Søg
Avatar billede kgndksv Juniormester
17. marts 2009 - 10:27 Der er 11 kommentarer og
1 løsning

Nogen der kan hjælpe med en række logs?? :-)

Hejsa
Min Bærbar kører ikke særlig stabilt... jeg har lige fået ny PC og troede egentlig at specs. var super, men den køre til tider ret langsomt... har fulgt guiden om malware osv...

Jeg har kørt Ccleaner, MbAM, Combofix (der kom godt nok ingen logfil..!!?) & og til sidste HiJackThis

wMalwarebytes' Anti-Malware 1.34
Database version: 1856
Windows 6.0.6001 Service Pack 1

17-03-2009 08:58:58
mbam-log-2009-03-17 (08-58-58).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 164739
Tid tilbagelagt: 2 hour(s), 27 minute(s), 1 second(s)

Inficerede Hukommelses Processer: 2
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 2
Inficerede Filer: 10

Inficerede Hukommelses Processer:
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Unloaded process successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.Marketscore) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.Marketscore) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Delete on reboot.

Inficerede Filer:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.Marketscore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlph.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlxf.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17, on 2009-03-17
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\conime.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe InitApp
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://logon.sdu.dk/dana-cached/sc/JuniperSetupClient.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: SMServer - SMServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10552 bytes




Hvad skal jeg gøre for at få lortet til at køre optimalt...!!??
Avatar billede arkil Nybegynder
17. marts 2009 - 11:45 #1
Hej.

Du skriver du  har kørt "Combofix".
Se om der ikke ligger en logfil her >

c:\combofix.txt

Hvis ja - kopier teksten herind.
Avatar billede f-arn Guru
17. marts 2009 - 15:56 #2
Jeg vil gerne ha' at du finder og oploader denne fil til enten jotti eller virustotal:

C:\Windows\system32\snmvtsvc.exe

http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Kopier resultatet herind sammen med combofix loggen.
Avatar billede kgndksv Juniormester
17. marts 2009 - 17:57 #3
@ arkil, TAK - det var lige der den lå :-)

ComboFix 09-03-15.01 - Sony 2009-03-17  9:59:47.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1030.18.2526.1526 [GMT 1:00]
Kører fra: c:\users\Sony\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
                                                                                                                                                        -------\Service_RelevantKnowledge


(((((((((((((((((((((((((((((  Filer skabt fra 2009-02-17 til 2009-03-17  )))))))))))))))))))))))))))))))))))
.

2009-03-17 09:53 . 2009-03-17 09:53    388,097,776    --a------    c:\windows\MEMORY.DMP
2009-03-16 23:01 . 2009-03-16 23:01    <DIR>    d--------    c:\users\Sony\AppData\Roaming\Malwarebytes
2009-03-16 23:01 . 2009-03-16 23:01    <DIR>    d--------    c:\users\All Users\Malwarebytes
2009-03-16 23:01 . 2009-03-16 23:01    <DIR>    d--------    c:\programdata\Malwarebytes
2009-03-16 23:01 . 2009-03-16 23:01    <DIR>    d--------    c:\program files\Malwarebytes' Anti-Malware
2009-03-16 23:01 . 2009-02-11 10:19    38,496    --a------    c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-16 23:01 . 2009-02-11 10:19    15,504    --a------    c:\windows\System32\drivers\mbam.sys
2009-03-11 17:39 . 2008-12-16 04:29    8,147,456    --a------    c:\windows\System32\wmploc.DLL
2009-03-11 17:39 . 2009-02-09 04:10    2,033,152    --a------    c:\windows\System32\win32k.sys
2009-03-11 17:39 . 2008-11-27 05:43    268,288    --a------    c:\windows\System32\schannel.dll
2009-03-11 17:39 . 2008-12-16 06:31    7,680    --a------    c:\windows\System32\spwmp.dll
2009-03-11 17:39 . 2008-12-16 06:31    4,096    --a------    c:\windows\System32\msdxm.ocx
2009-03-11 17:39 . 2008-12-16 06:31    4,096    --a------    c:\windows\System32\dxmasf.dll
2009-03-10 20:35 . 2009-03-10 20:36    <DIR>    d--------    C:\Update
2009-03-10 20:28 . 2009-03-10 20:28    <DIR>    d--------    c:\program files\CCleaner
2009-03-06 22:13 . 2009-03-06 22:13    410,984    --a------    c:\windows\System32\deploytk.dll
2009-03-06 22:00 . 2009-03-06 22:00    <DIR>    d--h-c---    c:\users\All Users\{D166A25B-41F0-45EA-B10E-DE7D7B5C3455}
2009-03-06 22:00 . 2009-03-06 22:00    <DIR>    d--h-c---    c:\programdata\{D166A25B-41F0-45EA-B10E-DE7D7B5C3455}
2009-03-06 22:00 . 2009-03-06 22:00    <DIR>    d--------    c:\program files\DanID
2009-03-06 11:32 . 2009-03-06 11:32    <DIR>    d--------    c:\program files\Acro Software
2009-03-06 11:32 . 2007-07-12 22:33    87,552    --a------    c:\windows\System32\cpwmon2k.dll
2009-03-06 11:31 . 2009-03-06 11:31    <DIR>    d--------    c:\program files\GPLGS
2009-03-03 22:23 . 2009-03-16 22:40    <DIR>    d--------    c:\program files\SopCast
2009-03-03 12:50 . 2009-03-03 12:50    <DIR>    d--------    c:\program files\Gabest
2009-03-02 22:53 . 2009-03-02 22:53    <DIR>    d--------    C:\Converted
2009-03-02 22:39 . 2009-03-02 22:39    <DIR>    d--------    c:\program files\SoundTaxi
2009-03-02 22:39 . 2009-02-03 13:47    237,568    --a------    c:\windows\System32\snmvtsvc.exe
2009-03-02 22:39 . 2009-02-03 14:04    23,096    --a------    c:\windows\System32\SndTAudio.sys
2009-03-02 22:39 . 2009-02-03 14:04    23,096    --a------    c:\windows\System32\drivers\SndTAudio.sys
2009-03-02 22:39 . 2009-02-03 14:04    19,099    --a------    c:\windows\System32\SndTAudio.inf
2009-03-02 22:39 . 2009-02-03 14:04    10,936    --a------    c:\windows\System32\SndTVideo.dll
2009-03-02 22:39 . 2009-02-03 14:04    3,768    --a------    c:\windows\System32\SndTVideo.sys
2009-03-02 22:39 . 2009-02-03 14:04    3,768    --a------    c:\windows\System32\drivers\SndTVideo.sys
2009-03-02 22:39 . 2009-02-03 14:04    2,577    --a------    c:\windows\System32\SndTVideo.inf
2009-03-02 22:39 . 2009-02-03 14:04    2,539    --a------    c:\windows\System32\SndTVideo.cat
2009-03-02 22:39 . 2009-02-03 14:04    2,100    --a------    c:\windows\System32\SndTAudio.cat
2009-03-02 22:33 . 2009-03-02 22:33    <DIR>    d--------    c:\users\Sony\AppData\Roaming\ESTsoft
2009-03-02 22:33 . 2009-03-02 22:33    <DIR>    d--------    c:\program files\ESTsoft
2009-03-02 22:23 . 2009-03-16 22:39    <DIR>    d--------    c:\users\Sony\AppData\Roaming\uTorrent
2009-03-02 22:23 . 2009-03-02 22:23    <DIR>    d--------    c:\program files\uTorrent
2009-03-01 12:43 . 2009-03-01 12:43    <DIR>    d--------    c:\users\All Users\TVU Networks
2009-03-01 12:43 . 2009-03-01 12:43    <DIR>    d--------    c:\programdata\TVU Networks
2009-03-01 12:43 . 2009-03-01 12:43    <DIR>    d--------    c:\program files\TVUPlayer
2009-02-26 11:29 . 2009-02-26 11:29    <DIR>    d--------    c:\users\Sony\AppData\Roaming\ArcSoft
2009-02-24 15:13 . 2009-02-24 15:13    <DIR>    d--------    c:\users\Sony\AppData\Roaming\Juniper Networks
2009-02-22 21:44 . 2009-02-22 21:44    <DIR>    d--------    c:\users\Sony\AppData\Roaming\Roxio
2009-02-22 21:44 . 2009-03-14 23:57    <DIR>    d--------    c:\users\All Users\Roxio
2009-02-22 21:44 . 2009-03-14 23:57    <DIR>    d--------    c:\programdata\Roxio
2009-02-22 17:49 . 2009-02-22 17:49    <DIR>    d--------    c:\windows\PCHEALTH
2009-02-22 17:49 . 2009-02-22 17:49    <DIR>    d--------    c:\program files\Microsoft.NET
2009-02-22 17:44 . 2009-02-22 17:44    <DIR>    dr-h-----    C:\MSOCache
2009-02-22 11:09 . 2009-02-22 11:09    <DIR>    d--------    c:\program files\MSXML 4.0
2009-02-22 00:17 . 2009-02-22 00:17    <DIR>    d--------    c:\users\All Users\Blizzard
2009-02-22 00:17 . 2009-02-22 00:17    <DIR>    d--------    c:\programdata\Blizzard
2009-02-22 00:17 . 2009-02-22 00:17    <DIR>    d--------    c:\program files\Common Files\Blizzard Entertainment
2009-02-22 00:15 . 2009-03-10 20:34    <DIR>    d--------    c:\users\Public\Games
2009-02-21 17:49 . 2008-04-10 06:12    738,304    --a------    c:\windows\System32\inetcomm.dll
2009-02-21 17:49 . 2008-12-05 05:32    428,544    --a------    c:\windows\System32\EncDec.dll
2009-02-21 17:49 . 2008-12-05 05:32    293,376    --a------    c:\windows\System32\psisdecd.dll
2009-02-21 17:49 . 2008-12-05 05:31    217,088    --a------    c:\windows\System32\psisrndr.ax
2009-02-21 17:49 . 2008-08-27 02:05    212,480    --a------    c:\windows\System32\drivers\mrxsmb10.sys
2009-02-21 17:49 . 2008-12-05 05:31    177,664    --a------    c:\windows\System32\mpg2splt.ax
2009-02-21 17:49 . 2008-12-05 05:31    80,896    --a------    c:\windows\System32\MSNP.ax
2009-02-21 11:57 . 2008-10-16 22:13    1,809,944    --a------    c:\windows\System32\wuaueng.dll
2009-02-21 11:57 . 2008-10-16 21:56    1,524,736    --a------    c:\windows\System32\wucltux.dll
2009-02-21 11:57 . 2008-10-16 22:09    51,224    --a------    c:\windows\System32\wuauclt.exe
2009-02-21 11:57 . 2008-10-16 22:09    43,544    --a------    c:\windows\System32\wups2.dll
2009-02-20 22:07 . 2009-02-20 22:07    <DIR>    d--------    c:\program files\Alwil Software
2009-02-20 22:07 . 2009-02-05 22:06    51,792    --a------    c:\windows\System32\drivers\aswMonFlt.sys
2009-02-20 22:06 . 2008-10-16 22:12    561,688    --a------    c:\windows\System32\wuapi.dll
2009-02-20 22:06 . 2008-10-16 21:55    83,456    --a------    c:\windows\System32\wudriver.dll
2009-02-20 22:06 . 2008-10-16 22:08    34,328    --a------    c:\windows\System32\wups.dll
2009-02-20 22:03 . 2008-10-16 14:08    162,064    --a------    c:\windows\System32\wuwebv.dll
2009-02-20 22:03 . 2008-10-16 13:56    31,232    --a------    c:\windows\System32\wuapp.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 13:47    ---------    d-----w    c:\program files\Windows Mail
2009-03-08 10:48    ---------    d-----w    c:\programdata\Sony Corporation
2009-03-06 21:13    ---------    d-----w    c:\program files\Java
2009-03-03 11:40    ---------    d-----w    c:\users\Sony\AppData\Roaming\DivX
2009-02-22 16:56    ---------    d-----w    c:\programdata\Microsoft Help
2009-02-22 16:52    ---------    d-----w    c:\program files\Microsoft Works
2009-02-20 21:17    ---------    d-----w    c:\programdata\McAfee
2009-02-20 21:15    ---------    d-----w    c:\program files\Google
2009-02-20 19:50    ---------    d-----w    c:\program files\Common Files\Adobe
2009-02-20 19:36    ---------    d-----w    c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-02-20 17:48    ---------    d-----w    c:\programdata\Skype
2009-02-20 17:45    ---------    d-----w    c:\programdata\SiteAdvisor
2009-01-19 09:30    ---------    d-----w    c:\users\Sony\AppData\Roaming\Media Player Classic
2009-01-19 09:27    ---------    d-----w    c:\program files\Haali
2009-01-19 09:27    ---------    d-----w    c:\program files\ffdshow
2008-01-21 02:43    174    --sha-w    c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-31 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 148888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-23 24576]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-08-08 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-07-01 768552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 02:04 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{48D947BD-E984-4D43-9090-84262E991DE9}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{1D2A0144-A0A0-4E18-8313-D6C096BEE1AB}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{1815D523-77AD-4AB2-AEF7-CEC045588999}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{3225A0A1-5FE9-4482-B175-F20D7C90A1A2}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{B4BADD69-AA8B-4F66-B42C-CA23D57F798B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{79BECA5E-F5E5-441A-9147-8F609AB3BFE3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7F124B15-D578-4AD3-A097-6571DC5D663A}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{5D9C1EE5-0235-4300-A051-2F4A9974D412}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{47F0BE0F-8B2D-4761-9AC6-E54AA360B382}"= UDP:c:\windows\Temp\~os595E.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{B5A43F29-5532-423F-81B7-173AC45DCD7E}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{6AE0C909-A0A9-4BBC-83EB-19AB55B45C09}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{15A84900-7505-43B2-8385-52056C763739}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{D3A1265A-CDE2-456E-A3AA-EACDCD2A2368}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"{F7DF18A9-F517-4557-94A3-2D09764B016D}"= UDP:c:\windows\Temp\~os5FFD.tmp\ossproxy.exe:ossproxy.exe
"{AF3A0DA5-6806-4D28-A74C-8428B21129CB}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{88870342-C211-4D6F-BFFF-F5D7178C74A5}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-02-20 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-02-20 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-02-20 51792]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-08-23 299008]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-08-08 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-08 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-08-08 29736]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [2008-04-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [2008-08-08 9344]
R3 SndTAudio;SndTAudio;c:\windows\System32\drivers\SndTAudio.sys [2009-03-02 23096]
R3 SndTVideo;SndTVideo;c:\windows\System32\drivers\SndTVideo.sys [2009-03-02 3768]
S3 SMServer;SMServer;c:\windows\System32\snmvtsvc.exe [2009-03-02 237568]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-08-23 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-08-23 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-08-23 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-08-23 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-08-23 83232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - g:\autorun\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebfc4c54-00fc-11de-8337-00214f4a0ee7}]
\shell\AutoRun\command - setupSNK.exe
.
Indhold af mappen 'Planlagte Opgaver'

2009-03-16 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: danid.dk
Trusted Zone: danskebank.dk\www
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://logon.sdu.dk/dana-cached/sc/JuniperSetupClient.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 10:04:51
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(3624)
c:\windows\system32\btmmhook.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\wlanext.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\windows\System32\dllhost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\dllhost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\System32\conime.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Gennemført tid: 2009-03-17 10:08:37 - maskinen blev genstartet [Sony]
ComboFix-quarantined-files.txt  2009-03-17 09:08:34

Pre-Kørsel: 298,716,381,184 byte ledig
Post-Kørsel: 298,488,336,384 byte ledig

295    --- E O F ---    2009-03-14 17:30:43
Avatar billede kgndksv Juniormester
17. marts 2009 - 18:05 #4
Virus total log:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.17 -
AhnLab-V3 5.0.0.2 2009.03.17 -
AntiVir 7.9.0.116 2009.03.17 -
Authentium 5.1.0.4 2009.03.17 -
Avast 4.8.1335.0 2009.03.17 -
AVG 8.0.0.237 2009.03.17 -
BitDefender 7.2 2009.03.17 -
CAT-QuickHeal 10.00 2009.03.17 -
ClamAV 0.94.1 2009.03.17 -
Comodo 1062 2009.03.17 -
DrWeb 4.44.0.09170 2009.03.17 -
eSafe 7.0.17.0 2009.03.17 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.16 -
F-Secure 8.0.14470.0 2009.03.17 -
Fortinet 3.117.0.0 2009.03.17 -
GData 19 2009.03.17 -
Ikarus T3.1.1.45.0 2009.03.17 -
K7AntiVirus 7.10.674 2009.03.17 -
Kaspersky 7.0.0.125 2009.03.17 -
McAfee 5555 2009.03.16 -
McAfee+Artemis 5555 2009.03.16 -
McAfee-GW-Edition 6.7.6 2009.03.17 -
Microsoft 1.4405 2009.03.17 -
NOD32 3943 2009.03.17 -
Norman 6.00.06 2009.03.17 -
nProtect 2009.1.8.0 2009.03.17 -
Panda 10.0.0.10 2009.03.17 -
PCTools 4.4.2.0 2009.03.17 -
Prevx1 V2 2009.03.17 -
Rising 21.21.12.00 2009.03.17 -
Sophos 4.39.0 2009.03.17 -
Sunbelt 3.2.1858.2 2009.03.17 -
Symantec 1.4.4.12 2009.03.17 -
TheHacker 6.3.3.0.283 2009.03.16 -
TrendMicro 8.700.0.1004 2009.03.17 -
VBA32 3.12.10.1 2009.03.16 -
ViRobot 2009.3.17.1652 2009.03.17 -
VirusBuster 4.6.5.0 2009.03.17 -
Additional information
File size: 237568 bytes
MD5...: 5200347790c1303f906eeec6a501af56
SHA1..: 93791538e041eb220286890fb61f56c2a866fc10
SHA256: d3c27a9b2da3c1de13bebe4b0d6cda06987752d6cdebe7cee52f3a49cf2200bb
SHA512: 2fb6d697f38f8c662403c2bbb78e229ce13f65d01a88e091652c2cea78e9cea4
b6b13299888026a0040385281d511fbb66b6a31e0fb44bca7cd5a6b3ac17933c
ssdeep: 6144:mNTmHlwUsCOTEW5jrjPlAc1YPbLlqUk6ba8mD:mQFwzTEUjrjOrP3lqW+1

PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1b705
timedatestamp.....: 0x49882ec1 (Tue Feb 03 11:47:13 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2df8b 0x2e000 6.61 8ab7353c198987fd166e559d6b376306
.rdata 0x2f000 0x7de4 0x8000 4.76 f723f47ea2174737ac4bce0d11c8b0fd
.data 0x37000 0x3c44 0x2000 3.04 1b4157805e823dcbbeedca52b072c22d
.rsrc 0x3b000 0xc4c 0x1000 4.28 8f27998518c9b74e1ddb012e54d95b86

( 6 imports )
> KERNEL32.dll: LocalFree, Sleep, CloseHandle, WaitForSingleObject, CreateThread, CreateEventW, GetCurrentThreadId, SetEvent, FreeLibrary, LoadLibraryExW, GetCommandLineW, LocalAlloc, HeapFree, GetProcessHeap, CreateFileA, FlushFileBuffers, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetModuleFileNameW, GetModuleHandleW, FormatMessageW, FormatMessageA, MultiByteToWideChar, WideCharToMultiByte, lstrcmpiW, lstrlenW, InterlockedDecrement, InterlockedIncrement, GetLastError, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, GetLocaleInfoW, GetConsoleMode, GetConsoleCP, LoadLibraryA, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetStartupInfoA, GetFileType, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetHandleCount, GetEnvironmentStrings, FreeEnvironmentStringsA, IsValidCodePage, GetOEMCP, SetLastError, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, VirtualQuery, GetModuleFileNameA, GetStdHandle, ExitProcess, GetModuleHandleA, GetProcAddress, HeapCreate, VirtualAlloc, VirtualFree, GetStringTypeW, GetStringTypeA, InterlockedExchange, WriteFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, CreateFileW, CreateDirectoryW, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, HeapDestroy, HeapAlloc, HeapReAlloc, HeapSize, InterlockedCompareExchange, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlUnwind, GetStartupInfoW, LCMapStringA, LCMapStringW, GetCPInfo
> USER32.dll: ChangeDisplaySettingsExW, EnumDisplayDevicesW, CharNextW, TranslateMessage, DispatchMessageW, EnumDisplaySettingsW, PostThreadMessageW, LoadStringW, CharUpperW, MessageBoxW, GetMessageW, UnregisterClassA
> ADVAPI32.dll: RegisterServiceCtrlHandlerW, ControlService, DeleteService, CreateServiceW, RegQueryInfoKeyW, RegDeleteValueW, OpenSCManagerW, OpenServiceW, CloseServiceHandle, SetServiceStatus, RegisterEventSourceW, ReportEventW, DeregisterEventSource, RegQueryValueExW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteKeyW, StartServiceCtrlDispatcherW
> SHELL32.dll: SHGetFileInfoW
> ole32.dll: CoTaskMemFree, StringFromCLSID, CLSIDFromString, CoInitializeSecurity, CoUninitialize, CoInitializeEx, CoTaskMemAlloc, CoTaskMemRealloc, CoSuspendClassObjects, CoRevokeClassObject, CoRegisterClassObject, StringFromGUID2, CoCreateInstance, CoResumeClassObjects
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )
Avatar billede arkil Nybegynder
18. marts 2009 - 10:22 #5
Du har et fildelingsprogram installeret (uTorrent). Selvom det program du bruger ikke i sig selv er inficeret med spyware, er brugen af fildelingsnetværk en hyppig kilde til infektioner. Jeg vil derfor bede dig om at afinstallere dette. Kig eventuelt her:

Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Åbn et Notesblokvindue, kopiér indholdet med fed skrift ind i dokumentet, og gem indholdet samme sted, som Combofix ligger med navnet CFScript.txt Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".


Killall::
Snapshot::
Folder::
c:\users\Sony\AppData\Roaming\uTorrent
c:\program files\uTorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AF3A0DA5-6806-4D28-A74C-8428B21129CB}"=-
"{88870342-C211-4D6F-BFFF-F5D7178C74A5}"=-



Tag så fat i den nye fil med musen, og før den hen over ikonet for Combofix, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den logfil  herind, hvordan kører din pc nu ??
Avatar billede kgndksv Juniormester
18. marts 2009 - 21:10 #6
Umiddelbart køre den fint :-)
Sørger denne procedure for at kun det nødvendige kører i opstarten osv...?


ComboFix 09-03-15.01 - Sony 2009-03-18 20:57:00.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1030.18.2526.1350 [GMT 1:00]
Kører fra: c:\users\Sony\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Sony\Desktop\CFScript.txt.txt
* Dannede nyt systemgendannelsespunkt
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
c:\users\Sony\AppData\Roaming\uTorrent
c:\users\Sony\AppData\Roaming\uTorrent\Ahead.Nero.v8.3.2.1b.Incl.Keymaker-EMBRACE.torrent
c:\users\Sony\AppData\Roaming\uTorrent\Ahead.Nero.v8.3.6.0.Keymaker.Only.FIXED-EMBRACE.torrent
c:\users\Sony\AppData\Roaming\uTorrent\dht.dat
c:\users\Sony\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Sony\AppData\Roaming\uTorrent\Langt.Fra.Las.Vegas.DANiSH.COMPLETE.BOXSET.PAL.DVDR-Bryggerne.torrent
c:\users\Sony\AppData\Roaming\uTorrent\Nero9 Portable.torrent
c:\users\Sony\AppData\Roaming\uTorrent\Piger.Paa.Proeveloesladelse.For.Klam.Til.Tv.DANiSH.PAL.DVDR-PPP.torrent
c:\users\Sony\AppData\Roaming\uTorrent\resume.dat
c:\users\Sony\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Sony\AppData\Roaming\uTorrent\Role.Models[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\users\Sony\AppData\Roaming\uTorrent\rss.dat
c:\users\Sony\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Sony\AppData\Roaming\uTorrent\settings.dat
c:\users\Sony\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Sony\AppData\Roaming\uTorrent\SoundTaxi.Pro.VideoRip.v3.7.3.Incl.Keymaker-EMBRACE.torrent
c:\users\Sony\AppData\Roaming\uTorrent\The.Office[UK.series-1]DVDrip-PsyCoSys.torrent
c:\users\Sony\AppData\Roaming\uTorrent\Wiley Intermarket Technical Analysis Trading Strategies For The Global Stock, Bond, Commodity, And Currency Markets.pdf.torrent
c:\users\Sony\AppData\Roaming\uTorrent\Wiley.The.ART.of.Trading.Combining.the.Science.of.Technical.Analysis.with.the.Art.of.Reality.Apr.2008.eBook.torrent
c:\users\Sony\AppData\Roaming\uTorrent\Yes Man 2009 AC3 SCR XVID.Hardcoded.DKSubs.sengehest.torrent

.
                                                                                                                                                        -------\Service_RelevantKnowledge


(((((((((((((((((((((((((((((  Filer skabt fra 2009-02-18 til 2009-03-18  )))))))))))))))))))))))))))))))))))
.

2009-03-17 10:17 . 2009-03-17 10:17    <DIR>    d--------    c:\program files\Trend Micro
2009-03-17 09:53 . 2009-03-17 09:53    388,097,776    --a------    c:\windows\MEMORY.DMP
2009-03-16 23:01 . 2009-03-16 23:01    <DIR>    d--------    c:\users\Sony\AppData\Roaming\Malwarebytes
2009-03-16 23:01 . 2009-03-16 23:01    <DIR>    d--------    c:\users\All Users\Malwarebytes
2009-03-16 23:01 . 2009-03-16 23:01    <DIR>    d--------    c:\programdata\Malwarebytes
2009-03-16 23:01 . 2009-03-16 23:01    <DIR>    d--------    c:\program files\Malwarebytes' Anti-Malware
2009-03-16 23:01 . 2009-02-11 10:19    38,496    --a------    c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-16 23:01 . 2009-02-11 10:19    15,504    --a------    c:\windows\System32\drivers\mbam.sys
2009-03-11 17:39 . 2008-12-16 04:29    8,147,456    --a------    c:\windows\System32\wmploc.DLL
2009-03-11 17:39 . 2009-02-09 04:10    2,033,152    --a------    c:\windows\System32\win32k.sys
2009-03-11 17:39 . 2008-11-27 05:43    268,288    --a------    c:\windows\System32\schannel.dll
2009-03-11 17:39 . 2008-12-16 06:31    7,680    --a------    c:\windows\System32\spwmp.dll
2009-03-11 17:39 . 2008-12-16 06:31    4,096    --a------    c:\windows\System32\msdxm.ocx
2009-03-11 17:39 . 2008-12-16 06:31    4,096    --a------    c:\windows\System32\dxmasf.dll
2009-03-10 20:35 . 2009-03-10 20:36    <DIR>    d--------    C:\Update
2009-03-10 20:28 . 2009-03-10 20:28    <DIR>    d--------    c:\program files\CCleaner
2009-03-06 22:13 . 2009-03-06 22:13    410,984    --a------    c:\windows\System32\deploytk.dll
2009-03-06 22:00 . 2009-03-06 22:00    <DIR>    d--h-c---    c:\users\All Users\{D166A25B-41F0-45EA-B10E-DE7D7B5C3455}
2009-03-06 22:00 . 2009-03-06 22:00    <DIR>    d--h-c---    c:\programdata\{D166A25B-41F0-45EA-B10E-DE7D7B5C3455}
2009-03-06 22:00 . 2009-03-06 22:00    <DIR>    d--------    c:\program files\DanID
2009-03-06 11:32 . 2009-03-06 11:32    <DIR>    d--------    c:\program files\Acro Software
2009-03-06 11:32 . 2007-07-12 22:33    87,552    --a------    c:\windows\System32\cpwmon2k.dll
2009-03-06 11:31 . 2009-03-06 11:31    <DIR>    d--------    c:\program files\GPLGS
2009-03-03 22:23 . 2009-03-16 22:40    <DIR>    d--------    c:\program files\SopCast
2009-03-03 12:50 . 2009-03-03 12:50    <DIR>    d--------    c:\program files\Gabest
2009-03-02 22:53 . 2009-03-02 22:53    <DIR>    d--------    C:\Converted
2009-03-02 22:39 . 2009-03-02 22:39    <DIR>    d--------    c:\program files\SoundTaxi
2009-03-02 22:39 . 2009-02-03 13:47    237,568    --a------    c:\windows\System32\snmvtsvc.exe
2009-03-02 22:39 . 2009-02-03 14:04    23,096    --a------    c:\windows\System32\SndTAudio.sys
2009-03-02 22:39 . 2009-02-03 14:04    23,096    --a------    c:\windows\System32\drivers\SndTAudio.sys
2009-03-02 22:39 . 2009-02-03 14:04    19,099    --a------    c:\windows\System32\SndTAudio.inf
2009-03-02 22:39 . 2009-02-03 14:04    10,936    --a------    c:\windows\System32\SndTVideo.dll
2009-03-02 22:39 . 2009-02-03 14:04    3,768    --a------    c:\windows\System32\SndTVideo.sys
2009-03-02 22:39 . 2009-02-03 14:04    3,768    --a------    c:\windows\System32\drivers\SndTVideo.sys
2009-03-02 22:39 . 2009-02-03 14:04    2,577    --a------    c:\windows\System32\SndTVideo.inf
2009-03-02 22:39 . 2009-02-03 14:04    2,539    --a------    c:\windows\System32\SndTVideo.cat
2009-03-02 22:39 . 2009-02-03 14:04    2,100    --a------    c:\windows\System32\SndTAudio.cat
2009-03-02 22:33 . 2009-03-02 22:33    <DIR>    d--------    c:\users\Sony\AppData\Roaming\ESTsoft
2009-03-02 22:33 . 2009-03-02 22:33    <DIR>    d--------    c:\program files\ESTsoft
2009-03-01 12:43 . 2009-03-01 12:43    <DIR>    d--------    c:\users\All Users\TVU Networks
2009-03-01 12:43 . 2009-03-01 12:43    <DIR>    d--------    c:\programdata\TVU Networks
2009-03-01 12:43 . 2009-03-01 12:43    <DIR>    d--------    c:\program files\TVUPlayer
2009-02-26 11:29 . 2009-02-26 11:29    <DIR>    d--------    c:\users\Sony\AppData\Roaming\ArcSoft
2009-02-24 15:13 . 2009-02-24 15:13    <DIR>    d--------    c:\users\Sony\AppData\Roaming\Juniper Networks
2009-02-22 21:44 . 2009-02-22 21:44    <DIR>    d--------    c:\users\Sony\AppData\Roaming\Roxio
2009-02-22 21:44 . 2009-03-17 18:21    <DIR>    d--------    c:\users\All Users\Roxio
2009-02-22 21:44 . 2009-03-17 18:21    <DIR>    d--------    c:\programdata\Roxio
2009-02-22 17:49 . 2009-02-22 17:49    <DIR>    d--------    c:\windows\PCHEALTH
2009-02-22 17:49 . 2009-02-22 17:49    <DIR>    d--------    c:\program files\Microsoft.NET
2009-02-22 17:44 . 2009-02-22 17:44    <DIR>    dr-h-----    C:\MSOCache
2009-02-22 11:09 . 2009-02-22 11:09    <DIR>    d--------    c:\program files\MSXML 4.0
2009-02-22 00:17 . 2009-02-22 00:17    <DIR>    d--------    c:\users\All Users\Blizzard
2009-02-22 00:17 . 2009-02-22 00:17    <DIR>    d--------    c:\programdata\Blizzard
2009-02-22 00:17 . 2009-02-22 00:17    <DIR>    d--------    c:\program files\Common Files\Blizzard Entertainment
2009-02-22 00:15 . 2009-03-10 20:34    <DIR>    d--------    c:\users\Public\Games
2009-02-21 17:49 . 2008-04-10 06:12    738,304    --a------    c:\windows\System32\inetcomm.dll
2009-02-21 17:49 . 2008-12-05 05:32    428,544    --a------    c:\windows\System32\EncDec.dll
2009-02-21 17:49 . 2008-12-05 05:32    293,376    --a------    c:\windows\System32\psisdecd.dll
2009-02-21 17:49 . 2008-12-05 05:31    217,088    --a------    c:\windows\System32\psisrndr.ax
2009-02-21 17:49 . 2008-08-27 02:05    212,480    --a------    c:\windows\System32\drivers\mrxsmb10.sys
2009-02-21 17:49 . 2008-12-05 05:31    177,664    --a------    c:\windows\System32\mpg2splt.ax
2009-02-21 17:49 . 2008-12-05 05:31    80,896    --a------    c:\windows\System32\MSNP.ax
2009-02-21 11:57 . 2008-10-16 22:13    1,809,944    --a------    c:\windows\System32\wuaueng.dll
2009-02-21 11:57 . 2008-10-16 21:56    1,524,736    --a------    c:\windows\System32\wucltux.dll
2009-02-21 11:57 . 2008-10-16 22:09    51,224    --a------    c:\windows\System32\wuauclt.exe
2009-02-21 11:57 . 2008-10-16 22:09    43,544    --a------    c:\windows\System32\wups2.dll
2009-02-20 22:07 . 2009-02-20 22:07    <DIR>    d--------    c:\program files\Alwil Software
2009-02-20 22:07 . 2009-02-05 22:06    51,792    --a------    c:\windows\System32\drivers\aswMonFlt.sys
2009-02-20 22:06 . 2008-10-16 22:12    561,688    --a------    c:\windows\System32\wuapi.dll
2009-02-20 22:06 . 2008-10-16 21:55    83,456    --a------    c:\windows\System32\wudriver.dll
2009-02-20 22:06 . 2008-10-16 22:08    34,328    --a------    c:\windows\System32\wups.dll
2009-02-20 22:03 . 2008-10-16 14:08    162,064    --a------    c:\windows\System32\wuwebv.dll
2009-02-20 22:03 . 2008-10-16 13:56    31,232    --a------    c:\windows\System32\wuapp.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 13:47    ---------    d-----w    c:\program files\Windows Mail
2009-03-08 10:48    ---------    d-----w    c:\programdata\Sony Corporation
2009-03-06 21:13    ---------    d-----w    c:\program files\Java
2009-03-03 11:40    ---------    d-----w    c:\users\Sony\AppData\Roaming\DivX
2009-02-22 16:56    ---------    d-----w    c:\programdata\Microsoft Help
2009-02-22 16:52    ---------    d-----w    c:\program files\Microsoft Works
2009-02-20 21:17    ---------    d-----w    c:\programdata\McAfee
2009-02-20 21:15    ---------    d-----w    c:\program files\Google
2009-02-20 19:50    ---------    d-----w    c:\program files\Common Files\Adobe
2009-02-20 19:36    ---------    d-----w    c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-02-20 17:48    ---------    d-----w    c:\programdata\Skype
2009-02-20 17:45    ---------    d-----w    c:\programdata\SiteAdvisor
2009-01-19 09:30    ---------    d-----w    c:\users\Sony\AppData\Roaming\Media Player Classic
2009-01-19 09:27    ---------    d-----w    c:\program files\Haali
2009-01-19 09:27    ---------    d-----w    c:\program files\ffdshow
2008-01-21 02:43    174    --sha-w    c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-31 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 148888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-23 24576]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-08-08 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-07-01 768552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 02:04 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{48D947BD-E984-4D43-9090-84262E991DE9}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{1D2A0144-A0A0-4E18-8313-D6C096BEE1AB}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{1815D523-77AD-4AB2-AEF7-CEC045588999}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{3225A0A1-5FE9-4482-B175-F20D7C90A1A2}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{B4BADD69-AA8B-4F66-B42C-CA23D57F798B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{79BECA5E-F5E5-441A-9147-8F609AB3BFE3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7F124B15-D578-4AD3-A097-6571DC5D663A}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{5D9C1EE5-0235-4300-A051-2F4A9974D412}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{47F0BE0F-8B2D-4761-9AC6-E54AA360B382}"= UDP:c:\windows\Temp\~os595E.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{B5A43F29-5532-423F-81B7-173AC45DCD7E}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{6AE0C909-A0A9-4BBC-83EB-19AB55B45C09}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{15A84900-7505-43B2-8385-52056C763739}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{D3A1265A-CDE2-456E-A3AA-EACDCD2A2368}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"{F7DF18A9-F517-4557-94A3-2D09764B016D}"= UDP:c:\windows\Temp\~os5FFD.tmp\ossproxy.exe:ossproxy.exe

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-02-20 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-02-20 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-02-20 51792]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-08-23 299008]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-08-08 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-08 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [2008-04-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [2008-08-08 9344]
R3 SndTAudio;SndTAudio;c:\windows\System32\drivers\SndTAudio.sys [2009-03-02 23096]
R3 SndTVideo;SndTVideo;c:\windows\System32\drivers\SndTVideo.sys [2009-03-02 3768]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-08-08 29736]
S3 SMServer;SMServer;c:\windows\System32\snmvtsvc.exe [2009-03-02 237568]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-08-23 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-08-23 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-08-23 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-08-23 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-08-23 83232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - g:\autorun\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebfc4c54-00fc-11de-8337-00214f4a0ee7}]
\shell\AutoRun\command - setupSNK.exe
.
Indhold af mappen 'Planlagte Opgaver'

2009-03-18 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: danid.dk
Trusted Zone: danskebank.dk\www
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://logon.sdu.dk/dana-cached/sc/JuniperSetupClient.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 21:00:36
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(5056)
c:\windows\system32\btmmhook.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\wlanext.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\System32\dllhost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\dllhost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Gennemført tid: 2009-03-18 21:04:35 - maskinen blev genstartet [Sony]
ComboFix-quarantined-files.txt  2009-03-18 20:04:32
ComboFix2.txt  2009-03-17 09:08:38

Pre-Kørsel: 295,213,678,592 byte ledig
Post-Kørsel: 295,698,739,200 byte ledig

317    --- E O F ---    2009-03-14 17:30:43
Avatar billede arkil Nybegynder
19. marts 2009 - 12:28 #7
Der er ikke mere at komme efter.
Du kan prøve dette > Tryk på windows tast + R. > Skriv services.msc > klik OK.

Find de service her - højreklik på dem - egenskaber - sæt "Starttype" til manuelt - anvend - ok.
Hvis du får problemer må du rette tilbage igen.

(RtkAudioService)
(SMServer)
(SOHCImp)
(SOHDms)
(SOHDs)

Du fjerner Combofix ved at skrive dette I kør > Combofix /u
Husk mellemrum efter Combofix.

Når det er gjort skal du rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=4&PN=1) - vent et par minutter - aktiver systemgendannelse. Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Systemgendannelse og lav et systemgendannelsespunkt, så du har det at vende tilbage til, hvis noget går galt.

God fornøjelse
Avatar billede kgndksv Juniormester
21. marts 2009 - 14:48 #8
Er det nødvendigt at slette combofix? eller kan jeg lade pcen være som den er nu?

Du må gerne sende et svar
Avatar billede arkil Nybegynder
21. marts 2009 - 15:27 #9
Du bestemmer selv om du  vil slette Combofix.
Hvis du ikke har stor kendskab til programmet må du aldrig selv slette noget med den, det kan gå gruelig galt.
Jeg anbefaler du sletter den?
Behold Ccleaner og Malwarebytes' Anti-Malware > Du retter bare Malwarebytes' Anti-Malware til ikke  at  starte op med Windows.
Scan manuelt med den når du mener det er nødvendig.
Avatar billede arkil Nybegynder
21. marts 2009 - 19:24 #10
PS. Hvis det er fordi du mener du kan bruge Combofix igen hvis du får en infektion - det kan du ikke, der skal hentes en ny på grund af opdatering.
Hvis du ikke afinstallerer den er der en risiko for at din anti-virusprogram vil advare om en trojaner.
Jeg vil anbefale du fjerner den ??
Avatar billede kgndksv Juniormester
22. marts 2009 - 14:06 #11
Ok, det er slettet :-)

Sender du et svar?
Avatar billede arkil Nybegynder
22. marts 2009 - 15:15 #12
Det var et svar.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36 Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows
White papers
Flere white papers »