Ramt af Antivirus XP 2008

**RB211** · #1 5. juli 2008, 08:54

Hi guys .. Jeg har lige åbnet en e-mail og blev ramt med en Antivirus XP 2008 virus. Cant slippe af med det. Enhver hjælpe meget værdsat ..

**evilfantasy** · #2 5. juli 2008, 09:13

Start HER

Post Kævlerne når færdig.

**RB211** · #3 5. juli 2008, 09:34

Sorry mate I dont forstå .. Hvad vil du have mig til at gøre med det hele?

**Hybr! D** · #4 5. juli 2008, 09:44

Tag dig tid til at læse den og derefter køre softwaren og efter log-filerne, så vi kan se hvad der sker med din pc.

**RB211** · #5 5. juli 2008, 11:59

Heres Kævlerne:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/05/2008 at 05:20
Application Version: 4.15.1000
Core Rules Database Version: 3497
Trace Rules Database Version: 1488
Scan type: Quick Scan
Total Scan Time: 00:10:14
Memory poster scannet: 268
Memory trusler opdaget: 1
Topdomæneadministratoren poster scannet: 407
Topdomæneadministratoren trusler opdaget: 26
File poster scannet: 6977
File trusler opdaget: 175
Rogue.AntiVirus XP 2008
C: \ Programmer \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Programmer \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Antivirus XP 2008 \ Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Antivirus XP 2008 \ Sådan Register Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Antivirus XP 2008 \ License Agreement.lnk
C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Antivirus XP 2008 \ Register Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Antivirus XP 2008 \ Uninstall.lnk
C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Antivirus XP 2008
C: \ AA \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
Rogue.Dropper / Gen
[lphctv6j0erel] C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ servering-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ burstnet [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ clickbank [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ advertpro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wjnywnc5eeo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserver.mediarun [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 192 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adviva [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-mgnlimited.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ sex-video [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ mediaplex [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.onestat [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevenue [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.videhost [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pugetsoundsoftwar e [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ reklame [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ DoubleClick [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.burstnet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@tracking.summitmedia. CO [1]. txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tacoda [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ s [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@data.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ questionmarket [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ roiservice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adbrite [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@counter.hitslink [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserving.muppetism [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [4]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@vhost.oddcast [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@rotator.adjuggler [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@s1.trafficmaxx [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.ookla [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ neocounter2 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.doublepimp [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@te.kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 9167811 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevolver [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ indextools [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ sexyandshocking [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ yadro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@w00tpublishers.wootme dia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@dynamic.media.adrevol ver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wfkokkcjcao.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ atwola [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adecn [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@mobilefun.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@m1.webstats.motigo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 1068755026 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ specificclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ firstchoice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 2o7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ TradeDoubler [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.techguy [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adultadworld [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-bestbuy.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ firstchoice [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-twi.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ revsci [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@exchange.ggmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adlegend [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@shopping.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-iwantoneofthose.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.digitalrock.co [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 63701567 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ overture [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ a [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ bluestreak [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ statcounter [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ atdmt [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pubmatic [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 247realmedia [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@avgtechnologies.112.2 O7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ bravenet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@heavycom.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.dealtime [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@server.iad.liveperson [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ fastclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ stativ [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adtech [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ øge [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-systemax.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ gostats [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@network-ca.247realmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ AdRotator [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 1048893890 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.clash-media [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ indexstats [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@test.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@eas.apm.emediate [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ adtech [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ehg-iwantoneofthose.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@metacafe.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@stat.onestat [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter4.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ atdmt [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@as1.falkag [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@hg1.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@c1.zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter13.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter15.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ adrevolver [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ Zedo [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ targetnet [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@adopt.hbmediapro [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ 2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ atwola [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@stats.searchtrack [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ atdmt [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ femten [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.fifteen [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflisidjkko.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ adtech [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@marksandspencer.122 ,2 O7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ adrevolver [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@perf.overture [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ windowsmedia [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ statcounter [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ regnskaber [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflyckcjabo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-debenhams.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@paypal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@tracker.roitesting [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ bravenet [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@data4.perf.overture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ revsci [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ mediaplex [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@etype.adbureau [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@112.2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-bskyb.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ads.telegraph.co [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ questionmarket [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ servering-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indextools [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ 2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ reklame [2]. Txt
Rogue.AntiSpywareExpert
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC # NextInstance
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Service
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Legacy
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ConfigFlags
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Class
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ClassGUID
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # DeviceDesc
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control # ActiveService
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ty pe
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # St kunst
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Er rorControl
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Im agePath
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Di splayName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ob jectName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Op t
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se hed
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se hed # Security
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # 0
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # Count
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # NextInstance
NotHarmful.Sysinternals Bluescreen Screen Saver
C: \ WINDOWS \ SYSTEM32 \ BLPHCTV6J0EREL.SCR
Trojan.Unclassified / CBEvtSvc
C: \ WINDOWS \ SYSTEM32 \ CBEVTSVC.EXE
C: \ WINDOWS \ Prefetch \ CBEVTSVC.EXE-2F4C36CD.pf
Trojan.Unknown Oprindelse
C: \ WINDOWS \ SYSTEM32 \ PHCTV6J0EREL.BMP

Malwarebytes' Anti-Malware 1.19
Database version: 924
Windows 5.1.2600 Service Pack 3
19:22:42 05/07/2008
mbam-log-7-5-2008 (19-22-42). txt
Scan type: Full Scan (C: \ | D: \ | E: \ |)
Objekter skannet: 113635
Tidsforbrug: 42 minut (ter), 4 sekund (er)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registreringsdatabasenøgler Inficerede: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(Nr. ondsindede elementer opdaget)
Memory Modules Infected:
(Nr. ondsindede elementer opdaget)
Registreringsdatabasenøgler Inficerede:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Software Notifier (Rogue.Multiple) -> karantæne og slettet.
Registry Values Infected:
(Nr. ondsindede elementer opdaget)
Registry Data Items Infected:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> karantæne og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> karantæne og slettet.
Folders Infected:
(Nr. ondsindede elementer opdaget)
Files Infected:
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ rp2 \ A0000029.exe (Trojan.Downloader) -> karantæne og slettet.
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ rp2 \ A0000047.dll (Rogue.AntivirusXP2008) -> karantæne og slettet.
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000262.exe (Trojan.Downloader) -> karantæne og slettet.
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000485.dll (Rogue.AntivirusXP2008) -> karantæne og slettet.

JavaRa 1.08 Fjernelse Log.Report følger efter linje .------------------------------------ De JavaRa fjernelsesprocessen blev startet på lørdag jul 05 19:49:54 2008
Fundet og fjernet: C: \ Programmer \ Java \ jre1.6.0_05Found og fjernet: SOFTWARE \ Javasofts \ Java Runtime Environment \ 1.4Found og fjernet: SOFTWARE \ Classes \ JavaWebStart.isInstalled.1.5.0.0F ound og fjernet: Software \ Javasofts \ Java2D \ 1.5.0_02Found og fjernet: Software \ Javasofts \ Java2D \ 1.5.0_04Found og fjernet: Software \ Javasofts \ Java2D \ 1.5.0_06Found og fjernet: Software \ Javasofts \ Java2D \ 1.5.0_09Found og fjernet: Software \ Javasofts \ Java2D \ 1.5.0_10Found og fjernet: Software \ Javasofts \ Java2D \ 1.5.0_11Found og fjernet: SOFTWARE \ Classes \ JavaPlugin.150_02Found og fjernet: SOFTWARE \ Classes \ JavaPlugin.150_04Found og fjernet: SOFTWARE \ Classes \ JavaPlugin.150_06Found og fjernet: SOFTWARE \ Classes \ JavaPlugin.150_09Found og fjernet: SOFTWARE \ Classes \ JavaPlugin.150_10--------------------------------- --- Finished rapportering.

Tak fyrene

**evilfantasy** · #6 5. juli 2008, 12:01

Brug for Hijackthis log nu.

**RB211** · #7 5. juli 2008, 12:25

Ups sorry. Her er det:

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 20:24:21 den 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ CA \ eTrust Antivirus \ InoRpc.exe
C: \ Programmer \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Programmer \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Programmer \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ System32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Programmer \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Programmer \ QuickTime \ qttask.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ Programmer \ SPAMfighter \ SFAgent.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Programmer \ Messenger \ msmsgs.exe
C: \ Programmer \ Forenede Indberetninger \ UnitedAlerts.exe
C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programmer \ DNA \ btdna.exe
C: \ Programmer \ Windows Media Player \ WMPNSCFG.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Programmer \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ da-dk \ bin \ WindowsSearch.exe
C: \ Programmer \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ da-dk \ bin \ WindowsSearchIndexer.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ WinZip \ WZQKPICK.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ da-dk \ bin \ WindowsSearchFilter.exe
C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Programmer \ ICQToolbar \ toolbaru.dll (filen mangler)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Programmer \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programmer \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ da-dk \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Programmer \ ICQToolbar \ toolbaru.dll (filen mangler)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programmer \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ da-dk \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Programmer \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-s
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Programmer \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Programmer \ SPAMfighter \ SFAgent.exe" update forsinkelse 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Programmer \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programmer \ Messenger \ msmsgs.exe" / baggrund
O4 - HKCU \ .. \ Run: [Forenede Indberetninger] C: \ Programmer \ Forenede Indberetninger \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Programmer \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programmer \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Programmer \ Microsoft Office \ Office10 \ OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Programmer \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ da-dk \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Programmer \ WinZip \ WZQKPICK.EXE
O8 - Extra sammenhæng menupunktet: & Google Search - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra sammenhæng menupunktet: & ICQ Toolbar Search - res: / / C: \ Programmer \ ICQToolbar \ toolbaru.dll / SEARCH.HTML
O8 - Extra sammenhæng menupunktet: & MSN Search - res: / / C: \ Programmer \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ da-dk \ msntb.dll / search.htm
O8 - Extra sammenhæng menupunkt: Historiske Links - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra sammenhæng menupunkt: Øjebliksbillede af side i cache - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra sammenhæng menupunkt: Åben i nyt baggrunden fanen - res: / / C: \ Programmer \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ da-dk \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra sammenhæng menupunkt: Åben i nyt forgrundsviden fanen - res: / / C: \ Programmer \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ da-dk \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra sammenhæng menupunkt: Lignende sider - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra sammenhæng menupunkt: Oversæt til engelsk - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Ekstra knap: Medion-UK - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (filen mangler) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI klasse) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C: \ Programmer \ CA \ eTrust Antivirus \ InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C: \ Programmer \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C: \ Programmer \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Programmer \ SPAMfighter \ sfus.exe
--
End of file - 10438 bytes

**evilfantasy** · #8 5. juli 2008, 12:32

Stadig et stykke arbejde at gøre.

Downloade SDFix.exe og gemme den til dit skrivebord.

Dobbeltklik SDFix.exe og det vil udpakke filerne til% systemdrive%
(Drive, der indeholder Windows Directory, typisk C: \ SDFix)

Nu derefter genstarte din computer i Fejlsikret tilstand ved at gøre følgende:

Genstart computeren
Efter at have hørt din computer bipper én gang under start, men før Windows-ikonet vises, tryk på F8 kontinuerligt;
I stedet for Windows lastning som normalt, Avancerede indstillinger Menu skal vises;
Vælg den første mulighed, for at køre Windows i fejlsikret tilstand, og tryk derefter på Indtast.
Vælg din normale konto.
Åbn ekstraheres SDFix mappe og dobbeltklik på RunThis.bat for at starte scriptet.
Type Y for at begynde Tilfældig proces.
Det vil fjerne enhver Trojan Service og registreringsdatabaseposter, at den konstaterer, derefter bede dig om at trykke på en tast for at genstarte.
Tryk på en tast, og det vil genstarte pc'en.
Når pc'en genstarter Fixtool vil løbe igen og færdiggøre processen til fjernelse derefter vise FinishedTryk på en vilkårlig tast for at afslutte scriptet og belastning skrivebordet ikoner.
Når skrivebordet ikoner indlæse SDFix rapport vil åbne på skærmen og også gemme i SDFix mappe som Report.txt
(Report.txt vil også blive kopieret til Udklipsholder).
Endelig kan du kopiere og indsætte indholdet af resultaterne fil Report.txt med en ny HijackThis log i dit næste svar.

Hvis SDFix ikke vil køre eller du får fejl, følg linket for at få instruktioner om kører SDFix. Sådan bruges SDFix

----------

Næste post tilføje
SDFix log
EN NY Hijackthis log

**RB211** · #9 5. juli 2008, 13:34

OK Næste logfiler

SDFix: Version 1.201
Drives af Danny på 05/07/2008 til 21:08
Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ Sange \ SDFix
Kontrol Services :

Retablering Default Security Values
Retablering Default Hosts File
Genstart

Checking Files :
Nr. Trojan Files Found

Removing Temp Files
ADS Check :

Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 21:21:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning skjulte processer ...
scanning skjulte tjenesteydelser & system hive ...
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ BTHPORT \ Parameters \ Keys \ 000c55050b1d]
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ B THPORT \ Parameters \ Keys \ 000c55050b1d]
scanning skjulte registreringsdatabaseposter ...
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Prefetcher]
"TracesProcessed" = dword: 000000aa
"TracesSuccessful" = dword: 00000005
scanning skjulte filer ...
scanning afsluttet med succes
skjulte processer: 0
skjulte tjenester: 0
skjulte filer: 0

Resterende Services :

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Programmer \ \ CA \ \ eTrust Antivirus \ \ InoRpc.exe" = "C: \ \ Programmer \ \ CA \ \ eTrust Antivirus \ \ InoRpc.exe: *: Enabled: eTrust Antivirus - RPC Server "
"C: \ \ Programmer \ \ CA \ \ eTrust Antivirus \ \ InocIT.exe" = "C: \ \ Programmer \ \ CA \ \ eTrust Antivirus \ \ InocIT.exe: *: Enabled: eTrust Antivirus - Lokale Scanner "
"C: \ \ Programmer \ \ CA \ \ eTrust Antivirus \ \ Realmon.exe" = "C: \ \ Programmer \ \ CA \ \ eTrust Antivirus \ \ Realmon.exe: *: Enabled: eTrust Antivirus - Realtime overvåge "
"C: \ \ Programmer \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Programmer \ \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ \ Programmer \ \ Forenede Indberetninger \ \ UnitedAlerts.exe" = "C: \ \ Programmer \ \ Forenede Indberetninger \ \ UnitedAlerts.exe"
"C: \ \ Programmer \ \ ICQ \ \ Icq.exe" = "C: \ \ Programmer \ \ ICQ \ \ Icq.exe: *: Enabled: ICQ"
"C: \ \ Programmer \ \ CA \ \ eTrust Antivirus \ \ Shellscn.exe" = "C: \ \ Programmer \ \ CA \ \ eTrust Antivirus \ \ Shellscn.exe: *: Enabled: Shellscn"
"C: \ \ Programmer \ \ iTunes \ \ iTunes.exe" = "C: \ \ Programmer \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ \ StubInstaller.exe" = "C: \ \ StubInstaller.exe: *: E nabled: LimeWire swarmed installer"
"C: \ \ Programmer \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Programmer \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"C: \ \ Programmer \ \ BitTorrent_DNA \ \ dna.exe" = "C: \ \ Programmer \ \ BitTorrent_DNA \ \ dna.exe: *: Enabled: BitTorren t DNA"
"C: \ \ Programmer \ \ DNA \ \ btdna.exe" = "C: \ \ Programmer \ \ DNA \ \ btdna.exe: *: Enabled: DNA"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Programmer \ \ Forenede Indberetninger \ \ UnitedAlerts.exe" = "C: \ \ Programmer \ \ Forenede Indberetninger \ \ UnitedAlerts.exe"
"C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
Resterende Files :

Filer med Skjult Attributter :
Onsdag 26 januar 2005 4.704 A.SH. --- "C: \ WINDOWS \ system32 \ KGyGaAvL.sys"
Onsdag 13 juli 2005 4.348 .. SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Lørdag den 5 juli 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Mandag den 13 juni 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar15.tmp"
Mandag den 13 juni 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar9.tmp"
Mandag den 13 juni 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ MarA.tmp"
Lørdag den 5 juli 2008 96 A.. H. --- "C: \ Documents and Settings \ All Users \ Application Data \ avg8 (2) \ scanlogs \ srmcheck.tmp"
Onsdag 13 juli 2005 4.348 ... H. --- "C: \ Documents and Settings \ Danny \ Dokumenter \ Musik \ License Backup \ drmv1key.bak"
Onsdag 25 januar 2006 20 A.. H. --- "C: \ Documents and Settings \ Danny \ Dokumenter \ Musik \ License Backup \ drmv1lic.bak"
Onsdag 13 juli 2005 312 A.SH. --- "C: \ Documents and Settings \ Danny \ Dokumenter \ Musik \ License Backup \ drmv2key.bak"
Færdig!

og

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 21:33:52 den 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ CA \ eTrust Antivirus \ InoRpc.exe
C: \ Programmer \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Programmer \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Programmer \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ System32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Programmer \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Programmer \ QuickTime \ qttask.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ Programmer \ SPAMfighter \ SFAgent.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Programmer \ Messenger \ msmsgs.exe
C: \ Programmer \ Forenede Indberetninger \ UnitedAlerts.exe
C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programmer \ DNA \ btdna.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programmer \ Windows Media Player \ WMPNSCFG.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Programmer \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ da-dk \ bin \ WindowsSearch.exe
C: \ Programmer \ WinZip \ WZQKPICK.EXE
C: \ Programmer \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ da-dk \ bin \ WindowsSearchIndexer.exe
C: \ Programmer \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ da-dk \ bin \ WindowsSearchFilter.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Programmer \ ICQToolbar \ toolbaru.dll (filen mangler)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Programmer \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programmer \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ da-dk \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Programmer \ ICQToolbar \ toolbaru.dll (filen mangler)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programmer \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ da-dk \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Programmer \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-s
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Programmer \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Programmer \ SPAMfighter \ SFAgent.exe" update forsinkelse 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Programmer \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programmer \ Messenger \ msmsgs.exe" / baggrund
O4 - HKCU \ .. \ Run: [Forenede Indberetninger] C: \ Programmer \ Forenede Indberetninger \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Programmer \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programmer \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Programmer \ Microsoft Office \ Office10 \ OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Programmer \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ da-dk \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Programmer \ WinZip \ WZQKPICK.EXE
O8 - Extra sammenhæng menupunktet: & Google Search - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra sammenhæng menupunktet: & ICQ Toolbar Search - res: / / C: \ Programmer \ ICQToolbar \ toolbaru.dll / SEARCH.HTML
O8 - Extra sammenhæng menupunktet: & MSN Search - res: / / C: \ Programmer \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ da-dk \ msntb.dll / search.htm
O8 - Extra sammenhæng menupunkt: Historiske Links - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra sammenhæng menupunkt: Øjebliksbillede af side i cache - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra sammenhæng menupunkt: Åben i nyt baggrunden fanen - res: / / C: \ Programmer \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ da-dk \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra sammenhæng menupunkt: Åben i nyt forgrundsviden fanen - res: / / C: \ Programmer \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ da-dk \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra sammenhæng menupunkt: Lignende sider - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra sammenhæng menupunkt: Oversæt til engelsk - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Ekstra knap: Medion-UK - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (filen mangler) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI klasse) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C: \ Programmer \ CA \ eTrust Antivirus \ InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C: \ Programmer \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C: \ Programmer \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Programmer \ SPAMfighter \ sfus.exe
--
End of file - 10422 bytes

**evilfantasy** · #10 5. juli 2008, 13:38

Jeg er nødt til at have nogle flere oplysninger om et par filer. Post linkene her til resultaterne, når komplet.

Scan Mistænkelige File (s)

Besøg Virustotal
(Hvis mere end én fil behov scannet de skal ske særskilt og logfiler indsendt for hver en)

Kopier filstien i nedenfor Code box:

Code:

C: \ Programmer \ rhcpv6j0erel \ rhcpv6j0erel.exe

Ved upload site, klik en gang inde i vinduet ved siden af Browse.
Tryk Ctrl + V på tastaturet (begge dele på samme tid) for at indsætte filstien i vinduet.
Næste klikke Send File
- Din fil vil muligvis være trådt i en kø, der normalt tager mindre end et minut til at klare.
Dette vil foretage en scanning på tværs af flere forskellige virusscanningen motorer.
Vigtigt: Vent, til alle de scanning motorer til at fuldføre.
Kopier og derefter indsætte linket til resultaterne i den næste svar.

Nu gøre det samme med denne fil.

Code:

C: \ Programmer \ Forenede Indberetninger \ UnitedAlerts.exe