CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede torgius Novice
19. februar 2010 - 08:35 Der er 7 kommentarer og
1 løsning

Tjeck af log (trojan mm)

Jeg har her til morgen fundet tegn på at min laptop skulel være inficeret med noget snavs, og jeg køret derefter en tur med Spysweeper (scan version) og den fandt bla. en trojaner (mener den hed worm-koobface). Har kørt CCleaner men vil gerne have min log tjekket.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:32:05, on 19-02-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmer\Webroot\WebrootSecurity\SpySweeper.exe
C:\Programmer\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Programmer\Norman\Npm\bin\ZLH.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Apoint\HidFind.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\NetWaiting\netwaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmer\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programmer\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\3\3Connect\AutoUpdateSrv.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\Fælles filer\Nokia\NoA\nokiaaserver.exe
C:\Programmer\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Norman\Nvc\bin\nvcoas.exe
C:\Programmer\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Norman\Nvc\bin\cclaw.exe
C:\Programmer\3\3Connect\WilogApp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\System32\wudfhost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Frank\Skrivebord\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row-rel&channel=dk&ibd=6071014
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.dk/hws/sb/dell-row-rel/da/side.html?channel=dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.dk/hws/sb/dell-row-rel/da/side.html?channel=dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.dk/hws/sb/dell-row-rel/da/side.html?channel=dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row-rel&channel=dk&ibd=6071014
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmer\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] "C:\Programmer\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "stsystra.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Programmer\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [NokiaMServer] "C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer" /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Programmer\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmer\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ModemOnHold] "C:\Programmer\NetWaiting\netwaiting.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmer\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [NokiaOviSuite2] "C:\Programmer\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" -tray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=jigsawpuzzles&dwin=1&memberStatus=NotSignedIn&year=09&month=11&day=9"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Opdateringsagent.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220634180234
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDCD48B8-679D-4A32-960D-5F6CFF539B9F}: NameServer = 80.251.201.177 80.251.201.178
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programmer\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmer\Fælles filer\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmer\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Programmer\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Programmer\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 13192 bytes
Avatar billede Computer Hjælp (Gratis) Mester
19. februar 2010 - 10:24 #1
Du kunne jo gennemføre denne pakke ->

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...
Avatar billede torgius Novice
19. februar 2010 - 19:15 #2
Mens Malwarebytes var igang med at scanne opsnappede min egen antivirus Norman 2 trojanere ( W32/Ardamax.LSM og W32/Suspicious_Gen2.dam)og satte dem i karantæne.

Malwarebytes' Anti-Malware 1.44
Database version: 3761
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19-02-2010 19:09:39
mbam-log-2010-02-19 (19-09-39).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 200766
Tid tilbagelagt: 1 hour(s), 22 minute(s), 45 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:35, on 19-02-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmer\Webroot\WebrootSecurity\SpySweeper.exe
C:\Programmer\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Programmer\Norman\Npm\bin\ZLH.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Apoint\HidFind.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\NetWaiting\netwaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmer\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programmer\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\3\3Connect\AutoUpdateSrv.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\Fælles filer\Nokia\NoA\nokiaaserver.exe
C:\Programmer\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Norman\Nvc\bin\nvcoas.exe
C:\Programmer\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Norman\Nvc\bin\cclaw.exe
C:\Programmer\3\3Connect\WilogApp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmer\Windows Defender\MpCmdRun.exe
C:\Documents and Settings\Frank\Skrivebord\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row-rel&channel=dk&ibd=6071014
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.dk/hws/sb/dell-row-rel/da/side.html?channel=dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.dk/hws/sb/dell-row-rel/da/side.html?channel=dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.dk/hws/sb/dell-row-rel/da/side.html?channel=dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row-rel&channel=dk&ibd=6071014
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmer\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] "C:\Programmer\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "stsystra.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Programmer\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [NokiaMServer] "C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer" /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Programmer\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmer\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ModemOnHold] "C:\Programmer\NetWaiting\netwaiting.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmer\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [NokiaOviSuite2] "C:\Programmer\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" -tray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=jigsawpuzzles&dwin=1&memberStatus=NotSignedIn&year=09&month=11&day=9"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Opdateringsagent.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220634180234
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDCD48B8-679D-4A32-960D-5F6CFF539B9F}: NameServer = 80.251.201.177 80.251.201.178
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programmer\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmer\Fælles filer\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmer\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Programmer\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Programmer\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 13149 bytes
Avatar billede Computer Hjælp (Gratis) Mester
19. februar 2010 - 19:35 #3
Hmmm... Opdatér din NORMAN - foretag fuld scanning med den (i fred og ro) - slet evt. elementer i karantænen ...

---

Rul også denne 'pakke' ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

NB: Du må ikke døbe den Combofix.exe, men eksempelvis BANAN.exe

-- Kør så combofix.exe (BANAN.exe), som du hentede tidligere, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Avatar billede torgius Novice
20. februar 2010 - 06:38 #4
ComboFix 10-02-19.04 - Rasmus Christensen 20-02-2010  6:22.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1014.232 [GMT 1:00]
Kører fra: c:\documents and settings\Frank\Skrivebord\Ding.exe
AV: Norman Virus Control *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Outdated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
* Resident AV is active


advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((  Filer skabt fra 2010-01-20 til 2010-02-20  )))))))))))))))))))))))))))))))))))
.

2010-02-19 18:18 . 2008-08-26 08:26    18816    ----a-w-    c:\windows\system32\drivers\pccsmcfd.sys
2010-02-19 18:18 . 2010-02-19 18:18    --------    d-----w-    c:\programmer\PC Connectivity Solution
2010-02-19 18:16 . 2010-02-19 18:16    77824    ----a-w-    c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-02-19 18:16 . 2010-02-19 18:16    50000    ----a-w-    c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\pcswpc.exe
2010-02-19 18:16 . 2010-02-15 14:13    64099864    ----a-w-    c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\NokiaOviSuite2Installer.exe
2010-02-19 16:43 . 2010-02-19 16:43    --------    d-----w-    c:\documents and settings\Frank\Application Data\Malwarebytes
2010-02-19 16:42 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 16:42 . 2010-02-19 16:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-19 16:42 . 2010-02-19 16:43    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-02-19 16:42 . 2010-01-07 15:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-02-19 06:09 . 2010-02-19 06:09    --------    d-----w-    c:\programmer\MSSOAP
2010-02-19 06:09 . 2010-02-19 06:09    --------    d-----w-    c:\documents and settings\Frank\Application Data\Webroot
2010-02-19 06:09 . 2009-11-06 14:19    1563008    ----a-w-    c:\windows\WRSetup.dll
2010-02-19 06:09 . 2010-02-19 06:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\Webroot
2010-02-19 06:09 . 2010-02-19 06:09    --------    d-----w-    c:\programmer\Webroot
2010-02-19 06:08 . 2010-02-19 06:08    164    ----a-w-    c:\windows\install.dat
2010-02-14 10:12 . 2010-02-14 10:12    --------    d-----w-    c:\windows\Simplify Install
2010-02-07 12:03 . 2010-02-07 12:03    --------    d-----w-    c:\documents and settings\Frank\Application Data\Motorola
2010-02-07 11:36 . 2010-02-07 11:36    --------    d-----w-    c:\windows\Simplify Uninstall
2010-02-07 11:08 . 2010-02-07 11:08    --------    d-----w-    c:\programmer\Intuwave Ltd
2010-02-07 11:07 . 2010-02-07 11:07    --------    d-----w-    c:\programmer\Symbian
2010-02-05 11:29 . 2009-12-10 08:24    82168    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll
2010-02-05 11:29 . 2009-12-10 08:24    82696    ----a-w-    c:\windows\system32\lmdimon8.dll
2010-02-05 11:29 . 2010-02-05 11:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\Applications

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 18:33 . 2007-10-26 11:15    --------    d-----w-    c:\programmer\Norman
2010-02-19 18:25 . 2009-12-02 12:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-02-19 18:19 . 2008-04-11 06:13    --------    d-----w-    c:\programmer\Fælles filer\Nokia
2010-02-19 18:17 . 2007-10-30 06:27    --------    d-----w-    c:\programmer\Nokia
2010-02-15 14:13 . 2009-12-17 15:16    64099864    ----a-w-    c:\documents and settings\Frank\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-02-14 10:11 . 2007-10-14 14:07    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2010-02-12 16:29 . 2009-07-29 06:43    320360    ----a-w-    c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-02-11 11:00 . 2007-10-29 16:22    --------    d-----w-    c:\programmer\Fælles filer\Adobe
2010-02-10 08:43 . 2007-10-14 14:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-20 14:28 . 2008-01-24 08:48    --------    d-----w-    c:\programmer\Microsoft Silverlight
2010-01-14 10:12 . 2009-10-05 04:48    181120    ------w-    c:\windows\system32\MpSigStub.exe
2010-01-05 08:15 . 2010-01-05 08:15    --------    d-----w-    c:\documents and settings\Frank\Application Data\Leadertech
2009-12-31 16:50 . 2004-09-16 15:38    353792    ----a-w-    c:\windows\system32\drivers\srv.sys
2009-12-30 10:30 . 2005-10-13 07:15    91136    ----a-w-    c:\windows\system32\nmwcdcls.dll
2009-12-21 19:08 . 2004-09-16 15:38    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2004-09-16 15:49    344576    ----a-w-    c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2004-09-16 15:38    33280    ----a-w-    c:\windows\system32\csrsrv.dll
2009-12-09 10:10 . 2004-09-16 15:38    2147840    ----a-w-    c:\windows\system32\ntoskrnl.exe
2009-12-09 10:10 . 2004-08-26 16:50    2026496    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2009-12-09 09:54 . 2004-09-16 15:38    99610    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-09 09:54 . 2004-09-16 15:38    500374    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-04 18:22 . 2004-09-16 15:38    455424    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2009-12-02 13:52 . 2007-10-14 14:19    70728    ----a-w-    c:\documents and settings\Administrator\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 12:52 . 2009-12-02 12:52    12212040    ----a-w-    c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-02 12:52 . 2009-12-02 12:52    13930312    ----a-w-    c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-02 12:52 . 2009-12-02 12:52    77824    ----a-w-    c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-02 12:52 . 2009-12-02 12:52    61440    ----a-w-    c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-02 12:52 . 2009-12-02 12:52    58880    ----a-w-    c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-02 12:52 . 2009-12-02 12:52    50000    ----a-w-    c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe
2009-12-02 12:50 . 2009-12-02 12:50    94628904    ----a-w-    c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\dld_file.exe
2009-11-27 17:13 . 2004-09-16 15:38    1295872    ----a-w-    c:\windows\system32\quartz.dll
2009-11-27 17:13 . 2004-08-26 16:53    17920    ----a-w-    c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-09-16 15:38    28672    ----a-w-    c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2004-09-16 15:38    11264    ----a-w-    c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-09-16 15:38    85504    ----a-w-    c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-26 16:53    48128    ----a-w-    c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2001-10-04 16:07    8704    ----a-w-    c:\windows\system32\tsbyuv.dll
2009-11-23 06:35 . 2009-11-23 06:35    152576    ----a-w-    c:\documents and settings\Frank\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-23 06:35 . 2009-11-23 06:35    79488    ----a-w-    c:\documents and settings\Frank\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\programmer\NetWaiting\netwaiting.exe" [2003-09-10 20480]
"TomTomHOME.exe"="c:\programmer\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"NokiaOviSuite2"="c:\programmer\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-05 385856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmer\Fælles filer\Nokia\MPlatform\NokiaMServer" [X]
"Apoint"="c:\programmer\Apoint\Apoint.exe" [2005-10-06 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"IntelZeroConfig"="c:\programmer\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"Dell QuickSet"="c:\programmer\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\programmer\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"Norman ZANDA"="c:\programmer\Norman\Npm\bin\ZLH.EXE" [2009-10-06 275840]
"Windows Defender"="c:\programmer\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PDVDDXSrv"="c:\programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 128560]
"HP Software Update"="c:\programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"NokiaMusic FastStart"="c:\programmer\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SpySweeper"="c:\programmer\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FÆLLES~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2007-10-14 24576]
Opdateringsagent.lnk - c:\programmer\3\3Connect\AutoUpdateSrv.exe [2008-10-23 667648]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programmer\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmer\\Fælles filer\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmer\\3\\3Connect\\Wilog.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmer\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [06-11-2009 12:00 29808]
R1 NGS;Norman General Security Driver;c:\programmer\Norman\NVC\bin\ngs.sys [27-02-2009 11:26 25032]
R2 Ndiskio;Ndiskio;c:\programmer\Norman\Nse\Bin\Ndiskio.sys [16-10-2009 11:07 24168]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmer\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
R2 WinDefend;Windows Defender;c:\programmer\Windows Defender\MsMpEng.exe [03-11-2006 18:19 13592]
R2 WRConsumerService;Webroot Client Service;c:\programmer\Webroot\WebrootSecurity\WRConsumerService.exe [19-02-2010 07:10 1201640]
R3 nsesvc;Norman Scanner Engine Service;c:\programmer\Norman\Nse\Bin\Nsesvc.exe [11-12-2009 11:55 283976]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [26-10-2007 12:16 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\programmer\Norman\NVC\bin\Nvcoas.exe [24-06-2009 11:35 185672]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\programmer\Norman\NVC\bin\Nvcsched.exe [26-10-2007 12:16 148808]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - SERVICELAYER
*Deregistered* - mchInjDrv
.
Indhold af mappen 'Planlagte Opgaver'

2010-02-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmer\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearch Page = hxxp://www.google.dk/hws/sb/dell-row-rel/da/side.html?channel=dk
uSearch Bar = hxxp://www.google.dk/hws/sb/dell-row-rel/da/side.html?channel=dk
mSearchAssistant = hxxp://www.google.dk/hws/sb/dell-row-rel/da/side.html?channel=dk
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-20 06:29
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 


c:\windows\TEMP\TMP000000A03ADA9C22ABF6D8C6 524288 bytes executable

scanning gennemført med succes
skjulte filer: 1

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(4436)
c:\programmer\Norman\nvc\bin\Niphk.dll
c:\programmer\Windows Desktop Search\deskbar.dll
c:\programmer\Windows Desktop Search\da-dk\dbres.dll.mui
c:\programmer\Windows Desktop Search\dbres.dll
c:\programmer\Windows Desktop Search\wordwheel.dll
c:\programmer\Windows Desktop Search\da-dk\msnlExtRes.dll.mui
c:\programmer\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Gennemført tid: 2010-02-20  06:32:14
ComboFix-quarantined-files.txt  2010-02-20 05:32

Pre-Kørsel: 49.490.407.424 byte ledig
Post-Kørsel: 49.464.295.424 byte ledig

- - End Of File - - AFE3406C772C08AC050A3A1FD2C37C3D





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:37:23, on 20-02-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmer\Webroot\WebrootSecurity\SpySweeper.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmer\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Apoint\HidFind.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Programmer\Norman\Npm\bin\ZLH.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programmer\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\3\3Connect\AutoUpdateSrv.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Fælles filer\Nokia\NoA\nokiaaserver.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmer\Norman\nse\bin\NSESVC.EXE
C:\Programmer\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Norman\Nvc\bin\nvcoas.exe
C:\Programmer\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Webroot\WebrootSecurity\SSU.EXE
C:\PROGRA~1\FÆLLES~1\Nokia\MPLATF~1\NOKIAM~1.EXE
C:\WINDOWS\explorer.exe
C:\Programmer\3\3Connect\WilogApp.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\internet explorer\iexplore.exe
C:\WINDOWS\System32\wudfhost.exe
C:\Documents and Settings\Frank\Skrivebord\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.dk/hws/sb/dell-row-rel/da/side.html?channel=dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.dk/hws/sb/dell-row-rel/da/side.html?channel=dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.dk/hws/sb/dell-row-rel/da/side.html?channel=dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row-rel&channel=dk&ibd=6071014
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmer\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] "C:\Programmer\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "stsystra.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Programmer\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [NokiaMServer] "C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer" /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Programmer\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmer\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ModemOnHold] "C:\Programmer\NetWaiting\netwaiting.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmer\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [NokiaOviSuite2] "C:\Programmer\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" -tray
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=jigsawpuzzles&dwin=1&memberStatus=NotSignedIn&year=09&month=11&day=9"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FÆLLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Opdateringsagent.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220634180234
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDCD48B8-679D-4A32-960D-5F6CFF539B9F}: NameServer = 80.251.201.177 80.251.201.178
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programmer\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmer\Fælles filer\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmer\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Programmer\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Programmer\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 12518 bytes
Avatar billede Computer Hjælp (Gratis) Mester
20. februar 2010 - 10:29 #5
Hvordan kører putteren så nu ?
Avatar billede torgius Novice
20. februar 2010 - 11:14 #6
Det er vist som det skal være nu, den viser i al fald ingen tegn på problemer længere
Avatar billede Computer Hjælp (Gratis) Mester
20. februar 2010 - 11:29 #7
Bingo - Banko...

Tid til oprydning
Klik på START derefter Kør

Skriv/kopier: Combofix /Uninstall i boxen, og klik OK.

Bemærk mellemrum mellem X og /Uninstall, det skal være der.

Ovennævnte procedure vil:
Slette følgende:
ComboFix og tilhørende filer og mapper.
Nulstille uret indstillinger.
Skjule filtypenavne, hvis det kræves.
Skjule System / Skjulte filer, hvis det kræves.

De andre programmer vi har bedt dig om at installer må du afinstaller manuelt

Du bør oprette et nyt gendannelsespunkt for at fjerne eventuelle infektioner fra et gammelt gendannelsespunkt.
Den nemmeste og sikreste måde at gøre dette på er:

Gå til Start> Alle programmer> Tilbehør> Systemværktøjer> Systemgendannelse
Vælg Opret et gendannelsespunkt, og tryk Ok.

---

PS: Eftercheck her -> http://kundeservice.tdc.dk/testcenter/
Avatar billede torgius Novice
20. februar 2010 - 13:17 #8
Så siger jeg tak for hjælpen
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 15:22 googlesites Af Joergen Skaastrup i Andet software
04/0919:10 Samsung Galaxy A21s Af nu_igen i Mobiltelefoner
04/0913:32 Computer slukker efter kort tid Af indicator72 i PC
03/0910:57 Pc vil ikke starte pludseligt.. Af jackie18 i Windows
02/0922:50 Store Mobilepay problemer Af ErikHg i Fri debat
White papers
Flere white papers »


Premium
Teaser billede
Broadcoms gigantopkøb af VMware kan være tjent hjem om blot tre år – de eneste tabere er kunderne
Læs mere »
Teenagehackere lammer berømt britisk bilproducent: Fabrikker lukket og medarbejdere hjemsendt
De gyldne tider som it-konsulent er forbi: Noget er i gang med at ødelægge den guldrandede forretningsmodel
Særlig aftale udelukker alle andre: Får solo-kontrakt på levering af udstyr til dansk supercomputer for millioner
Se alle »
Computerworld
Teaser billede
Apple er vippet af tronen: Er ikke længere klodens førende smartwatch-producent
Læs mere »
Windows 11 gemmer på gratis adgang til ChatGPT’s premium-funktioner
Ugen i tech: Tesla klar med ny, stor performance-bil / Det her ligner kablet over dem alle
Trump har indkaldt USA’s it-elite til fællesmøde: En mand mangler
Se alle »
CIO
Teaser billede
Tryg skiller sig af med 225 it-medarbejdere: Outsourcer stor del af sin it-drift til indere
Læs mere »
De gyldne tider som it-konsulent er forbi: Noget er i gang med at ødelægge den guldrandede forretningsmodel
Stor kortlægning: Her er de 100 mest magtfulde it-personer i Danmark - se hele listen her
Novo Nordisks CIO og digitale topchef, Anders Romare, forlader selskabet
Se alle »
Job & Karriere
Teaser billede
Tryg skiller sig af med 225 it-medarbejdere: Outsourcer stor del af sin it-drift til indere
Læs mere »
Lille dansk it-virksomhed fra Vanløse lander drømmekontrakt, der rækker langt ind i stifterens pension
Her er fidusen: Sådan fastholder KMD og Twoday deres it-folk i lang tid
Medarbejderflugt? Disse danske it-selskaber har sværest ved at holde på deres it-folk
Se alle »
White paper
Teaser billede
Sikre og skalerbare datacentre med fokus på drift, energi og fremtid
Læs mere »
AI og kunderejsen: Sådan vinder du fremtidens forbrugere
Specialister med særlige evner: Din skjulte konkurrencefordel
Er I klar til at tage næste skridt på den digitale retailrejse?
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »