CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede juliemusen Nybegynder
11. maj 2010 - 15:01 Der er 6 kommentarer og
1 løsning

har fået virus maildoctor

hejsa.
Min ven har fået virus, derfor vil jeg høre om der er en der vil kigge på mine logs?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:39:27, on 11-05-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\AskBarDis\bar\bin\AskService.exe
C:\Programmer\AskBarDis\bar\bin\ASKUpgrade.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Jensen\Common\RalinkRegistryWriter.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Morten\Application Data\92A2330048C138ABBB7D50316B1896A9\gotnewupdate000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Jensen\Common\JensenUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Programmer\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmer\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmer\Crawler\ctbr.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmer\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmer\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [21227] C:\DOCUME~1\Morten\LOKALE~1\Temp\khvcol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programmer\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKCU\..\Run: [gotnewupdate000.exe] C:\Documents and Settings\Morten\Application Data\92A2330048C138ABBB7D50316B1896A9\gotnewupdate000.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [rf4qy] C:\DOCUME~1\Morten\LOKALE~1\Temp\b8n8nse.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Programmer\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Jensen AirLink Utility.lnk = C:\Programmer\Jensen\Common\JensenUI.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.klm.com
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222108660804
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmer\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O21 - SSODL: GootkitSSO - {E9994278-1577-4487-81CB-3551000D7507} - C:\WINDOWS\System32\msxsltsso.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Programmer\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Programmer\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Programmer\Jensen\Common\RalinkRegistryWriter.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

--
End of file - 10088 bytes


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4089

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11-05-2010 13:25:53
mbam-log-2010-05-11 (13-25-53).txt

Skanningstype: Hurtig skanning
Objekter skannet: 118546
Tid gået: 7 minut(ter), 50 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 1
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)


Med Venlig Hilsen
Julie
Avatar billede sullep Nybegynder
11. maj 2010 - 15:32 #1
Afinstaller AskBarDis  fra > Kontrolpanel > Tilføj/fjern programmer > Genstart.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmer\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [21227] C:\DOCUME~1\Morten\LOKALE~1\Temp\khvcol.exe
O4 - HKCU\..\Run: [gotnewupdate000.exe] C:\Documents and Settings\Morten\Application Data\92A2330048C138ABBB7D50316B1896A9\gotnewupdate000.exe
O4 - HKLM\..\Policies\Explorer\Run: [rf4qy] C:\DOCUME~1\Morten\LOKALE~1\Temp\b8n8nse.exe



--Hent Combofix, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Luk alle andre vinduer ned.

Kør så Combofix.exe,  og følg anvisningerne. (Vistabrugere skal klikke med højre-musetast på filen og vælge (Kør som administrator)

Vigtigt-> Deaktiver dit antivirus/antispyware program.
Hvis du ikke kan deaktiver programmet, så klikker du bare "OK" så vil combofix forsætte

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Hvis logfilen ikke åbnes så finder du den her c:\combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Avatar billede juliemusen Nybegynder
11. maj 2010 - 16:37 #2
Hejsa.
mange tak for hjælpen. Jeg har gjort alt det du har skrevet.
Her er en combofix log:

ComboFix 10-05-10.03 - Morten 11-05-2010  16:11:02.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.2046.1608 [GMT 2:00]
Kører fra: c:\documents and settings\Morten\Dokumenter\Hentede filer\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CEPx3CFF.tmp
C:\CEPx3D08.tmp
C:\CEPx3D14.tmp
C:\CEPx3D1D.tmp
C:\CEPx3D28.tmp
C:\CEPx3D32.tmp
C:\CEPx3D3D.tmp
C:\CEPx3D52.tmp
C:\CEPx3D5C.tmp
C:\CEPx3D65.tmp
C:\CEPx3D71.tmp
C:\CEPx3D7B.tmp
C:\CEPx3D85.tmp
C:\CEPx3D90.tmp
C:\CEPx3D9A.tmp
C:\CEPx3DA4.tmp
C:\CEPx3DAF.tmp
C:\CEPx3DB9.tmp
C:\CEPx3DC3.tmp
C:\CEPx3DCE.tmp
C:\CEPx3DD8.tmp
C:\CEPx3DE2.tmp
C:\CEPx3DED.tmp
C:\CEPx3DF7.tmp
C:\CEPx3E01.tmp
C:\CEPx3E0C.tmp
C:\CEPx3E17.tmp
C:\CEPx3E20.tmp
C:\CEPx3E2B.tmp
C:\CEPx3E35.tmp
C:\CEPx3E3F.tmp
C:\CEPx3E4A.tmp
C:\CEPx3E56.tmp
C:\CEPx4137.tmp
C:\CEPx413A.tmp
C:\CEPx413E.tmp
C:\CEPx4141.tmp
C:\CEPx4145.tmp
C:\CEPx4148.tmp
C:\CEPx414B.tmp
C:\CEPx414E.tmp
C:\CEPx4152.tmp
C:\CEPx4155.tmp
C:\CEPx4159.tmp
C:\CEPx415D.tmp
C:\CEPx415F.tmp
C:\CEPx4162.tmp
C:\CEPx4166.tmp
C:\CEPx416E.tmp
C:\CEPx4172.tmp
C:\CEPx4175.tmp
C:\CEPx4179.tmp
C:\CEPx417C.tmp
C:\CEPx417F.tmp
C:\CEPx4183.tmp
C:\CEPx4187.tmp
C:\CEPx4189.tmp
C:\CEPx418D.tmp
C:\CEPx4191.tmp
C:\CEPx4199.tmp
C:\CEPx419E.tmp
C:\CEPx41A1.tmp
C:\CEPx41A4.tmp
C:\CEPx41A8.tmp
C:\CEPx41AE.tmp
C:\CEPx41AA.tmp
C:\CEPx5719.tmp
C:\CEPx5722.tmp
C:\CEPx572C.tmp
C:\CEPx5736.tmp
C:\CEPx5740.tmp
C:\CEPx574B.tmp
C:\CEPx5756.tmp
C:\CEPx575F.tmp
C:\CEPx576A.tmp
C:\CEPx5774.tmp
C:\CEPx577E.tmp
C:\CEPx5789.tmp
C:\CEPx5793.tmp
C:\CEPx579D.tmp
C:\CEPx57A7.tmp
C:\CEPx57B2.tmp
C:\CEPx57BF.tmp
C:\CEPx57C6.tmp
C:\CEPx57D1.tmp
C:\CEPx57DC.tmp
C:\CEPx57E5.tmp
C:\CEPx57F1.tmp
C:\CEPx57FA.tmp
C:\CEPx5804.tmp
C:\CEPx5810.tmp
C:\CEPx581A.tmp
C:\CEPx5823.tmp
C:\CEPx582E.tmp
C:\CEPx5838.tmp
C:\CEPx5843.tmp
C:\CEPx584E.tmp
C:\CEPx5857.tmp
C:\CEPx5861.tmp
C:\CEPx6068.tmp
C:\CEPx606C.tmp
C:\CEPx6076.tmp
C:\CEPx607A.tmp
C:\CEPx607E.tmp
C:\CEPx6083.tmp
C:\CEPx6087.tmp
C:\CEPx608B.tmp
C:\CEPx608F.tmp
C:\CEPx6098.tmp
C:\CEPx609B.tmp
C:\CEPx60A5.tmp
C:\CEPx60AB.tmp
C:\CEPx60AE.tmp
C:\CEPx60B3.tmp
C:\CEPx60B6.tmp
C:\CEPx60BA.tmp
C:\CEPx60BE.tmp
C:\CEPx60C3.tmp
C:\CEPx60C7.tmp
C:\CEPx60CE.tmp
C:\CEPx60D1.tmp
C:\CEPx60D6.tmp
C:\CEPx60D9.tmp
C:\CEPx60DE.tmp
C:\CEPx60E2.tmp
C:\CEPx60E7.tmp
C:\CEPx60EA.tmp
C:\CEPx60F1.tmp
C:\CEPx60F4.tmp
C:\CEPx60F9.tmp
C:\CEPx60FC.tmp
C:\CEPx6101.tmp
C:\CEPx6BAC.tmp
C:\CEPx6BB9.tmp
C:\CEPx6BBD.tmp
C:\CEPx6BC0.tmp
C:\CEPx6C17.tmp
C:\CEPx6C1A.tmp
C:\CEPx6C1E.tmp
C:\CEPx6C22.tmp
C:\CEPx6C27.tmp
C:\CEPx6C31.tmp
C:\CEPx6C35.tmp
C:\CEPx6C39.tmp
C:\CEPx6D54.tmp
C:\CEPx6DB5.tmp
C:\CEPx6DBA.tmp
C:\CEPx6DBD.tmp
C:\CEPx6DEA.tmp
C:\CEPx6DF4.tmp
C:\CEPx6DF9.tmp
C:\CEPx6E13.tmp
C:\CEPx6E19.tmp
C:\CEPx6E1D.tmp
C:\CEPx6E21.tmp
C:\CEPx6E33.tmp
C:\CEPx6E40.tmp
C:\CEPx6E62.tmp
C:\CEPx6E76.tmp
C:\CEPx6E7C.tmp
C:\CEPx6E80.tmp
C:\CEPx6E8F.tmp
C:\CEPx6E9E.tmp
C:\CEPx6EA3.tmp
C:\CEPx6EA7.tmp
C:\CEPx714E.tmp
C:\CEPx7153.tmp
C:\CEPx7156.tmp
C:\CEPx7165.tmp
C:\CEPx7169.tmp
C:\CEPx716C.tmp
C:\CEPx7170.tmp
C:\CEPx7174.tmp
C:\CEPx7177.tmp
C:\CEPx717A.tmp
C:\CEPx717E.tmp
C:\CEPx7184.tmp
C:\CEPx7188.tmp
C:\CEPx718C.tmp
C:\CEPx718F.tmp
C:\CEPx7192.tmp
C:\CEPx7195.tmp
C:\CEPx7198.tmp
C:\CEPx719B.tmp
C:\CEPx719F.tmp
C:\CEPx71A6.tmp
C:\CEPx71A9.tmp
C:\CEPx71AC.tmp
C:\CEPx71AF.tmp
C:\CEPx71B2.tmp
C:\CEPx71B5.tmp
C:\CEPx71B8.tmp
C:\CEPx71BC.tmp
C:\CEPx71C0.tmp
C:\CEPx71C4.tmp
C:\CEPx71CA.tmp
C:\CEPx71CD.tmp
C:\CEPx71D1.tmp
C:\CEPx8ECD.tmp
C:\CEPx8ED6.tmp
C:\CEPx8EE2.tmp
C:\CEPx8EEB.tmp
C:\CEPx8EF5.tmp
C:\CEPx8F04.tmp
C:\CEPx8F0A.tmp
C:\CEPx8F14.tmp
C:\CEPx8F20.tmp
C:\CEPx8F29.tmp
C:\CEPx8F34.tmp
C:\CEPx8F3E.tmp
C:\CEPx8F49.tmp
C:\CEPx8F53.tmp
C:\CEPx8F5E.tmp
C:\CEPx8F67.tmp
C:\CEPx8F73.tmp
C:\CEPx8F7C.tmp
C:\CEPx8F87.tmp
C:\CEPx8F90.tmp
C:\CEPx8F9C.tmp
C:\CEPx8FA6.tmp
C:\CEPx8FB0.tmp
C:\CEPx8FBB.tmp
C:\CEPx8FC5.tmp
C:\CEPx8FCF.tmp
C:\CEPx8FDA.tmp
C:\CEPx8FE3.tmp
C:\CEPx8FEE.tmp
C:\CEPx8FF9.tmp
C:\CEPx9003.tmp
C:\CEPx900C.tmp
C:\CEPx9018.tmp
C:\CEPx95C4.tmp
C:\CEPx95C6.tmp
C:\CEPx95CA.tmp
C:\CEPx95CC.tmp
C:\CEPx95CF.tmp
C:\CEPx95D2.tmp
C:\CEPx95D5.tmp
C:\CEPx95D9.tmp
C:\CEPx95DB.tmp
C:\CEPx95E0.tmp
C:\CEPx95E2.tmp
C:\CEPx95E6.tmp
C:\CEPx95E8.tmp
C:\CEPx95EC.tmp
C:\CEPx95EE.tmp
C:\CEPx95F1.tmp
C:\CEPx95F4.tmp
C:\CEPx95F7.tmp
C:\CEPx95FB.tmp
C:\CEPx95FF.tmp
C:\CEPx9602.tmp
C:\CEPx9605.tmp
C:\CEPx9608.tmp
C:\CEPx960B.tmp
C:\CEPx960E.tmp
C:\CEPx9611.tmp
C:\CEPx9614.tmp
C:\CEPx9617.tmp
C:\CEPx9619.tmp
C:\CEPx961E.tmp
C:\CEPx9620.tmp
C:\CEPx9624.tmp
C:\CEPx9628.tmp
C:\CEPxCD58.tmp
C:\CEPxCD68.tmp
C:\CEPxCD77.tmp
C:\CEPxCD81.tmp
C:\CEPxCD8D.tmp
C:\CEPxCD97.tmp
C:\CEPxCDA1.tmp
C:\CEPxCDAB.tmp
C:\CEPxCDB6.tmp
C:\CEPxCDC0.tmp
C:\CEPxCDCB.tmp
C:\CEPxCDD4.tmp
C:\CEPxCDDF.tmp
C:\CEPxCDE9.tmp
C:\CEPxCDF4.tmp
C:\CEPxCDFE.tmp
C:\CEPxCE09.tmp
C:\CEPxCE12.tmp
C:\CEPxCE1D.tmp
C:\CEPxCE28.tmp
C:\CEPxCE32.tmp
C:\CEPxCE3C.tmp
C:\CEPxCE47.tmp
C:\CEPxCE51.tmp
C:\CEPxCE5B.tmp
C:\CEPxCE66.tmp
C:\CEPxCE70.tmp
C:\CEPxCE7A.tmp
C:\CEPxCE85.tmp
C:\CEPxCE8F.tmp
C:\CEPxCE99.tmp
C:\CEPxCEA4.tmp
C:\CEPxCEAE.tmp
C:\CEPxCEED.tmp
C:\CEPxCEF6.tmp
C:\CEPxCF01.tmp
C:\CEPxCF0C.tmp
C:\CEPxCF16.tmp
C:\CEPxCF20.tmp
C:\CEPxCF2C.tmp
C:\CEPxCF35.tmp
C:\CEPxCF3F.tmp
C:\CEPxCF4A.tmp
C:\CEPxCF54.tmp
C:\CEPxCF5F.tmp
C:\CEPxCF69.tmp
C:\CEPxCF73.tmp
C:\CEPxCF7E.tmp
C:\CEPxCF88.tmp
C:\CEPxCF92.tmp
C:\CEPxCF9D.tmp
C:\CEPxCFA8.tmp
C:\CEPxCFB1.tmp
C:\CEPxCFBC.tmp
C:\CEPxCFC6.tmp
C:\CEPxCFD0.tmp
C:\CEPxCFDC.tmp
C:\CEPxCFE5.tmp
C:\CEPxCFEF.tmp
C:\CEPxCFFC.tmp
C:\CEPxD004.tmp
C:\CEPxD00F.tmp
C:\CEPxD01A.tmp
C:\CEPxD024.tmp
C:\CEPxD02D.tmp
C:\CEPxD038.tmp
C:\CEPxEB5C.tmp
C:\CEPxEB60.tmp
C:\CEPxEB64.tmp
C:\CEPxEB67.tmp
C:\CEPxEB6A.tmp
C:\CEPxEB73.tmp
C:\CEPxEB77.tmp
C:\CEPxEB7A.tmp
C:\CEPxEB7D.tmp
C:\CEPxEB80.tmp
C:\CEPxEB83.tmp
C:\CEPxEB86.tmp
C:\CEPxEB89.tmp
C:\CEPxEB8D.tmp
C:\CEPxEB90.tmp
C:\CEPxEB93.tmp
C:\CEPxEB9B.tmp
C:\CEPxEB9E.tmp
C:\CEPxEBA1.tmp
C:\CEPxEBA4.tmp
C:\CEPxEBA7.tmp
C:\CEPxEBAD.tmp
C:\CEPxEBB0.tmp
C:\CEPxEBB2.tmp
C:\CEPxEBB9.tmp
C:\CEPxEBBC.tmp
C:\CEPxEBBF.tmp
C:\CEPxEBC1.tmp
C:\CEPxEBC6.tmp
C:\CEPxEBC8.tmp
C:\CEPxEBCB.tmp
C:\CEPxEBCF.tmp
C:\CEPxEBAA.tmp
C:\CEPxF749.tmp
C:\CEPxF74C.tmp
C:\CEPxF74E.tmp
C:\CEPxF751.tmp
C:\CEPxF752.tmp
C:\CEPxF754.tmp
C:\CEPxF760.tmp
C:\CEPxF762.tmp
C:\CEPxF763.tmp
C:\CEPxF767.tmp
C:\CEPxF768.tmp
C:\CEPxF76A.tmp
C:\CEPxF772.tmp
C:\CEPxF773.tmp
C:\CEPxF776.tmp
C:\CEPxF779.tmp
C:\CEPxF77A.tmp
C:\CEPxF77C.tmp
C:\CEPxF77F.tmp
C:\CEPxF781.tmp
C:\CEPxF78D.tmp
C:\CEPxF790.tmp
C:\CEPxF793.tmp
C:\CEPxF796.tmp
C:\CEPxF79E.tmp
C:\CEPxF7A1.tmp
C:\CEPxF7A7.tmp
C:\CEPxF7A9.tmp
C:\CEPxF7B4.tmp
C:\CEPxF7B8.tmp
C:\CEPxF7BF.tmp
C:\CEPxF7C4.tmp
C:\CEPxF7C7.tmp
c:\documents and settings\Morten\Application Data\92A2330048C138ABBB7D50316B1896A9
c:\documents and settings\Morten\Application Data\92A2330048C138ABBB7D50316B1896A9\enemies-names.txt
c:\documents and settings\Morten\Application Data\92A2330048C138ABBB7D50316B1896A9\gotnewupdate000.exe
c:\documents and settings\Morten\Application Data\92A2330048C138ABBB7D50316B1896A9\hookdll.dll
c:\documents and settings\Morten\Application Data\92A2330048C138ABBB7D50316B1896A9\lsrslt.ini
c:\documents and settings\Morten\lame_enc_en.dll
c:\documents and settings\Morten\lametritonus_en.dll
c:\windows\system32\qkrtuacdpqbnmp.exe

Inficeret kopi af c:\windows\system32\drivers\afd.sys blev fundet og desinficeret
Genskabt kopi fra - Kitty had a snack :p
.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-04-11 til 2010-05-11  )))))))))))))))))))))))))))))))))))
.

2010-05-11 13:13 . 2010-05-11 13:13    --------    d-----w-    c:\windows\system32\config\systemprofile\Tracing
2010-05-11 12:31 . 2010-05-11 12:32    --------    d-----w-    c:\documents and settings\Morten\Application Data\GetRightToGo
2010-05-11 12:10 . 2010-05-11 12:10    --------    d-----r-    c:\documents and settings\LocalService\Foretrukne
2010-05-11 11:39 . 2010-05-11 11:39    388096    ----a-r-    c:\documents and settings\Morten\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-11 11:39 . 2010-05-11 11:39    --------    d-----w-    c:\programmer\Trend Micro
2010-05-11 11:34 . 2010-05-11 11:34    110080    ----a-r-    c:\documents and settings\Morten\Application Data\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconF7A21AF7.exe
2010-05-11 11:34 . 2010-05-11 11:34    110080    ----a-r-    c:\documents and settings\Morten\Application Data\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconD7F16134.exe
2010-05-11 11:34 . 2010-05-11 11:34    --------    d-----w-    C:\sh4ldr
2010-05-11 11:34 . 2010-05-11 11:34    --------    d-----w-    c:\programmer\Enigma Software Group
2010-05-11 11:34 . 2010-05-11 11:34    --------    d-----w-    c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-05-11 08:24 . 2010-05-11 08:24    --------    d-----w-    c:\documents and settings\Morten\Application Data\Malwarebytes
2010-05-11 08:23 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-11 08:23 . 2010-05-11 08:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-11 08:23 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-05-11 08:23 . 2010-05-11 08:23    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-05-11 00:58 . 2010-05-11 00:58    210816    -c--a-w-    c:\windows\system32\dllcache\ndis.sys
2010-05-08 05:13 . 2010-05-08 05:13    --------    d-----w-    c:\documents and settings\Morten\Lokale indstillinger\Application Data\cache
2010-05-08 05:10 . 2010-05-08 06:07    --------    d-----w-    c:\documents and settings\Morten\Lokale indstillinger\Application Data\FullTiltPoker
2010-05-08 05:09 . 2010-05-08 06:07    --------    d-----w-    c:\programmer\Full Tilt Poker
2010-05-06 04:38 . 2009-11-10 08:26    767952    ----a-w-    c:\windows\BDTSupport.dll
2010-05-06 04:38 . 2009-11-10 08:28    149456    ----a-w-    c:\windows\SGDetectionTool.dll
2010-05-06 04:38 . 2009-11-10 08:28    165840    ----a-w-    c:\windows\PCTBDRes.dll
2010-05-06 04:38 . 2009-11-10 08:28    1640400    ----a-w-    c:\windows\PCTBDCore.dll
2010-05-06 04:38 . 2009-10-27 23:36    1152444    ----a-w-    c:\windows\UDB.zip
2010-05-06 04:38 . 2008-11-26 10:08    131    ----a-w-    c:\windows\IDB.zip
2010-05-06 04:37 . 2010-02-05 07:17    233136    ----a-w-    c:\windows\system32\drivers\pctgntdi.sys
2010-05-06 04:37 . 2009-10-06 14:31    87784    ----a-w-    c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-06 04:37 . 2009-09-23 14:10    207280    ----a-w-    c:\windows\system32\drivers\PCTCore.sys
2010-05-06 04:37 . 2010-02-05 07:25    70408    ----a-w-    c:\windows\system32\drivers\pctplsg.sys
2010-05-06 04:37 . 2010-05-06 05:47    --------    d-----w-    c:\programmer\Spyware Doctor
2010-05-06 04:37 . 2010-05-06 04:37    --------    d-----w-    c:\programmer\Fælles filer\PC Tools
2010-05-06 04:37 . 2010-05-06 04:37    --------    d-----w-    c:\documents and settings\Morten\Application Data\PC Tools
2010-05-06 04:37 . 2010-05-06 04:37    --------    d-----w-    c:\documents and settings\All Users\Application Data\PC Tools
2010-05-06 04:36 . 2010-05-11 12:35    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2010-05-06 00:11 . 2010-05-06 07:39    --------    d-----w-    c:\documents and settings\Morten\Lokale indstillinger\Application Data\bheviayak
2010-04-29 21:55 . 2010-04-29 21:55    52224    ----a-w-    c:\documents and settings\Morten\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-29 21:55 . 2010-05-11 07:50    117760    ----a-w-    c:\documents and settings\Morten\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-22 17:17 . 2010-05-11 11:34    --------    d-----w-    c:\programmer\Fælles filer\Wise Installation Wizard

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 14:02 . 2008-11-02 23:55    --------    d-----w-    c:\programmer\Crawler
2010-05-11 07:55 . 2008-10-30 16:34    --------    d-----w-    c:\programmer\SUPERAntiSpyware
2010-05-11 00:58 . 2001-10-09 12:00    210816    ----a-w-    c:\windows\system32\drivers\ndis.sys
2010-05-09 20:25 . 2009-01-21 21:43    --------    d-----w-    c:\documents and settings\Morten\Application Data\Azureus
2010-05-09 17:49 . 2008-10-15 18:39    --------    d-----w-    c:\programmer\PokerStars
2010-04-27 17:03 . 2008-10-19 15:42    --------    d-----w-    c:\documents and settings\Morten\Application Data\Skype
2010-04-23 09:17 . 2010-03-08 02:06    --------    d-----w-    c:\documents and settings\Morten\Application Data\MSN6
2010-04-22 17:17 . 2008-10-30 16:34    --------    d-----w-    c:\documents and settings\Morten\Application Data\SUPERAntiSpyware.com
2010-04-22 13:07 . 2010-01-18 21:50    --------    d-----w-    c:\programmer\QuickTime
2010-04-14 04:14 . 2008-11-23 17:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-13 16:38 . 2008-09-22 18:04    --------    d-----w-    c:\programmer\Fælles filer\Adobe
2010-03-30 19:08 . 2001-10-09 12:00    79350    ----a-w-    c:\windows\system32\perfc006.dat
2010-03-30 19:08 . 2001-10-09 12:00    450962    ----a-w-    c:\windows\system32\perfh006.dat
2010-03-27 18:08 . 2008-10-19 15:43    --------    d-----w-    c:\documents and settings\Morten\Application Data\skypePM
2010-03-19 17:16 . 2010-03-19 17:16    --------    d-----w-    c:\documents and settings\Morten\Application Data\report
2010-03-10 06:17 . 2001-10-09 12:00    420352    ----a-w-    c:\windows\system32\vbscript.dll
2010-03-08 16:43 . 2010-03-08 12:38    21361    ----a-w-    c:\windows\system32\drivers\AegisP.sys
2010-03-08 07:38 . 2010-03-22 22:13    178096    ----a-w-    c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1030.dat
2010-02-25 06:18 . 2001-10-09 12:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-10-09 12:00    455680    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:09 . 2001-10-09 12:00    2192512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2001-10-04 16:42    2069376    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-06 18:11    293376    ------w-    c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2001-10-09 12:00    100864    ----a-w-    c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-10-09 12:00    226880    ----a-w-    c:\windows\system32\drivers\tcpip6.sys
2010-02-11 10:09 . 2010-02-11 10:09    2627384    ----a-w-    c:\documents and settings\Morten\Application Data\Mozilla\Firefox\Profiles\3v66fom8.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-01 21:02 . 2009-05-01 21:02    1044480    ----a-w-    c:\programmer\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02    200704    ----a-w-    c:\programmer\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

  • 2010-05-11 00:58 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\drivers\ndis.sys
  • 2010-05-11 00:58 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\dllcache\ndis.sys
  • 2008-04-13 19:20 . !HASH: COULD NOT OPEN FILE !!!!! . 182656 . . [------] . . c:\windows\ServicePackFiles\i386\ndis.sys
  • 2004-08-03 21:14 . !HASH: COULD NOT OPEN FILE !!!!! . 182912 . . [------] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmer\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmer\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmer\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmer\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"SpyHunter Security Suite"="c:\programmer\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2010-04-08 3021208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Jensen AirLink Utility.lnk - c:\programmer\Jensen\Common\JensenUI.exe [2010-3-8 679936]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2010-04-29 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-29 21:55    548352    ----a-w-    c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-27 07:44    11952    ----a-w-    c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmer\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Programmer\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Programmer\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmer\\SopCast\\SopCast.exe"=
"c:\\Programmer\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Vuze\\Azureus.exe"=
"c:\\Programmer\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmer\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmer\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmer\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\eMusic Download Manager\\xulrunner\\xulrunner.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [06-05-2010 06:37 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10-11-2008 19:10 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10-11-2008 19:10 108552]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [29-02-2008 16:03 12872]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 68168]
R2 ASKService;ASKService;c:\programmer\AskBarDis\bar\bin\AskService.exe [21-01-2009 23:43 464264]
R2 ASKUpgrade;ASKUpgrade;c:\programmer\AskBarDis\bar\bin\ASKUpgrade.exe [21-01-2009 23:43 234888]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10-11-2008 19:10 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10-11-2008 19:10 297752]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [24-03-2010 18:48 323992]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 12872]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [18-01-2010 23:49 40448]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [23-09-2008 20:08 2077840]
.
Indhold af mappen 'Planlagte Opgaver'

2010-05-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-05-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = <local>
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: klm.com
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmer\Crawler\ctbr.dll
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Morten\Application Data\Mozilla\Firefox\Profiles\3v66fom8.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\Morten\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Morten\Application Data\Mozilla\Firefox\Profiles\3v66fom8.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programmer\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\programmer\Veetle\Player\npvlc.dll
FF - plugin: c:\programmer\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmer\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmer\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programmer\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - TOMME GENVEJE FJERNET - - - -

SSODL-GootkitSSO-{76DD9B7D-CB08-40B6-AD5F-342D7375EECD} - c:\windows\System32\msxsltsso.dll
AddRemove-qkrtuacdpqbnmp - c:\windows\system32\qkrtuacdpqbnmp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 16:19
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x89D970E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba75fcb8
\Driver\atapi -> atapi.sys @ 0xba6f1852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS:  -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\programmer\Jensen\Common\RalinkRegistryWriter.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmer\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Gennemført tid: 2010-05-11  16:23:58 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-05-11 14:23

Pre-Kørsel: 78.737.555.456 byte ledig
Post-Kørsel: 78.764.994.560 byte ledig

- - End Of File - - F941A9BED4559802F63AB55320F632A4

_______________________________________


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:35:52, on 11-05-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\AskBarDis\bar\bin\AskService.exe
C:\Programmer\AskBarDis\bar\bin\ASKUpgrade.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Jensen\Common\JensenUI.exe
C:\Programmer\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Jensen\Common\RalinkRegistryWriter.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmer\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmer\Crawler\ctbr.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmer\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programmer\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Programmer\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Jensen AirLink Utility.lnk = C:\Programmer\Jensen\Common\JensenUI.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.klm.com
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222108660804
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmer\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O21 - SSODL: GootkitSSO - {2640EE01-09FD-41C3-9182-DE08833DA6BC} - C:\WINDOWS\System32\msxsltsso.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Programmer\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Programmer\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Programmer\Jensen\Common\RalinkRegistryWriter.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

--
End of file - 9503 bytes


Hvordan ser det ud?

Med Venlig Hilsen
Julie
Avatar billede sullep Nybegynder
11. maj 2010 - 17:54 #3
Åben Notesblok og kopier følgende (tekst med fed skrift) ind - og gem tekst-filen som CFScript.txt samme sted som du har ComboFix:


Killall::
Snapshot::
Folder::
c:\documents and settings\Morten\Application Data\Azureus
c:\programmer\AskBarDis
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmer\\Vuze\\Azureus.exe"=-
FileLook::
c:\windows\system32\drivers\ndis.sys
SRPeek::
c:\windows\system32\drivers\ndis.sys
MIA::
c:\windows\system32\drivers\ndis.sys
hosts::



Træk CFScript filen over på ComboFix ikonet - det vil starte ComboFix igen (hvis computeren vil genstarte, så lad den gøre det). Se eventuelt her:
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Læg den nye ComboFix log herind.
Avatar billede Computer Hjælp (Gratis) Mester
20. juni 2010 - 14:55 #4
(Hvad endte denne med ?)
Avatar billede Computer Hjælp (Gratis) Mester
09. september 2010 - 22:53 #5
(Hvad endte denne med ?) [2]
Avatar billede juliemusen Nybegynder
23. november 2010 - 16:25 #6
undskyld ventetiden. Formaterede computeren dengang. Ligger i et svar, så i kan få jeres point:-)
Avatar billede juliemusen Nybegynder
09. januar 2011 - 16:49 #7
Hejsa.

Da det er 1½ måned siden jeg skrev efter et svar, og det ikke er kommet, lukker jeg spørgsmålet her.

Skriv hvis det ikke er ok

Med Venlig Hilsen
Julie
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:10 Samsung Galaxy A21s Af nu_igen i Mobiltelefoner
I går 13:32 Computer slukker efter kort tid Af indicator72 i PC
03/0910:57 Pc vil ikke starte pludseligt.. Af jackie18 i Windows
02/0922:50 Store Mobilepay problemer Af ErikHg i Fri debat
02/0918:36 Valg af headset til callcenterarbejde Af Henrik Andersen i Andet hardware
White papers
Flere white papers »


Premium
Teaser billede
Teenagehackere lammer berømt britisk bilproducent: Fabrikker lukket og medarbejdere hjemsendt
Læs mere »
De gyldne tider som it-konsulent er forbi: Noget er i gang med at ødelægge den guldrandede forretningsmodel
Særlig aftale udelukker alle andre: Får solo-kontrakt på levering af udstyr til dansk supercomputer for millioner
Her er notatet: Sådan lover Microsoft at håndtere de fem største bekymringer om digital suverænitet
Se alle »
Computerworld
Teaser billede
Apple er vippet af tronen: Er ikke længere klodens førende smartwatch-producent
Læs mere »
Test: Er man fuldstændig sindssyg, hvis man slipper 33.500 kroner for denne musikafspiller?
Windows 11 gemmer på gratis adgang til ChatGPT’s premium-funktioner
Ugen i tech: Tesla klar med ny, stor performance-bil / Det her ligner kablet over dem alle
Se alle »
CIO
Teaser billede
Tryg skiller sig af med 225 it-medarbejdere: Outsourcer stor del af sin it-drift til indere
Læs mere »
Novo Nordisks CIO og digitale topchef, Anders Romare, forlader selskabet
Stor kortlægning: Her er de 100 mest magtfulde it-personer i Danmark - se hele listen her
Søren Luplau-Pagh færdig som topchef i Capgemini - rykker til itm8
Se alle »
Job & Karriere
Teaser billede
Lille dansk it-virksomhed fra Vanløse lander drømmekontrakt, der rækker langt ind i stifterens pension
Læs mere »
Tryg skiller sig af med 225 it-medarbejdere: Outsourcer stor del af sin it-drift til indere
Her er fidusen: Sådan fastholder KMD og Twoday deres it-folk i lang tid
Medarbejderflugt? Disse danske it-selskaber har sværest ved at holde på deres it-folk
Se alle »
White paper
Teaser billede
Sikre og skalerbare datacentre med fokus på drift, energi og fremtid
Læs mere »
Fra drift til strategi: IT-chefens genvej til et stærkere netværk
Sådan får du succes med AI i hele organisationen
IT i front: Sådan bliver netværk en strategisk driver
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »