Min computer er forfærdeligt langsom!

prøv www.arlet.dk der er der et link til hvad man kan gøre ved en langsom computer, har selv brugt siden flittigt...

Vi kan skam også herinde Clein1. ;-)

Der ligger i hvert fald Sasser på maskinen, men da HJT ikke finder alt mere, er vi nødt til at se nogle flere logfiler, følg vejledningen i denne artikel:
http://www.eksperten.dk/artikler/1123

Nu er der jo heller ikke ligefrem overskud af Ram i maskinen, men lad det ligge til vi har fået renset skidtet ud.

>>fromsej
det er jeg skam godt klar over.. har flere gange fået hjælp herinde, tak til alle.

det var nu ment som ting man selv kunne gøre når man havde fået en langsom pc, ting man kan gøre uden at være det store pc-geni... :-)

Jeg tog det heller ikke ilde op. :-)

Du har ret i at der er nogle gode tips på Arlets side, men i det her tilfælde skal maskinen renses, inden man begynder at rode med opsætningen.

Så, her kommer de. Jeg beklager det har taget så lang tid!

SuperAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/15/2007 at 03:14 PM

Application Version : 3.7.1018

Core Rules Database Version : 3307
Trace Rules Database Version: 1313

Scan type      : Complete Scan
Total Scan Time : 01:06:50

Memory items scanned      : 406
Memory threats detected  : 0
Registry items scanned    : 4938
Registry threats detected : 0
File items scanned        : 33835
File threats detected    : 100

Adware.Tracking Cookie
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@1072716610[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@a[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@1072477977[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@indextools[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@xiti[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@adinterax[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@easy-hit-counters[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@ads.pricerunner[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@602[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@c.enhance[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@adknowledge[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@media.adshadow[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@stat.katalysatormedia[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@as1.falkag[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@adrevolver[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@cgi-bin[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@track.adform[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@mediaplex[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@1071713355[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@belnk[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@e-2dj6wgkosjcjifq.stats.esomniture[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@dcsmltvcjpifwzra20t8v56h2_4o4k[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@dcsi54a46pifwzjwdpyx8mqjs_9z2l[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@roiservice[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@56632994[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@ad.adtoma[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@cts.metricsdirect[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@dhs.click2dial[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@S146130[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@advert.travlang[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@10286206[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@1071314708[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@microsoftwga.112.2o7[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@1071427968[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@den[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@S146129[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@S127332[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@azjmp[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@bs.serving-sys[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@cassava[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@paypal.112.2o7[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@doubleclick[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@ebookers[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@adfarm1.adition[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@swe[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@1070485861[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@atdmt[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@adrevolver[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@e-2dj6wjlooncpefo.stats.esomniture[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@eas.apm.emediate[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@1072708808[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@ad.yieldmanager[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@revsci[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@dcslj3u2n11e5hu0e346rajkg_6x7n[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@server3.web-stat[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@superstats[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@casalemedia[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@hit1.xstats[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@ad.ofir[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@e2.emediate[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@track.commissionpartner[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@advertising[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@e-2dj6wflociajoep.stats.esomniture[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@1072531080[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@ads.habbogroup[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@27309702[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@ads2.jubii[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@dist.belnk[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@1071964841[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@amaena[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@counter.hitslink[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@edsa.122.2o7[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@stat.inleadmedia[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@lonelyplanet.112.2o7[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@S142160[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@serving-sys[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@stats1.reliablestats[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@adfair[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@globalstat[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@nextag[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@adtech[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@m1.webstats4u[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@school[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@1071784655[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@ad1.emediate[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@ads.monster[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@ads.habbohotel[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@indexstats[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@microsofteup.112.2o7[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@1070922876[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@cz7.clickzs[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@tracker.krudtting[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@tradedoubler[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@windowsmedia[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@www.winantivirus[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@www.ciastat[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@www.webstat[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@S112653[2].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@stats[1].txt
    C:\Documents and Settings\Katrine Bech\Cookies\katrine bech@stats[3].txt

ComboFix:
ComboFix 07-09-14.2 - "Katrine Bech" 2007-09-15 16:04:12.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.32 [GMT 2:00]
Scriptet "Is" tog for lang tid at k›re.
K›rslen blev afsluttet.
.

(((((((((((((((((((((((((  Files Created from 2007-08-15 to 2007-09-15  )))))))))))))))))))))))))))))))
.

2007-09-15 15:59    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-15 13:31    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-15 13:30    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-15 13:30    <DIR>    d--------    C:\DOCUME~1\KATRIN~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-15 13:29    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 16:56    ---------    d--------    C:\Programmer\Sony Ericsson
2007-09-08 16:40    ---------    d--------    C:\Programmer\iTunes
2007-07-26 10:45    ---------    d--------    C:\DOCUME~1\KATRIN~1\APPLIC~1\Skype
2007-07-18 15:29    ---------    d--------    C:\Programmer\Skype
2007-07-18 15:29    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Skype
    ---------        C:\Programmer\Fælles filer
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-16 00:18 C:\WINDOWS\system32\Ati2mdxx.exe]
"CARPService"="carpserv.exe" [2003-05-21 15:35 C:\WINDOWS\system32\carpserv.exe]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 17:29]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 07:05]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34]
"Display Settings"="C:\Programmer\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 06:26]
"QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 19:57]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2002-09-10 00:42]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2002-09-10 00:41]
"Cpqset"="C:\Programmer\HPQ\Default Settings\cpqset.exe" [2002-10-23 13:19]
"Lexmark X1100 Series"="C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 15:16]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 17:26]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2006-10-30 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2006-07-29 19:34]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Avaya Wireless Client Manager.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Avaya Wireless Client Manager.lnk
backup=C:\WINDOWS\pss\Avaya Wireless Client Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^WG111v2 Smart Wizard Wireless Setting.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\WG111v2 Smart Wizard Wireless Setting.lnk
backup=C:\WINDOWS\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\K-Net Utility]
"C:\Programmer\KNet Utility\KNet Utility.exe" -winstart

R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.SYS
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys
S3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys
S3 allegro;ESS Allegro-lyddriver (WDM);C:\WINDOWS\system32\drivers\es198x.sys
S3 CE3;Tjeneste til Xircom Ethernet-netværkskort 10/100;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys
S3 WINIO;WINIO;\??\C:\WINDOWS\System32\winio.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a09a1531-deb6-11da-bab1-000bcda72eaa}]
AutoRun\command- RavMon.exe

*Newly Created Service* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
"2007-07-18 11:46:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-09-15 16:42:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 18:44:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Programmer\HPQ\Default Settings\cpqset.exe???????????3?0?9?6??????? ?X#B????????? ???l|B????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-15 18:53:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-15 18:53
.
    --- E O F ---

Rootchk:

********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
15-09-2007 15:54:19,51

Driver winio (visible) is present. Run COMBOFIX by sUBs.
Driver npf (visible) is present. Run COMBOFIX by sUBs.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 15:54:20
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 15:53:07, on 15-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Katrine Bech\Skrivebord\Eksperten programmer\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c356.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programmer\MATLAB701\webserver\bin\win32\matlabserver.exe

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c356.cab

---------------------------------------
Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a09a1531-deb6-11da-bab1-000bcda72eaa}]

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
---------------------------------------
Vi skal se en frisk hijackthislog, samt den nye combofixlog.

>>fromsej
Hej igen.

Ny combofixlog:
ComboFix 07-09-14.2 - "Katrine Bech" 2007-09-18  9:36:56.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.33 [GMT 2:00]
Scriptet "Is" tog for lang tid at k›re.
K›rslen blev afsluttet.
.

(((((((((((((((((((((((((  Files Created from 2007-08-18 to 2007-09-18  )))))))))))))))))))))))))))))))
.

2007-09-15 15:59    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-15 13:31    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-15 13:30    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-15 13:30    <DIR>    d--------    C:\DOCUME~1\KATRIN~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-15 13:29    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-17 14:14    ---------    d--------    C:\Programmer\MSN Messenger
2007-09-08 16:56    ---------    d--------    C:\Programmer\Sony Ericsson
2007-09-08 16:40    ---------    d--------    C:\Programmer\iTunes
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\dllcache\wups.dll
2007-07-26 10:45    ---------    d--------    C:\DOCUME~1\KATRIN~1\APPLIC~1\Skype
2007-07-18 15:29    ---------    d--------    C:\Programmer\Skype
2007-07-18 15:29    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-06-26 16:13    660480    ---------    C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 15:57    851968    ---------    C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10    1104896    ---------    C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32    282112    ---------    C:\WINDOWS\system32\dllcache\gdi32.dll
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Skype
    ---------        C:\Programmer\Fælles filer
.

(((((((((((((((((((((((((((((  snapshot_2007-09-15_184855.82  )))))))))))))))))))))))))))))))))))))))))
.
----a-r            29,926 2007-09-17 12:13:04  C:\WINDOWS\Installer\{F53548BC-B8A8-43E4-85FC-A263640C347F}\MsblIco.Exe
----a-w            51,056 2007-01-19 10:53:04  C:\WINDOWS\system32\sirenacm.dll
.
----a-w            48,936 2006-07-29 17:32:50  C:\WINDOWS\system32\sirenacm.dll
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-16 00:18 C:\WINDOWS\system32\Ati2mdxx.exe]
"CARPService"="carpserv.exe" [2003-05-21 15:35 C:\WINDOWS\system32\carpserv.exe]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 17:29]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 07:05]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34]
"Display Settings"="C:\Programmer\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 06:26]
"QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 19:57]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2002-09-10 00:42]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2002-09-10 00:41]
"Cpqset"="C:\Programmer\HPQ\Default Settings\cpqset.exe" [2002-10-23 13:19]
"Lexmark X1100 Series"="C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 15:16]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 17:26]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2006-10-30 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-17 13:19]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" -t

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Programmer\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2006-10-24 20:20:42]
Scriptet "Is" tog for lang tid at k›re.
K›rslen blev afsluttet.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Avaya Wireless Client Manager.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Avaya Wireless Client Manager.lnk
backup=C:\WINDOWS\pss\Avaya Wireless Client Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^WG111v2 Smart Wizard Wireless Setting.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\WG111v2 Smart Wizard Wireless Setting.lnk
backup=C:\WINDOWS\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\K-Net Utility]
"C:\Programmer\KNet Utility\KNet Utility.exe" -winstart

R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.SYS
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys
S3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys
S3 allegro;ESS Allegro-lyddriver (WDM);C:\WINDOWS\system32\drivers\es198x.sys
S3 CE3;Tjeneste til Xircom Ethernet-netværkskort 10/100;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys
S3 WINIO;WINIO;\??\C:\WINDOWS\System32\winio.sys

*Newly Created Service* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
"2007-07-18 11:46:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-09-18 06:59:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 09:47:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Programmer\HPQ\Default Settings\cpqset.exe???????????3?0?9?6??????? ?X#B????????? ???l|B????????

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-18  9:59:19
C:\ComboFix-quarantined-files.txt ... 2007-09-18 09:58
C:\ComboFix2.txt ... 2007-09-15 18:53
.
    --- E O F ---
Ny Hijackthislog:
Logfile of HijackThis v1.99.1
Scan saved at 10:05:01, on 18-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Katrine Bech\Skrivebord\Eksperten programmer\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programmer\MATLAB701\webserver\bin\win32\matlabserver.exe

Fedt at du hjælper!

Der er ikke mere at finde, men jeg er ikke tilfreds med de meldinger fra Combofix.
Jeg får lige fat i Ejvindh, det kan være han har en forklaring/løsning.
I mellemtiden:
Hent Spysweeper prøveversion her: http://www.spywarefri.dk/downloads1.htm
Installer og opdater det (check for definition update)

Derefter, tryk på Options.

sæt prik i- sweep all folders on selected drive (s)

fjern flueben ved-don´t sweep systemrestore folder.

sæt flueben ved- sweep for Rootkits

Luk programmet.


Så lukker du computeren, og lader den være i ca. 30 sekunder. Så starter du op i fejlsikret tilstand (Tryk f8 flere gange under opstart). Vælg med piletasterne fejlsikret tilstand og tast <enter>


Start Spysweeper. Så popper der en boks op fra Spysweeper, der trykker du på NO

Kør så en Sweep. Når scanningen er færdig, tryk på- next-select all-next-finish. Luk programmet.

Genstart normalt, åbn SpySweeper, skift til Options, klik på View session log, klik på Save to file, gem dokumentet f.eks. på skrivebordet, så det er nemt at finde, dobbeltklik på det og kopier teksten herind.

>>Fromsej.

Jeg er i gang med ovenstående projekt

Ups, ramte 'send' for tidligt.

Det tager bare en del tid eftersom jeg pt er meget lidt hjemme og alting tager ualmindeligt lang tid på min computer. Men jeg håber/satser på at få lagt SpySweeper loggen ind i aften. Takker for din tålmodighed!

Du tager dig bare den tid der skal til.
Lige i aften, ved jeg ikke om jeg får kigget ind, da jeg skal passe El-vagt, men mon ikke det går alligevel. ;-)

Så skulle den forhåbentlig være der. Havde en del problemer med at få started i fejlsikret tilstand, men jeg skulle mene at det lykkedes.

    Keylogger: Off
        BHO Shield: On
        IE Security Shield: On
        Alternate Data Stream (ADS) Execution Shield: On
        Startup Shield: On
        Common Ad Sites: Off
        Hosts File Shield: On
        Internet Communication Shield: On
        ActiveX Shield: On
        Windows Messenger Service Shield: On
        IE Favorites Shield: On
        Spy Installation Shield: On
        Memory Shield: Off
        IE Hijack Shield: On
        IE Tracking Cookies Shield: Off
21:24: Shield States
21:23: Spyware Definitions: 991
21:22: Spy Sweeper 5.3.2.2361 started
21:22: Spy Sweeper 5.3.2.2361 started
21:22: |      Start of Session, 20. september 2007      |
***************
05:53: Spy Sweeper 5.3.2.2361 started
05:53: Spy Sweeper 5.3.2.2361 started
05:53: |      Start of Session, 20. september 2007      |
***************
20:27: ApplicationMinimized - EXIT
20:27: ApplicationMinimized - ENTER
20:22: Your definitions are up to date.
20:21: Your definitions are up to date.
      Operation: File Access
      Target:
      Source: C:\DOCUME~1\KATRIN~1\LOKALE~1\TEMP\IS-OVNIV.TMP\IS-9MD3H.TMP
20:21: Tamper Detection
        Keylogger: Off
        BHO Shield: On
        IE Security Shield: On
        Alternate Data Stream (ADS) Execution Shield: On
        Startup Shield: On
        Common Ad Sites: Off
        Hosts File Shield: On
        Internet Communication Shield: On
        ActiveX Shield: On
        Windows Messenger Service Shield: On
        IE Favorites Shield: On
        Spy Installation Shield: On
        Memory Shield: Off
        IE Hijack Shield: On
        IE Tracking Cookies Shield: Off
18:04: Shield States
18:02: Spyware Definitions: 991
17:52: Spy Sweeper 5.3.2.2361 started
17:52: Spy Sweeper 5.3.2.2361 started
17:52: |      Start of Session, 19. september 2007      |
***************
        Keylogger: Off
        BHO Shield: On
        IE Security Shield: On
        Alternate Data Stream (ADS) Execution Shield: On
        Startup Shield: On
        Common Ad Sites: Off
        Hosts File Shield: On
        Internet Communication Shield: On
        ActiveX Shield: On
        Windows Messenger Service Shield: On
        IE Favorites Shield: On
        Spy Installation Shield: On
        Memory Shield: Off
        IE Hijack Shield: On
        IE Tracking Cookies Shield: Off
20:51: Shield States
20:50: Spyware Definitions: 991
20:47: Spy Sweeper 5.3.2.2361 started
20:47: Spy Sweeper 5.3.2.2361 started
20:47: |      Start of Session, 19. september 2007      |
***************
21:08: Spy Sweeper 5.3.2.2361 started
21:08: Spy Sweeper 5.3.2.2361 started
21:08: |      Start of Session, 19. september 2007      |
***************
21:26: Program Version 5.3.2.2361  Using Spyware Definitions 991
21:26: Spy Sweeper 5.3.2.2361 started
21:26: |      Start of Session, 19. september 2007      |
***************
05:31: Removal process completed.  Elapsed time 00:00:32
05:31:  Quarantining All Traces: wild media - minigolf
05:31:  Quarantining All Traces: 180search assistant/zango
05:31:  Quarantining All Traces: tvguide cookie
05:31:  Quarantining All Traces: clixgalore cookie
05:31:  Quarantining All Traces: stlyrics cookie
05:31:  Quarantining All Traces: spywarestormer cookie
05:31:  Quarantining All Traces: servlet cookie
05:31:  Quarantining All Traces: aptimus cookie
05:31:  Quarantining All Traces: zango cookie
05:31:  Quarantining All Traces: touchclarity cookie
05:31:  Quarantining All Traces: associated new media cookie
05:31:  Quarantining All Traces: 888 cookie
05:31:  Quarantining All Traces: wildmedia
05:31: Removal process initiated
22:25: Traces Found: 16
22:25: Custom Sweep has completed.  Elapsed time 00:58:44
22:25: File Sweep Complete, Elapsed Time: 00:55:59
22:23:  Warning: SweepCompressedFiles: Access violation at address 00401D84 in module 'SpySweeper.exe'. Read of address 7DEB000C
22:17:  Warning: SweepCompressedFiles: Access violation at address 00401D84 in module 'SpySweeper.exe'. Read of address 7E15000C
22:14:  Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
22:10:  wildapp.inf (ID = 69911)
22:10:  Found Adware: wild media - minigolf
21:53:  remover.exe (ID = 350879)
21:53:  Found Adware: 180search assistant/zango
21:29: Starting File Sweep
21:29: Cookie Sweep Complete, Elapsed Time: 00:00:03
21:29:  katrine bech@www.tvguide[2].txt (ID = 3600)
21:29:  Found Spy Cookie: tvguide cookie
21:29:  katrine bech@www.clixgalore[1].txt (ID = 2417)
21:29:  Found Spy Cookie: clixgalore cookie
21:29:  katrine bech@stlyrics[1].txt (ID = 3461)
21:29:  Found Spy Cookie: stlyrics cookie
21:29:  katrine bech@spywarestormer[1].txt (ID = 3417)
21:29:  Found Spy Cookie: spywarestormer cookie
21:29:  katrine bech@servlet[1].txt (ID = 3345)
21:29:  Found Spy Cookie: servlet cookie
21:29:  katrine bech@network.aptimus[1].txt (ID = 2235)
21:29:  Found Spy Cookie: aptimus cookie
21:29:  katrine bech@msn.touchclarity[1].txt (ID = 3566)
21:29:  katrine bech@lp.zango[1].txt (ID = 3761)
21:29:  Found Spy Cookie: zango cookie
21:29:  katrine bech@fiat.touchclarity[1].txt (ID = 3566)
21:29:  katrine bech@easyjet.touchclarity[1].txt (ID = 3566)
21:29:  Found Spy Cookie: touchclarity cookie
21:29:  katrine bech@anm.co[1].txt (ID = 2223)
21:29:  Found Spy Cookie: associated new media cookie
21:29:  katrine bech@888[2].txt (ID = 2019)
21:29:  Found Spy Cookie: 888 cookie
21:29: Starting Cookie Sweep
21:29: Registry Sweep Complete, Elapsed Time:00:00:45
21:28:  HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (ID = 146709)
21:28:  HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (ID = 146695)
21:28:  Found Adware: wildmedia
21:28: Starting Registry Sweep
21:28: Memory Sweep Complete, Elapsed Time: 00:01:34
21:27: Starting Memory Sweep
21:26: Sweep initiated using definitions version 991
21:26: Spy Sweeper 5.3.2.2361 started
21:26: |      Start of Session, 19. september 2007      |
***************

Det ser fint ud.
Er dit problem løst?

Ntjaa, det vil jeg nu ikke sige. Opstart tager stadig ca 20 min, og det nyeste er at jeg med jævne mellemrum får advarsler a la 'den virtuelle hukommelse er næsten opbrugt'. Desuden er det sådan at hvis jeg har flere programmer og/eller browservinduer åbne ad gangen, er der ofte et eller flere programmer/vinduer der 'ikke svarer'. Særligt fx microsoft office programmer samt MatLab (matematik-program) gør at alt kører helt ekseptionelt langsom. Er det måske bare fordi min computer er tussegammel? Men hvis du har gjort din del, skal du så have nogle point?

CPU = 2 Ghz
Ram = 192 Mb (256 - 64 Mb til Gfx)
CPU er OK, men du har alt for lidt ram i maskinen.
Hvornår har du installeret din Ipod, og kan det passe at det begyndte kort efter?
Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten >> iPod Service << stop den hvis den kører, højreklik på den, klik på Egenskaber og vælg Starttype Manuel.
Genstart, se om det ændrer noget.

Jeg synes ikke det har gjort noget særligt. Er løsningen at jeg skal have mere Ram? Jeg mener bare helt bestemt at min computer ikke altid har været så langsom.. Kan msn måske have noget at sige? Synes måske at kunne enrindre at problemet opstod for et par år siden, hvor jeg ågså begyndte at bruge msn.
Hvis jeg skal have mere Ram: Nogle anbefalinger angående hvor jeg skal købe det og hvor meget?

Taktak!

Sæt din XP-CD i drevet, klik på Start->Kør kopier denne linie ind:
SFC /scannow
Klik på OK, når den er færdig, genstart og se om det ændrer noget.

Så kommer der lige et spørgsmål som meget vel kunne være lidt halvdumt.. Er det monstro den CD, dom hedder Microsoft Office - Udgave til hjemmet 2003? Det er den eneste, jeg lige kan finde..

Nej, det er den CD med Windows XP du skal bruge.

Hvis du ikke har en sådan, evt. fordi Windows var installeret da du fik maskinen, så prøv kommandoen uden CD i drevet.

Hej igen og beklager forsinkelsen.

Det går måske nok en anelse hurtigere nu, men jeg har stadig problemer med at den fryser i ny og næ, men jeg tror det skyldes for lidt Ram (f.eks. når jeg laver store, kapacitetskrævende beregninger i MatLab osv.). Point?

Der er ingen tvivl om at mere ram vil hjælpe en hel del. :-)