her ny combofix….

ComboFix 08-09-24.01 - niels peter 2008-09-24 19:42:25.5 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.207 [GMT 2:00]
Running from: C:\Documents and Settings\niels peter\Skrivebord\Spywarefri\ComboFix.exe
Command switches used :: C:\Documents and Settings\niels peter\Skrivebord\Spywarefri\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
———————- FCopy———————-

C:\tcpip.SYS—> C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-\Legacy_NSESVC
———-\Service_nsesvc

(((((((((((((((((((((((((  Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-24 18:40 . 2008-09-24 18:40 <DIR> d————C:\Documents and Settings\niels peter\Contacts
2008-09-24 18:26 .  <DIR>  C:\WINDOWS\LastGood.Tmp
2008-09-24 18:25 . 2008-09-24 18:25 <DIR> d————C:\Programmer\Windows Live
2008-09-24 18:25 .  <DIR>  C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-09-24 18:24 . 2008-09-24 18:24 <DIR> d————C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-20 10:13 . 2008-09-20 10:13 361,600————- C:\tcpip.sys
2008-09-19 20:11 . 2001-08-17 21:28 794,654—a———C:\WINDOWS\system32\dllcache\usr1801.sys
2008-09-19 20:10 . 2001-10-04 16:47 899,274—a———C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-19 20:09 . 2008-04-14 17:45 2,026,496—a———C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-19 20:08 . 2001-08-17 21:28 802,683—a———C:\WINDOWS\system32\dllcache\ltsm.sys
2008-09-19 20:07 . 2001-10-04 17:07 1,733,120—a———C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-19 20:06 . 2001-08-17 20:14 952,007—a———C:\WINDOWS\system32\dllcache\diwan.sys
2008-09-19 20:05 . 2001-10-04 16:34 980,034—a———C:\WINDOWS\system32\dllcache\cicap.sys
2008-09-19 20:04 . 2001-08-17 21:28 871,388—a———C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-19 20:03 . 2008-04-14 17:44 2,147,840—a———C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-09-19 18:35 . 2008-09-19 18:35 <DIR> d————C:\Documents and Settings\niels peter\Application Data\Windows Search
2008-09-19 18:34 . 2008-09-19 18:34 <DIR> d————C:\Documents and Settings\niels peter\Application Data\Windows Desktop Search
2008-09-19 18:33 . 2008-09-19 18:33 <DIR> d————C:\WINDOWS\system32\GroupPolicy
2008-09-19 18:33 . 2008-09-19 18:33 <DIR> d————C:\Programmer\Windows Desktop Search
2008-09-19 18:33 . 2008-09-19 18:33 1,374—a———C:\WINDOWS\imsins.BAK
2008-09-17 19:02 .  <DIR>  C:\Documents and Settings\Gµst\Lokale indstillinger
2008-09-17 19:02 .  <DIR>  C:\Documents and Settings\Gµst\Lokale indstillinger
2008-09-17 19:02 . 2008-09-17 19:02 <DIR> d————C:\Documents and Settings\Gæst
2008-09-17 18:35 . 2008-09-17 18:35 <DIR> d————C:\Programmer\Malwarebytes’ Anti-Malware
2008-09-17 18:35 . 2008-09-10 00:04 38,528—a———C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 18:35 . 2008-09-10 00:03 17,200—a———C:\WINDOWS\system32\drivers\mbam.sys
2008-09-17 18:29 . 2008-09-17 18:29 <DIR> d————C:\Programmer\CCleaner
2008-08-25 17:28 . 2008-08-25 18:45 144—ahs——C:\WINDOWS\system32\688789246.dat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 08:13 361,600——a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-09-20 08:13 361,600——a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-09-02 10:48 19,512——a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-07-18 20:10 94,920——a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920——a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448——a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448——a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768——a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552——a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552——a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912——a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912——a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832——a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832——a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000——a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000——a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656——a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656——a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880——a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976——a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:29 253,952——a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:29 253,952——a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:44 74,240——a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240——a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936———w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:33 3,592,192——a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2001-07-26 14:58 47——a-w C:\Programmer\ACMonitor_X73.ini
2001-07-05 10:46 8,116——a-w C:\Programmer\OSLO3071b2.USB
2001-05-11 09:39 53,248——a-w C:\Programmer\ACMonitor_X73.exe
2001-05-08 14:36 114,688——a-w C:\Programmer\lxarscan.dll
2001-04-23 12:22 1,437——a-w C:\Programmer\gtx73.ini
2001-02-22 07:54 768——a-w C:\Programmer\x73_lut.dat
2008-05-11 19:12 32,768—sha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008051120080512\index.dat
.

(((((((((((((((((((((((((((((  snapshot@2008-09-21_12.23.21.59   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-24 16:26:12 29,926——a-r C:\WINDOWS\Installer\{1EDF0646-14CE-46FE-8785-9E12E29686DF}\MsblIco.Exe
+ 2007-10-18 09:31:46 51,224——a-w C:\WINDOWS\system32\sirenacm.dll
+ 2006-06-05 12:14:28 479,232——a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 12:14:28 548,864——a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 12:14:28 626,688——a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 15360]
“swg”=“C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-04-08 68856]
“updateMgr”=“C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 313472]
“MsnMsgr”=“C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe” [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SunJavaUpdateSched”=“C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe” [2003-08-19 32873]
“PrinTray”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe” [2001-10-12 36864]
“hcenter”=“C:\Programmer\Support.com\bin\tgcmd.exe” [2003-07-07 1916928]
“PaperPort PTD”=“C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe” [2005-03-18 57393]
“Norman ZANDA”=“C:\Norman\Npm\Bin\ZLH.EXE” [2008-06-02 277616]
“Disk Monitor”=“C:\Programmer\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe” [2003-06-18 466944]
“IndexSearch”=“C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe” [2005-03-18 40960]
“SoundMan”=“SOUNDMAN.EXE” [2003-09-23 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2008-04-14 15360]
“NvMediaCenter”=“C:\WINDOWS\System32\NVMCTRAY.DLL” [2003-07-23 49152]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Windows Search.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“NoDispSettingPage”= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “C:\Programmer\SUPERAntiSpyware\SASSEH.DLL” [2006-02-16 77824]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll” [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon]
2006-03-08 11:32 258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“C:\\Programmer\\Messenger\\MSMSGS.EXE”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\Programmer\\Support.com\\TDCKabel\\hcenter.exe”=
“C:\\Programmer\\Support.com\\BIN\\TGCMD.EXE”=
“C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“C:\\Programmer\\Windows Live\\Messenger\\livecall.exe”=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2006-09-24 6656]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448]
R2 nhksrv;Netropa NHK Server;C:\Programmer\Office keyboard utility\1.1\nhksrv.exe [2006-09-24 28672]
R2 NVOY;Norman’s Very Own supplY of resources;C:\Norman\npm\bin\nvoy.exe [2008-02-07 121912]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2008-04-30 191544]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Npm\bin\NVCSCHED.EXE [2007-09-18 154680]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 30264]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 129848]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 23224]
.
Contents of the ‘Scheduled Tasks’ folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 19:46:14
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
————————————Other Running Processes————————————
.
C:\NORMAN\NPM\BIN\ELOGSVC.EXE
C:\NORMAN\NPM\BIN\ZANDA.EXE
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\BRSS01A.EXE
C:\PROGRAMMER\EWIDO\SECURITY SUITE\EWIDOCTRL.EXE
C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE
C:\NORMAN\NPM\BIN\NJEEVES.EXE
C:\WINDOWS\system32\sessmgr.exe
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
.
**************************************************************************
.
Completion time: 2008-09-24 19:48:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-24 17:48:40
ComboFix4.txt 2008-09-19 18:23:32
ComboFix3.txt 2008-09-20 08:24:28
ComboFix5.txt 2008-09-24 17:41:50
ComboFix2.txt 2008-09-21 10:24:14

Pre-Run: 148.813.414.400 byte ledig
Post-Run: 148,664,123,392 byte ledig

186—- E O F—- 2008-09-10 17:14:45

Det hjalp på den. Nu har jeg ikke mere at udsætte på logfilen. Kører computeren også tilfredsstillende nu?

Ja, den kører fint. Mange tak for hjælpen!

Velbekomme.

Jeg vil på vegne af hele Spywarefri takke dig for din støtte, du vil kunne se dit navn på listen, når støtten er nået frem:
http://www.spywarefri.dk/forum/forum.asp?FORUM_ID=45

Jeg låser tråden, får du brug for os igen, er du velkommen til at oprette et nyt spørgsmål.