exe C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe C:\Programmer\Java\jre6\bin\jqs.exe C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\system32\mqsvc.exe C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programmer\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\TEMP\UF637D.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programmer\Windows Media Player\WMPNetwk.exe C:\WINDOWS\System32\alg.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Programmer\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Programmer\Alwil Software\Avast5\AvastSvc.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Programmer\Microsoft Office\OFFICE11\EXCEL.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programmer\Virusprogrammer mv\DDS\dds.scr C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k Cognizance C:\WINDOWS\System32\svchost.exe -k HTTPFilter ============== Pseudo HJT Report =============== uStart Page = hxxp://signon.stofanet.dk/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll BHO: HP Credential Manager for ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\programmer\hpq\iam\bin\ItIeAddIN.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File uRun: [swg] “c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe” uRun: [WMPNSCFG] c:\programmer\windows media player\WMPNSCFG.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [SoundMAXPnP] c:\programmer\analog devices\core\smax4pnp.exe mRun: [SunJavaUpdateSched] “c:\programmer\java\jre6\bin\jusched.exe” mRun: [HP Software Update] c:\programmer\hp\hp software update\HPWuSchd2.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [hpWirelessAssistant] c:\programmer\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [CognizanceTS] rundll32.exe c:\progra~1\hpq\iam\bin\AsTsVcc.dll,RegisterModule mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\programmer\hpq\default settings\cpqset.exe mRun: [Recguard] c:\windows\sminst\Recguard.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [Scheduler] c:\windows\sminst\Scheduler.exe mRun: [WatchDog] c:\programmer\intervideo\dvd check\DVDCheck.exe mRun: [OfficeScanNT Monitor] “c:\programmer\trend micro\officescan client\pccntmon.exe” -HideWindow mRun: [Windows Defender] “c:\programmer\windows defender\MSASCui.exe” -hide mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [Malwarebytes Anti-Malware (reboot)] “c:\programmer\virusprogrammer mv\malwarebyte - anti malware\malwarebytes’ anti-malware\mbam.exe” /runcleanupscript dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&ksporter; til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki ... - c:\programmer\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Send til &Bluetooth; - c:\programmer\widcomm\bluetooth-software\btsendto_ie_ctx.htm IE: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - c:\casino\bwin\cd poker\cdpoker\casino.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.djs-netbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {C8C1066B-FE9E-4B1B-9951-1BBC5EE03E38} - hxxps://www2.web-direct.dk/WDX.CAB DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab Notify: igfxcui - igfxdev.dll Notify: OneCard - c:\programmer\hpq\iam\bin\AsWlnPkg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll ============= SERVICES / DRIVERS =============== R? GTIPCI21;GTIPCI21 R? gupdate;Tjenesten Google Update (gupdate) S? ASChannel;Local Communication Channel S? aswFsBlk;aswFsBlk S? aswSP;aswSP S? avast! Antivirus;avast! Antivirus S? avast! Mail Scanner;avast! Mail Scanner S? avast! Web Scanner;avast! Web Scanner S? OfcPfwSvc;OfficeScanNT Personal Firewall S? TmFilter;Trend Micro Filter S? TmPreFilter;Trend Micro PreFilter S? WinDefend;Windows Defender =============== Created Last 30 ================ 2010-03-13 11:56:52 54016 ——a-w- c:\windows\system32\drivers\emlaep.sys 2010-03-13 07:57:12 0 d——-w- c:\windows\system32\wbem\Repository 2010-03-12 17:59:53 0 d——-w- c:\programmer\Enigma Software Group 2010-03-12 15:51:01 0 d——-w- C:\0e52d71266d4203ab1ba29749bd45d 2010-03-08 18:05:01 0 d——-w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-03-08 17:27:47 293376 ———w- c:\windows\system32\browserchoice.exe 2010-02-28 16:40:25 0 d——-w- c:\programmer\TurnTool 2010-02-26 23:05:43 0 d-sh—w- c:\documents and settings\administrator\IECompatCache 2010-02-26 23:04:35 0 d-sh—w- c:\documents and settings\administrator\PrivacIE 2010-02-26 23:02:35 0 d-sh—w- c:\documents and settings\administrator\IETldCache 2010-02-26 23:00:11 0 d——-w- c:\windows\ie8updates 2010-02-26 22:56:58 0 dc-h—w- c:\windows\ie8 2010-02-26 22:54:42 69120 ———w- c:\windows\system32\dllcache\iecompat.dll 2010-02-26 22:54:38 246272 ———w- c:\windows\system32\dllcache\ieproxy.dll 2010-02-26 22:54:36 12800 ———w- c:\windows\system32\dllcache\xpshims.dll ==================== Find3M ==================== 2010-03-09 11:08:15 28880 ——a-w- c:\windows\system32\drivers\aavmker4.sys 2010-02-24 08:16:06 181632 ———w- c:\windows\system32\MpSigStub.exe 2010-01-05 09:56:32 133120 ———w- c:\windows\system32\dllcache\extmgr.dll 2009-12-31 16:50:03 353792 ———w- c:\windows\system32\dllcache\srv.sys 2009-12-31 15:32:43 13824 ———w- c:\windows\system32\dllcache\ieudinit.exe 2009-12-21 19:08:01 916480 ——a-w- c:\windows\system32\wininet.dll 2009-12-21 19:08:01 916480 ———w- c:\windows\system32\dllcache\wininet.dll 2009-12-21 19:08:01 1208832 ———w- c:\windows\system32\dllcache\urlmon.dll 2009-12-21 19:08:00 5942784 ———w- c:\windows\system32\dllcache\mshtml.dll 2009-12-21 19:08:00 206848 ———w- c:\windows\system32\dllcache\occache.dll 2009-12-21 19:07:58 594432 ———w- c:\windows\system32\dllcache\msfeeds.dll 2009-12-21 19:07:58 55296 ———w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-12-21 19:07:57 25600 ———w- c:\windows\system32\dllcache\jsproxy.dll 2009-12-21 19:07:57 1985536 ———w- c:\windows\system32\dllcache\iertutil.dll 2009-12-21 19:07:56 184320 ———w- c:\windows\system32\dllcache\iepeers.dll 2009-12-21 19:07:56 11070464 ———w- c:\windows\system32\dllcache\ieframe.dll 2009-12-21 19:07:53 387584 ———w- c:\windows\system32\dllcache\iedkcs32.dll 2009-12-21 13:18:55 173056 ———w- c:\windows\system32\dllcache\ie4uinit.exe 2009-12-17 21:57:04 411368 ——a-w- c:\windows\system32\deploytk.dll 2009-12-17 07:41:56 344576 ——a-w- c:\windows\system32\mspaint.exe 2009-12-17 07:41:56 344576 ———w- c:\windows\system32\dllcache\mspaint.exe 2009-12-14 07:09:59 33280 ——a-w- c:\windows\system32\csrsrv.dll 2009-12-14 07:09:59 33280 ———w- c:\windows\system32\dllcache\csrsrv.dll 2009-01-20 20:01:53 24439 ——a-w- c:\programmer\updatejpegprocessing.docx 2009-02-11 08:21:16 32768 —sha-w- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012009021120090212\index.dat ============= FINISH: 12:58:23,68 =============== Malwarebytes: Malwarebytes’ Anti-Malware 1.44 Database version: 3862 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 13-03-2010 12:56:22 mbam-log-2010-03-13 (12-56-22).txt Skan type: Fuldstændig skanning (C:\\|D:\\|E:\\|) Objekter skannet: 210524 Tid tilbagelagt: 1 hour(s), 18 minute(s), 4 second(s) Inficerede Hukommelses Processer: 0 Inficerede Hukommelses Moduler: 0 Inficerede Registeringsdatabase Nøgler: 0 Inficerede Registeringsdatabase Værdier: 0 Inficerede Registeringsdatabase Filer: 0 Inficerede Mapper: 0 Inficerede Filer: 2 Inficerede Hukommelses Processer: (Ingen mistænkelige filer fundet) Inficerede Hukommelses Moduler: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Nøgler: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Værdier: (Ingen mistænkelige filer fundet) Inficerede Registeringsdatabase Filer: (Ingen mistænkelige filer fundet) Inficerede Mapper: (Ingen mistænkelige filer fundet) Inficerede Filer: C:\System Volume Information\_restore{451F1296-4812-4452-BC45-6051609C8820}\RP179\A0061948.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{451F1296-4812-4452-BC45-6051609C8820}\RP179\A0061949.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
[ Ignorer ] [ # 3 ] Fromsej TeamSpywarefri
13.03.2010 14:16:19 Administrator Team Spywarefri Antal indlæg: 54698	Umiddelbart ser det fint ud. Men alligevel: Hent Combofix, og gem den i en mappe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind: Killall:: Snapshot:: klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet. Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen. http://www.fromsej.saknet.dk/billeder/swfcombo.gif Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Kopier den fremkomne log herind. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 4 ] Jleth
13.03.2010 15:15:39 Antal indlæg: 6	Log fra combofix: ComboFix 10-03-12.04 - Administrator 13-03-2010 13:59:36.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.1015.502 [GMT 1:00] Kører fra: c:\programmer\Virusprogrammer mv\Combofix\ComboFix.exe Kommandoer benyttet :: c:\programmer\Virusprogrammer mv\Combofix\CFScript.txt advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !! . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\emlaep.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . ———-\Service_ldufn ((((((((((((((((((((((((((((( Filer skabt fra 2010-02-13 til 2010-03-13 ))))))))))))))))))))))))))))))))))) . 2010-03-13 13:08 . 2010-03-13 13:08 114688 ——a-w- c:\windows\system32\chg.exe 2010-03-13 07:57 . 2010-03-13 07:57 ———— d——-w- c:\windows\system32\wbem\Repository 2010-03-12 17:59 . 2010-03-12 18:11 ———— d——-w- c:\programmer\Enigma Software Group 2010-03-12 15:51 . 2010-03-12 15:51 ———— d——-w- C:\0e52d71266d4203ab1ba29749bd45d 2010-03-08 18:05 . 2010-03-08 18:05 ———— d——-w- c:\programmer\Alwil Software 2010-03-08 18:05 . 2010-03-08 18:05 ———— d——-w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-03-08 17:27 . 2010-02-12 10:03 293376 ———w- c:\windows\system32\browserchoice.exe 2010-02-28 16:40 . 2010-02-28 16:40 ———— d——-w- c:\programmer\TurnTool 2010-02-28 16:40 . 2010-02-28 16:40 ———— d——-w- c:\documents and settings\Administrator\Lokale indstillinger\Application Data\TurnTool 2010-02-27 10:05 . 2010-02-27 10:05 ———— d——-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Google 2010-02-27 10:05 . 2010-02-27 10:05 ———— d——-w- c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Temp 2010-02-26 23:05 . 2010-02-26 23:05 ———— d-sh—w- c:\documents and settings\Administrator\IECompatCache 2010-02-26 23:04 . 2010-02-26 23:04 ———— d-sh—w- c:\documents and settings\Administrator\PrivacIE 2010-02-26 23:02 . 2010-02-26 23:02 ———— d-sh—w- c:\documents and settings\Administrator\IETldCache 2010-02-26 23:00 . 2010-02-28 14:53 ———— d——-w- c:\windows\ie8updates 2010-02-26 22:56 . 2010-02-26 22:59 ———— dc-h—w- c:\windows\ie8 2010-02-26 22:54 . 2009-12-11 08:38 69120 ———w- c:\windows\system32\dllcache\iecompat.dll 2010-02-26 22:54 . 2009-12-21 19:07 246272 ———w- c:\windows\system32\dllcache\ieproxy.dll 2010-02-26 22:54 . 2009-12-21 19:08 12800 ———w- c:\windows\system32\dllcache\xpshims.dll 2010-02-16 21:14 . 2010-02-16 21:14 ———— d——-w- c:\documents and settings\Administrator\Application Data\Sonic 2010-02-16 21:13 . 2010-02-16 21:13 ———— d——-w- c:\documents and settings\Administrator\Application Data\Leadertech . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-13 10:37 . 2008-12-29 18:45 ———— d——-w- c:\programmer\Virusprogrammer mv 2010-03-09 11:24 . 2008-12-29 18:54 153184 ——a-w- c:\windows\system32\aswBoot.exe 2010-03-09 11:12 . 2008-12-29 18:55 46672 ——a-w- c:\windows\system32\drivers\aswTdi.sys 2010-03-09 11:12 . 2008-12-29 18:55 162640 ——a-w- c:\windows\system32\drivers\aswSP.sys 2010-03-09 11:09 . 2008-12-29 18:55 23376 ——a-w- c:\windows\system32\drivers\aswRdr.sys 2010-03-09 11:08 . 2008-12-29 18:55 100432 ——a-w- c:\windows\system32\drivers\aswmon2.sys 2010-03-09 11:08 . 2008-12-29 18:55 94800 ——a-w- c:\windows\system32\drivers\aswmon.sys 2010-03-09 11:08 . 2008-12-29 18:55 19024 ——a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-03-09 11:08 . 2008-12-29 18:55 28880 ——a-w- c:\windows\system32\drivers\aavmker4.sys 2010-03-03 18:57 . 2010-03-03 18:57 2238 ——a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{22089C24-C28D-4AAE-9285-3553F808786E}\_FA9CCB746E397B9E466F6F.exe 2010-03-03 18:57 . 2010-03-03 18:57 2238 ——a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{22089C24-C28D-4AAE-9285-3553F808786E}\_5F33B40B21FAF45C46D1E0.exe 2010-03-03 18:57 . 2009-11-21 16:30 ———— d——-w- c:\programmer\Bet Angel 2010-02-24 08:16 . 2009-10-17 11:43 181632 ———w- c:\windows\system32\MpSigStub.exe 2010-02-11 18:53 . 2008-12-29 18:55 38848 ——a-w- c:\windows\system32\avastSS.scr 2010-02-06 12:15 . 2010-02-06 12:01 ———— d——-w- c:\documents and settings\All Users\Application Data\Norton 2010-02-06 12:14 . 2006-08-24 03:35 ———— d——-w- c:\programmer\Fælles filer\Symantec Shared 2010-02-06 12:01 . 2006-08-24 03:35 ———— d——-w- c:\documents and settings\All Users\Application Data\Symantec 2010-02-06 12:01 . 2010-02-06 12:01 ———— d——-w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-01-31 13:02 . 2010-01-31 13:02 5115823 ——a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware\mbam-setup.exe 2010-01-31 13:00 . 2010-01-31 13:00 ———— d——-w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-01-31 13:00 . 2010-01-31 13:00 ———— d——-w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-30 23:59 . 2008-09-03 13:22 ———— d——-w- c:\programmer\Google 2010-01-30 18:49 . 2010-01-30 18:49 ———— d——-w- c:\programmer\Conduit 2010-01-30 18:42 . 2009-08-05 19:50 ———— d——-w- c:\programmer\NET TV 2010-01-30 18:10 . 2010-01-30 18:10 ———— d——-w- c:\documents and settings\Administrator\Application Data\StreamTorrent 2010-01-23 15:33 . 2009-05-03 17:11 ———— d——-w- c:\programmer\Microsoft Silverlight 2010-01-17 16:00 . 2010-01-12 20:04 2302 ——a-w- c:\documents and settings\Administrator\Application Data\Roulette1.co.uk\top.exe 2010-01-16 16:53 . 2010-01-12 20:04 ———— d——-w- c:\documents and settings\Administrator\Application Data\Roulette1.co.uk 2010-01-16 15:34 . 2010-01-16 15:34 942080 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\f\flightzonebonus.bb993454d3170414b7655081a3ec7db9.dll 2010-01-16 15:18 . 2010-01-16 15:18 884736 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\f\fatladybonus.1bbd616c1ce52b392c6981c202173fe7.dll 2010-01-16 15:01 . 2010-01-16 15:01 1486848 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_gao_dec_2009.cd728f719824c5074cc6023ea106ea1e.dll 2010-01-16 15:01 . 2010-01-16 15:01 618496 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_gao_dec_2009.637d031249b1b22e0b31d5303f3811be.dll 2010-01-16 15:01 . 2010-01-16 15:01 679936 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_gao_dec_2009.ddf657439bc1cbce99e8763fee9803a4.dll 2010-01-16 15:00 . 2010-01-16 15:00 1040384 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_gao_dec_2009.f5605c1fe8513561f2bef5c3c0c1a546.dll 2010-01-16 14:57 . 2010-01-16 14:57 958464 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\h\hilowbonus_flightzone.1173d08d2670eede892e3adf07022f08.dll 2010-01-16 14:57 . 2010-01-16 14:57 3883424 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\n\npswf32.b16ec84e06f26b8b85800f3b07b8d757.dll 2010-01-16 14:57 . 2010-01-16 14:57 106496 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\aurora.c0da0abbdaa27e017c6c41de2328f9c3.dll 2010-01-16 14:56 . 2010-01-16 14:56 594192 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\snakesandladdersbonus.1b7d7437b87cc53b7a00c4efd2db679d.dll 2010-01-11 19:31 . 2010-01-11 19:31 1040384 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_novgao_09.0f4a9e5f0c3aacc5fd59c75d3646b44e.dll 2010-01-11 19:31 . 2010-01-11 19:31 1474560 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_novgao_09.bca283e127879ce59170c465ef11ba05.dll 2010-01-11 19:27 . 2010-01-11 19:26 897024 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_novgao_09.cf52962a5fbf37c5c088bd5d667653d4.dll 2010-01-11 19:25 . 2010-01-11 19:25 921600 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_novgao_09.2d0e2f5fb79a1dee2f0dba3ac916277d.dll 2010-01-11 19:25 . 2010-01-11 19:25 618496 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_novgao_09.5e06bb19f897ab866a50c262ff639055.dll 2010-01-11 19:23 . 2010-01-11 19:23 679936 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_novgao_09.002d2269f327b0c9a9e9f327bc91130b.dll 2010-01-11 14:27 . 2010-01-11 14:27 901120 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_octgao_09.8eb7dff6ab1c8166b7a83d669d6f1b7d.dll 2010-01-11 14:08 . 2010-01-11 14:08 1040384 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_octgao_09.b8c78bdbd5f2e8ca0e10a0e307926db4.dll 2010-01-11 14:06 . 2010-01-11 14:06 1478656 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_septgao_09.1d5fda158c9a9d1dcbf9e88c5355d884.dll 2010-01-11 14:05 . 2010-01-11 14:05 1032192 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_wealthspa.2cac89b1bff8f25a6a8d3748201af558.dll 2010-01-11 14:04 . 2010-01-11 14:03 1040384 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_septgao_09.02b3e0bc2a35757d7c030659fd21c70a.dll 2010-01-11 14:03 . 2010-01-11 14:03 421888 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\lua51host.6c8dcc3e9f55da70bf5ccd67df48f256.dll 2010-01-11 14:03 . 2010-01-11 14:03 679936 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_septgao_09.04686bb06cfe59ecb3f271eb95218422.dll 2010-01-11 14:03 . 2010-01-11 14:02 1224704 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_summerholiday.ca5125cc93020b208c8104895ffd4a80.dll 2010-01-11 14:02 . 2010-01-11 14:02 1474560 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_wealthspa.548276e787b133afb9b912eb95b8b5c5.dll 2010-01-11 14:02 . 2010-01-11 14:02 1638400 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_summerholiday.19e3e7b6f28b2f036c0b87d00fc799b9.dll 2010-01-11 14:02 . 2010-01-11 14:02 679936 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_wealthspa.5a3f4e96415d8b3050681cdd275f3d88.dll 2010-01-11 14:02 . 2010-01-11 14:02 1478656 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_octgao_09.c2cbb8fc70fbf865a9d78d9a5874a4ce.dll 2010-01-11 14:02 . 2010-01-11 14:01 679936 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_octgao_09.7768fe95f9efff3962c913196fe05f6a.dll 2010-01-11 13:57 . 2010-01-11 13:57 618496 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_wealthspa.a58c586ab4d974ea2d4142fb4d851c2b.dll 2010-01-11 13:57 . 2010-01-11 13:57 618496 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_octgao_09.ae6289cf11b05446123a7e16d97ef025.dll 2010-01-11 13:57 . 2010-01-11 13:57 618496 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_septgao_09.d8cd6b206ce4b18e0867e42785806a63.dll 2010-01-11 13:57 . 2010-01-11 13:57 606208 ——a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_summerholiday.b02744e18c4cdb3dd3394f69d8987073.dll 2010-01-07 15:07 . 2010-01-31 13:00 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2010-01-31 13:00 19160 ——a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 16:50 . 2004-08-27 08:00 353792 ——a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:08 . 2004-08-27 08:00 916480 ——a-w- c:\windows\system32\wininet.dll 2009-12-17 21:57 . 2009-12-17 21:57 411368 ——a-w- c:\windows\system32\deploytk.dll 2009-12-17 21:56 . 2009-12-17 21:56 152576 ——a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-17 21:56 . 2009-12-17 21:56 79488 ——a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-17 07:41 . 2004-08-27 08:00 344576 ——a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:09 . 2004-08-27 08:00 33280 ——a-w- c:\windows\system32\csrsrv.dll 2009-01-20 20:01 . 2009-01-20 19:59 24439 ——a-w- c:\programmer\updatejpegprocessing.docx . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “swg”=“c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-12-29 39408] “WMPNSCFG”=“c:\programmer\Windows Media Player\WMPNSCFG.exe” [2006-11-15 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “MsmqIntCert”=“mqrt.dll” [2008-04-14 177152] “SoundMAXPnP”=“c:\programmer\Analog Devices\Core\smax4pnp.exe” [2005-05-20 925696] “SunJavaUpdateSched”=“c:\programmer\Java\jre6\bin\jusched.exe” [2009-12-17 149280] “HP Software Update”=“c:\programmer\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-16 49152] “DLA”=“c:\windows\System32\DLA\DLACTRLW.EXE” [2005-08-31 122940] “igfxtray”=“c:\windows\system32\igfxtray.exe” [2006-03-23 94208] “igfxhkcmd”=“c:\windows\system32\hkcmd.exe” [2006-03-23 77824] “igfxpers”=“c:\windows\system32\igfxpers.exe” [2006-03-23 118784] “hpWirelessAssistant”=“c:\programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe” [2006-02-14 454656] “CognizanceTS”=“c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll” [2003-12-22 17920] “QlbCtrl”=“c:\programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2006-05-08 131072] “Cpqset”=“c:\programmer\HPQ\Default Settings\cpqset.exe” [2006-01-26 172094] “Recguard”=“c:\windows\Sminst\Recguard.exe” [2005-12-20 1187840] “Reminder”=“c:\windows\Creator\Remind_XP.exe” [2006-03-09 806912] “Scheduler”=“c:\windows\SMINST\Scheduler.exe” [2006-02-15 892928] “WatchDog”=“c:\programmer\InterVideo\DVD Check\DVDCheck.exe” [2005-11-08 184320] “OfficeScanNT Monitor”=“c:\programmer\Trend Micro\OfficeScan Client\pccntmon.exe” [2006-02-07 356352] “Windows Defender”=“c:\programmer\Windows Defender\MSASCui.exe” [2006-11-03 866584] “avast5”=“c:\progra~1\ALWILS~1\Avast5\avastUI.exe” [2010-03-09 2769336] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360] c:\documents and settings\All Users\Menuen Start\Programmer\Start\ Adobe Reader Hurtigstart.lnk - c:\programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] BTTray.lnk - c:\programmer\WIDCOMM\Bluetooth-software\BTTray.exe [2006-1-18 581693] DVD Check.lnk - c:\programmer\InterVideo\DVD Check\DVDCheck.exe [2008-9-3 184320] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2005-07-25 18:41 40960 ——a-w- c:\programmer\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @=“Service” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR] 2006-02-14 09:56 122880 ——a-w- c:\programmer\HPQ\HP ProtectTools Security Manager\pthosttr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2006-03-03 16:46 761948 ——a-w- c:\programmer\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusOverride”=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\\system32\\sessmgr.exe”= “c:\\WINDOWS\\system32\\mqsvc.exe”= “c:\\WINDOWS\\SMINST\\Scheduler.exe”= “%windir%\\Network Diagnostic\\xpnetdiag.exe”= “c:\\Programmer\\NET TV\\SOPCAST\\adv\\SopAdver.exe”= “c:\\Programmer\\NET TV\\SOPCAST\\SopCast.exe”= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29-12-2008 19:55 162640] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [27-08-2004 09:00 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29-12-2008 19:55 19024] R2 TmFilter;Trend Micro Filter;c:\programmer\Trend Micro\OfficeScan Client\tmxpflt.sys [09-11-2005 19:34 205328] R2 TmPreFilter;Trend Micro PreFilter;c:\programmer\Trend Micro\OfficeScan Client\tmpreflt.sys [09-11-2005 19:34 36368] R2 WinDefend;Windows Defender;c:\programmer\Windows Defender\MsMpEng.exe [03-11-2006 19:19 13592] S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [31-01-2010 00:59 135664] S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys—> c:\windows\system32\DRIVERS\gtipci21.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel . Indhold af mappen ‘Planlagte Opgaver’ 2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-30 23:59] 2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-30 23:59] 2010-03-13 c:\windows\Tasks\MP Scheduled Scan.job - c:\programmer\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2010-03-13 c:\windows\Tasks\User_Feed_Synchronization-{F2EF1A46-726B-4C4E-B6C7-A05A9C3BD8FB}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ———- Yderligere scanning———- . uStart Page = hxxp://signon.stofanet.dk/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Send til &Bluetooth; - c:\programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm IE: {{A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - c:\casino\Bwin\CD Poker\CDPoker\casino.exe DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.djs-netbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab DPF: {C8C1066B-FE9E-4B1B-9951-1BBC5EE03E38} - hxxps://www2.web-direct.dk/WDX.CAB DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-13 14:09 Windows 5.1.2600 Service Pack 3 NTFS scanner skjulte processer ... scanner skjulte autostarter ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\programmer\HPQ\Default Settings\cpqset.exe???????X[??????n??\|?@???? ??4B????????? ????hB?????X[? scanner skjulte filer ... scanning gennemført med succes skjulte filer: 0 ********************************************************************** . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- [HKEY_USERS\S-1-5-21-4031063971-2685612392-1083774949-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) “88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,eb,68,a7,a4,48,6c,41,b1,aa,1c,\ “2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,eb,68,a7,a4,48,6c,41,b1,aa,1c,\ “6256FFB019F8FDFBD36745B06F4540E9AEAF222A25”=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,eb,68,a7,a4,48,6c,41,b1,aa,1c,\ . ——————————- DLLs startet under kørende Processer——————————- - - - - - - - > ‘winlogon.exe’(860) c:\programmer\HPQ\IAM\Bin\AsWlnPkg.dll - - - - - - - > ‘explorer.exe’(3488) c:\programmer\HPQ\IAM\Bin\SFSShell.dll c:\programmer\HPQ\IAM\bin\ItMsg.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ————————————Andre kørende processer———————————— . c:\programmer\HPQ\IAM\bin\asghost.exe c:\windows\system32\DllHost.exe c:\programmer\Alwil Software\Avast5\AvastSvc.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\msdtc.exe c:\programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe c:\programmer\Java\jre6\bin\jqs.exe c:\programmer\Fælles filer\LightScribe\LSSrvc.exe c:\programmer\Trend Micro\OfficeScan Client\ntrtscan.exe c:\programmer\Trend Micro\OfficeScan Client\tmlisten.exe c:\windows\system32\mqsvc.exe c:\programmer\Trend Micro\OfficeScan Client\OfcPfwSvc.exe c:\programmer\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\mqtgsvc.exe c:\windows\TEMP\NC8815.EXE c:\programmer\Windows Media Player\WMPNetwk.exe c:\progra~1\HPQ\Shared\HPQTOA~1.EXE . ************************************************************************ . Gennemført tid: 2010-03-13 14:13:46 - maskinen blev genstartet ComboFix-quarantined-files.txt 2010-03-13 13:13 ComboFix2.txt 2010-02-06 12:36 Pre-Kørsel: 30.017.511.424 byte ledig Post-Kørsel: 30.033.125.376 byte ledig - - End Of File - - BDAC2D46089B00CCD29128D49B9B9D03
[ Ignorer ] [ # 5 ] Fromsej TeamSpywarefri
13.03.2010 17:48:08 Administrator Team Spywarefri Antal indlæg: 54698	Det ser ud til at Combofix åd det sidste. Er problemet løst? Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 6 ] Jleth
13.03.2010 18:00:36 Antal indlæg: 6	Ja - det var det jo reelt allerede da jeg havde startet computeren i fejlsikret tilstand og gendannet systemoplysninger som de var for et par dage siden. Var bare i tvivl om at ALT nu også var væk. Tusind tak for hjælpen - jeg håber ikke du hører fra mig igen / Leth
[ Ignorer ] [ # 7 ] Fromsej TeamSpywarefri
14.03.2010 10:47:27 Administrator Team Spywarefri Antal indlæg: 54698	Velbekomme. Jeg låser tråden, du er velkommen en anden gang. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur