‹‹ Systemværktøjer/tilbehør kan ikke startes     pc confidential :( ! ››
 
 
 
bærbar fryser på nettet
    [ Ignorer ]   
  mette3008
09.03.2010 23:39:43
Antal indlæg: 7

Hej,
jeg har de sidste 14 dage oplevet at min computer er frosset når jeg har været på internet.
Jeg bruger w. Vista, og explorer.
Jeg har fulgt jeres vejledning, og haft meget bøvl med det, da download konstant har fået min computer til at fryse. Men endelig - efter 3 afteners arbejde - er alle trin lykkedes!

Det lader til, at det har hjulpet - især da det efter mange forgæves forsøg lykkedes mig at opdatere java. I dag har jeg endnu ikke oplevet frysning efter at have været på nettet 3 gange i forbindelse med dette.

Problemerne startede med at computeren 3 dage i træk for ca. 14 dage siden fortalte at den installerede 11 opdateringer når jeg lukkede - normalen er 1-3 af og til og ikke flere dage i træk.

Jeg har avast antivirus og comodo firewall - gratisversioner.

Nedenfor diverse logfiler.

På forhånd tak for hjælpen!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:44, on 09-03-2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\WisKeyState.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mette\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] “c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [HotkeyApp] “C:\Program Files\Launch Manager\HotkeyApp.exe”
O4 - HKLM\..\Run: [WisKeyState] “C:\Program Files\Launch Manager\WisKeyState.exe”
O4 - HKLM\..\Run: [LMgrVolOSD] “C:\Program Files\Launch Manager\OSD.exe”
O4 - HKLM\..\Run: [LMgrOSD] “C:\Program Files\Launch Manager\OSDCtrl.exe”
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [COMODO Internet Security] “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
O4 - HKLM\..\Run: [lxcrmon.exe] “C:\Program Files\Lexmark 2400 Series\lxcrmon.exe”
O4 - HKLM\..\Run: [EzPrint] “C:\Program Files\Lexmark 2400 Series\ezprint.exe”
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOKAL TJENESTE’)
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOKAL TJENESTE’)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETVÆRKSTJENESTE’)
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User ‘Default user’)
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldda-dk.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://danid.dk/csp/authenticode/digitalsignatur-csp.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:    C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: lxcr_device -  - C:\Windows\system32\lxcrcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe


End of file - 8771 bytes


Malwarebytes’ Anti-Malware 1.44
Database version: 3831
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

07-03-2010 19:19:29
mbam-log-2010-03-07 (19-19-28).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 260023
Tid tilbagelagt: 1 hour(s), 16 minute(s), 39 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/08/2010 at 11:25 PM

Application Version : 4.34.1000

Core Rules Database Version : 4651
Trace Rules Database Version: 2463

Scan type     : Complete Scan
Total Scan Time : 02:48:25

Memory items scanned     : 840
Memory threats detected   : 0
Registry items scanned   : 6938
Registry threats detected : 0
File items scanned     : 30103
File threats detected   : 16

Adware.Tracking Cookie
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@doubleclick[1].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@adviva[2].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@msnportal.112.2o7[1].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@statse.webtrendslive[1].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@fynskemedieradmin.adservinginternational[2].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@specificclick[2].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@cdn5.specificclick[2].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@server.iad.liveperson[2].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@server.iad.liveperson[3].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@bs.serving-sys[2].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@tradedoubler[1].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@serving-sys[2].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@atdmt[2].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@track.adform[1].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\Low\mette@bluestreak[1].txt
  C:\Users\Mette\AppData\Roaming\Microsoft\Windows\Cookies\mette@ads.sun[1].txt
Vh Mette

    [ Ignorer ]   [ # 1 ]   
  Magic Emeritus
10.03.2010 04:37:27
Administrator
Avatar
Supporter Emeritus
Antal indlæg: 29177

Hej     wink


Hent Combofix, og gem den på dit skrivebord, som alg.exe:
ComboFix

Åben Notesblok og kopier følgende (tekst med fed skrift) ind - og gem tekst-filen som CFScript samme sted som du har ComboFix:


…………………………………………………………………….

Killall::
Snapshot::
Folder::
C:\Program Files\Norman

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen. Som vist her ->

http://www.fromsej.saknet.dk/billeder/swfcombo.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Læg den nye ComboFix log herind. Den kan findes her - C:\combofix Txt

    [ Ignorer ]   [ # 2 ]   
  mette3008
10.03.2010 22:06:10
Antal indlæg: 7

Så er der en combofix logfil….

ComboFix 10-03-10.02 - Mette 10-03-2010 20:30:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.45.1030.18.1789.904 [GMT 1:00]
Kører fra: c:\users\Mette\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Mette\Desktop\CFScript.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3653481123-820116541-1071998289-500
c:\$recycle.bin\S-1-5-21-4262141128-688083046-2296741082-1001
c:\program files\Norman
c:\program files\Norman\data\2008\47\00000001.nst
c:\program files\Norman\data\2009\09\00000001.nst
c:\program files\Norman\data\2009\10\00000001.nst
c:\program files\Norman\data\2009\11\00000001.nst
c:\program files\Norman\data\2009\12\00000001.nst
c:\program files\Norman\data\2009\13\00000001.nst
c:\program files\Norman\data\2009\14\00000001.nst
c:\program files\Norman\data\2009\15\00000001.nst
c:\program files\Norman\data\2009\16\00000001.nst
c:\program files\Norman\data\2009\17\00000001.nst
c:\program files\Norman\data\2009\18\00000001.nst
c:\program files\Norman\data\2009\19\00000001.nst
c:\program files\Norman\data\2009\20\00000001.nst
c:\program files\Norman\data\2009\21\00000001.nst
c:\program files\Norman\data\2009\22\00000001.nst
c:\program files\Norman\data\2009\23\00000001.nst
c:\program files\Norman\data\2009\24\00000001.nst
c:\program files\Norman\data\2009\25\00000001.nst
c:\program files\Norman\data\2009\26\00000001.nst
c:\program files\Norman\data\2009\27\00000001.nst
c:\program files\Norman\data\2009\29\00000001.nst
c:\program files\Norman\data\2009\31\00000001.nst
c:\program files\Norman\data\2009\32\00000001.nst
c:\program files\Norman\data\2009\33\00000001.nst
c:\program files\Norman\data\2009\34\00000001.nst
c:\program files\Norman\data\2009\35\00000001.nst
c:\program files\Norman\data\2009\36\00000001.nst
c:\program files\Norman\data\2009\38\00000001.nst
c:\program files\Norman\data\2009\39\00000001.nst
c:\program files\Norman\data\2009\40\00000001.nst
c:\program files\Norman\data\2009\42\00000001.nst
c:\program files\Norman\data\2009\44\00000001.nst
c:\program files\Norman\data\2009\46\00000001.nst
c:\program files\Norman\data\2009\50\00000001.nst
c:\program files\Norman\data\2009\51\00000001.nst
c:\program files\Norman\data\2009\52\00000001.nst
c:\program files\Norman\data\2009\53\00000001.nst
c:\program files\Norman\data\2010\01\00000001.nst
c:\program files\Norman\data\2010\03\00000001.nst
c:\program files\Norman\data\2010\04\00000001.nst
c:\program files\Norman\data\2010\06\00000001.nst
c:\program files\Norman\data\2010\07\00000001.nst
c:\program files\Norman\data\2010\08\00000001.nst
c:\program files\Norman\data\appstat.nst
c:\program files\Norman\data\stuff.nst
c:\program files\Norman\Download\DESCR7_00F.NSA
c:\program files\Norman\Download\GINST7_00F.NSA
c:\program files\Norman\Download\NGS207_002.NSA
c:\program files\Norman\Download\NGS307_002.NSA
c:\program files\Norman\Download\NSE107_032.NSA
c:\program files\Norman\Download\NSE207_002.NSA
c:\program files\Norman\Download\NSE217_002.NSA
c:\program files\Norman\Download\NSE227_002.NSA
c:\program files\Norman\Download\NSE307_002.NSA
c:\program files\Norman\Download\NVC107_032.NSA
c:\program files\Norman\Download\NVC207_002.NSA
c:\program files\Norman\Download\NVC307_002.NSA
c:\program files\Norman\Download\NVC317_002.NSA
c:\program files\Norman\Download\NVCF07_002.NSA
c:\program files\Norman\Download\NVCF17_032.NSA
c:\program files\Norman\Download\QTN107_032.NSA
c:\program files\Norman\Download\QTN207_002.NSA
c:\program files\Norman\Download\ZAN007_002.NSA
c:\program files\Norman\Download\ZAN017_032.NSA
c:\program files\Norman\Download\ZAN027_002.NSA
c:\program files\Norman\Download\ZAN107_032.NSA
c:\program files\Norman\Download\ZAN207_002.NSA
c:\program files\Norman\Download\ZAN307_002.NSA
c:\program files\Norman\Download\ZAN407_002.NSA
c:\program files\Norman\Download\ZAN507_002.NSA
c:\program files\Norman\Download\ZAN607_002.NSA
c:\program files\Norman\Download\ZAN707_002.NSA
c:\program files\Norman\logs\nvc00000.log
c:\program files\Norman\logs\nvc00001.log
c:\program files\Norman\logs\nvc00002.log
c:\program files\Norman\logs\nvc00003.log
c:\program files\Norman\logs\nvc00004.log
c:\program files\Norman\logs\nvc00005.log
c:\program files\Norman\logs\nvc00006.log
c:\program files\Norman\Ngs\Bin\ngs.exe
c:\program files\Norman\Ngs\Bin\ngs.sys
c:\program files\Norman\Ngs\Bin\nprosec.exe
c:\program files\Norman\Ngs\Bin\nprosec.sys
c:\program files\Norman\Npm\Bin\7za.dll
c:\program files\Norman\Npm\Bin\elogger_64.dll
c:\program files\Norman\Npm\Bin\evlog.dll
c:\program files\Norman\Npm\Bin\Licwiz.exe
c:\program files\Norman\Npm\Bin\Lnq.exe
c:\program files\Norman\Npm\Bin\ndp.dll
c:\program files\Norman\Npm\Bin\Nerrors.dll
c:\program files\Norman\Npm\Bin\Npipe_64.dll
c:\program files\Norman\Npm\Bin\npm.chm
c:\program files\Norman\Npm\Bin\Nptevlg3.dll
c:\program files\Norman\Npm\Bin\Nptstat.dll
c:\program files\Norman\Npm\Bin\Nrp_64.dll
c:\program files\Norman\Npm\Bin\NupdExPi.dll
c:\program files\Norman\Npm\Bin\nwscl.exe
c:\program files\Norman\Npm\Bin\qt-mt338.dll
c:\program files\Norman\Npm\Config\Noemcf.ndf
c:\program files\Norman\Npm\Res\npm.nts
c:\program files\Norman\Npm\Res\status.html
c:\program files\Norman\Npm\Res\status.jpg
c:\program files\Norman\Nse\Bin\ncl.dll
c:\program files\Norman\Nse\Bin\qt-mt338.dll
c:\program files\Norman\Nse\Res\nse.nts
c:\program files\Norman\nvc\bin\evlog.dll
c:\program files\Norman\nvc\bin\ndlg.chm
c:\program files\Norman\nvc\bin\Ndlg.dll
c:\program files\Norman\nvc\bin\Njev_nfo.dll
c:\program files\Norman\nvc\bin\Nlog5.dll
c:\program files\Norman\nvc\bin\nvc.chm
c:\program files\Norman\nvc\bin\Nvcc.exe
c:\program files\Norman\nvc\bin\qt-mt338.dll
c:\program files\Norman\nvc\Res\nvc.nts
c:\program files\Norman\Qtn\Bin\nqtn_64.dll
c:\program files\Norman\Qtn\Bin\zlh_qtn.dll
c:\program files\Norman\Qtn\Res\qtn.nts
c:\program files\Norman\Resources\store.old
c:\program files\Norman\temp\0000075d.scan
c:\program files\Norman\temp\NIP\nipstat.txt
c:\program files\Norman\temp\niu\files1.txt
c:\program files\Norman\temp\niu\files1_6.txt
c:\program files\Norman\temp\niu\files1_7.txt
c:\program files\Norman\temp\todo.ndf
c:\windows\system32\drivers\FSC__PI__AMILO Pa 3515   __FUJITSU SIEMENS_P1     __Ver 1.00PARTTBL_FSC - 6040000_V1.02   __RS780M .MRK

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-\Legacy_NGS
———-\Service_NGS
———-\Service_NPROSECSVC


(((((((((((((((((((((((((((((  Filer skabt fra 2010-02-10 til 2010-03-10 )))))))))))))))))))))))))))))))))))
.

2010-03-09 21:14 . 2010-03-09 21:14   401720   ——a-w-  c:\users\Mette\HiJackThis.exe
2010-03-09 20:51 . 2010-03-09 20:51   ————  d——-w-  c:\program files\Java
2010-03-07 19:51 . 2010-03-07 19:51   ————  d——-w-  c:\program files\Common Files\Java
2010-03-05 16:43 . 2010-03-05 16:44   ————  d——-w-  c:\programdata\WindowsSearch
2010-02-28 14:52 . 2010-02-28 14:52   ————  d——-w-  C:\lexmark
2010-02-09 21:51 . 2010-02-09 21:51   ————  d——-w-  c:\programdata\Alwil Software

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 19:46 . 2008-11-21 22:06   ————  d——-w-  c:\program files\COMODO
2010-03-10 19:22 . 2008-12-26 16:08   ————  d——-w-  c:\users\Mette\AppData\Roaming\Skype
2010-03-10 19:22 . 2009-01-06 13:54   ————  d——-w-  c:\program files\Common Files\Wise Installation Wizard
2010-03-10 19:22 . 2009-12-20 19:55   ————  d——-w-  c:\program files\SUPERAntiSpyware
2010-03-09 21:16 . 2008-11-22 21:34   1   ——a-w-  c:\users\Mette\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-09 20:51 . 2008-11-23 20:15   411368   ——a-w-  c:\windows\system32\deploytk.dll
2010-03-09 11:24 . 2008-11-21 22:00   153184   ——a-w-  c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2008-11-21 22:00   46672   ——a-w-  c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2008-11-21 22:00   162640   ——a-w-  c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2008-11-21 22:00   23376   ——a-w-  c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2008-11-21 22:00   51792   ——a-w-  c:\windows\system32\drivers\aswMonFlt.sys
2010-03-09 11:08 . 2008-11-21 22:00   19024   ——a-w-  c:\windows\system32\drivers\aswFsBlk.sys
2010-03-07 13:38 . 2008-11-21 21:36   ————  d——-w-  c:\program files\Malwarebytes’ Anti-Malware
2010-03-07 13:37 . 2008-11-21 21:37   5115824   ——a-w-  c:\programdata\Malwarebytes\Malwarebytes’ Anti-Malware\mbam-setup.exe
2010-03-07 13:34 . 2009-08-03 20:45   ————  d——-w-  c:\program files\Google
2010-03-07 13:08 . 2009-12-20 20:14   ————  d——-w-  c:\program files\CCleaner
2010-02-28 16:01 . 2008-04-10 07:39   463344   ——a-w-  c:\windows\system32\perfh006.dat
2010-02-28 16:01 . 2008-04-10 07:39   77202   ——a-w-  c:\windows\system32\perfc006.dat
2010-02-28 14:55 . 2009-10-15 10:15   ————  d——-w-  c:\program files\Lexmark 2400 Series
2010-02-28 13:24 . 2008-11-26 16:37   680   ——a-w-  c:\users\Mette\AppData\Local\d3d9caps.dat
2010-02-27 09:33 . 2008-11-21 18:51   74920   ——a-w-  c:\users\Mette\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 20:35 . 2006-11-02 11:18   ————  d——-w-  c:\program files\Windows Mail
2010-02-24 08:16 . 2009-10-04 09:23   181632   ———w-  c:\windows\system32\MpSigStub.exe
2010-02-11 18:53 . 2008-11-21 22:00   38848   ——a-w-  c:\windows\system32\avastSS.scr
2010-02-10 08:26 . 2008-11-21 18:42   ————  d——-w-  c:\programdata\Microsoft Help
2010-02-09 21:55 . 2008-11-21 22:00   ————  d——-w-  c:\program files\Alwil Software
2010-01-25 20:40 . 2009-12-20 20:43   ————  d——-w-  c:\program files\Enigma Software Group
2010-01-24 19:52 . 2009-03-29 11:11   ————  d——-w-  c:\program files\Microsoft Silverlight
2010-01-07 15:07 . 2008-11-21 21:36   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-11-21 21:36   19160   ——a-w-  c:\windows\system32\drivers\mbam.sys
2009-12-24 10:15 . 2009-03-30 09:02   74328   ——a-w-  c:\windows\system32\drivers\inspect.sys
2009-12-14 17:47 . 2009-12-14 17:47   484976   ——a-w-  c:\programdata\Google\Google Toolbar\Update\gtbC543.tmp.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2008-01-21 1233920]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-21 125952]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-11-18 21633320]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe” [2008-01-21 1008184]
“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2008-01-21 61440]
“RtHDVCpl”=“RtHDVCpl.exe” [2008-04-01 6025216]
“SynTPStart”=“c:\program files\Synaptics\SynTP\SynTPStart.exe” [2007-08-17 102400]
“HotkeyApp”=“c:\program files\Launch Manager\HotkeyApp.exe” [2008-03-26 188416]
“WisKeyState”=“c:\program files\Launch Manager\WisKeyState.exe” [2008-03-07 208896]
“LMgrVolOSD”=“c:\program files\Launch Manager\OSD.exe” [2008-03-04 258048]
“LMgrOSD”=“c:\program files\Launch Manager\OSDCtrl.exe” [2007-12-25 241664]
“FSCRecovery”=“c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe” [2008-05-08 268096]
“WPCUMI”=“c:\windows\system32\WpcUmi.exe” [2006-11-02 176128]
“lxcrmon.exe”=“c:\program files\Lexmark 2400 Series\lxcrmon.exe” [2007-01-11 291760]
“EzPrint”=“c:\program files\Lexmark 2400 Series\ezprint.exe” [2006-12-11 82864]
“LXCRCATS”=“c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll” [2006-11-21 106496]
“avast5”=“c:\progra~1\ALWILS~1\Avast5\avastUI.exe” [2010-03-09 2769336]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“fsc-reg”=“c:\programdata\fsc-reg\fscreg.exe” [2007-11-08 470288]

c:\users\Mette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“aux”=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=“Service”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16   39792   ——a-w-  c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57   153136   ——a-w-  c:\program files\Common Files\Nero\Lib\NeroCheck.exe

S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-04-17 114528]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-01-15 118784]

.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.hotmail.com/
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: danid.dk
Trusted Zone: sydbank.dk
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://danid.dk/csp/authenticode/digitalsignatur-csp.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 20:48
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCRCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
————————————Andre kørende processer————————————
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\lxcrcoms.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RtHDVCpl.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2010-03-10 20:55:06 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-03-10 19:55

Pre-Kørsel: 54.113.890.304 byte ledig
Post-Kørsel: 54.257.676.288 byte ledig

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 59D84B42D3D2EA576A57CC13FA763D7C

    [ Ignorer ]   [ # 3 ]   
  Magic Emeritus
11.03.2010 04:41:42
Administrator
Avatar
Supporter Emeritus
Antal indlæg: 29177

Det ser godt nok ud. Hvordan kører tingene nu ?

    [ Ignorer ]   [ # 4 ]   
  mette3008
11.03.2010 11:36:22
Antal indlæg: 7

Den kører foreløbigt uden problemer, så jeg er fortrøstningsfuld.

Tak for jeres udførlige vejledninger, og tak for hjælp til at tjekke logs!

Kaffepenge på vej….

Mette

    [ Ignorer ]   [ # 5 ]   
  Fromsej TeamSpywarefri
11.03.2010 12:01:26
Administrator
Avatar
Team Spywarefri
Antal indlæg: 54707

Velbekomme.smile

Jeg vil på vegne af hele Spywarefri takke dig for din støtte, du vil kunne se dit navn på listen, når støtten er nået frem:
http://www.spywarefri.dk/forum/viewforum/23/

Jeg låser tråden, får du brug for os igen, er du velkommen til at oprette et nyt spørgsmål.

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

 
‹‹ Systemværktøjer/tilbehør kan ikke startes     pc confidential :( ! ››
 
Om os | Kontakt os
Copyright © 2003-2010 Spywarefri - Alle rettigheder haves