CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede torgius Novice
26. december 2008 - 11:02 Der er 16 kommentarer og
1 løsning

Langsom computer, tjeck af log please

Jeg synes at min computer i øjeblikket kører meget langsomt og spekulerer self. i om noget er galt.

Har vedhæftet en log til gennemsyn.

På forhånd tak


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00, on 2008-12-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmer\Unlocker\UnlockerAssistant.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Fælles filer\Teleca Shared\Generic.exe
C:\Programmer\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programmer\Mozilla Firefox\firefox.exe
E:\Nyttige ting\Beskyttelse og oprydning\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmer\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PhilipsDM\SA1916] C:\Programmer\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.diaform.dk/menu/config/version5/Codebase/FormCtl.CAB
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.diaform.dk/menu/config/version5/codebase/ffmail.cab
O16 - DPF: {1D381386-B2F7-4A83-AE20-B9796A68397C} (proXSign Class) - https://www.borgerblanketter.dk/bb/proXSign1.cab
O16 - DPF: {1E69721D-9104-11D3-82D3-D06650C10000} (DafoloControl Class) - http://www.diaform.dk/menu/config/version5/codebase/Dafolo.cab
O16 - DPF: {224F7DEA-B7C1-11D3-AB40-00902712A5C9} (PLSAddin Class) - http://www.diaform.dk/menu/config/version5/codebase/plsspeller.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://light.gabs.dk/imageuploader/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://light.gabs.dk/imageuploader/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/10021/defaults/activex/ips/IPSUploader4.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.diaform.dk/menu/config/version5/codebase/scriptobject.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp09.photoprintit.de/microsite/14127/defaults/activex/IPSUploader.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.diaform.dk/menu/config/version5/codebase/fontinstaller.cab
O16 - DPF: {F4F6546F-FBA9-11D1-8AFB-080009ECFDC5} (Adobe ListBox Control) - http://www.diaform.dk/menu/config/version5/codebase/listbox.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9944 bytes
Avatar billede Slettet bruger
26. december 2008 - 11:22 #1
http://www.helgec.dk/virus_etc.html
Avatar billede welcor Nybegynder
26. december 2008 - 12:52 #2
Nu kører han jo allerede Malwarebytes' Anti-Malware (og ikke bare det, også SUPERAntiSpyware).
Der er også en antivirus igang, så ting ser fornuftige ud.

Mit bedste forslag er at gå igennem denne liste, og se på hvilke programmer, du ikke behøver at have kørende altid.

C:\Programmer\Unlocker\UnlockerAssistant.exe
C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\Programmer\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Fælles filer\Teleca Shared\Generic.exe
C:\Programmer\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

Jeg tror dog ikke det vil have så vældig stor effekt.
Avatar billede torgius Novice
27. december 2008 - 10:19 #3
helgec : Som welcor allerede har pointeret så har jeg Malwarebytes anti-malware, SuperAntiSpyware og NOD32 kørende og ingen af dem har meldt fejl i det daglige, og finder ej heller noget når jeg kører enb scanning. Så skulle det jo være fordi at AVG ville kunnefinde noget som NOD32 ikke kan, er der særlig stor sansynlighed for det ?

welcor : de programmer du nævner er jo bla. til konens mobilos, vores digitalkamera og ungernes mp3 afspillere, så jeg ved ikke lige om jeg bliver særlig populær hvis jeg fjerner dem ;)


Men ingen af jer kan se noget suspekt i den HJT log vel ?
Avatar billede Slettet bruger
27. december 2008 - 11:08 #4
Som jeg læser den guide jeg linker til så indgår der jo et par elementer udover det son du omtaler, men naturligvis er det da helt op til dig om du vil gøre brug af dem hvis du da ikke allerede har prøvet dem
Avatar billede f-arn Guru
27. december 2008 - 11:24 #5
Du kunne prøve at slå tuneup-defrag fra da det ikke er nødvendigt at den starter automatisk. Der er ikke noget alarmerende i din log.
Avatar billede fromsej Praktikant
28. december 2008 - 08:40 #6
Du skal ikke fjerne dem, blot deaktivere dem i Msconfig, så de ikke starter automatisk op.
De skal nok virke når behovet opstår.
Det samme kan du gøre i Services.msc med NBService og NMIndexingService, sæt dem til Manuel i stedet for til automatisk.
Avatar billede torgius Novice
30. december 2008 - 22:56 #7
Hmm de forskellige ting har hjulpet lidt.....

jeg ved ikke lige hvem af jer der skal have point, men smidt et svar så deler jeg ud
Avatar billede fromsej Praktikant
31. december 2008 - 10:09 #8
Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-- Kør så combofix.exe, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Avatar billede welcor Nybegynder
31. december 2008 - 12:43 #9
tjah - håber det var mit svar som hjalp lidt :)
Avatar billede torgius Novice
02. januar 2009 - 08:17 #10
fromsej, den kommer lige her :

ComboFix 08-12-31.01 - Rasmus 2 2009-01-02  8:09:29.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.511.268 [GMT 1:00]
Kører fra: c:\documents and settings\Rasmus 2\Skrivebord\ComboFix.exe
* Dannede nyt systemgendannelsespunkt
* Resident AV is active


[COLOR=RED][B]advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\f49f4daa.dat

.
(((((((((((((((((((((((((((((  Filer skabt fra 2008-12-02 til 2009-01-02  )))))))))))))))))))))))))))))))))))
.

2009-01-01 12:43 . 2009-01-01 12:43    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\Leadertech
2009-01-01 12:38 . 2009-01-01 12:38    <DIR>    d--------    c:\programmer\NovaLogic
2009-01-01 12:35 . 2009-01-01 12:35    <DIR>    d----c---    c:\documents and settings\Rasmus 2\WINDOWS
2008-12-29 10:57 . 2008-12-29 10:57    <DIR>    d--------    c:\programmer\Steam
2008-12-29 10:32 . 2008-12-29 10:58    <DIR>    d--------    c:\programmer\Counter-Strike
2008-12-29 09:04 . 2008-12-29 09:04    1,393    --a------    c:\windows\imsins.BAK
2008-12-27 12:04 . 2007-12-11 12:00    785,464    -ra------    c:\windows\system32\tmpCD.tmp
2008-12-27 11:59 . 2008-12-27 11:59    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\MGI
2008-12-27 11:58 . 2008-12-27 11:59    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\ArcSoft
2008-12-27 11:57 . 2008-12-27 11:57    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\ACD Systems
2008-12-25 21:09 . 2008-12-25 21:14    <DIR>    d--------    c:\programmer\U.B. Funkeys
2008-12-25 21:09 . 2008-12-25 21:09    186,592    --a------    c:\windows\system32\drivers\windrvr6.sys
2008-12-25 20:03 . 2008-12-25 20:03    <DIR>    d----c---    C:\temp
2008-12-25 20:03 . 2008-12-25 20:03    <DIR>    d--------    c:\programmer\Philips
2008-12-25 20:03 . 2008-05-02 01:55    46,504    -ra--c---    c:\temp\RebootWMP.exe
2008-12-25 11:17 . 2004-02-13 11:58    30,394,339    --a------    c:\windows\RVS_1.0_1.54_US.RTP
2008-12-25 11:17 . 2003-11-04 13:30    49,152    --a------    c:\windows\Iniexpander.exe
2008-12-25 11:17 . 2003-11-04 19:24    1,185    --a------    c:\windows\1.31.add
2008-12-25 11:17 . 2003-11-04 19:27    216    --a------    c:\windows\1.50.add
2008-12-22 09:58 . 2008-12-29 09:05    <DIR>    d--------    c:\windows\system32\XPSViewer
2008-12-22 09:57 . 2008-12-22 09:57    <DIR>    d--------    c:\programmer\Reference Assemblies
2008-12-22 09:57 . 2006-06-29 13:07    14,048    ---------    c:\windows\system32\spmsg2.dll
2008-12-22 09:15 . 2008-12-22 09:15    <DIR>    d--------    c:\programmer\SystemRequirementsLab
2008-12-22 09:14 . 2008-12-22 09:15    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\SystemRequirementsLab
2008-12-22 09:05 . 2008-12-22 09:05    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\Windows Search
2008-12-22 09:02 . 2008-12-22 09:02    <DIR>    d----c---    c:\documents and settings\All Users\Application Data\NVIDIA
2008-12-22 08:29 . 2008-12-22 08:29    <DIR>    d--------    c:\windows\system32\xlive
2008-12-22 08:28 . 2008-12-22 08:28    <DIR>    d--------    c:\programmer\OpenAL
2008-12-22 08:28 . 2007-12-11 12:00    785,464    -ra------    c:\windows\system32\tmpDA.tmp
2008-12-22 08:28 . 2007-12-11 12:00    785,464    -ra------    c:\windows\system32\tmpD9.tmp
2008-12-22 08:28 . 2008-12-22 08:28    409,600    --a------    c:\windows\system32\wrap_oal.dll
2008-12-22 08:02 . 2008-12-22 08:02    685,816    --a------    c:\windows\system32\drivers\sptd.sys
2008-12-21 17:33 . 2008-12-21 17:33    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\DivX
2008-12-16 16:34 . 2008-12-16 16:34    <DIR>    d--------    c:\programmer\Multimedia Card Reader
2008-12-16 11:53 . 2008-12-16 11:53    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\TuneUp Software
2008-12-14 17:49 . 2009-01-02 07:05    3,374,299    --a------    c:\windows\{00000002-00000000-0000000E-00001102-00000002-80651102}.BAK
2008-12-13 13:47 . 2008-12-13 13:47    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\Convivea
2008-12-08 12:24 . 2008-12-08 12:24    <DIR>    d----c---    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-08 12:23 . 2008-12-09 13:27    <DIR>    d--------    c:\programmer\SUPERAntiSpyware
2008-12-08 12:23 . 2008-12-08 12:23    <DIR>    d--------    c:\documents and settings\rasmus\Application Data\SUPERAntiSpyware.com
2008-12-08 10:08 . 2008-12-08 10:08    <DIR>    d--------    c:\programmer\foobar2000
2008-12-07 19:53 . 2008-12-07 19:56    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\Nikon
2008-12-03 11:41 . 2008-12-03 11:47    <DIR>    d--------    c:\programmer\coverXP
2008-12-02 08:28 . 2008-12-02 08:28    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\Nokia Multimedia Player

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 14:50    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\uTorrent
2008-12-30 16:43    ---------    d---a-w    c:\documents and settings\All Users\Application Data\TEMP
2008-12-30 16:42    ---------    d-----w    c:\programmer\SpywareBlaster
2008-12-27 11:02    ---------    d--h--w    c:\programmer\InstallShield Installation Information
2008-12-27 11:02    ---------    d-----w    c:\programmer\ArcSoft
2008-12-27 11:01    ---------    d-----w    c:\programmer\Fælles filer\ACD Systems
2008-12-27 10:53    ---------    d-----w    c:\programmer\TuneUp Utilities 2008
2008-12-27 08:50    20    -c-h--w    c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-12-27 08:50    20    -c-h--w    c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2008-12-25 17:58    ---------    d-----w    c:\programmer\Fælles filer\Wise Installation Wizard
2008-12-25 12:02    ---------    d-----w    c:\programmer\EA Games
2008-12-22 09:00    ---------    d-----w    c:\programmer\MSBuild
2008-12-22 07:38    107,888    ----a-w    c:\windows\system32\CmdLineExt.dll
2008-12-22 07:28    114,688    ----a-w    c:\windows\system32\OpenAL32.dll
2008-12-16 08:09    ---------    d-----w    c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-13 12:47    ---------    d-----w    c:\programmer\Bit Che
2008-12-11 07:13    ---------    dc----w    c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 11:15    ---------    d-----w    c:\programmer\Malwarebytes' Anti-Malware
2008-12-06 22:11    ---------    d-----w    c:\documents and settings\rasmus\Application Data\JewelMatch2
2008-12-04 10:01    ---------    d-----w    c:\programmer\Microsoft ActiveSync
2008-12-03 18:52    38,496    ----a-w    c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52    15,504    ----a-w    c:\windows\system32\drivers\mbam.sys
2008-12-01 18:47    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\JewelMatch2
2008-11-30 19:56    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\SUPERAntiSpyware.com
2008-11-30 08:22    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Ahead
2008-11-27 06:24    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Malwarebytes
2008-11-26 21:09    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\GlarySoft
2008-11-26 20:58    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Teleca
2008-11-26 20:07    142,096    ----a-w    c:\windows\system32\drivers\tmcomm.sys
2008-11-26 20:02    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Talkback
2008-11-26 19:57    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Windows Desktop Search
2008-11-26 19:57    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Sony Ericsson
2008-11-26 19:57    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\PC Suite
2008-11-25 21:41    196    -c--a-w    C:\6423543.bat
2008-11-25 16:08    ---------    d-----w    c:\documents and settings\rasmus\Application Data\Teleca
2008-11-25 15:59    ---------    d-----w    c:\programmer\Disc2Phone
2008-11-25 15:49    ---------    d-----w    c:\programmer\Fælles filer\Teleca Shared
2008-11-25 15:48    ---------    d-----w    c:\documents and settings\rasmus\Application Data\Sony Ericsson
2008-11-25 15:47    ---------    dc----w    c:\documents and settings\All Users\Application Data\Teleca
2008-11-25 15:47    ---------    dc----w    c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-11-25 15:47    ---------    d-----w    c:\programmer\Sony Ericsson
2008-11-25 15:47    ---------    d-----w    c:\programmer\Fælles filer\Sony Ericsson Shared
2008-11-23 13:42    ---------    d-----w    c:\documents and settings\rasmus\Application Data\uTorrent
2008-11-13 11:13    ---------    dc----w    c:\documents and settings\All Users\Application Data\Playrix Entertainment
2008-11-08 13:23    43,520    ----a-w    c:\windows\system32\CmdLineExt03.dll
2008-11-07 10:43    ---------    d-----w    c:\programmer\Fælles filer\Adobe
2008-11-07 08:58    2,331,520    ----a-w    c:\windows\system32\TUKernel.exe
2008-11-02 18:55    ---------    d-----w    c:\documents and settings\All Users\Application Data\SRSLabs
2008-11-02 17:48    ---------    d-----w    c:\programmer\Microsoft Works
2008-11-02 17:46    ---------    d-----w    c:\programmer\Microsoft.NET
2008-11-02 17:42    ---------    d-----w    c:\programmer\Microsoft Visual Studio 8
2008-10-23 12:41    286,720    ----a-w    c:\windows\system32\gdi32.dll
2008-10-16 20:18    826,368    ----a-w    c:\windows\system32\wininet.dll
2008-10-16 13:13    202,776    ----a-w    c:\windows\system32\wuweb.dll
2008-10-16 13:13    1,809,944    ----a-w    c:\windows\system32\wuaueng.dll
2008-10-16 13:12    561,688    ----a-w    c:\windows\system32\wuapi.dll
2008-10-16 13:12    323,608    ----a-w    c:\windows\system32\wucltui.dll
2008-10-16 13:09    92,696    ----a-w    c:\windows\system32\cdm.dll
2008-10-16 13:09    51,224    ----a-w    c:\windows\system32\wuauclt.exe
2008-10-16 13:09    43,544    ----a-w    c:\windows\system32\wups2.dll
2008-10-16 13:08    34,328    ----a-w    c:\windows\system32\wups.dll
2008-10-16 13:06    268,648    ----a-w    c:\windows\system32\mucltui.dll
2008-10-16 13:06    208,744    ----a-w    c:\windows\system32\muweb.dll
2008-10-03 10:03    247,326    ----a-w    c:\windows\system32\strmdll.dll
2008-08-13 10:47    47,360    ----a-w    c:\documents and settings\rasmus\Application Data\pcouffin.sys
2008-07-16 09:37    63,784    ----a-w    c:\documents and settings\rasmus\Application Data\GDIPFONTCACHEV1.DAT
2007-06-21 16:38    30,280    ----a-w    c:\programmer\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 16:38    79,432    ----a-w    c:\programmer\mozilla firefox\plugins\CgpCore.dll
2007-06-21 16:38    71,240    ----a-w    c:\programmer\mozilla firefox\plugins\confmgr.dll
2007-06-21 16:38    140,872    ----a-w    c:\programmer\mozilla firefox\plugins\ctxmui.dll
2007-06-21 16:39    38,472    ----a-w    c:\programmer\mozilla firefox\plugins\icafile.dll
2007-06-21 16:39    46,664    ----a-w    c:\programmer\mozilla firefox\plugins\icalogon.dll
2007-06-21 16:39    34,376    ----a-w    c:\programmer\mozilla firefox\plugins\logging.dll
2007-06-21 16:39    685,640    ----a-w    c:\programmer\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 16:40    30,280    ----a-w    c:\programmer\mozilla firefox\plugins\TcpPServ.dll
2008-05-20 22:41    32,768    --sha-w    c:\windows\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008052120080522\index.dat
2008-05-20 22:41    32,768    --sha-w    c:\windows\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648]
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"zBrowser Launcher"="c:\programmer\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"egui"="c:\programmer\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Malwarebytes' Anti-Malware"="c:\programmer\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Rasmus 2\Menuen Start\Programmer\Start\
PowerReg Scheduler.exe [2009-01-01 256000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-09 13:27 352256 c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.ctmp3"= c:\windows\system32\ctmp3.acm
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"msacm.DivXa32"= DivXa32.acm
"vidc.div4"= DivXc32f.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk /r \??\N:\0autocheck autochk *
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 08:27 153136 c:\programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM\SA1916]
--a------ 2008-05-30 18:18 1512960 c:\programmer\Philips\SA19xx\Philips Device Manager\bin\DeviceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 c:\programmer\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-02-20 13:06 741376 c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2004-08-06 17:01 135168 c:\programmer\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 c:\programmer\Unlocker\UnlockerAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\programmer\Windows Media Player\WMPNSCFG.exe
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Jet Detection"=c:\programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
"UpdReg"=c:\windows\UpdReg.EXE
"NeroFilterCheck"=c:\programmer\Fælles filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"CTStartup"=c:\programmer\Creative\Splash Screen\CTEaxSpl.EXE /run

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\mIRC\\mirc.exe"=
"c:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\Counter-Strike\\hl.exe"=
"c:\\Programmer\\Counter-Strike\\hlds.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 SASDIFSV;SASDIFSV;\??\c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-13 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programmer\SUPERAntiSpyware\SASKUTIL.sys [2008-05-13 55024]
R2 ekrn;Eset Service;"c:\programmer\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 468224]
R2 MBAMService;MBAMService;"c:\programmer\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-08-17 170640]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-08-17 15504]
R3 SASENUM;SASENUM;\??\c:\programmer\SUPERAntiSpyware\SASENUM.SYS [2008-05-13 7408]
R3 SunkFilt62;Alcor Micro Corp - 6362;\??\c:\windows\System32\Drivers\sunkfilt62.sys [2004-07-23 46536]
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Indhold af mappen 'Planlagte Opgaver'

2009-01-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmer\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2008-12-09 c:\windows\Tasks\Malwarebytes' Scheduled Update for Rasmus 2.job
- c:\programmer\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 19:52]

2008-12-03 c:\windows\Tasks\Malwarebytes' Scheduled Update for rasmus.job
- c:\programmer\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 19:52]
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-RegistryMechanic - (no file)


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\ffvim.dll - c:\windows\Downloaded Program Files\ffsmtp.dll
c:\windows\Downloaded Program Files\ffsmapi.dll
c:\windows\Downloaded Program Files\ffmapi.dll
c:\windows\Downloaded Program Files\ffmail.dll
c:\windows\Downloaded Program Files\CONFLICT.1\ffvim.dll
c:\windows\Downloaded Program Files\CONFLICT.1\ffsmtp.dll
c:\windows\Downloaded Program Files\CONFLICT.1\ffsmapi.dll
c:\windows\Downloaded Program Files\CONFLICT.1\ffmapi.dll
O16 -: {1469FF24-47F6-11D2-8805-006008C537E3}
hxxp://www.diaform.dk/menu/config/version5/codebase/ffmail.cab
c:\windows\Downloaded Program Files\CONFLICT.1\Email.inf

c:\windows\Downloaded Program Files\nproXSign1.dll - O16 -: {1D381386-B2F7-4A83-AE20-B9796A68397C}
hxxps://www.borgerblanketter.dk/bb/proXSign1.cab
c:\windows\Downloaded Program Files\proXSign1.inf

c:\windows\system32\Atl.dll - c:\windows\Downloaded Program Files\DafoloFFControl.dll
O16 -: {1E69721D-9104-11D3-82D3-D06650C10000}
hxxp://www.diaform.dk/menu/config/version5/codebase/Dafolo.cab
c:\windows\Downloaded Program Files\dafoloFFControl.inf

O16 -: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\CONFLICT.1\IPSUploader.ocx
c:\windows\Downloaded Program Files\CONFLICT.2\IPSUploader.ocx
c:\windows\Downloaded Program Files\CONFLICT.3\IPSUploader.ocx
c:\windows\Downloaded Program Files\CONFLICT.4\IPSUploader.ocx
c:\windows\Downloaded Program Files\CONFLICT.5\IPSUploader.ocx
c:\windows\Downloaded Program Files\IPSUploader4.ocx
O16 -: {CAC677B6-4963-4305-9066-0BD135CD9233}
hxxps://asp.photoprintit.de/microsite/10021/defaults/activex/ips/IPSUploader4.cab
c:\windows\Downloaded Program Files\IPSUploader4.inf

c:\windows\Downloaded Program Files\e-Safekey.dll - O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375}
hxxps://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
c:\windows\Downloaded Program Files\e-Safekey.inf

c:\windows\Downloaded Program Files\ImageUploader_3.ocx - c:\windows\system32\unicows.dll
c:\windows\Downloaded Program Files\IPSUploader.ocx
O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8}
hxxp://asp09.photoprintit.de/microsite/14127/defaults/activex/IPSUploader.cab
c:\windows\Downloaded Program Files\IPSUploader.inf

c:\windows\Downloaded Program Files\ListBox.dll - O16 -: {F4F6546F-FBA9-11D1-8AFB-080009ECFDC5}
hxxp://www.diaform.dk/menu/config/version5/codebase/listbox.cab
c:\windows\Downloaded Program Files\ListBox.inf
FF - ProfilePath - c:\documents and settings\Rasmus 2\Application Data\Mozilla\Firefox\Profiles\ing89s1j.default\
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\programmer\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\programmer\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npicaN.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 08:13:19
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
.
Gennemført tid: 2009-01-02  8:15:05
ComboFix-quarantined-files.txt  2009-01-02 07:14:56

Pre-Kørsel: 18,345,238,528 byte ledig
Post-Kørsel: 18,353,946,624 byte ledig

318    --- E O F ---    2008-12-18 06:50:05
Avatar billede torgius Novice
04. januar 2009 - 20:06 #11
fromsej, har du kommentarer til min log fra Combofix ??
Avatar billede fromsej Praktikant
05. januar 2009 - 16:39 #12
Ja, undskyld jeg kom fra den igen.

1. Hent denne fil:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)

2. Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:

http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

3. Gå så ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

4. Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.
Sammen med en frisk log fra ComboFix, som du først kører efter du har kørt SDFIX.
Avatar billede torgius Novice
05. januar 2009 - 22:51 #13
De kommer her :

ComboFix 09-01-05.02 - Rasmus 2 2009-01-05 22:42:12.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.511.202 [GMT 1:00]
Kører fra: e:\nyttige ting\Beskyttelse og oprydning\ComboFix.exe
* Dannede nyt systemgendannelsespunkt
* Resident AV is active


[COLOR=RED][B]advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !![/B][/COLOR]
.

(((((((((((((((((((((((((((((  Filer skabt fra 2008-12-05 til 2009-01-05  )))))))))))))))))))))))))))))))))))
.

2009-01-05 22:23 . 2009-01-05 22:23    578,560    --a--c---    c:\windows\system32\dllcache\user32.dll
2009-01-05 22:21 . 2009-01-05 22:21    <DIR>    d--------    c:\windows\ERUNT
2009-01-05 22:14 . 2009-01-05 22:37    <DIR>    d----c---    C:\SDFix
2009-01-04 22:38 . 2009-01-04 22:38    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Contacts
2009-01-02 09:28 . 2009-01-02 09:28    <DIR>    d--------    c:\programmer\ZOO Digital
2009-01-01 12:43 . 2009-01-01 12:43    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\Leadertech
2009-01-01 12:35 . 2009-01-01 12:35    <DIR>    d----c---    c:\documents and settings\Rasmus 2\WINDOWS
2008-12-29 10:57 . 2008-12-29 10:57    <DIR>    d--------    c:\programmer\Steam
2008-12-29 10:32 . 2008-12-29 10:58    <DIR>    d--------    c:\programmer\Counter-Strike
2008-12-29 09:04 . 2008-12-29 09:04    1,393    --a------    c:\windows\imsins.BAK
2008-12-27 12:04 . 2007-12-11 12:00    785,464    -ra------    c:\windows\system32\tmpCD.tmp
2008-12-27 11:59 . 2008-12-27 11:59    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\MGI
2008-12-27 11:58 . 2008-12-27 11:59    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\ArcSoft
2008-12-27 11:57 . 2008-12-27 11:57    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\ACD Systems
2008-12-25 21:09 . 2008-12-25 21:14    <DIR>    d--------    c:\programmer\U.B. Funkeys
2008-12-25 21:09 . 2008-12-25 21:09    186,592    --a------    c:\windows\system32\drivers\windrvr6.sys
2008-12-25 20:03 . 2008-12-25 20:03    <DIR>    d----c---    C:\temp
2008-12-25 20:03 . 2008-12-25 20:03    <DIR>    d--------    c:\programmer\Philips
2008-12-25 20:03 . 2008-05-02 01:55    46,504    -ra--c---    c:\temp\RebootWMP.exe
2008-12-25 11:17 . 2004-02-13 11:58    30,394,339    --a------    c:\windows\RVS_1.0_1.54_US.RTP
2008-12-25 11:17 . 2003-11-04 13:30    49,152    --a------    c:\windows\Iniexpander.exe
2008-12-25 11:17 . 2003-11-04 19:24    1,185    --a------    c:\windows\1.31.add
2008-12-25 11:17 . 2003-11-04 19:27    216    --a------    c:\windows\1.50.add
2008-12-22 09:58 . 2008-12-29 09:05    <DIR>    d--------    c:\windows\system32\XPSViewer
2008-12-22 09:57 . 2008-12-22 09:57    <DIR>    d--------    c:\programmer\Reference Assemblies
2008-12-22 09:57 . 2006-06-29 13:07    14,048    ---------    c:\windows\system32\spmsg2.dll
2008-12-22 09:15 . 2008-12-22 09:15    <DIR>    d--------    c:\programmer\SystemRequirementsLab
2008-12-22 09:14 . 2008-12-22 09:15    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\SystemRequirementsLab
2008-12-22 09:05 . 2008-12-22 09:05    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\Windows Search
2008-12-22 09:02 . 2008-12-22 09:02    <DIR>    d----c---    c:\documents and settings\All Users\Application Data\NVIDIA
2008-12-22 08:29 . 2008-12-22 08:29    <DIR>    d--------    c:\windows\system32\xlive
2008-12-22 08:28 . 2008-12-22 08:28    <DIR>    d--------    c:\programmer\OpenAL
2008-12-22 08:28 . 2007-12-11 12:00    785,464    -ra------    c:\windows\system32\tmpDA.tmp
2008-12-22 08:28 . 2007-12-11 12:00    785,464    -ra------    c:\windows\system32\tmpD9.tmp
2008-12-22 08:28 . 2008-12-22 08:28    409,600    --a------    c:\windows\system32\wrap_oal.dll
2008-12-22 08:02 . 2008-12-22 08:02    685,816    --a------    c:\windows\system32\drivers\sptd.sys
2008-12-21 17:33 . 2008-12-21 17:33    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\DivX
2008-12-16 16:34 . 2008-12-16 16:34    <DIR>    d--------    c:\programmer\Multimedia Card Reader
2008-12-16 11:53 . 2008-12-16 11:53    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\TuneUp Software
2008-12-14 17:49 . 2009-01-05 22:37    3,374,299    --a------    c:\windows\{00000002-00000000-0000000E-00001102-00000002-80651102}.BAK
2008-12-13 13:47 . 2008-12-13 13:47    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\Convivea
2008-12-08 12:24 . 2008-12-08 12:24    <DIR>    d----c---    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-08 12:23 . 2009-01-05 08:29    <DIR>    d--------    c:\programmer\SUPERAntiSpyware
2008-12-08 12:23 . 2008-12-08 12:23    <DIR>    d--------    c:\documents and settings\rasmus\Application Data\SUPERAntiSpyware.com
2008-12-08 10:08 . 2008-12-08 10:08    <DIR>    d--------    c:\programmer\foobar2000
2008-12-07 19:53 . 2008-12-07 19:56    <DIR>    d----c---    c:\documents and settings\Rasmus 2\Application Data\Nikon

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 19:57    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\uTorrent
2009-01-05 07:42    ---------    d-----w    c:\programmer\Malwarebytes' Anti-Malware
2009-01-05 07:33    ---------    d-----w    c:\programmer\CCleaner
2009-01-05 07:31    ---------    d---a-w    c:\documents and settings\All Users\Application Data\TEMP
2009-01-05 07:31    ---------    d-----w    c:\programmer\SpywareBlaster
2009-01-04 19:42    20    -c-h--w    c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-01-04 19:42    20    -c-h--w    c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-01-04 17:38    38,496    ----a-w    c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:38    15,504    ----a-w    c:\windows\system32\drivers\mbam.sys
2009-01-02 08:28    ---------    d--h--w    c:\programmer\InstallShield Installation Information
2008-12-27 11:02    ---------    d-----w    c:\programmer\ArcSoft
2008-12-27 11:01    ---------    d-----w    c:\programmer\Fælles filer\ACD Systems
2008-12-27 10:53    ---------    d-----w    c:\programmer\TuneUp Utilities 2008
2008-12-25 17:58    ---------    d-----w    c:\programmer\Fælles filer\Wise Installation Wizard
2008-12-25 12:02    ---------    d-----w    c:\programmer\EA Games
2008-12-22 09:00    ---------    d-----w    c:\programmer\MSBuild
2008-12-22 07:38    107,888    ----a-w    c:\windows\system32\CmdLineExt.dll
2008-12-22 07:28    114,688    ----a-w    c:\windows\system32\OpenAL32.dll
2008-12-16 08:09    ---------    d-----w    c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-13 12:47    ---------    d-----w    c:\programmer\Bit Che
2008-12-11 07:13    ---------    dc----w    c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-06 22:11    ---------    d-----w    c:\documents and settings\rasmus\Application Data\JewelMatch2
2008-12-04 10:01    ---------    d-----w    c:\programmer\Microsoft ActiveSync
2008-12-03 10:47    ---------    d-----w    c:\programmer\coverXP
2008-12-02 07:28    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Nokia Multimedia Player
2008-12-01 18:47    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\JewelMatch2
2008-11-30 19:56    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\SUPERAntiSpyware.com
2008-11-30 08:22    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Ahead
2008-11-27 06:24    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Malwarebytes
2008-11-26 21:09    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\GlarySoft
2008-11-26 20:58    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Teleca
2008-11-26 20:07    142,096    ----a-w    c:\windows\system32\drivers\tmcomm.sys
2008-11-26 20:02    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Talkback
2008-11-26 19:57    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Windows Desktop Search
2008-11-26 19:57    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\Sony Ericsson
2008-11-26 19:57    ---------    dc----w    c:\documents and settings\Rasmus 2\Application Data\PC Suite
2008-11-25 21:41    196    -c--a-w    C:\6423543.bat
2008-11-25 16:08    ---------    d-----w    c:\documents and settings\rasmus\Application Data\Teleca
2008-11-25 15:59    ---------    d-----w    c:\programmer\Disc2Phone
2008-11-25 15:49    ---------    d-----w    c:\programmer\Fælles filer\Teleca Shared
2008-11-25 15:48    ---------    d-----w    c:\documents and settings\rasmus\Application Data\Sony Ericsson
2008-11-25 15:47    ---------    dc----w    c:\documents and settings\All Users\Application Data\Teleca
2008-11-25 15:47    ---------    dc----w    c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-11-25 15:47    ---------    d-----w    c:\programmer\Sony Ericsson
2008-11-25 15:47    ---------    d-----w    c:\programmer\Fælles filer\Sony Ericsson Shared
2008-11-23 13:42    ---------    d-----w    c:\documents and settings\rasmus\Application Data\uTorrent
2008-11-13 11:13    ---------    dc----w    c:\documents and settings\All Users\Application Data\Playrix Entertainment
2008-11-08 13:23    43,520    ----a-w    c:\windows\system32\CmdLineExt03.dll
2008-11-07 10:43    ---------    d-----w    c:\programmer\Fælles filer\Adobe
2008-11-07 08:58    2,331,520    ----a-w    c:\windows\system32\TUKernel.exe
2008-10-23 12:41    286,720    ----a-w    c:\windows\system32\gdi32.dll
2008-10-16 20:18    826,368    ----a-w    c:\windows\system32\wininet.dll
2008-10-16 13:13    202,776    ----a-w    c:\windows\system32\wuweb.dll
2008-10-16 13:13    1,809,944    ----a-w    c:\windows\system32\wuaueng.dll
2008-10-16 13:12    561,688    ----a-w    c:\windows\system32\wuapi.dll
2008-10-16 13:12    323,608    ----a-w    c:\windows\system32\wucltui.dll
2008-10-16 13:09    92,696    ----a-w    c:\windows\system32\cdm.dll
2008-10-16 13:09    51,224    ----a-w    c:\windows\system32\wuauclt.exe
2008-10-16 13:09    43,544    ----a-w    c:\windows\system32\wups2.dll
2008-10-16 13:08    34,328    ----a-w    c:\windows\system32\wups.dll
2008-10-16 13:06    268,648    ----a-w    c:\windows\system32\mucltui.dll
2008-10-16 13:06    208,744    ----a-w    c:\windows\system32\muweb.dll
2008-08-13 10:47    47,360    ----a-w    c:\documents and settings\rasmus\Application Data\pcouffin.sys
2008-07-16 09:37    63,784    ----a-w    c:\documents and settings\rasmus\Application Data\GDIPFONTCACHEV1.DAT
2007-06-21 16:38    30,280    ----a-w    c:\programmer\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 16:38    79,432    ----a-w    c:\programmer\mozilla firefox\plugins\CgpCore.dll
2007-06-21 16:38    71,240    ----a-w    c:\programmer\mozilla firefox\plugins\confmgr.dll
2007-06-21 16:38    140,872    ----a-w    c:\programmer\mozilla firefox\plugins\ctxmui.dll
2007-06-21 16:39    38,472    ----a-w    c:\programmer\mozilla firefox\plugins\icafile.dll
2007-06-21 16:39    46,664    ----a-w    c:\programmer\mozilla firefox\plugins\icalogon.dll
2007-06-21 16:39    34,376    ----a-w    c:\programmer\mozilla firefox\plugins\logging.dll
2007-06-21 16:39    685,640    ----a-w    c:\programmer\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 16:40    30,280    ----a-w    c:\programmer\mozilla firefox\plugins\TcpPServ.dll
2008-05-20 22:41    32,768    --sha-w    c:\windows\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008052120080522\index.dat
2008-05-20 22:41    32,768    --sha-w    c:\windows\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
.

(((((((((((((((((((((((((((((  snapshot@2009-01-02_ 8.14.12.23  )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04    163,328    ----a-w    c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-01-05 21:21:43    6,389,760    ----a-w    c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2009-01-05 21:21:43    118,784    ----a-w    c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 14:27:04    163,328    ----a-w    c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-01-05 21:21:24    6,389,760    ----a-w    c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-01-05 21:21:24    118,784    ----a-w    c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-01-05 21:31:14    16,384    ----atw    c:\windows\temp\usgthrsvc\Perflib_Perfdata_70c.dat
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"zBrowser Launcher"="c:\programmer\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"egui"="c:\programmer\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Malwarebytes' Anti-Malware"="c:\programmer\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-04 399504]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Rasmus 2\Menuen Start\Programmer\Start\
PowerReg Scheduler.exe [2009-01-01 256000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-09 13:27 352256 c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.ctmp3"= c:\windows\system32\ctmp3.acm
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"msacm.DivXa32"= DivXa32.acm
"vidc.div4"= DivXc32f.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk /r \??\N:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 08:27 153136 c:\programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 c:\programmer\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-02-20 13:06 741376 c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2004-08-06 17:01 135168 c:\programmer\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 c:\programmer\Unlocker\UnlockerAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\programmer\Windows Media Player\WMPNSCFG.exe
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Jet Detection"=c:\programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
"UpdReg"=c:\windows\UpdReg.EXE
"NeroFilterCheck"=c:\programmer\Fælles filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"CTStartup"=c:\programmer\Creative\Splash Screen\CTEaxSpl.EXE /run

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\mIRC\\mirc.exe"=
"c:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\Counter-Strike\\hl.exe"=
"c:\\Programmer\\Counter-Strike\\hlds.exe"=
"c:\\Programmer\\Fælles filer\\Ahead\\Nero Web\\SetupX.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [2008-05-13 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-13 55024]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-08-17 15504]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [2008-05-13 7408]
R3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [2004-07-23 46536]
R4 ekrn;Eset Service;c:\programmer\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R4 MBAMService;MBAMService;c:\programmer\Malwarebytes' Anti-Malware\mbamservice.exe [2008-08-17 170640]
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys --> c:\windows\System32\Drivers\sunkfilt6.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Indhold af mappen 'Planlagte Opgaver'

2009-01-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmer\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2009-01-05 c:\windows\Tasks\Malwarebytes' Scheduled Update for Rasmus 2.job
- c:\programmer\Malwarebytes' Anti-Malware\mbam.exe [2009-01-04 18:38]

2008-12-03 c:\windows\Tasks\Malwarebytes' Scheduled Update for rasmus.job
- c:\programmer\Malwarebytes' Anti-Malware\mbam.exe [2009-01-04 18:38]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\ffvim.dll - c:\windows\Downloaded Program Files\ffsmtp.dll
c:\windows\Downloaded Program Files\ffsmapi.dll
c:\windows\Downloaded Program Files\ffmapi.dll
c:\windows\Downloaded Program Files\ffmail.dll
c:\windows\Downloaded Program Files\CONFLICT.1\ffvim.dll
c:\windows\Downloaded Program Files\CONFLICT.1\ffsmtp.dll
c:\windows\Downloaded Program Files\CONFLICT.1\ffsmapi.dll
c:\windows\Downloaded Program Files\CONFLICT.1\ffmapi.dll
O16 -: {1469FF24-47F6-11D2-8805-006008C537E3}
hxxp://www.diaform.dk/menu/config/version5/codebase/ffmail.cab
c:\windows\Downloaded Program Files\CONFLICT.1\Email.inf

c:\windows\Downloaded Program Files\nproXSign1.dll - O16 -: {1D381386-B2F7-4A83-AE20-B9796A68397C}
hxxps://www.borgerblanketter.dk/bb/proXSign1.cab
c:\windows\Downloaded Program Files\proXSign1.inf

c:\windows\system32\Atl.dll - c:\windows\Downloaded Program Files\DafoloFFControl.dll
O16 -: {1E69721D-9104-11D3-82D3-D06650C10000}
hxxp://www.diaform.dk/menu/config/version5/codebase/Dafolo.cab
c:\windows\Downloaded Program Files\dafoloFFControl.inf

O16 -: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\CONFLICT.1\IPSUploader.ocx
c:\windows\Downloaded Program Files\CONFLICT.2\IPSUploader.ocx
c:\windows\Downloaded Program Files\CONFLICT.3\IPSUploader.ocx
c:\windows\Downloaded Program Files\CONFLICT.4\IPSUploader.ocx
c:\windows\Downloaded Program Files\CONFLICT.5\IPSUploader.ocx
c:\windows\Downloaded Program Files\IPSUploader4.ocx
O16 -: {CAC677B6-4963-4305-9066-0BD135CD9233}
hxxps://asp.photoprintit.de/microsite/10021/defaults/activex/ips/IPSUploader4.cab
c:\windows\Downloaded Program Files\IPSUploader4.inf

c:\windows\Downloaded Program Files\e-Safekey.dll - O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375}
hxxps://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
c:\windows\Downloaded Program Files\e-Safekey.inf

c:\windows\Downloaded Program Files\ImageUploader_3.ocx - c:\windows\system32\unicows.dll
c:\windows\Downloaded Program Files\IPSUploader.ocx
O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8}
hxxp://asp09.photoprintit.de/microsite/14127/defaults/activex/IPSUploader.cab
c:\windows\Downloaded Program Files\IPSUploader.inf

c:\windows\Downloaded Program Files\ListBox.dll - O16 -: {F4F6546F-FBA9-11D1-8AFB-080009ECFDC5}
hxxp://www.diaform.dk/menu/config/version5/codebase/listbox.cab
c:\windows\Downloaded Program Files\ListBox.inf
FF - ProfilePath - c:\documents and settings\Rasmus 2\Application Data\Mozilla\Firefox\Profiles\ing89s1j.default\
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\programmer\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\programmer\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\programmer\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npicaN.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 22:45:59
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
.
Gennemført tid: 2009-01-05 22:48:21
ComboFix-quarantined-files.txt  2009-01-05 21:48:08

Pre-Kørsel: 15.115.673.600 byte ledig
Post-Kørsel: 15,086,759,936 byte ledig

319    --- E O F ---    2008-12-18 06:50:05


SDFix: Version 1.240
Run by Rasmus 2 on 05-01-2009 at 22:25

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



                                Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 22:34:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5f,77,80,94,01,3e,95,4d,c3,09,b3,a7,6a,76,3b,c7,d3,38,39,fd,7f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5f,77,80,94,01,3e,95,4d,c3,09,b3,a7,6a,76,3b,c7,d3,38,39,fd,7f,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmer\\uTorrent\\utorrent.exe"="C:\\Programmer\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmer\\mIRC\\mirc.exe"="C:\\Programmer\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Programmer\\Mozilla Firefox\\firefox.exe"="C:\\Programmer\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmer\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Programmer\\Counter-Strike\\hl.exe"="C:\\Programmer\\Counter-Strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Programmer\\Counter-Strike\\hlds.exe"="C:\\Programmer\\Counter-Strike\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Programmer\\F‘lles filer\\Ahead\\Nero Web\\SetupX.exe"="C:\\Programmer\\F‘lles filer\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmer\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon  7 Jan 2008          352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Thu  3 Nov 2005        4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 15 Oct 2007            0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu  3 Nov 2005        4,348 ...H. --- "C:\Documents and Settings\rasmus\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1key.bak"
Thu  3 Nov 2005            20 A..H. --- "C:\Documents and Settings\rasmus\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1lic.bak"
Wed  9 Mar 2005          312 A.SH. --- "C:\Documents and Settings\rasmus\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv2key.bak"

Finished!
Avatar billede torgius Novice
07. januar 2009 - 07:44 #14
fromsej, så ville det lune med en kommentar fra dig igen ;)
Avatar billede fromsej Praktikant
07. januar 2009 - 18:21 #15
Køb en licens til Eset, i stedet for at stole på at en cracket version beskytter dig.
Eller afinstaller det og installer et gratis.

Afinstaller uTorrent i Tilføj/Fjern programmer.
Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Udover de to ting er der ikke mere at bemærke til dine logs.
Avatar billede torgius Novice
08. januar 2009 - 08:03 #16
Takker.......og kommentarerne er taget tril efterretning.

SMider du et svar
Avatar billede fromsej Praktikant
08. januar 2009 - 15:13 #17
Det kommer her.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 14:13 alfabetisk rækkefølge i word på ipad Af PAN i Word
I går 09:22 Min Ipad “ringer” Af nu_igen i Apps til iOS
01/0613:20 Hvad gør et @ før en funktion Af KurtG i PHP
01/0611:48 Power Walker UPS Af ErikHg i Andet hardware
01/0600:19 EEPROM reparation Af akse0435 i Andet hardware
White papers
Flere white papers »


Premium
Teaser billede
Mikko Hyppönen forlader it-sikkerhedsbranchen efter 34 år – nu retter han sigtekornet mod en helt ny trussel
Læs mere »
For tredje gang i år: Microsoft luger ud i antallet af medarbejdere og fyrer hundredvis
Aarhusiansk it-biks fortsætter vanvittig vækst: Hver medarbejder genererer 2,5 millioner kroner i overskud
Mangeårig NNIT-direktør Per Kogut: Her er den største bremse for danske software-virksomheders fremmarch
Se alle »
Computerworld
Teaser billede
Ny stor aftale slår fast: De danske kommuner skal samle deres it-drift
Læs mere »
Snart skal du muligvis bruge en ny EU-app, hvis du vil have adgang til porno - kan ske om få måneder
Facebook og Instagram vil anvende dine fotos og opslag til træning af AI: I dag er sidste frist for at sige fra - sådan gør du
Apple åbner for ny betalingsfunktion i Danmark: Fjerner behov for betalingsterminaler i butikker
Se alle »
CIO
Teaser billede
Her er Per Koguts nye liv efter 14 år som topchef i NNIT: "Jeg føler, at jeg er født på ny"
Læs mere »
Tirsdag aften kåres Årets CIO 2025: Læs, hvad landets fem dygtigste CIO'er gør, hvis Trump lukker for cloud
Kommunerne København og Aarhus med over 80.000 ansatte vil droppe Microsoft: Frygter en nedlukning
Open Source-eksperimentet: Zangenberg og Ørnø vil leve uden amerikansk software - læs argumenterne her
Se alle »
Job & Karriere
Teaser billede
Fungerede ikke: Dropper AI som erstatning for kundeservice-medarbejdere - har nu brug for nye folk
Læs mere »
NNIT har fyret 100 medarbejdere - nedjusterer markant
It-chef og halv it-afdeling fyret i forsikringsselskab på grund af kommentar om potteplante
Har fælles fortid i Devoteam: Nu etablerer disse fire tunge it-profiler nyt dansk konsulenthus - ser et hul i markedet
Se alle »
White paper
Teaser billede
Udnyt Genesys Cloud CX optimalt og styrk kundeoplevelsen
Læs mere »
NIS2: Sådan styrker du både cybersikkerhed og compliance
Revolutionér kundeoplevelsen med AI og automatisering
IT i front: Sådan bliver netværk en strategisk driver
Se alle »

IT-JOB
Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »