CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede Lakeorby Nybegynder
10. januar 2010 - 11:26 Der er 8 kommentarer og
1 løsning

Er der nogle der vil hjælpe med en " HEST"

Hej
Jeg har fået en trojansk hest tror jeg, det er et popup vindue hvor der står.: Warning !! Your personal computer needs to install antivirus softvare! Personal Security can perform fast and free scan of your computer.

Den vil ikke forsvinde med mit virusprogram som er nod32 og spybot hjælper heller ikke.

Jeg bruger XP

Håber der er nogen der har en løsning.

Mvh.
Lakeorby
Avatar billede fromsej Praktikant
10. januar 2010 - 11:28 #1
Hent disse to værktøjer:

http://www.ctrlaltdel.dk/programmer/tklog.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

...og pak begge ud til dit Skrivebord. Dobbeltklik herefter på TKLog.bat. TDSSKiller vil køre og forsøge at rense din computer. Efter dette vil en log åbne sig - kopier venligst indholdet herind.

Genstart, følg så vejledningen i denne guide:
http://www.eksperten.dk/guide/1232
Avatar billede Lakeorby Nybegynder
10. januar 2010 - 11:37 #2
Hej
Tak for hurtig respons

Prøver og vender tilbage med log
Avatar billede Lakeorby Nybegynder
10. januar 2010 - 11:42 #3
Her er loggen

11:39:22:843 2064    TDSSKiller 2.1.1 Dec 20 2009 02:40:02
11:39:22:843 2064    ================================================================================
11:39:22:843 2064    SystemInfo:

11:39:22:843 2064    OS Version: 5.1.2600 ServicePack: 3.0
11:39:22:843 2064    Product type: Workstation
11:39:22:843 2064    ComputerName: YOUR-355D1B9CF2
11:39:22:843 2064    UserName: Lars
11:39:22:843 2064    Windows directory: C:\WINDOWS
11:39:22:843 2064    Processor architecture: Intel x86
11:39:22:843 2064    Number of processors: 1
11:39:22:843 2064    Page size: 0x1000
11:39:22:859 2064    Boot type: Normal boot
11:39:22:859 2064    ================================================================================
11:39:22:859 2064    ForceUnloadDriver: NtUnloadDriver error 2
11:39:22:859 2064    ForceUnloadDriver: NtUnloadDriver error 2
11:39:22:859 2064    ForceUnloadDriver: NtUnloadDriver error 2
11:39:22:875 2064    MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
11:39:23:078 2064    main: Driver KLMD successfully dropped
11:39:23:140 2064    main: Driver KLMD successfully loaded
11:39:23:140 2064   
Scanning    Registry ...
11:39:23:140 2064    ScanServices: Searching service UACd.sys
11:39:23:140 2064    ScanServices: Open/Create key error 2
11:39:23:140 2064    ScanServices: Searching service TDSSserv.sys
11:39:23:140 2064    ScanServices: Open/Create key error 2
11:39:23:140 2064    ScanServices: Searching service gaopdxserv.sys
11:39:23:140 2064    ScanServices: Open/Create key error 2
11:39:23:140 2064    ScanServices: Searching service gxvxcserv.sys
11:39:23:140 2064    ScanServices: Open/Create key error 2
11:39:23:140 2064    ScanServices: Searching service MSIVXserv.sys
11:39:23:140 2064    ScanServices: Open/Create key error 2
11:39:23:140 2064    UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
11:39:23:140 2064    UnhookRegistry: Kernel local addr: AA0000
11:39:23:140 2064    UnhookRegistry: KeServiceDescriptorTable addr: B1C020
11:39:23:140 2064    UnhookRegistry: KiServiceTable addr: ACAB9C
11:39:23:140 2064    UnhookRegistry: NtEnumerateKey service number (local): 47
11:39:23:140 2064    UnhookRegistry: NtEnumerateKey local addr: BE3B72
11:39:23:156 2064    KLMD_OpenDevice: Trying to open KLMD device
11:39:23:156 2064    KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
11:39:23:156 2064    KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
11:39:23:156 2064    KLMD_ReadMem: Trying to ReadMemory 0x804FE335[0x4]
11:39:23:156 2064    UnhookRegistry: NtEnumerateKey service number (kernel): 47
11:39:23:156 2064    KLMD_ReadMem: Trying to ReadMemory 0x80501CB8[0x4]
11:39:23:156 2064    UnhookRegistry: NtEnumerateKey real addr: 8061AB72
11:39:23:156 2064    UnhookRegistry: NtEnumerateKey calc addr: 8061AB72
11:39:23:156 2064    UnhookRegistry: No SDT hooks found on NtEnumerateKey
11:39:23:156 2064    KLMD_ReadMem: Trying to ReadMemory 0x8061AB72[0xA]
11:39:23:156 2064    UnhookRegistry: No splicing found on NtEnumerateKey
11:39:23:156 2064   
Scanning    Kernel memory ...
11:39:23:156 2064    KLMD_OpenDevice: Trying to open KLMD device
11:39:23:156 2064    KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
11:39:23:156 2064    KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
11:39:23:156 2064    DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 89D9C030
11:39:23:156 2064    DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
11:39:23:156 2064    DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 89D00C68
11:39:23:156 2064    KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D00C68
11:39:23:156 2064    KLMD_ReadMem: Trying to ReadMemory 0x89D00C68[0x38]
11:39:23:156 2064    DetectCureTDL3: DRIVER_OBJECT addr: 89D9C030
11:39:23:156 2064    KLMD_ReadMem: Trying to ReadMemory 0x89D9C030[0xA8]
11:39:23:156 2064    KLMD_ReadMem: Trying to ReadMemory 0xE159FFB0[0x208]
11:39:23:156 2064    DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
11:39:23:156 2064    DetectCureTDL3: IrpHandler (0) addr: F74EDBB0
11:39:23:156 2064    DetectCureTDL3: IrpHandler (1) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (2) addr: F74EDBB0
11:39:23:156 2064    DetectCureTDL3: IrpHandler (3) addr: F74E7D1F
11:39:23:156 2064    DetectCureTDL3: IrpHandler (4) addr: F74E7D1F
11:39:23:156 2064    DetectCureTDL3: IrpHandler (5) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (6) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (7) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (8) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (9) addr: F74E82E2
11:39:23:156 2064    DetectCureTDL3: IrpHandler (10) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (11) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (12) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (13) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (14) addr: F74E83BB
11:39:23:156 2064    DetectCureTDL3: IrpHandler (15) addr: F74EBF28
11:39:23:156 2064    DetectCureTDL3: IrpHandler (16) addr: F74E82E2
11:39:23:156 2064    DetectCureTDL3: IrpHandler (17) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (18) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (19) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (20) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (21) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (22) addr: F74E9C82
11:39:23:156 2064    DetectCureTDL3: IrpHandler (23) addr: F74EE99E
11:39:23:156 2064    DetectCureTDL3: IrpHandler (24) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (25) addr: 804F355A
11:39:23:156 2064    DetectCureTDL3: IrpHandler (26) addr: 804F355A
11:39:23:156 2064    KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
11:39:23:156 2064    KLMD_ReadMem: DeviceIoControl error 1
11:39:23:156 2064    TDL3_StartIoHookDetect: Unable to get StartIo handler code
11:39:23:156 2064    TDL3_FileDetect: Processing driver: Disk
11:39:23:171 2064    TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
11:39:23:171 2064    TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
11:39:23:171 2064    KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
11:39:23:187 2064    DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 89D94C68
11:39:23:187 2064    KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D94C68
11:39:23:187 2064    KLMD_ReadMem: Trying to ReadMemory 0x89D94C68[0x38]
11:39:23:187 2064    DetectCureTDL3: DRIVER_OBJECT addr: 89D9C030
11:39:23:187 2064    KLMD_ReadMem: Trying to ReadMemory 0x89D9C030[0xA8]
11:39:23:187 2064    KLMD_ReadMem: Trying to ReadMemory 0xE159FFB0[0x208]
11:39:23:187 2064    DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
11:39:23:187 2064    DetectCureTDL3: IrpHandler (0) addr: F74EDBB0
11:39:23:187 2064    DetectCureTDL3: IrpHandler (1) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (2) addr: F74EDBB0
11:39:23:187 2064    DetectCureTDL3: IrpHandler (3) addr: F74E7D1F
11:39:23:187 2064    DetectCureTDL3: IrpHandler (4) addr: F74E7D1F
11:39:23:187 2064    DetectCureTDL3: IrpHandler (5) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (6) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (7) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (8) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (9) addr: F74E82E2
11:39:23:187 2064    DetectCureTDL3: IrpHandler (10) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (11) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (12) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (13) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (14) addr: F74E83BB
11:39:23:187 2064    DetectCureTDL3: IrpHandler (15) addr: F74EBF28
11:39:23:187 2064    DetectCureTDL3: IrpHandler (16) addr: F74E82E2
11:39:23:187 2064    DetectCureTDL3: IrpHandler (17) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (18) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (19) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (20) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (21) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (22) addr: F74E9C82
11:39:23:187 2064    DetectCureTDL3: IrpHandler (23) addr: F74EE99E
11:39:23:187 2064    DetectCureTDL3: IrpHandler (24) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (25) addr: 804F355A
11:39:23:187 2064    DetectCureTDL3: IrpHandler (26) addr: 804F355A
11:39:23:187 2064    KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
11:39:23:187 2064    KLMD_ReadMem: DeviceIoControl error 1
11:39:23:187 2064    TDL3_StartIoHookDetect: Unable to get StartIo handler code
11:39:23:187 2064    TDL3_FileDetect: Processing driver: Disk
11:39:23:187 2064    TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
11:39:23:187 2064    TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
11:39:23:187 2064    KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
11:39:23:203 2064    DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 89D9B1F0
11:39:23:203 2064    KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D9B1F0
11:39:23:203 2064    DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 89CF94A8
11:39:23:203 2064    KLMD_GetLowerDeviceObject: Trying to get lower device object for 89CF94A8
11:39:23:203 2064    DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 89D3D940
11:39:23:203 2064    KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D3D940
11:39:23:203 2064    KLMD_ReadMem: Trying to ReadMemory 0x89D3D940[0x38]
11:39:23:203 2064    DetectCureTDL3: DRIVER_OBJECT addr: 89D95268
11:39:23:203 2064    KLMD_ReadMem: Trying to ReadMemory 0x89D95268[0xA8]
11:39:23:203 2064    KLMD_ReadMem: Trying to ReadMemory 0xE158D2A8[0x208]
11:39:23:203 2064    DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
11:39:23:203 2064    DetectCureTDL3: IrpHandler (0) addr: F72FC6F2
11:39:23:203 2064    DetectCureTDL3: IrpHandler (1) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (2) addr: F72FC6F2
11:39:23:203 2064    DetectCureTDL3: IrpHandler (3) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (4) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (5) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (6) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (7) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (8) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (9) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (10) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (11) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (12) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (13) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (14) addr: F72FC712
11:39:23:203 2064    DetectCureTDL3: IrpHandler (15) addr: F72F8852
11:39:23:203 2064    DetectCureTDL3: IrpHandler (16) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (17) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (18) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (19) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (20) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (21) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (22) addr: F72FC73C
11:39:23:203 2064    DetectCureTDL3: IrpHandler (23) addr: F7303336
11:39:23:203 2064    DetectCureTDL3: IrpHandler (24) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (25) addr: 804F355A
11:39:23:203 2064    DetectCureTDL3: IrpHandler (26) addr: 804F355A
11:39:23:203 2064    KLMD_ReadMem: Trying to ReadMemory 0xF72F9864[0x400]
11:39:23:203 2064    TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0
11:39:23:203 2064    TDL3_FileDetect: Processing driver: atapi
11:39:23:203 2064    TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
11:39:23:203 2064    TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
11:39:23:203 2064    KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
11:39:23:234 2064   
Completed

Results:
11:39:23:234 2064    Infected objects in memory:            0
11:39:23:234 2064    Cured objects in memory:            0
11:39:23:234 2064    Infected objects on disk:            0
11:39:23:234 2064    Objects on disk cured on reboot:        0
11:39:23:234 2064    Objects on disk deleted on reboot:        0
11:39:23:234 2064    Registry nodes deleted on reboot:        0
11:39:23:234 2064
Avatar billede Lakeorby Nybegynder
10. januar 2010 - 14:49 #4
Så endelig færdig efter dine anvisninger så her er alle log filer.:

Malwarebytes' Anti-Malware 1.44
Database version: 3533
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10-01-2010 14:14:17
mbam-log-2010-01-10 (14-14-17).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 187578
Tid tilbagelagt: 1 hour(s), 54 minute(s), 30 second(s)

Inficerede Hukommelses Processer: 1
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 13

Inficerede Hukommelses Processer:
C:\WINDOWS\pp14.exe (Worm.Koobface) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.Koobface) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\pp14.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4CB9ED32-85EF-42F8-9C92-4A0A7F5DB7D8}\RP310\A0138265.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\bk20856.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146111103.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146114101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146115116.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464850.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465449.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465450.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465755.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fs1235.dat (KoobFace.Trace) -> Quarantined and deleted successfully.


-----------------------------------------------------------------

ComboFix 10-01-04.01 - Lars 10-01-2010  14:28:56.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.1918.1416 [GMT 1:00]
Kører fra: c:\download\Virus\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\rdr_1263043861.exe
c:\windows\rdr_1263043862.exe
c:\windows\rdr_1263112621.exe
c:\windows\rdr_1263112623.exe
D:\Autorun.inf

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-12-10 til 2010-01-10  )))))))))))))))))))))))))))))))))))
.

2010-01-10 11:04 . 2010-01-10 11:04    --------    d-----w-    c:\programmer\CCleaner
2010-01-10 11:00 . 2010-01-10 11:00    --------    d-----w-    c:\programmer\ReviverSoft
2010-01-10 10:59 . 2010-01-10 10:59    --------    d-----w-    c:\documents and settings\All Users\Application Data\ReviverSoft
2010-01-10 09:36 . 2010-01-10 09:36    --------    d-----w-    c:\documents and settings\Lars\Application Data\Malwarebytes
2010-01-10 09:36 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-10 09:36 . 2010-01-10 09:36    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-10 09:36 . 2010-01-07 15:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-01-10 09:36 . 2010-01-10 11:15    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 13:23 . 2004-09-17 10:37    84030    ----a-w-    c:\windows\system32\perfc006.dat
2010-01-10 13:23 . 2004-09-17 10:37    459900    ----a-w-    c:\windows\system32\perfh006.dat
2010-01-10 11:10 . 2008-08-08 18:04    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-10 08:48 . 2008-08-08 18:04    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2010-01-09 08:41 . 2008-11-15 19:06    0    ----a-w-    c:\documents and settings\Lars\temp.dat
2009-12-09 17:32 . 2008-01-31 17:34    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-04 15:43 . 2009-03-12 16:17    --------    d-----w-    c:\documents and settings\Lars\Application Data\Skype
2009-11-21 18:40 . 2006-05-30 01:07    --------    d-----w-    c:\programmer\Java
2009-11-21 18:39 . 2009-11-21 18:39    152576    ----a-w-    c:\documents and settings\Lars\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-21 18:39 . 2009-11-21 18:39    79488    ----a-w-    c:\documents and settings\Lars\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:58 . 2004-08-27 08:00    471552    ----a-w-    c:\windows\AppPatch\aclayers.dll
2009-11-18 18:20 . 2009-11-18 18:13    --------    d-----w-    c:\programmer\Gamebookers
2009-11-17 20:06 . 2009-11-17 20:05    --------    d-----w-    c:\programmer\LastPass
2009-11-08 06:36 . 2008-01-31 17:17    83816    ----a-w-    c:\documents and settings\Lars\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 07:43 . 2004-08-27 08:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2004-08-27 08:00    75776    ----a-w-    c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-27 08:00    25088    ----a-w-    c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-27 08:00    265728    ----a-w-    c:\windows\system32\drivers\http.sys
2009-10-16 17:17 . 2009-10-16 17:17    79144    -c--a-w-    c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-13 10:34 . 2004-08-27 08:00    270848    ----a-w-    c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-27 08:00    79872    ----a-w-    c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-27 08:00    150016    ----a-w-    c:\windows\system32\rastls.dll
2006-09-03 13:33 . 2008-02-01 01:10    0    -csha-w-    c:\windows\SMINST\HPCD.SYS
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmer\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"HP Software Update"="c:\programmer\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\programmer\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\programmer\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\programmer\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate"="c:\programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programmer\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
"IndexSearch"="c:\programmer\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]
"SetDefPrt"="c:\programmer\Brother\BRMFLPRO\BrDefPrt.exe" [2002-12-18 40960]
"SetDefPrt2"="c:\programmer\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\programmer\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 933888]
"egui"="c:\programmer\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Lars\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Speed Launch.lnk - c:\programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Photosmart Premier Hurtig start.lnk - c:\programmer\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Mobilt Bredb†nd.lnk - c:\programmer\Option\Mobilt Bredb†nd\Mobilt Bredb†nd.exe [2008-4-15 782336]
Statusmonitor.lnk - c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe [2008-7-13 802816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18-08-2008 12:27 34824]
R2 ekrn;Eset Service;c:\programmer\ESET\ESET NOD32 Antivirus\ekrn.exe [24-10-2008 19:51 468224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [11-03-2009 20:32 54752]
R2 GtDetectSc;GtDetectSc;c:\programmer\Option\Mobilt Bredbånd\GtDetectSc.exe [18-12-2007 12:48 196704]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22-08-2005 10:06 231424]
S3 BrUsbScn;Brother MFC USB-scannerdriver;c:\windows\system32\drivers\BrUsbScn.sys [30-06-2008 15:23 10368]
S3 fsssvc;Windows Live-tjenesten Family Safety;c:\programmer\Windows Live\Family Safety\fsssvc.exe [05-08-2009 22:48 704864]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [18-02-2008 16:14 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [08-02-2008 12:00 59648]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10-01-2010 10:36 38224]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [22-05-2009 20:03 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [22-05-2009 20:03 8320]
.
Indhold af mappen 'Planlagte Opgaver'

2009-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-10 c:\windows\Tasks\Registry Reviver.job
- c:\programmer\ReviverSoft\Registry Reviver\RegistryReviver.exe [2009-11-17 13:03]

2010-01-10 c:\windows\Tasks\User_Feed_Synchronization-{FC04F0EE-ECC2-4030-A77F-4DE07A43DB97}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\programmer\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\programmer\LastPass\context.html?cmd=fillforms
IE: LastPass Udfylder Formularer - file://c:\programmer\LastPass\context.html?cmd=fillforms
IE: {{25D3746C-E212-4755-9D2D-87671CB6C150} - c:\programmer\Gamebookers\GamebookersPoker\RunApp.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 14:32
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\programmer\HPQ\Default Settings\cpqset.exe???????????????n??|?????? ???B????????? ???hLC????????

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
Gennemført tid: 2010-01-10  14:35:06
ComboFix-quarantined-files.txt  2010-01-10 13:34

Pre-Kørsel: 13.933.731.840 byte ledig
Post-Kørsel: 14.090.760.192 byte ledig

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 36D524698F83F7898035D4B949977D16


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:30, on 10-01-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmer\Option\Mobilt Bredbånd\GtDetectSc.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\HP\QuickPlay\QPService.exe
C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Option\Mobilt Bredbånd\Mobilt Bredbånd.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Programmer\LastPass\LPBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Programmer\LastPass\LPBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmer\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [SetDefPrt2] C:\Programmer\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Mobilt Bredbånd.lnk = ?
O4 - Global Startup: Statusmonitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Programmer\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Programmer\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: LastPass Udfylder Formularer - file://C:\Programmer\LastPass\context.html?cmd=fillforms
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: GamebookersPoker.com - {25D3746C-E212-4755-9D2D-87671CB6C150} - C:\Programmer\Gamebookers\GamebookersPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: GamebookersPoker.com - {25D3746C-E212-4755-9D2D-87671CB6C150} - C:\Programmer\Gamebookers\GamebookersPoker\RunApp.exe
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GtDetectSc - OptionNV - C:\Programmer\Option\Mobilt Bredbånd\GtDetectSc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12098 bytes
Avatar billede fromsej Praktikant
10. januar 2010 - 16:44 #5
Det ser ud til at scannerne åd det hele.
Er problemet løst?
Avatar billede Lakeorby Nybegynder
10. januar 2010 - 16:55 #6
Ja tusind tak for hjælpen:-)
Avatar billede Lakeorby Nybegynder
10. januar 2010 - 16:58 #7
hov hvorfor fik du ikke point , de kom tilbage til mig selv
Avatar billede fromsej Praktikant
10. januar 2010 - 17:03 #8
Det er fordi jeg ikke havde lagt et svar, men du accepterede dit eget svar i stedet for, nå fred være med det, det er der ingen grund til at gøre mere ud af.

1. For at rydde op kan du afinstallere Malwarebytes og HijackThis (via Start -> Kontrol Panel -> Tilføj/fjern programmer). ComboFix fjerner du ved at gå i Start -> Kør og skrive combofix /uninstall
Husk mellemrum efter combofix

2. Hvis du vil rydde op i systemgendannelses filerne og starte på en “frisk” så skal du deaktivere systemgendannelse (http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=4&PN=1) - vent et par minutter - aktiver systemgendannelse. Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Systemgendannelse og lav et systemgendannelsespunkt, så du har det at vende tilbage til, hvis noget går galt.

3. Du får lige lidt råd med på vejen:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=25&PN=1

God fornøjelse
Avatar billede Lakeorby Nybegynder
10. januar 2010 - 17:13 #9
Tak for det, har lagt point ud til dig under virus, og endnu engang tak for din store hjælp, det er rart når man selv er "edb blind" at der er nogen der gider at bruge tid på at hjælpe.

Mvh.
Lakeorby
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 18:41 facebook - redigere oplysninger om mig. Af nu_igen i Sociale medier
I går 15:22 googlesites Af Joergen Skaastrup i Andet software
04/0919:10 Samsung Galaxy A21s Af nu_igen i Mobiltelefoner
04/0913:32 Computer slukker efter kort tid Af indicator72 i PC
03/0910:57 Pc vil ikke starte pludseligt.. Af jackie18 i Windows
White papers
Flere white papers »


Premium
Teaser billede
Broadcoms gigantopkøb af VMware kan være tjent hjem om blot tre år – de eneste tabere er kunderne
Læs mere »
Teenagehackere lammer berømt britisk bilproducent: Fabrikker lukket og medarbejdere hjemsendt
De gyldne tider som it-konsulent er forbi: Noget er i gang med at ødelægge den guldrandede forretningsmodel
Særlig aftale udelukker alle andre: Får solo-kontrakt på levering af udstyr til dansk supercomputer for millioner
Se alle »
Computerworld
Teaser billede
Apple er vippet af tronen: Er ikke længere klodens førende smartwatch-producent
Læs mere »
Windows 11 gemmer på gratis adgang til ChatGPT’s premium-funktioner
Trump har indkaldt USA’s it-elite til fællesmøde: En mand mangler
Ugen i tech: Tesla klar med ny, stor performance-bil / Det her ligner kablet over dem alle
Se alle »
CIO
Teaser billede
Tryg skiller sig af med 225 it-medarbejdere: Outsourcer stor del af sin it-drift til indere
Læs mere »
De gyldne tider som it-konsulent er forbi: Noget er i gang med at ødelægge den guldrandede forretningsmodel
Stor kortlægning: Her er de 100 mest magtfulde it-personer i Danmark - se hele listen her
Novo Nordisks CIO og digitale topchef, Anders Romare, forlader selskabet
Se alle »
Job & Karriere
Teaser billede
Tryg skiller sig af med 225 it-medarbejdere: Outsourcer stor del af sin it-drift til indere
Læs mere »
Lille dansk it-virksomhed fra Vanløse lander drømmekontrakt, der rækker langt ind i stifterens pension
Her er fidusen: Sådan fastholder KMD og Twoday deres it-folk i lang tid
Medarbejderflugt? Disse danske it-selskaber har sværest ved at holde på deres it-folk
Se alle »
White paper
Teaser billede
Cybersikkerhed 2025: Er din branche blandt de mest udsatte?
Læs mere »
IT i front: Sådan bliver netværk en strategisk driver
Sådan får du succes med AI i hele organisationen
Undgå at printeren bliver svageste led i sikkerheden
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »