CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

lerklinten Nybegynder

28. juli 2007 - 10:53 Der er 24 kommentarer og
2 løsninger

Jobliste og registreringbase deaktiveret af admin?

jeg kører XP Pro, og har fået det problem med at jeg ikke kan få adgang til bl.a. jobliste og registreringsbase. Den siger at admin har deaktiveret denne.
Er der nogen der har en løsning på dette.

Hilsen
Ove Søgaard

Synes godt om

fromsej Praktikant

28. juli 2007 - 11:06 #1

Gå i Start -> Kør (eller tast Windowstast + R) og skriv regedit.
Find denne nøgle:
HKEY_Current_User\Software\Microsoft\Windows\Currentversion\Policies\System
Hvis disse to er til stede, så slet dem.

"DisableRegistryTools"=hex(4):31,00,00
"DisableTaskMgr"=hex(4):31,00,00

Så burde jobliste virke igen.

Synes godt om

fromsej Praktikant

28. juli 2007 - 11:15 #2

Følg så vejledningen i denne artikel:
http://www.eksperten.dk/artikler/1123

Synes godt om

lerklinten Nybegynder

28. juli 2007 - 11:22 #3

Fromsej:
Tak for dit svar, men jeg kan ikke få adgang til regedit!
Der kommer en meddelelse op"Administrator har fjernet mulighedn for at redigere i registreringsdatabasen"
Hilsen
Ove

Synes godt om

fromsej Praktikant

28. juli 2007 - 11:46 #4

Sorry, jeg har åbenbart ikke fået kaffe nok.*S*
Følg vejledningen jeg linker til 11:15:01

Synes godt om

halifax Nybegynder

28. juli 2007 - 12:03 #5

Kan du ikke starte regit ved at køre den som administrator??

1. Find filen
2. Højreklik den og vælg Kør som (Run as)
3. I næste dialogboks vælger du at køre den som administrator

Sæt afmærkning i det nederste punkt ud for Følgende bruger, vælg Administrator.

Synes godt om

lerklinten Nybegynder

29. juli 2007 - 08:02 #6

Tak for hjælpen!
Problemet er nu løst!
Men... jeg får også en medelelse at det lokale scripting er deaktiveret.
Kan dette også løses

med venlig hilsen
Ove

Synes godt om

halifax Nybegynder

29. juli 2007 - 12:23 #7

Selv tak! Hvem eller hvad hjalp. Skal du have svar alene fra fromsej eller begge?

Dit sidste spørgsmål er jeg ikke helt sikker på, men et gæt er, om du har Java deaktiveret? I Internet Explorer.

Synes godt om

lerklinten Nybegynder

29. juli 2007 - 12:52 #8

Undskyld!
Jeg er ikke så dreven her!
Jeg brugte programmet Reg Organizer, og gik ind og fjernede alle nøgler med undtagelse af default i HKEY_Current_User\Software\Microsoft\Windows\Currentversion\Policies\System som FromSej anbefalede.
Hvordan giver jeg fromsej point?
Skal jeg oprette en anden tråd for at høre problemet om der er en løsning? Jeg har tjekket i Internet Explore om script er deaktiveret, det var det ikke. Ligedes har jeg geninstalleret MS Script samt Sun Java Script, men ej.

Hilsen
Ove

Synes godt om

fromsej Praktikant

29. juli 2007 - 13:43 #9

Lad os se hvad der rører sig på maskinen, det smager af snavs.
Følg denne vejledning:
http://www.spywarefri.dk/forum/links/hjtanv.htm
Læg de relevante logs herind.

Synes godt om

lerklinten Nybegynder

29. juli 2007 - 14:23 #10

Hej fromsej,
her er logfilen.
m.v.h.
Ove

Logfile of HijackThis v1.99.1
Scan saved at 14:18:53, on 29-07-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\Programmer\Microsoft Office\Office10\MSOFFICE.EXE
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\Programmer\TuneUp Utilities 2007\MemOptimizer.exe
C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmer\Brother\Brmfcmon\BrMfimon.exe
C:\Programmer\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmer\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ny Ove\Lokale indstillinger\Temporary Internet Files\Content.IE5\B2DK1DZU\alternativ[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TWALINK] C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O4 - HKCU\..\Run: [Microsoft Office XP component] C:\Programmer\Microsoft Office\Office10\MSOFFICE.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmer\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - Global Startup: Adobe Acrobat Hurtigstart.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = ?
O4 - Global Startup: Cordless DUALphone opstart.lnk = C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Konverter hyperlinkdestination til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter hyperlinkdestination til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter markering til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter markering til eksisterende PDF-fil - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter valgte hyperlinks til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konverter valgte hyperlinks til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Tilføj til Kaspersky Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.basisbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185606099420
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12D86ADC7} - https://www.nordnet.se/NNDK/da/toolbar/toolbar.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.surf-invest.dk/controls/IlosoftImageUpload.dll
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

Synes godt om

fromsej Praktikant

29. juli 2007 - 18:39 #11

Hent Crapcleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Crapcleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Problemer ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet filer og mapper listet nedenunder, kør SaS.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll

---------------------------------------
Sletning af \mapper\ og filer:
Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
-------------------
Mapper:
C:\Programmer\Yahoo!\
-------------------
Filer:
C:\WINDOWS\SYSTEM32\antiwpa.dll
---------------------------------------
Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.
Vi skal også se en frisk hijackthislog.

Synes godt om

lerklinten Nybegynder

29. juli 2007 - 21:03 #12

Hej fromsej,
Jeg har nu gjort som du anviste og har fået følgende logfil, men lokal script er stadig deaktiveret.
Jeg vil lige kort beskrive af mit hændelsforløb.
Pludselig kunne jeg ikke få adgang til joblisten, prøvede systemgenoprettelse, men det ville den ikke. Installerede windows som nyinstallation som rep.Joblisten kom ikke frem og jeg kunne nu heller ikke opdatere windows mere, selvom jeg har aktiveret denne på på Microsofts hjemmeside, og de har sagt TAK.Jeg kunne se at filen msoobe.exe bliver brugt til at forny licensen, men denne siger at jeg har deaktiveret mit lokale script, og tror derfor at det grunden til jeg ikke kan køre windows update mere.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/29/2007 at 08:40 PM

Application Version : 3.9.1008

Core Rules Database Version : 3275
Trace Rules Database Version: 1286

Scan type : Complete Scan
Total Scan Time : 00:57:39

Memory items scanned : 419
Memory threats detected : 0
Registry items scanned : 8276
Registry threats detected : 1
File items scanned : 30228
File threats detected : 45

Adware.Duden-Suche
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{92F02779-6D88-4958-8AD3-83C12D86ADC7}

Adware.Tracking Cookie
C:\Documents and Settings\Ny Ove\Cookies\ny ove@xiti[1].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@adtech[2].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@realmedia[1].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@adbrite[2].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@3.adbrite[1].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@mediaplex[2].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@ad.yieldmanager[1].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@network.realmedia[2].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@doubleclick[1].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@clickaider[1].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@clicktorrent[1].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@www.realitypornpass[2].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@fastclick[2].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@atdmt[2].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@apmebf[1].txt
C:\Documents and Settings\Ny Ove\Cookies\ny ove@adserver.adreactor[1].txt
C:\Documents and Settings\David\Cookies\david@adfair[2].txt
C:\Documents and Settings\David\Cookies\david@adserver.banneradministration[2].txt
C:\Documents and Settings\David\Cookies\david@adtech[2].txt
C:\Documents and Settings\David\Cookies\david@advertising[2].txt
C:\Documents and Settings\David\Cookies\david@atdmt[1].txt
C:\Documents and Settings\David\Cookies\david@counter.ajohs[1].txt
C:\Documents and Settings\David\Cookies\david@doubleclick[2].txt
C:\Documents and Settings\David\Cookies\david@e2.emediate[2].txt
C:\Documents and Settings\David\Cookies\david@ft.mvtracker[1].txt
C:\Documents and Settings\David\Cookies\david@indextools[1].txt
C:\Documents and Settings\David\Cookies\david@m1.webstats4u[1].txt
C:\Documents and Settings\David\Cookies\david@mediaplex[1].txt
C:\Documents and Settings\David\Cookies\david@tdstats[1].txt
C:\Documents and Settings\David\Cookies\david@track.adform[1].txt
C:\Documents and Settings\David\Cookies\david@tradedoubler[1].txt
C:\Documents and Settings\David\Cookies\david@valueclick[1].txt
C:\Documents and Settings\Marc\Cookies\marc@2o7[2].txt
C:\Documents and Settings\Marc\Cookies\marc@ad1.emediate[1].txt
C:\Documents and Settings\Marc\Cookies\marc@adserver.banneradministration[1].txt
C:\Documents and Settings\Marc\Cookies\marc@adtech[2].txt
C:\Documents and Settings\Marc\Cookies\marc@advertising[1].txt
C:\Documents and Settings\Marc\Cookies\marc@doubleclick[1].txt
C:\Documents and Settings\Marc\Cookies\marc@e2.emediate[2].txt
C:\Documents and Settings\Marc\Cookies\marc@indextools[2].txt
C:\Documents and Settings\Marc\Cookies\marc@komtrack[2].txt
C:\Documents and Settings\Marc\Cookies\marc@track.adform[1].txt
C:\Documents and Settings\Marc\Cookies\marc@tracking.notabenestats[2].txt
C:\Documents and Settings\Susanne\Cookies\susanne@msnportal.112.2o7[1].txt

Trojan.Downloader-Explore/Fake
C:\WINDOWS\SYSTEM32\EXPLORE.EXE

Logfile of HijackThis v1.99.1
Scan saved at 20:47:10, on 29-07-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\Programmer\Microsoft Office\Office10\MSOFFICE.EXE
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\Programmer\TuneUp Utilities 2007\MemOptimizer.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programmer\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ny Ove\Skrivebord\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TWALINK] C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O4 - HKCU\..\Run: [Microsoft Office XP component] C:\Programmer\Microsoft Office\Office10\MSOFFICE.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmer\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Hurtigstart.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = ?
O4 - Global Startup: Cordless DUALphone opstart.lnk = C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Konverter hyperlinkdestination til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter hyperlinkdestination til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter markering til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter markering til eksisterende PDF-fil - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter valgte hyperlinks til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konverter valgte hyperlinks til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Tilføj til Kaspersky Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.basisbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185606099420
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.surf-invest.dk/controls/IlosoftImageUpload.dll
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

Synes godt om

fromsej Praktikant

29. juli 2007 - 21:48 #13

Loggen er ren, men for en sikkerheds skyld:
Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-- Kør så combofix.exe, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind, sammen med en frisk Hijackthislog.

Jeg spekulerer over det med Active scripting i mellemtiden.*S*

Synes godt om

lerklinten Nybegynder

30. juli 2007 - 18:12 #14

Hej fromsej,
Her logfilerne efter jeg har kørt comfix og hijacthis.
Jeg får stadig fejl med det lokale scripting, hvis mauelt går ind og vil aktivere windows, og min windows update virker stadig ikke.

Logfile of HijackThis v1.99.1
Scan saved at 18:07, on 2007-07-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\Programmer\Microsoft Office\Office10\MSOFFICE.EXE
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\Programmer\TuneUp Utilities 2007\MemOptimizer.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmer\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ComboFix\catchme.cfexe
C:\WINDOWS\explorer.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ny Ove\Skrivebord\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TWALINK] C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O4 - HKCU\..\Run: [Microsoft Office XP component] C:\Programmer\Microsoft Office\Office10\MSOFFICE.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmer\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Hurtigstart.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = ?
O4 - Global Startup: Cordless DUALphone opstart.lnk = C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Konverter hyperlinkdestination til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter hyperlinkdestination til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter markering til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter markering til eksisterende PDF-fil - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter valgte hyperlinks til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konverter valgte hyperlinks til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.basisbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185606099420
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.surf-invest.dk/controls/IlosoftImageUpload.dll
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

Synes godt om

halifax Nybegynder

31. juli 2007 - 02:51 #15

Hmmm, der er noget til fromsej at kikke på. :-)
------

Prøv at kør et tjek på systemfilerne. I med XP Pro skiven, klik Start - Kør og udfør en sfc /scannow

Synes godt om

fromsej Praktikant

31. juli 2007 - 18:57 #16

Du har glemt Combofix loggen.

Prøv også Halifax´ forslag.

Synes godt om

lerklinten Nybegynder

31. juli 2007 - 19:29 #17

Hej undskyld,
Jeg har også prøvet at køre sfc/scannow, men windows updatere stadig ikke og jeg får fejlen "lokalscriptning deaktiveret".
Her Combofilen:
ComboFix 07-07-30.2 - "Ny Ove" 2007-07-30 17:57:17.1 [GMT 2:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.Sand

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))

2007-07-30 17:50 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-29 22:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-29 19:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SUPERAntiSpyware.com
2007-07-29 19:16 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-07-29 19:16 <DIR> d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-29 09:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
2007-07-29 09:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Office Genuine Advantage
2007-07-29 07:38 <DIR> d-------- C:\DOCUME~1\NYOVE~1\DoctorWeb
2007-07-28 20:13 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-28 19:34 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-07-28 19:34 27,648 --a------ C:\WINDOWS\system32\irmon.dll
2007-07-28 19:34 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2007-07-28 19:21 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-07-28 19:21 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-07-28 10:17 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-07-28 10:17 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-07-28 10:17 396,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-07-28 10:17 15,529,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-27 15:04 921,872 --a------ C:\WINDOWS\system\MFC40.DLL
2007-07-27 15:04 326,656 --a------ C:\WINDOWS\system\Msvcrt40.dll
2007-07-27 15:04 <DIR> d-------- C:\Programmer\BMW
2007-07-27 15:03 283,648 --a------ C:\WINDOWS\uninst.exe
2007-07-27 15:03 <DIR> d-------- C:\DOCUME~1\NYOVE~1\WINDOWS
2007-07-22 09:23 <DIR> d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Opera
2007-07-20 14:24 <DIR> d-------- C:\Programmer\gs
2007-07-14 08:56 <DIR> d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\ScanSoft
2007-07-11 19:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\espionServerData
2007-07-04 22:15 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-06-29 21:25 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-06-29 19:42 6,017 --a------ C:\WINDOWS\assys.dll
2007-06-29 19:42 40,177 --a------ C:\WINDOWS\ffnsys.dll
2007-06-29 19:42 38,982 --a------ C:\WINDOWS\rsczsys.dll
2007-06-29 19:42 30,559 --a------ C:\WINDOWS\mfnsys.dll
2007-06-29 19:42 227,851 --a------ C:\WINDOWS\uawin.dll
2007-06-29 19:42 13,277 --a------ C:\WINDOWS\snsys.dll
2007-06-29 19:42 12,558 --a------ C:\WINDOWS\gstcore.dll
2007-06-29 19:41 77 --a------ C:\WINDOWS\bhwin.sys
2007-06-29 19:41 2,536,835 -rah----- C:\WINDOWS\ConfigMSSetup.exe
2007-06-29 17:55 <DIR> d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\WinRAR
2007-06-28 12:51 206,088 --a------ C:\WINDOWS\system32\klogon(2).dll
2007-06-25 20:55 <DIR> d-------- C:\DOCUME~1\Susanne\APPLIC~1\Help
2007-06-24 14:09 2,670,592 --a------ C:\WINDOWS\UNNMP.exe
2007-06-24 14:07 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-06-24 14:07 <DIR> d-------- C:\Programmer\F‘lles filer\Nero
2007-06-24 14:05 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-06-24 14:05 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-06-24 14:05 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-06-24 14:05 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-06-24 14:05 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-06-24 14:05 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-06-24 14:05 2,916,352 --a------ C:\WINDOWS\UNNeroVision.exe
2007-06-24 14:05 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-06-24 14:05 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-06-24 14:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ahead
2007-06-22 21:43 <DIR> d-------- C:\Programmer\Apple Software Update
2007-06-20 19:43 <DIR> d-------- C:\Programmer\SmartFTP Client
2007-06-20 19:41 <DIR> d-------- C:\Programmer\SmartFTP Client 2.0
2007-06-20 17:46 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-06-20 17:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime
2007-06-20 17:40 <DIR> d-------- C:\Programmer\QuickTime
2007-06-19 20:38 <DIR> d-------- C:\Programmer\Autodesk
2007-06-19 20:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-17 10:54 20,640 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-17 10:54 109,568 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-06-17 10:54 108,544 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-06-17 09:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\CyberLink
2007-06-16 15:55 101,440 --a------ C:\DOCUME~1\NYOVE~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-16 14:58 <DIR> d-------- C:\Programmer\PCSPD
2007-06-16 14:54 <DIR> d-------- C:\Programmer\F‘lles filer\Open Design Alliance
2007-06-16 14:53 <DIR> d-------- C:\Programmer\PCSEL40
2007-06-16 14:53 <DIR> d-------- C:\Programmer\F‘lles filer\PCschematic
2007-06-14 21:37 <DIR> d-------- C:\Programmer\PCSVIEW
2007-06-07 19:37 <DIR> d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Cryptomathic
2007-06-07 12:18 103,936 --------- C:\DOCUME~1\Marc\APPLIC~1\sexplore.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 17:52 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Skype
2007-07-30 17:44 39548 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-07-30 17:44 213524 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-07-30 06:25 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\uTorrent
2007-07-29 23:23 --------- d--h----- C:\Programmer\WindowsUpdate
2007-07-28 20:01 88458 --a------ C:\WINDOWS\system32\perfc006.dat
2007-07-28 20:01 451638 --a------ C:\WINDOWS\system32\perfh006.dat
2007-07-28 19:39 23388 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-28 07:17 --------- d-------- C:\Programmer\TuneUp Utilities 2007
2007-07-24 18:58 --------- d-------- C:\Programmer\Kaspersky Lab
2007-07-22 09:01 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\XnView
2007-07-17 23:19 --------- d-------- C:\Programmer\XnView
2007-07-13 22:50 0 --a------ C:\WINDOWS\brdfxspd.dat
2007-07-13 20:17 50 --a------ C:\WINDOWS\system32\BRIDF04A.dat
2007-07-13 19:59 --------- d-------- C:\Programmer\Brother
2007-07-02 18:41 10872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-26 21:06 --------- d-------- C:\Programmer\WinTrade
2007-06-25 21:00 11550 --a------ C:\WINDOWS\windowssys
2007-06-24 19:18 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Genie-Soft
2007-06-24 14:09 --------- d-------- C:\Programmer\Ahead
2007-06-21 18:13 --------- d-------- C:\Programmer\uTorrent
2007-06-20 19:11 --------- d-------- C:\Programmer\Namo
2007-06-20 19:07 --------- d-------- C:\Programmer\Microsoft ActiveSync
2007-06-18 20:43 --------- d--h----- C:\Programmer\InstallShield Installation Information
2007-06-17 16:18 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Vso
--------- C:\Programmer\Fælles filer\Wise Installation Wizard
--------- C:\Programmer\Fælles filer\System
--------- C:\Programmer\Fælles filer\PCschematic
--------- C:\Programmer\Fælles filer\Open Design Alliance
--------- C:\Programmer\Fælles filer\Nero
--------- C:\Programmer\Fælles filer\Autodesk Shared
--------- C:\Programmer\Fælles filer\Ahead
--------- C:\Programmer\Fælles filer

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

Synes godt om

fromsej Praktikant

01. august 2007 - 19:18 #18

Det var vist godt vi fik den Combofix log også, der ligger nogle grimme ting.
Afinstaller utorrent og drop fildeling, fildeling er den suverænt største kilde til spredning af snavset.

Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

File::
C:\WINDOWS\assys.dll
C:\WINDOWS\ffnsys.dll
C:\WINDOWS\rsczsys.dll
C:\WINDOWS\mfnsys.dll
C:\WINDOWS\uawin.dll
C:\WINDOWS\snsys.dll
C:\WINDOWS\gstcore.dll
C:\WINDOWS\bhwin.sys
C:\WINDOWS\ConfigMSSetup.exe
C:\WINDOWS\windowssys
C:\WINDOWS\windowssys

Folder::
C:\Program Files\HTTP BruteForcer
C:\Programmer\HTTP BruteForcer

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Der skulle gerne komme en frisk Combofixlog, kopier den herind.

Synes godt om

lerklinten Nybegynder

02. august 2007 - 18:34 #19

Done:
Her den nye logfile:

ComboFix 07-07-30.2 - "Ny Ove" 2007-08-02 18:21:29.3 [GMT 2:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.Sand
Command switches used :: C:\Documents and Settings\Ny Ove\Skrivebord\CFScript.txt
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\assys.dll
C:\WINDOWS\bhwin.sys
C:\WINDOWS\ConfigMSSetup.exe
C:\WINDOWS\ffnsys.dll
C:\WINDOWS\gstcore.dll
C:\WINDOWS\mfnsys.dll
C:\WINDOWS\rsczsys.dll
C:\WINDOWS\snsys.dll
C:\WINDOWS\uawin.dll
C:\WINDOWS\windowssys

((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))

2007-08-01 20:15 338,304 --a------ C:\WINDOWS\system32\_AxShlEx.dll
2007-08-01 19:25 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_5530.exe
2007-08-01 19:25 <DIR> d-------- C:\Programmer\Alcohol Soft
2007-08-01 19:21 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-01 18:56 <DIR> d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\gtk-2.0
2007-07-31 21:21 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-07-31 21:21 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-07-31 21:21 17,622,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-31 21:20 73,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-07-31 21:20 <DIR> d-------- C:\Programmer\Kaspersky Lab
2007-07-31 17:14 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-07-31 17:14 27,648 --a------ C:\WINDOWS\system32\irmon.dll
2007-07-31 17:14 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2007-07-31 06:25 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-30 23:52 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-07-30 23:52 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-07-30 23:40 995,328 --a------ C:\WINDOWS\system32\msgina.dll
2007-07-30 23:40 993,792 --a------ C:\WINDOWS\system32\setupapi.dll
2007-07-30 23:40 990,208 --a------ C:\WINDOWS\system32\syssetup.dll
2007-07-30 23:40 99,328 --a------ C:\WINDOWS\system32\winscard.dll
2007-07-30 23:40 98,304 --a------ C:\WINDOWS\system32\slbiop.dll
2007-07-30 23:40 98,304 --a------ C:\WINDOWS\system32\rtm.dll
2007-07-30 23:40 98,304 --a------ C:\WINDOWS\system32\odbcint.dll
2007-07-30 23:40 98,304 --a------ C:\WINDOWS\system32\loadperf.dll
2007-07-30 23:40 97,280 --a------ C:\WINDOWS\system32\scardsvr.exe
2007-07-30 23:40 97,280 --a------ C:\WINDOWS\system32\psbase.dll
2007-07-30 23:40 96,768 --a------ C:\WINDOWS\system32\srvsvc.dll
2007-07-30 23:40 96,768 --a------ C:\WINDOWS\system32\logagent.exe
2007-07-30 23:40 95,744 --a------ C:\WINDOWS\system32\mqsec.dll
2007-07-30 23:40 940,544 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-07-30 23:40 94,800 --a------ C:\WINDOWS\twain.dll
2007-07-30 23:40 94,282 --a------ C:\WINDOWS\system32\msencode.dll
2007-07-30 23:40 937,984 --a------ C:\WINDOWS\system32\winbrand.dll
2007-07-30 23:40 93,184 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-07-30 23:40 924,432 --a------ C:\WINDOWS\system32\mfc40u.dll
2007-07-30 23:40 924,432 --a------ C:\WINDOWS\system32\mfc40.dll
2007-07-30 23:40 92,168 --a------ C:\WINDOWS\system32\rdpdd.dll
2007-07-30 23:40 92,128 --a------ C:\WINDOWS\system32\krnl386.exe
2007-07-30 23:40 92,032 --a------ C:\WINDOWS\system32\drivers\ksecdd.sys
2007-07-30 23:40 91,776 --a------ C:\WINDOWS\system32\drivers\ndiswan.sys
2007-07-30 23:40 91,648 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-07-30 23:40 91,136 --a------ C:\WINDOWS\system32\ntprint.dll
2007-07-30 23:40 91,136 --a------ C:\WINDOWS\system32\mydocs.dll
2007-07-30 23:40 90,624 --a------ C:\WINDOWS\system32\trkwks.dll
2007-07-30 23:40 90,624 --a------ C:\WINDOWS\system32\smlogsvc.exe
2007-07-30 23:40 90,112 --a------ C:\WINDOWS\system32\rsvpsp.dll
2007-07-30 23:40 90,112 --a------ C:\WINDOWS\system32\mycomput.dll
2007-07-30 23:40 9,936 --a------ C:\WINDOWS\system32\lzexpand.dll
2007-07-30 23:40 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-07-30 23:40 9,728 --a------ C:\WINDOWS\system32\sprestrt.exe
2007-07-30 23:40 9,728 --a------ C:\WINDOWS\system32\sfc.exe
2007-07-30 23:40 9,728 --a------ C:\WINDOWS\system32\rsvpperf.dll
2007-07-30 23:40 9,728 --a------ C:\WINDOWS\system32\label.exe
2007-07-30 23:40 9,600 --a------ C:\WINDOWS\system32\drivers\ndistapi.sys
2007-07-30 23:40 9,344 --a------ C:\WINDOWS\system32\vga.dll
2007-07-30 23:40 9,216 --a------ C:\WINDOWS\system32\wshatm.dll
2007-07-30 23:40 9,216 --a------ C:\WINDOWS\system32\winfax.dll
2007-07-30 23:40 9,216 --a------ C:\WINDOWS\system32\wifeman.dll
2007-07-30 23:40 9,216 --a------ C:\WINDOWS\system32\subst.exe
2007-07-30 23:40 9,216 --a------ C:\WINDOWS\system32\scrnsave.scr
2007-07-30 23:40 9,216 --a------ C:\WINDOWS\system32\print.exe
2007-07-30 23:40 9,216 --a------ C:\WINDOWS\system32\lprmonui.dll
2007-07-30 23:40 9,216 --a------ C:\WINDOWS\system32\iissuba.dll
2007-07-30 23:40 9,072 --a------ C:\WINDOWS\system32\ver.dll
2007-07-30 23:40 9,072 --a------ C:\WINDOWS\system\VER.DLL
2007-07-30 23:40 895,736 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-07-30 23:40 89,600 --a------ C:\WINDOWS\system32\langwrbk.dll
2007-07-30 23:40 89,088 --a------ C:\WINDOWS\system32\rasauto.dll
2007-07-30 23:40 89,088 --a------ C:\WINDOWS\system32\mqlogmgr.dll
2007-07-30 23:40 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2007-07-30 23:40 882 --a------ C:\WINDOWS\system32\share.exe
2007-07-30 23:40 88,448 --a------ C:\WINDOWS\system32\drivers\nwlnkipx.sys
2007-07-30 23:40 88,064 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2007-07-30 23:40 88,064 --a------ C:\WINDOWS\system32\ipxmontr.dll
2007-07-30 23:40 877,568 --a------ C:\WINDOWS\system32\netplwiz.dll
2007-07-30 23:40 87,040 --a------ C:\WINDOWS\system32\netsh.exe
2007-07-30 23:40 87,040 --a------ C:\WINDOWS\system32\mprapi.dll
2007-07-30 23:40 87,040 --a------ C:\WINDOWS\system32\drmstor.dll
2007-07-30 23:40 86,016 --a------ C:\WINDOWS\system32\wmpshell.dll
2007-07-30 23:40 86,016 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2007-07-30 23:40 86,016 --a------ C:\WINDOWS\system32\msapsspc.dll
2007-07-30 23:40 859,136 --a------ C:\WINDOWS\system32\tapi3.dll
2007-07-30 23:40 85,504 --a------ C:\WINDOWS\system32\makecab.exe
2007-07-30 23:40 84,992 --a------ C:\WINDOWS\system32\mciavi32.dll
2007-07-30 23:40 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2007-07-30 23:40 83,456 --a------ C:\WINDOWS\system32\olepro32.dll
2007-07-30 23:40 82,944 --a------ C:\WINDOWS\system32\ws2_32.dll
2007-07-30 23:40 82,944 --a------ C:\WINDOWS\system32\olecli.dll
2007-07-30 23:40 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-07-30 23:40 82,432 --a------ C:\WINDOWS\system32\ufat.dll
2007-07-30 23:40 817 --a------ C:\WINDOWS\system32\mscdexnt.exe
2007-07-30 23:40 815,104 --a------ C:\WINDOWS\system32\mmc.exe
2007-07-30 23:40 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2007-07-30 23:40 81,408 --a------ C:\WINDOWS\system32\wscsvc.dll
2007-07-30 23:40 80,896 --a------ C:\WINDOWS\system32\netui0.dll
2007-07-30 23:40 80,384 --a------ C:\WINDOWS\system32\tapiui.dll
2007-07-30 23:40 8,832 --a------ C:\WINDOWS\system32\drivers\rasacd.sys
2007-07-30 23:40 8,704 --a------ C:\WINDOWS\system32\lpr.exe
2007-07-30 23:40 8,192 --a------ C:\WINDOWS\system32\winhlp32.exe
2007-07-30 23:40 8,192 --a------ C:\WINDOWS\system32\smbinst.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-02 18:23 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Skype
2007-08-01 21:55 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Vso
2007-08-01 20:04 --------- d-------- C:\Programmer\PCSVIEW
2007-08-01 20:03 --------- d-------- C:\Programmer\PCSPD
2007-08-01 19:28 88458 --a------ C:\WINDOWS\system32\perfc006.dat
2007-08-01 19:28 451638 --a------ C:\WINDOWS\system32\perfh006.dat
2007-08-01 19:23 5420 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-01 19:23 186068 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-07-31 20:52 --------- d-------- C:\Programmer\SmartFTP Client
2007-07-31 06:05 --------- d--h----- C:\Programmer\WindowsUpdate
2007-07-31 06:03 23388 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-28 07:17 --------- d-------- C:\Programmer\TuneUp Utilities 2007
2007-07-22 09:01 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\XnView
2007-07-20 17:18 --------- d-------- C:\Programmer\PCSEL40
2007-07-17 23:19 --------- d-------- C:\Programmer\XnView
2007-07-13 22:50 0 --a------ C:\WINDOWS\brdfxspd.dat
2007-07-13 20:17 50 --a------ C:\WINDOWS\system32\BRIDF04A.dat
2007-07-13 19:59 --------- d-------- C:\Programmer\Brother
2007-07-02 18:41 10872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-29 17:55 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\WinRAR
2007-06-28 12:51 206088 --a------ C:\WINDOWS\system32\klogon(2).dll
2007-06-26 21:06 --------- d-------- C:\Programmer\WinTrade
2007-06-24 19:18 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Genie-Soft
2007-06-20 19:41 --------- d-------- C:\Programmer\SmartFTP Client 2.0
2007-06-20 19:11 --------- d-------- C:\Programmer\Namo
2007-06-20 19:07 --------- d-------- C:\Programmer\Microsoft ActiveSync
2007-06-18 20:43 --------- d--h----- C:\Programmer\InstallShield Installation Information
2007-06-17 10:53 20640 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-17 10:53 109568 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-06-17 10:53 108544 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-06-16 15:55 101440 --a------ C:\DOCUME~1\NYOVE~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-07 19:37 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Cryptomathic
--------- C:\Programmer\Fælles filer\Wise Installation Wizard
--------- C:\Programmer\Fælles filer\System
--------- C:\Programmer\Fælles filer\PCschematic
--------- C:\Programmer\Fælles filer\Open Design Alliance
--------- C:\Programmer\Fælles filer\Nero
--------- C:\Programmer\Fælles filer\Autodesk Shared
--------- C:\Programmer\Fælles filer\Ahead
--------- C:\Programmer\Fælles filer

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ControlCenter2.0"="C:\Programmer\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 10:34]
"Cmaudio"="cmicnfg.cpl" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-26 18:01 C:\WINDOWS\system32\bthprops.cpl]
"AVP"="C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-03-09 20:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-06-08 15:18]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24]
"TWALINK"="C:\Programmer\TEXTware\HotKey\TWALINK.EXE" [1998-11-10 16:47]
"Microsoft Office XP component"="C:\Programmer\Microsoft Office\Office10\MSOFFICE.EXE" [2001-02-13 10:58]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 19:39]
"TuneUp MemOptimizer"="C:\Programmer\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 05:08]
"AlcoholAutomount"="C:\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 21:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
"Windows System Service"=WinInfo.exe

C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\
Adobe Acrobat Hurtigstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-000000000002}\SC_Acrobat.exe [2006-01-14 11:01:51]
AutoCAD Startup Accelerator.lnk - C:\Programmer\F‘lles filer\Autodesk Shared\acstart16.exe [2004-02-25 02:35:22]
Cordless DUALphone opstart.lnk - C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe [2006-06-09 14:45:37]
Status Monitor.lnk - C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe [2006-12-14 14:00:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R2 Haspnt;Haspnt;\??\C:\WINDOWS\system32\drivers\Haspnt.sys
R2 Sentinel;Sentinel;C:\WINDOWS\system32\Drivers\SENTINEL.SYS
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
R3 BthEnum;Driver til Bluetooth-anmodningsblok;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
R3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys
R3 BTHUSB;USB-driver til Bluetooth-radio;C:\WINDOWS\system32\Drivers\BTHUSB.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
R3 ElbyCDFL;ElbyCDFL;C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
R3 INFUSB;INFUSB;C:\WINDOWS\system32\drivers\infusb.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 Pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\Pcouffin.sys
R3 RFCOMM;Bluetooth-enhed (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
R3 StillCam;Driver til serielt digitalt kamera (stillbilleder);C:\WINDOWS\system32\DRIVERS\serscan.sys
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 BTHPORT;Bluetooth-portdriver;C:\WINDOWS\system32\Drivers\BTHport.sys
S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - CATCHME
*Newly Created Service* - SPTD
*Newly Created Service* - STARWINDSERVICEAE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{142CBDB1-1A13-F218-0004-000200060107}]
C:\WINDOWS\system32\explore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{162ACFDB-58AE-80F1-0708-000707050608}]
C:\WINDOWS\windowssys.exe

Contents of the 'Scheduled Tasks' folder
2007-07-27 15:15:01 C:\WINDOWS\Tasks\1-Klick-Wartung.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 18:23:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-02 18:25:01
C:\ComboFix-quarantined-files.txt ... 2007-08-02 18:24
C:\ComboFix2.txt ... 2007-08-02 18:09

--- E O F ---

Synes godt om

fromsej Praktikant

03. august 2007 - 17:07 #20

Ny CFScript.txt.
~~~~~~~~~~~~~~~~~~~~~~~~~~

File::
C:\WINDOWS\system32\_AxShlEx.dll
C:\WINDOWS\system32\explore.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{142CBDB1-1A13-F218-0004-000200060107}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{162ACFDB-58AE-80F1-0708-000707050608}]

~~~~~~~~~~~~~~~~~~~~~~~~~~

Kom med en frisk Combofix log, og en frisk Hijackthislog.

Synes godt om

lerklinten Nybegynder

04. august 2007 - 15:23 #21

Done
Ove

ComboFix 07-07-30.2 - "Ny Ove" 2007-08-04 10:23:56.5 [GMT 2:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.Sand
Command switches used :: C:\Documents and Settings\Ny Ove\Skrivebord\CFScript.txt
* Created a new restore point

((((((((((((((((((((((((( Files Created from 2007-07-04 to 2007-08-04 )))))))))))))))))))))))))))))))

2007-08-04 10:15 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-04 10:13 <DIR> d-------- C:\Programmer\Maxtor
2007-08-04 09:35 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-04 09:17 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-08-04 09:17 27,648 --a------ C:\WINDOWS\system32\irmon.dll
2007-08-04 09:17 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2007-08-04 08:59 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-08-04 08:59 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-08-03 21:24 <DIR> d-------- C:\Programmer\SiSLan
2007-08-02 20:11 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-08-02 19:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-01 20:15 338,304 --a------ C:\WINDOWS\system32\_AxShlEx.dll
2007-08-01 19:21 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-01 18:56 <DIR> d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\gtk-2.0
2007-07-31 21:21 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-07-31 21:21 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-07-31 21:21 18,570,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-31 21:20 168,224 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-07-31 21:20 <DIR> d-------- C:\Programmer\Kaspersky Lab
2007-07-30 21:20 <DIR> d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\UseNeXT
2007-07-29 22:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-29 19:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SUPERAntiSpyware.com
2007-07-29 19:16 <DIR> d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-29 09:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
2007-07-29 09:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Office Genuine Advantage
2007-07-29 07:38 <DIR> d-------- C:\DOCUME~1\NYOVE~1\DoctorWeb
2007-07-28 09:43 5,376 --a------ C:\WINDOWS\system32\antiwpa.dll
2007-07-27 15:04 921,872 --a------ C:\WINDOWS\system\MFC40.DLL
2007-07-27 15:04 326,656 --a------ C:\WINDOWS\system\Msvcrt40.dll
2007-07-27 15:03 283,648 --a------ C:\WINDOWS\uninst.exe
2007-07-27 15:03 <DIR> d-------- C:\DOCUME~1\NYOVE~1\WINDOWS
2007-07-22 09:23 <DIR> d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Opera
2007-07-20 14:24 <DIR> d-------- C:\Programmer\gs
2007-07-14 08:56 <DIR> d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\ScanSoft
2007-07-11 19:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\espionServerData
2007-07-04 22:15 <DIR> d-------- C:\WINDOWS\system32\QuickTime

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-04 10:20 95080 --a------ C:\WINDOWS\system32\perfc006.dat
2007-08-04 10:20 472146 --a------ C:\WINDOWS\system32\perfh006.dat
2007-08-04 10:17 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Skype
2007-08-04 10:14 256592 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-04 10:14 20804 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-04 10:13 --------- d--h----- C:\Programmer\InstallShield Installation Information
2007-08-04 09:29 23372 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-08-03 20:04 --------- d-------- C:\Programmer\Windows NT
2007-08-01 21:55 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Vso
2007-08-01 20:04 --------- d-------- C:\Programmer\PCSVIEW
2007-08-01 20:03 --------- d-------- C:\Programmer\PCSPD
2007-07-31 20:52 --------- d-------- C:\Programmer\SmartFTP Client
2007-07-31 06:05 --------- d--h----- C:\Programmer\WindowsUpdate
2007-07-28 07:17 --------- d-------- C:\Programmer\TuneUp Utilities 2007
2007-07-22 09:01 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\XnView
2007-07-20 17:18 --------- d-------- C:\Programmer\PCSEL40
2007-07-17 23:19 --------- d-------- C:\Programmer\XnView
2007-07-13 22:50 0 --a------ C:\WINDOWS\brdfxspd.dat
2007-07-13 20:17 50 --a------ C:\WINDOWS\system32\BRIDF04A.dat
2007-07-13 19:59 --------- d-------- C:\Programmer\Brother
2007-07-02 18:41 10872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-29 17:55 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\WinRAR
2007-06-28 12:51 206088 --a------ C:\WINDOWS\system32\klogon(2).dll
2007-06-26 21:06 --------- d-------- C:\Programmer\WinTrade
2007-06-24 19:18 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Genie-Soft
2007-06-20 19:41 --------- d-------- C:\Programmer\SmartFTP Client 2.0
2007-06-20 19:11 --------- d-------- C:\Programmer\Namo
2007-06-20 19:07 --------- d-------- C:\Programmer\Microsoft ActiveSync
2007-06-17 10:53 20640 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-17 10:53 109568 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-06-17 10:53 108544 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-06-16 15:55 101440 --a------ C:\DOCUME~1\NYOVE~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-07 19:37 --------- d-------- C:\DOCUME~1\NYOVE~1\APPLIC~1\Cryptomathic
--------- C:\Programmer\Fælles filer\Wise Installation Wizard
--------- C:\Programmer\Fælles filer\System
--------- C:\Programmer\Fælles filer\PCschematic
--------- C:\Programmer\Fælles filer\Open Design Alliance
--------- C:\Programmer\Fælles filer\Nero
--------- C:\Programmer\Fælles filer\Autodesk Shared
--------- C:\Programmer\Fælles filer\Ahead
--------- C:\Programmer\Fælles filer

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ControlCenter2.0"="C:\Programmer\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 10:34]
"Cmaudio"="cmicnfg.cpl" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-26 17:53 C:\WINDOWS\system32\bthprops.cpl]
"AVP"="C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-03-09 20:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-06-08 15:18]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24]
"TWALINK"="C:\Programmer\TEXTware\HotKey\TWALINK.EXE" [1998-11-10 16:47]
"Microsoft Office XP component"="C:\Programmer\Microsoft Office\Office10\MSOFFICE.EXE" [2001-02-13 10:58]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 19:39]
"TuneUp MemOptimizer"="C:\Programmer\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 05:08]
"AlcoholAutomount"="C:\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
"Windows System Service"=WinInfo.exe

C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\
Adobe Acrobat Hurtigstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-000000000002}\SC_Acrobat.exe [2006-01-14 11:01:51]
AutoCAD Startup Accelerator.lnk - C:\Programmer\F‘lles filer\Autodesk Shared\acstart16.exe [2004-02-25 02:35:22]
Cordless DUALphone opstart.lnk - C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe [2006-06-09 14:45:37]
Status Monitor.lnk - C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe [2006-12-14 14:00:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R2 Haspnt;Haspnt;\??\C:\WINDOWS\system32\drivers\Haspnt.sys
R2 Sentinel;Sentinel;C:\WINDOWS\system32\Drivers\SENTINEL.SYS
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
R3 BthEnum;Driver til Bluetooth-anmodningsblok;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
R3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys
R3 BTHUSB;USB-driver til Bluetooth-radio;C:\WINDOWS\system32\Drivers\BTHUSB.sys
R3 ElbyCDFL;ElbyCDFL;C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
R3 INFUSB;INFUSB;C:\WINDOWS\system32\drivers\infusb.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 Pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\Pcouffin.sys
R3 RFCOMM;Bluetooth-enhed (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
R3 StillCam;Driver til serielt digitalt kamera (stillbilleder);C:\WINDOWS\system32\DRIVERS\serscan.sys
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 BTHPORT;Bluetooth-portdriver;C:\WINDOWS\system32\Drivers\BTHport.sys
S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys
S3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

Contents of the 'Scheduled Tasks' folder
2007-07-27 15:15:01 C:\WINDOWS\Tasks\1-Klick-Wartung.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-04 10:28:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-04 10:31:26
C:\ComboFix-quarantined-files.txt ... 2007-08-04 10:30
C:\ComboFix2.txt ... 2007-08-03 14:33
C:\ComboFix3.txt ... 2007-08-02 18:25

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 15:22:06, on 4-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\Programmer\Microsoft Office\Office10\MSOFFICE.EXE
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\Programmer\TuneUp Utilities 2007\MemOptimizer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmer\Skype\Plugin Manager\SkypePM.exe
C:\Programmer\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ny Ove\Lokale indstillinger\Temporary Internet Files\Content.IE5\FCU1BFZ9\alternativ[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TWALINK] C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O4 - HKCU\..\Run: [Microsoft Office XP component] C:\Programmer\Microsoft Office\Office10\MSOFFICE.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmer\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - Global Startup: Adobe Acrobat Hurtigstart.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = ?
O4 - Global Startup: Cordless DUALphone opstart.lnk = C:\Programmer\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Konverter hyperlinkdestination til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter hyperlinkdestination til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter markering til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter markering til eksisterende PDF-fil - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter valgte hyperlinks til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konverter valgte hyperlinks til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Tilføj til Kaspersky Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.basisbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185606099420
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186074899265
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.surf-invest.dk/controls/IlosoftImageUpload.dll
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

Synes godt om

fromsej Praktikant

04. august 2007 - 19:08 #22

Så skulle der ikke være mere at komme efter.
Er de oprindelige problemer løst?

Synes godt om

lerklinten Nybegynder

08. august 2007 - 19:25 #23

Unskyld det varede så længe inden jeg svarede.
Jeg kan stadig ikke få windows til at opdatere, men takker mange gange det store arbejde du har lagt i at hjælpe mig. Jeg giver dig fromsej point selvom det ikke har løst problemet.

Hilsen
Ove

Synes godt om

fromsej Praktikant

08. august 2007 - 21:06 #24

Lad os se om vi kan få Update på plads også.
Windows Update skal fixes, det gør du med dette fix -> http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip

1. Dobbeltklik det blå tandhjul.

2. Klik på knappen "Flush Softwaredistribution"

3. Sæt flueben i "Fix Windows update"

4. Klik på knappen GO i nederste venstre hjørne.

5. Lad den køre færdig.

6. Genstart maskinen.

7. Nu burde du kunne installere de opdateringer.

Synes godt om

lerklinten Nybegynder

10. august 2007 - 19:49 #25

Du skal have mange tak fromsej. Nu virker windows update også

Hilsen
Ove

Synes godt om

fromsej Praktikant

10. august 2007 - 21:16 #26

Velbekomme og tak for point. :-)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Andre styresystemer kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Hvilket styresystem på en gammel Pc ??? Af Jan Post i Andre styresystemer	17	18/05/202411:43	21/05/202414:11
Ps4 - Fortnite fejl Af Larsen123 i Andre styresystemer	2	08/01/202400:08	10/01/202409:22
onnote på chromebook ? Af rapsine i Andre styresystemer	3	06/12/202323:26	07/12/202310:49
2 forskellige styresystemer Af susej14 i Andre styresystemer	3	08/11/202316:14	08/11/202323:41
Google højtalere og chromecast. Af Hjalte i Andre styresystemer	0	27/09/202318:40	-

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS