‹‹ Virus     TDC Sikkershedspakke finder instm64.exe hverdag? ››
 
 
 
PC inficeret med DR. Guard - er den renset nu
    [ Ignorer ]   
  Delfin
17.03.2010 22:46:53
Antal indlæg: 94

Hej - jeg hjælper en ven med at rense hans PC, som har været inficeret med Dr. Guard + lidt andre ting. PC’en har windows XP home SP3 installeret, den var stort set ubrugelig da jeg fik den til rensning, og man kunne kun køre noget i fejlsikret tilstand, ellers frøs den fuldstændig. Og Norman virkede slet ikke.
Jeg forsøgte at køre Combofix, men det var umuligt.
Jeg kørte Ccleaner flere gange, og prøvede at køre Malwarebytes og Dr.Web.
Jeg kørte så en rensning af Registreringsbasen med JV16 Power Tool(tidl. regsupreme), jeg har købt dette tool til min egen pc, men måtte fjerne Dr. Guard fra registrerings databasen.  - først efter jeg havde kørt Ccleaner flere gange, kunne jeg få Combofix til at køre.
Så fik jeg også kørt Malwarebyte, som fandt og rensede noget snavs.
Nu kunne jeg få PC til at starte op i normal, men kun ved at vælge Diagnostisk start i MSconfig.
Jeg afinstallerede og reinstallerede herefter Malwarebyte igen og denne gang kunne jeg få den opdateret via nettet - kørte igen en scanning.
Herefter kørte jeg Dr. Web, som også fandt noget som blev renset.
Kørte igen CCleaner og nu begyndte Norman at virke igen, så den blev opdateret.
Herefter har jeg hentet Superantispyware og kørt en scan og rens.

Nu kan PC’en kører i normal opstart og alt fungerer tilsyneladende fint, men vil I checke om der er mere snavs på computeren.

Hvilke Log skal jeg sende ind til jer ?

På forhånd tak.

    [ Ignorer ]   [ # 1 ]   
  Magic Emeritus
18.03.2010 05:45:41
Administrator
Avatar
Supporter Emeritus
Antal indlæg: 29177

Hej   wink

Lad os se et par DDS log fiiler ->


Hent DDS og gem programmet på dit Skrivebord:
Her
Dobbeltklik på DDS.scr og tillad programmet at køre.
Når programmet er færdig vil det åbne to logs/tekst-filer.
Gem begge filer på dit Skrivebord og kopier indholdet af txt filerne herind i dit næste indlæg.

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.


Før du sender logfilerne, beder vi dig om at fjerne enhvert P2P/fildelings program, hvis du har nogen, og dette inkluderer Torrent software, før vi renser computeren.

    [ Ignorer ]   [ # 2 ]   
  Delfin
18.03.2010 16:55:47
Antal indlæg: 94

Her er 1. del af loggen fra DDS - mig bekendt er der ikke installeret nogle P2P programmer.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Allan Bo at 15:52:19,31 on 18-03-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.1014.326 [GMT 1:00]

AV: Norman Security Suite *On-access scanning enabled* (Updated)  {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

============== Running Processes ===============

C:\Programmer\Norman\Npm\Bin\Elogsvc.exe
C:\Programmer\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\Programmer\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Wave Systems Corp\Common\DataServer.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Dell\QuickSet\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\Norman\Npm\Bin\scheduler.exe
C:\Programmer\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Norman\Nse\Bin\NSESVC.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\QuickTime\QTTask.exe
C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmer\Norman\Npm\Bin\ZLH.EXE
C:\Programmer\Trust\Trust R-Series Mouse\StartAutorun.exe
C:\Programmer\Trust\Trust R-Series Mouse\KMConfig.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Trust\Trust R-Series Mouse\KMProcess.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmer\NetWaiting\netwaiting.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Apoint\HidFind.exe
C:\MapSource\gStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmer\Norman\Nvc\Bin\nvcoas.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmer\Norman\Nvc\Bin\Nip.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmer\Norman\Nvc\Bin\cclaw.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\Windows Live\Toolbar\wltuser.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Allan Bo.ALLAN\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programmer\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\programmer\bae\BAE.dll
BHO: mail.com: {cd292324-974f-4224-ce6f-cc9441768f5d} - c:\programmer\mail.com\toolbar\Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programmer\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: mail.com: {cd292324-974f-4224-ce6f-cc9441768f5d} - c:\programmer\mail.com\toolbar\Toolbar.dll
TB: &Windows; Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programmer\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [ModemOnHold] c:\programmer\netwaiting\netwaiting.exe
uRun: [swg] c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] “c:\programmer\windows live\messenger\MsnMsgr.Exe” /background
uRun: [gStart] c:\mapsource\gStart.exe
uRun: [Steam] c:\valve\steam\Steam.exe -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PPort11reminder] “c:\programmer\scansoft\paperport\ereg\ereg.exe” -r “c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [SunJavaUpdateSched] “c:\programmer\java\jre6\bin\jusched.exe”
mRun: [SSBkgdUpdate] “c:\programmer\fælles filer\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe” -Embedding -boot
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] “c:\programmer\quicktime\QTTask.exe” -atboottime
mRun: [PaperPort PTD] “c:\programmer\scansoft\paperport\pptd40nt.exe”
mRun: [Norman ZANDA] “c:\programmer\norman\npm\bin\ZLH.EXE” /LOAD /SPLASH
mRun: [KMCONFIG] c:\programmer\trust\trust r-series mouse\StartAutorun.exe KMConfig.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] “c:\programmer\itunes\iTunesHelper.exe”
mRun: [ISUSScheduler] “c:\programmer\fælles filer\installshield\updateservice\issch.exe” -start
mRun: [ISUSPM Startup] c:\progra~1\fælles~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IntelZeroConfig] “c:\programmer\intel\wireless\bin\ZCfgSvc.exe”
mRun: [IntelWireless] “c:\programmer\intel\wireless\bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
mRun: [IndexSearch] “c:\programmer\scansoft\paperport\IndexSearch.exe”
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] “c:\programmer\r\cyberlink\powerdvd\DVDLauncher.exe”
mRun: [Document Manager] c:\programmer\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Dell QuickSet] c:\programmer\dell\quickset\quickset.exe
mRun: [ControlCenter3] c:\programmer\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrMfcWnd] c:\programmer\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [AppleSyncNotifier] c:\programmer\fælles filer\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Apoint] c:\programmer\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher] “c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe”
mRun: [Adobe ARM] “c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe”
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\blueto~1.lnk - c:\programmer\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\digita~1.lnk - c:\programmer\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\embass~1.lnk - c:\programmer\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\nkbmon~1.lnk - c:\programmer\nikon\pictureproject\NkbMonitor.exe
IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live; Favorites - http://favorites.live.com/quickadd.aspx
IE: E&ksporter; til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\programmer\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\programmer\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmer\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\allanb~1.all\applic~1\mozilla\firefox\profiles\l4iqirck.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Webster
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:da:official
FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.0.0&locale=da&q=
FF - plugin: c:\programmer\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmer\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmer\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programmer\microsoft\office live\npOLW.dll
FF - plugin: c:\programmer\picasa2\npPicasa3.dll
FF - plugin: c:\programmer\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

——FIREFOX POLICIES——
c:\programmer\mozilla firefox\greprefs\security-prefs.js - pref(“security.ssl3.rsa_seed_sha”, true);
c:\programmer\mozilla firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”);

============= SERVICES / DRIVERS ===============

R1 NGS;Norman General Security Driver;c:\programmer\norman\ngs\bin\ngs.sys [2009-4-6 25032]
R1 NPROSEC;Norman Security driver;c:\programmer\norman\ngs\bin\nprosec.sys [2009-5-12 61512]
R1 SASDIFSV;SASDIFSV;c:\programmer\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-6 54752]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\programmer\trust\trust r-series mouse\KMWDSrv.exe [2007-6-8 208896]
R2 Ndiskio;Ndiskio;c:\programmer\norman\nse\bin\Ndiskio.sys [2009-10-16 24168]
R2 Norman ZANDA;Norman ZANDA;c:\programmer\norman\npm\bin\Zanda.exe [2009-2-25 386440]
R2 NPROSECSVC;Norman Security service;c:\programmer\norman\ngs\bin\nprosec.exe [2009-5-12 103752]
R2 NVOY;Norman Resource Provider;c:\programmer\norman\npm\bin\nvoy.exe [2009-4-6 128328]
R3 nsesvc;Norman Scanner Engine Service;c:\programmer\norman\nse\bin\Nsesvc.exe [2009-10-16 283976]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2009-4-6 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\programmer\norman\nvc\bin\Nvcoas.exe [2009-4-6 202056]
R3 Scheduler;Norman Scheduler Service;c:\programmer\norman\npm\bin\scheduler.exe [2009-5-12 133272]
S2 gupdate1c990688a5e85be;Tjenesten Google Update (gupdate1c990688a5e85be);c:\programmer\google\update\GoogleUpdate.exe [2009-2-16 133104]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\allanb~1.all\lokale~1\temp\dmskssrh.sys—> c:\docume~1\allanb~1.all\lokale~1\temp\DMSKSSRh.sys [?]
S3 fsssvc;Windows Live-tjenesten Family Safety;c:\programmer\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 NVCScheduler;Norman Virus Control Scheduler;“c:\programmer\norman\npm\bin\nvcsched.exe”—> c:\programmer\norman\npm\bin\Nvcsched.exe [?]
S3 SASENUM;SASENUM;c:\programmer\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-7-21 39424]

=============== Created Last 30 ================

2010-03-16 17:42:06   0   d——-w-  c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-16 17:41:48   0   d——-w-  c:\programmer\SUPERAntiSpyware
2010-03-16 17:41:48   0   d——-w-  c:\docume~1\allanb~1.all\applic~1\SUPERAntiSpyware.com
2010-03-15 22:08:56   293376   ———w-  c:\windows\system32\browserchoice.exe
2010-03-14 22:41:06   23   ——a-w-  c:\windows\system32\aefac_g.ocx
2010-03-14 22:41:00   0   d——-w-  c:\programmer\RegSupreme
2010-03-14 19:48:48   3558912   ———w-  c:\windows\system32\dllcache\moviemk.exe
2010-03-14 18:04:20   98816   ——a-w-  c:\windows\sed.exe
2010-03-14 18:04:20   77312   ——a-w-  c:\windows\MBR.exe
2010-03-14 18:04:20   261632   ——a-w-  c:\windows\PEV.exe
2010-03-14 18:04:20   161792   ——a-w-  c:\windows\SWREG.exe
2010-03-14 17:50:34   0   d——-w-  C:\Download
2010-03-14 17:45:14   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 17:45:11   19160   ——a-w-  c:\windows\system32\drivers\mbam.sys
2010-03-14 17:45:11   0   d——-w-  c:\programmer\Malwarebytes’ Anti-Malware
2010-03-11 21:07:30   0   d——-w-  c:\programmer\fælles filer\Wise Installation Wizard
2010-03-11 20:47:33   0   d——-w-  c:\windows\pss
2010-03-09 19:11:18   0   d——-w-  c:\documents and settings\allan bo.allan\DoctorWeb
2010-03-09 16:39:51   0   d——-w-  c:\programmer\CCleaner
2010-03-08 17:04:50   1048   ——a-w-  c:\docume~1\alluse~1\applic~1\fiosejgfse.dll
2010-03-08 16:57:38   860672   ——a-w-  c:\windows\system32\drivers\kdrfbw.sys
2010-02-17 15:35:08   0   d——-w-  c:\docume~1\allanb~1.all\applic~1\Malwarebytes
2010-02-17 15:35:01   0   d——-w-  c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-16 18:03:19   0   d——-w-  c:\docume~1\allanb~1.all\applic~1\Wave Systems Corp

==================== Find3M ====================

2010-03-07 17:20:15   1034752   ——a-w-  c:\windows\system32\dllcache\explorer.exe
2010-03-07 17:20:15   1034752   ———w-  c:\windows\explorer.exe
2009-12-31 16:50:03   353792   ———w-  c:\windows\system32\dllcache\srv.sys
2009-12-21 19:08:01   916480   ——a-w-  c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:08:01   916480   ———w-  c:\windows\system32\wininet.dll
2009-12-21 19:08:01   12800   ———w-  c:\windows\system32\dllcache\xpshims.dll
2009-12-21 19:08:01   1208832   ——a-w-  c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:08:00   5942784   ——a-w-  c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:08:00   206848   ———w-  c:\windows\system32\dllcache\occache.dll
2009-12-21 19:07:58   594432   ———w-  c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 19:07:58   55296   ———w-  c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 19:07:57   25600   ———w-  c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:07:57   1985536   ———w-  c:\windows\system32\dllcache\iertutil.dll
2009-12-21 19:07:56   246272   ———w-  c:\windows\system32\dllcache\ieproxy.dll
2009-12-21 19:07:56   184320   ———w-  c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:07:56   11070464   ———w-  c:\windows\system32\dllcache\ieframe.dll
2009-12-21 19:07:53   387584   ———w-  c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:18:55   173056   ———w-  c:\windows\system32\dllcache\ie4uinit.exe
2007-04-11 16:32:53   21102064   ——a-w-  c:\programmer\AdbeRdr80_da_DK.exe

============= FINISH: 15:53:09,78 ===============

    [ Ignorer ]   [ # 3 ]   
  Delfin
18.03.2010 16:57:02
Antal indlæg: 94

Og her er den anden log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11-04-2007 17:15:07
System Uptime: 18-03-2010 15:40:26 (0 hours ago)

Motherboard: Dell Inc. |  | 0GF470
Processor: Intel(R) Core(TM)2 CPU       T5500 @ 1.66GHz | Microprocessor | 980/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 53,999 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394-netværkskort
Device ID: V1394\NIC1394\AB6E450424FC000
Manufacturer: Microsoft
Name: 1394-netværkskort
PNP Device ID: V1394\NIC1394\AB6E450424FC000
Service: NIC1394

==== System Restore Points ===================

RP1: 14-03-2010 23:05:43 - Systemkontrolpunkt
RP2: 14-03-2010 23:06:25 - renset step 1
RP3: 15-03-2010 00:01:46 - Software Distribution Service 3.0
RP4: 15-03-2010 23:09:49 - Software Distribution Service 3.0
RP5: 16-03-2010 18:41:43 - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================


Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Reader 9.3 - Dansk
Adobe Shockwave Player 11
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
biolsp patch
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Advanced Control Suite
Broadcom TPM Driver Installer
Brother MFL-Pro Suite
Cardio PC Link v1.1.1se
CCleaner
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Counter-Strike: Condition Zero
Dell Embassy Trust Suite by Wave Systems
Digital Line Detect
Digital Signatur
Document Manager Lite
EAX Unified
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ETS Launch Pad
ETS Upgrade
FaceFilter Studio Brother Edition
Fremhævelsesvisning (Windows Live Toolbar)
Garmin ANT Agent
Garmin Communicator Plugin
Garmin Training Center 3.4.3
Garmin USB Drivers
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix til Windows Media Player 11 (KB939683)
Hotfix til Windows XP (KB952287)
Hotfix til Windows XP (KB961118)
Hotfix til Windows XP (KB970653-v3)
Hotfix til Windows XP (KB976098-v2)
Hotfix til Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
KODAK EASYSHARE Gallery Upload ActiveX Control
mail.com
Malwarebytes’ Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Danish Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Small Business Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.5.8)
mPfMgr
mPfWiz
mProSafe
mSSO
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
Nikon FotoShare
Nikon Message Center
Norman Security Suite
NTRU Hybrid TSS v2.0.25
OGA Notifier 2.0.0048.0
Opdatering til Windows Internet Explorer 8 (KB968220)
Opdatering til Windows Internet Explorer 8 (KB976662)
Opdatering til Windows Internet Explorer 8 (KB976749)
Opdatering til Windows XP (KB951072-v2)
Opdatering til Windows XP (KB951978)
Opdatering til Windows XP (KB955759)
Opdatering til Windows XP (KB955839)
Opdatering til Windows XP (KB961503)
Opdatering til Windows XP (KB967715)
Opdatering til Windows XP (KB968389)
Opdatering til Windows XP (KB971737)
Opdatering til Windows XP (KB973687)
Opdatering til Windows XP (KB973815)
Overførselsværktøj til Windows Live
PaperPort Image Printer
Picasa 3
PictureProject
PL-2303 USB-to-Serial
PowerDVD 5.7
Preboot Manager
Private Information Manager
QuickSet
QuickTime
RegSupreme
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Samsung PC Studio
ScanSoft PaperPort 11
SearchAssist
Secure Update
Security Update for CAPICOM (KB931906)
Security Wizards
Segoe UI
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB969897)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB971961)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB972260)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB974455)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB976325)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB978207)
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player (KB952069)
Sikkerhedsopdatering til Windows Media Player (KB954155)
Sikkerhedsopdatering til Windows Media Player (KB968816)
Sikkerhedsopdatering til Windows Media Player (KB973540)
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
Sikkerhedsopdatering til Windows Media Player 9 (KB917734)
Sikkerhedsopdatering til Windows Media Player 9 (KB936782)
Sikkerhedsopdatering til Windows XP (KB923561)
Sikkerhedsopdatering til Windows XP (KB923689)
Sikkerhedsopdatering til Windows XP (KB923789)
Sikkerhedsopdatering til Windows XP (KB938464)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB946648)
Sikkerhedsopdatering til Windows XP (KB950759)
Sikkerhedsopdatering til Windows XP (KB950760)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951066)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951698)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952004)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB953838)
Sikkerhedsopdatering til Windows XP (KB953839)
Sikkerhedsopdatering til Windows XP (KB954211)
Sikkerhedsopdatering til Windows XP (KB954459)
Sikkerhedsopdatering til Windows XP (KB954600)
Sikkerhedsopdatering til Windows XP (KB955069)
Sikkerhedsopdatering til Windows XP (KB956390)
Sikkerhedsopdatering til Windows XP (KB956391)
Sikkerhedsopdatering til Windows XP (KB956572)
Sikkerhedsopdatering til Windows XP (KB956744)
Sikkerhedsopdatering til Windows XP (KB956802)
Sikkerhedsopdatering til Windows XP (KB956803)
Sikkerhedsopdatering til Windows XP (KB956841)
Sikkerhedsopdatering til Windows XP (KB956844)
Sikkerhedsopdatering til Windows XP (KB957095)
Sikkerhedsopdatering til Windows XP (KB957097)
Sikkerhedsopdatering til Windows XP (KB958215)
Sikkerhedsopdatering til Windows XP (KB958644)
Sikkerhedsopdatering til Windows XP (KB958687)
Sikkerhedsopdatering til Windows XP (KB958690)
Sikkerhedsopdatering til Windows XP (KB958869)
Sikkerhedsopdatering til Windows XP (KB959426)
Sikkerhedsopdatering til Windows XP (KB960225)
Sikkerhedsopdatering til Windows XP (KB960714)
Sikkerhedsopdatering til Windows XP (KB960715)
Sikkerhedsopdatering til Windows XP (KB960803)
Sikkerhedsopdatering til Windows XP (KB960859)
Sikkerhedsopdatering til Windows XP (KB961371)
Sikkerhedsopdatering til Windows XP (KB961373)
Sikkerhedsopdatering til Windows XP (KB961501)
Sikkerhedsopdatering til Windows XP (KB968537)
Sikkerhedsopdatering til Windows XP (KB969059)
Sikkerhedsopdatering til Windows XP (KB969898)
Sikkerhedsopdatering til Windows XP (KB969947)
Sikkerhedsopdatering til Windows XP (KB970238)
Sikkerhedsopdatering til Windows XP (KB970430)
Sikkerhedsopdatering til Windows XP (KB971468)
Sikkerhedsopdatering til Windows XP (KB971486)
Sikkerhedsopdatering til Windows XP (KB971557)
Sikkerhedsopdatering til Windows XP (KB971633)
Sikkerhedsopdatering til Windows XP (KB971657)
Sikkerhedsopdatering til Windows XP (KB972270)
Sikkerhedsopdatering til Windows XP (KB973346)
Sikkerhedsopdatering til Windows XP (KB973354)
Sikkerhedsopdatering til Windows XP (KB973507)
Sikkerhedsopdatering til Windows XP (KB973525)
Sikkerhedsopdatering til Windows XP (KB973869)
Sikkerhedsopdatering til Windows XP (KB973904)
Sikkerhedsopdatering til Windows XP (KB974112)
Sikkerhedsopdatering til Windows XP (KB974318)
Sikkerhedsopdatering til Windows XP (KB974392)
Sikkerhedsopdatering til Windows XP (KB974571)
Sikkerhedsopdatering til Windows XP (KB975025)
Sikkerhedsopdatering til Windows XP (KB975467)
Sikkerhedsopdatering til Windows XP (KB975560)
Sikkerhedsopdatering til Windows XP (KB975561)
Sikkerhedsopdatering til Windows XP (KB975713)
Sikkerhedsopdatering til Windows XP (KB977165)
Sikkerhedsopdatering til Windows XP (KB977914)
Sikkerhedsopdatering til Windows XP (KB978037)
Sikkerhedsopdatering til Windows XP (KB978251)
Sikkerhedsopdatering til Windows XP (KB978262)
Sikkerhedsopdatering til Windows XP (KB978706)
Smarte menuer (Windows Live Toolbar)
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Steam
SUPERAntiSpyware Free Edition
Tilmeldingsassistent til Windows Live
Trust R-Series Mouse
Udvidelser (Windows Live Toolbar)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
upekmsi
URL Assistant
Vigtig opdatering til Windows Media Player 11 (KB959772)
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites til Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR arkivering

==== End Of File ===========================

    [ Ignorer ]   [ # 4 ]   
  Fromsej TeamSpywarefri
18.03.2010 18:31:01
Administrator
Avatar
Team Spywarefri
Antal indlæg: 54701

Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
File::
c:\docume~1\allanb~1.all\lokale~1\temp\dmskssrh.sys
c:\docume~1\alluse~1\applic~1\fiosejgfse.dll
c:\windows\system32\drivers\kdrfbw.sys
Driver::
DMSKSSRh

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 5 ]   
  Delfin
18.03.2010 19:16:32
Antal indlæg: 94

Så har jeg kørt combofix og her er loggen:

ComboFix 10-03-17.07 - Allan Bo 18-03-2010 17:55:51.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.1014.286 [GMT 1:00]
Kører fra: c:\documents and settings\Allan Bo.ALLAN\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Allan Bo.ALLAN\Skrivebord\Sikkerhed\CFScript.txt
AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!

FILE ::
“c:\docume~1\allanb~1.all\lokale~1\temp\dmskssrh.sys”
“c:\docume~1\alluse~1\applic~1\fiosejgfse.dll”
“c:\windows\system32\drivers\kdrfbw.sys”
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~1\applic~1\fiosejgfse.dll
c:\windows\system32\drivers\kdrfbw.sys

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-\Legacy_DMSKSSRH
———-\Service_DMSKSSRh
———-\Legacy_kdrfbw
———-\Service_kdrfbw


(((((((((((((((((((((((((((((  Filer skabt fra 2010-02-18 til 2010-03-18 )))))))))))))))))))))))))))))))))))
.

2010-03-16 17:42 . 2010-03-16 17:42   ————  d——-w-  c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-16 17:41 . 2010-03-16 17:41   ————  d——-w-  c:\programmer\SUPERAntiSpyware
2010-03-16 17:41 . 2010-03-16 17:41   ————  d——-w-  c:\documents and settings\Allan Bo.ALLAN\Application Data\SUPERAntiSpyware.com
2010-03-15 22:08 . 2010-02-12 10:03   293376   ———w-  c:\windows\system32\browserchoice.exe
2010-03-14 22:41 . 2010-03-14 22:41   ————  d——-w-  c:\programmer\RegSupreme
2010-03-14 19:48 . 2009-10-23 15:28   3558912   ———w-  c:\windows\system32\dllcache\moviemk.exe
2010-03-14 17:50 . 2010-03-14 17:50   ————  d——-w-  C:\Download
2010-03-14 17:45 . 2010-01-07 15:07   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 17:45 . 2010-03-14 17:45   ————  d——-w-  c:\programmer\Malwarebytes’ Anti-Malware
2010-03-14 17:45 . 2010-01-07 15:07   19160   ——a-w-  c:\windows\system32\drivers\mbam.sys
2010-03-11 21:07 . 2010-03-11 21:07   ————  d——-w-  c:\programmer\Fælles filer\Wise Installation Wizard
2010-03-11 20:47 . 2010-03-11 20:47   ————  d-sh—w-  c:\documents and settings\Administrator\IETldCache
2010-03-09 19:11 . 2010-03-09 19:11   ————  d——-w-  c:\documents and settings\Allan Bo.ALLAN\DoctorWeb
2010-03-09 16:39 . 2010-03-09 16:39   ————  d——-w-  c:\programmer\CCleaner
2010-03-08 16:57 . 2010-03-08 16:57   ————  d-sh—w-  c:\windows\system32\config\systemprofile\IETldCache
2010-02-17 15:35 . 2010-02-17 15:35   ————  d——-w-  c:\documents and settings\Allan Bo.ALLAN\Application Data\Malwarebytes
2010-02-17 15:35 . 2010-02-17 15:35   ————  d——-w-  c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-16 18:03 . 2010-02-16 18:04   ————  d——-w-  c:\documents and settings\Allan Bo.ALLAN\Application Data\Wave Systems Corp

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 17:02 . 2007-04-11 16:31   ————  d——-w-  c:\programmer\Norman
2010-03-17 22:25 . 2009-02-16 18:57   ————  d——-w-  c:\documents and settings\All Users\Application Data\Google Updater
2010-03-14 22:09 . 2009-07-12 16:26   ————  d——-w-  c:\programmer\DIFX
2010-03-07 17:20 . 2004-09-16 16:38   1034752   ———w-  c:\windows\explorer.exe
2010-02-16 18:04 . 2007-03-16 04:01   ————  d——-w-  c:\programmer\Wave Systems Corp
2010-02-13 16:42 . 2007-04-11 16:29   ————  d——-w-  c:\programmer\Fælles filer\Adobe
2010-02-10 16:47 . 2007-03-16 04:13   ————  d——-w-  c:\programmer\Google
2010-01-23 15:17 . 2010-01-23 15:17   ————  d——-w-  c:\documents and settings\Allan Bo.ALLAN\Application Data\Office Genuine Advantage
2010-01-21 14:40 . 2009-04-09 07:49   ————  d——-w-  c:\programmer\Microsoft Silverlight
2009-12-31 16:50 . 2004-09-16 16:38   353792   ——a-w-  c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-09-16 16:38   916480   ———w-  c:\windows\system32\wininet.dll
2007-04-11 16:32 . 2007-04-11 16:29   21102064   ——a-w-  c:\programmer\AdbeRdr80_da_DK.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD292324-974F-4224-CE6F-CC9441768F5D}]
2007-05-15 21:15   629288   ——a-w-  c:\programmer\mail.com\Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{CD292324-974F-4224-CE6F-CC9441768F5D}”= “c:\programmer\mail.com\Toolbar\Toolbar.dll” [2007-05-15 629288]

[HKEY_CLASSES_ROOT\clsid\{cd292324-974f-4224-ce6f-cc9441768f5d}]
[HKEY_CLASSES_ROOT\Toolbar.mail.com]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{CD292324-974F-4224-CE6F-CC9441768F5D}”= “c:\programmer\mail.com\Toolbar\Toolbar.dll” [2007-05-15 629288]

[HKEY_CLASSES_ROOT\clsid\{cd292324-974f-4224-ce6f-cc9441768f5d}]
[HKEY_CLASSES_ROOT\Toolbar.mail.com]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ModemOnHold”=“c:\programmer\NetWaiting\netwaiting.exe” [2003-09-10 20480]
“swg”=“c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-11-07 68856]
“MsnMsgr”=“c:\programmer\Windows Live\Messenger\MsnMsgr.Exe” [2009-07-26 3883856]
“gStart”=“c:\mapsource\gStart.exe” [2008-08-13 1891416]
“Steam”=“c:\valve\Steam\Steam.exe” [2003-11-11 1081344]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PPort11reminder”=“c:\programmer\ScanSoft\PaperPort\Ereg\Ereg.exe” [2007-02-01 255528]
“SunJavaUpdateSched”=“c:\programmer\Java\jre6\bin\jusched.exe” [2009-10-11 149280]
“SSBkgdUpdate”=“c:\programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 210472]
“SigmatelSysTrayApp”=“stsystra.exe” [2006-03-24 282624]
“QuickTime Task”=“c:\programmer\QuickTime\QTTask.exe” [2009-05-26 413696]
“PaperPort PTD”=“c:\programmer\ScanSoft\PaperPort\pptd40nt.exe” [2007-01-29 30248]
“Norman ZANDA”=“c:\programmer\Norman\Npm\Bin\ZLH.EXE” [2009-11-24 189824]
“KMCONFIG”=“c:\programmer\Trust\Trust R-Series Mouse\StartAutorun.exe” [2007-03-06 212992]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2007-09-21 55824]
“iTunesHelper”=“c:\programmer\iTunes\iTunesHelper.exe” [2009-06-05 292136]
“ISUSScheduler”=“c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe” [2005-02-16 81920]
“ISUSPM Startup”=“c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-07-27 221184]
“IntelZeroConfig”=“c:\programmer\Intel\Wireless\bin\ZCfgSvc.exe” [2006-10-18 802816]
“IntelWireless”=“c:\programmer\Intel\Wireless\Bin\ifrmewrk.exe” [2006-10-18 696320]
“IndexSearch”=“c:\programmer\ScanSoft\PaperPort\IndexSearch.exe” [2007-01-29 46632]
“igfxtray”=“c:\windows\system32\igfxtray.exe” [2005-12-13 98304]
“igfxpers”=“c:\windows\system32\igfxpers.exe” [2005-12-13 118784]
“igfxhkcmd”=“c:\windows\system32\hkcmd.exe” [2005-12-13 77824]
“DVDLauncher”=“c:\programmer\r\CyberLink\PowerDVD\DVDLauncher.exe” [2005-12-09 49152]
“Document Manager”=“c:\programmer\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe” [2006-09-08 102400]
“DLA”=“c:\windows\System32\DLA\DLACTRLW.EXE” [2005-09-08 122940]
“Dell QuickSet”=“c:\programmer\Dell\QuickSet\quickset.exe” [2006-06-29 1032192]
“ControlCenter3”=“c:\programmer\Brother\ControlCenter3\brctrcen.exe” [2007-01-26 65536]
“BrMfcWnd”=“c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe” [2007-03-12 663552]
“AppleSyncNotifier”=“c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2009-05-20 177472]
“Apoint”=“c:\programmer\Apoint\Apoint.exe” [2005-10-07 176128]
“Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-12-22 35760]
“Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Bluetooth Manager.lnk - c:\programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2007-3-16 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\programmer\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
NkbMonitor.exe.lnk - c:\programmer\Nikon\PictureProject\NkbMonitor.exe [2008-7-21 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\programmer\SUPERAntiSpyware\SASSEH.DLL” [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41   294912   ——a-w-  c:\programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ     msv1_0 wvauth

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\Messenger\\msmsgs.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Valve\\Condition Zero\\czero.exe”=
“c:\\Programmer\\Bonjour\\mDNSResponder.exe”=
“c:\\Programmer\\iTunes\\iTunes.exe”=
“c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe”=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8085:TCP”= 8085:TCP:OKOGate

R1 NGS;Norman General Security Driver;c:\programmer\Norman\Ngs\Bin\ngs.sys [06-04-2009 13:38 25032]
R1 NPROSEC;Norman Security driver;c:\programmer\Norman\Ngs\Bin\nprosec.sys [12-05-2009 14:52 61512]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\programmer\Trust\Trust R-Series Mouse\KMWDSrv.exe [08-06-2007 23:23 208896]
R2 Ndiskio;Ndiskio;c:\programmer\Norman\Nse\Bin\Ndiskio.sys [16-10-2009 16:18 24168]
R2 NPROSECSVC;Norman Security service;c:\programmer\Norman\Ngs\Bin\nprosec.exe [12-05-2009 14:52 103752]
R2 NVOY;Norman Resource Provider;c:\programmer\Norman\Npm\Bin\nvoy.exe [06-04-2009 13:39 128328]
R3 nsesvc;Norman Scanner Engine Service;c:\programmer\Norman\Nse\Bin\Nsesvc.exe [16-10-2009 16:18 283976]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [06-04-2009 13:38 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\programmer\Norman\nvc\bin\Nvcoas.exe [06-04-2009 13:38 202056]
R3 Scheduler;Norman Scheduler Service;c:\programmer\Norman\Npm\Bin\scheduler.exe [12-05-2009 14:52 133272]
S2 gupdate1c990688a5e85be;Tjenesten Google Update (gupdate1c990688a5e85be);c:\programmer\Google\Update\GoogleUpdate.exe [16-02-2009 19:58 133104]
S3 NVCScheduler;Norman Virus Control Scheduler;“c:\programmer\Norman\Npm\Bin\Nvcsched.exe”—> c:\programmer\Norman\Npm\Bin\Nvcsched.exe [?]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [21-07-2008 12:13 39424]

—- Andre Services/Drivers i Hukommelsen—-

*Deregistered* - mchInjDrv
.
Indhold af mappen ‘Planlagte Opgaver’

2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-03-18 c:\windows\Tasks\Google Software Updater.job
- c:\programmer\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-21 05:51]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-02-16 18:58]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-02-16 18:58]

2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{92F160D4-5847-4E0E-B51E-BF519818AC30}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
———- Yderligere scanning———-
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live; Favorites - http://favorites.live.com/quickadd.aspx
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} - hxxps://danid.dk/csp/authenticode/csp.exe
FF - ProfilePath - c:\documents and settings\Allan Bo.ALLAN\Application Data\Mozilla\Firefox\Profiles\l4iqirck.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Webster
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:da:official
FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.0.0&locale=da&q=
FF - plugin: c:\programmer\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmer\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmer\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Picasa2\npPicasa3.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

——FIREFOX POLITIKKER——
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 18:04
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘winlogon.exe’(1120)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > ‘lsass.exe’(1176)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > ‘explorer.exe’(1280)
c:\programmer\Norman\nvc\bin\Niphk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\programmer\Norman\Npm\Bin\Elogsvc.exe
c:\programmer\Intel\Wireless\Bin\EvtEng.exe
c:\programmer\Intel\Wireless\Bin\S24EvMon.exe
c:\programmer\Intel\Wireless\Bin\WLKeeper.exe
c:\programmer\Norman\Npm\Bin\Zanda.exe
c:\windows\System32\SCardSvr.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Wave Systems Corp\Common\DataServer.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\stsystra.exe
c:\programmer\Dell\QuickSet\NICCONFIGSVC.exe
c:\programmer\Trust\Trust R-Series Mouse\KMConfig.exe
c:\programmer\Intel\Wireless\Bin\RegSrvc.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmer\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\programmer\Trust\Trust R-Series Mouse\KMProcess.exe
c:\windows\system32\igfxsrvc.exe
c:\programmer\Brother\ControlCenter3\brccMCtl.exe
c:\programmer\Norman\Npm\Bin\Njeeves.exe
c:\programmer\iPod\bin\iPodService.exe
c:\programmer\Brother\Brmfcmon\BrMfcmon.exe
c:\programmer\Apoint\Apntex.exe
c:\programmer\Apoint\HidFind.exe
c:\programmer\Intel\Wireless\Bin\Dot1XCfg.exe
c:\programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\programmer\Norman\Nvc\Bin\Nip.exe
c:\programmer\Norman\Nvc\Bin\cclaw.exe
c:\programmer\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Gennemført tid: 2010-03-18 18:11:14 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-03-18 17:11
ComboFix2.txt 2010-03-16 22:45

Pre-Kørsel: 57.931.091.968 byte ledig
Post-Kørsel: 57.894.526.976 byte ledig

- - End Of File - - 8CC42210B0B0D24C30EEF59DF93EF1DF

    [ Ignorer ]   [ # 6 ]   
  Magic Emeritus
19.03.2010 04:53:50
Administrator
Avatar
Supporter Emeritus
Antal indlæg: 29177

Hent nyeste version af HijackThis ned til skrivebordet Her:
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
2. Dobbeltklik på installationsfilen, og følg installationsvejledningen.
3. Dobbeltklik på det nye HijackThis ikon på skrivebordet.
4. På menuen der kommer op, klikker du på: Do a systemscan and save a logfile.
5. Efter et kort øjeblik åbner en logfil i notesblok, gem den.
5. Sådan kopieres loggen ind i et spørgsmål:
Mens loggen er åben, markeres al teksten med tastekombinationen CTRL + A.
For at kopiere den markerede tekst bruges tastekombinationen CTRL + C, som ”fastgør” det i udklipsholderen i Windows. Gå så ind i dit spørgsmål og klik på kommentér knappen. Her indsættes det kopierede i det hvide felt med tastekombinationen CTRL + V.


Send så hijackthis loggen herind, og fortæl hvordan tingene kører nu ?

    [ Ignorer ]   [ # 7 ]   
  Delfin
19.03.2010 23:40:37
Antal indlæg: 94

Her er Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:39:41, on 19-03-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\Norman\Npm\Bin\Elogsvc.exe
C:\Programmer\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\Programmer\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Wave Systems Corp\Common\DataServer.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Dell\QuickSet\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\Norman\Npm\Bin\Njeeves.exe
C:\Programmer\Norman\Npm\Bin\scheduler.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\QuickTime\QTTask.exe
C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmer\Norman\Npm\Bin\ZLH.EXE
C:\Programmer\Trust\Trust R-Series Mouse\StartAutorun.exe
C:\Programmer\Trust\Trust R-Series Mouse\KMConfig.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Trust\Trust R-Series Mouse\KMProcess.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmer\Brother\ControlCenter3\brccMCtl.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\NetWaiting\netwaiting.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\Apoint\HidFind.exe
C:\MapSource\gStart.exe
C:\Programmer\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programmer\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\Norman\Nse\Bin\NSESVC.EXE
C:\Programmer\Norman\Nvc\Bin\Nip.exe
C:\Programmer\Norman\Nvc\Bin\nvcoas.exe
C:\Programmer\Norman\Nvc\Bin\cclaw.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.dk/ig/dell?hl=da&client=dell-row-rel&channel=dk&ibd=1070316
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmer\BAE\BAE.dll
O2 - BHO: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\Programmer\mail.com\Toolbar\Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\Programmer\mail.com\Toolbar\Toolbar.dll
O3 - Toolbar: &Windows; Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PPort11reminder] “C:\Programmer\ScanSoft\PaperPort\Ereg\Ereg.exe” -r “C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: [SSBkgdUpdate] “C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] “C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe”
O4 - HKLM\..\Run: [Norman ZANDA] “C:\Programmer\Norman\Npm\Bin\ZLH.EXE” /LOAD /SPLASH
O4 - HKLM\..\Run: [KMCONFIG] C:\Programmer\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] “C:\Programmer\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: [ISUSScheduler] “C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelZeroConfig] “C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe”
O4 - HKLM\..\Run: [IntelWireless] “C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IndexSearch] “C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe”
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] “C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe”
O4 - HKLM\..\Run: [Document Manager] C:\Programmer\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmer\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: [Adobe ARM] “C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: [ModemOnHold] C:\Programmer\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [gStart] C:\MapSource\gStart.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Programmer\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver; - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live; Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Blog; det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Programmer\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate1c990688a5e85be) (gupdate1c990688a5e85be) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programmer\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Programmer\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programmer\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programmer\Norman\Nse\Bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Programmer\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programmer\Norman\npm\bin\nvoy.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Programmer\Norman\Npm\Bin\scheduler.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Programmer\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe


End of file - 15218 bytes

Jeg synes PC’en kører fint nu, men den er lidt sløv i opstarten

    [ Ignorer ]   [ # 8 ]   
  Magic Emeritus
20.03.2010 05:19:32
Administrator
Avatar
Supporter Emeritus
Antal indlæg: 29177

Du har også en utrolig masse til at starte op, så vi deaktiverer lige det meste af det ->

Kør en scanning med Hijackthis, så du kan se alle filer.
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Klik så på Fix checked.

Det er disse, som skal fixes:
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: [SSBkgdUpdate] “C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] “C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe”
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] “C:\Programmer\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: [ISUSScheduler] “C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IndexSearch] “C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe”
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] “C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe”
O4 - HKLM\..\Run: [Document Manager] C:\Programmer\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmer\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: [Adobe ARM] “C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [gStart] C:\MapSource\gStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Programmer\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

Genstart, og send en ny hijackthis log herind og fortæl hvordan tingene kører nu ?

    [ Ignorer ]   [ # 9 ]   
  Delfin
20.03.2010 13:10:51
Antal indlæg: 94

Så har jeg fixet dem du skrev og den starter meget hurtigere op nu og kører fint.
Her er en ny hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:07, on 20-03-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\Norman\Npm\Bin\Elogsvc.exe
C:\Programmer\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\Programmer\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Wave Systems Corp\Common\DataServer.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Dell\QuickSet\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\Norman\Npm\Bin\scheduler.exe
C:\Programmer\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Norman\Nse\Bin\NSESVC.EXE
C:\Programmer\Norman\Npm\Bin\ZLH.EXE
C:\Programmer\Trust\Trust R-Series Mouse\StartAutorun.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Trust\Trust R-Series Mouse\KMConfig.exe
C:\Programmer\NetWaiting\netwaiting.exe
C:\Programmer\Trust\Trust R-Series Mouse\KMProcess.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\Norman\Nvc\Bin\nvcoas.exe
C:\Programmer\Norman\Nvc\Bin\Nip.exe
C:\Programmer\Norman\Nvc\Bin\cclaw.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\Windows Live\Toolbar\wltuser.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.dk/ig/dell?hl=da&client=dell-row-rel&channel=dk&ibd=1070316
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmer\BAE\BAE.dll
O2 - BHO: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\Programmer\mail.com\Toolbar\Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\Programmer\mail.com\Toolbar\Toolbar.dll
O3 - Toolbar: &Windows; Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PPort11reminder] “C:\Programmer\ScanSoft\PaperPort\Ereg\Ereg.exe” -r “C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [Norman ZANDA] “C:\Programmer\Norman\Npm\Bin\ZLH.EXE” /LOAD /SPLASH
O4 - HKLM\..\Run: [KMCONFIG] C:\Programmer\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [IntelZeroConfig] “C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe”
O4 - HKLM\..\Run: [IntelWireless] “C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [ModemOnHold] C:\Programmer\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver; - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live; Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Blog; det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Programmer\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate1c990688a5e85be) (gupdate1c990688a5e85be) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programmer\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Programmer\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programmer\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programmer\Norman\Nse\Bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Programmer\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programmer\Norman\npm\bin\nvoy.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Programmer\Norman\Npm\Bin\scheduler.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Programmer\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe


End of file - 11451 bytes

    [ Ignorer ]   [ # 10 ]   
  Peder TeamSpywarefri
20.03.2010 14:38:36
Redaktør
Team Spywarefri
Antal indlæg: 12994

Tid til oprydning

Klik på START derefter Kør

Skriv/kopier: Combofix /Uninstall i boxen, og klik OK.

Bemærk mellemrum mellem X og /Uninstall, det skal være der.

Ovennævnte procedure vil:
Slette følgende:
ComboFix og tilhørende filer og mapper.
Nulstille uret indstillinger.
Skjule filtypenavne, hvis det kræves.
Skjule System / Skjulte filer, hvis det kræves.


Du bør oprette et nyt gendannelsespunkt for at fjerne eventuelle infektioner fra et gammelt gendannelsespunkt.
Den nemmeste og sikreste måde at gøre dette på er:

Gå til Start> Alle programmer> Tilbehør> Systemværktøjer> Systemgendannelse
Vælg Opret et gendannelsespunkt, og tryk Ok.

Næste, skal du gå til Start> Kør og skriv cleanmgr
Vælg drev c og lad den søge
Vælg Flere indstillinger, fanen
Vælg Systemgendannelse - Ryd op og tryk OK.
Dette vil fjerne alle gendannelsespunkter, undtagen det nye du lige har oprettet.

God fornøjelse grin

Kan vi lukke her?

    [ Ignorer ]   [ # 11 ]   
  Delfin
20.03.2010 15:21:52
Antal indlæg: 94

Tusinde .tak for hjælpen

Vi kan godt lukke og slukke.

    [ Ignorer ]   [ # 12 ]   
  Peder TeamSpywarefri
20.03.2010 15:55:43
Redaktør
Team Spywarefri
Antal indlæg: 12994

Du er velkommen   grin

Vi lukker tråden. Du laver bare en ny, hvis der er noget vi kan hjælpe med.

 
‹‹ Virus     TDC Sikkershedspakke finder instm64.exe hverdag? ››
 
Om os | Kontakt os
Copyright © 2003-2010 Spywarefri - Alle rettigheder haves