CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

SteWe Nybegynder

09. april 2009 - 12:56 Der er 10 kommentarer

Keylogger:(

Da jeg startede World Of Warcraft i dag blev jeg advaret mod at logge på da en keylogger var blevet opdaget. Jeg har Bitdefender 2009 men kan se den ikke har skannet i to uger nu, får fejlen "Error initializing threat scanner" hvis jeg starter manuel skanning. Jeg har så prøvet at installere Microsoft Defender men den påstod der ikke var nogen trusler. Jeg geninstallerede Bitdefender men det virker stadig ikke. Underligt nok melder WoW nu ikke længere om problemer efter computeren blev genstartet. Jeg vil alligevel sætte pris på hvis en af jer gider kigge på min hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:54, on 09-04-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Fælles filer\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\system32\AvidSDMService.exe
C:\Programmer\Fælles filer\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programmer\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\Programmer\BitDefender\BitDefender 2009\seccenter.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\BitDefender\BitDefender 2009\vsserv.exe
C:\Programmer\Lenovo\System Update\SUService.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\System32\svchost.exe
E:\Games\World of Warcraft\BackgroundDownloader.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmer\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmer\Orbitdownloader\GrabPro.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programmer\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NexusServer] "C:\Programmer\Fælles filer\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BDAgent] "C:\Programmer\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programmer\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmer\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmer\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmer\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmer\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Programmer\Fælles filer\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programmer\Fælles filer\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programmer\Creative\Shared Files\CTAudSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmer\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programmer\Fælles filer\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programmer\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Programmer\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programmer\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 7862 bytes

Synes godt om

Slettet bruger

09. april 2009 - 13:19 #1

Medens du venter på hjælp kan du jo evt. tage et kig på http://www.helgec.dk/virus_etc.html

Synes godt om

f-arn Guru

09. april 2009 - 13:25 #2

Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe
Installer og start programmet, opdater, lav "fuld systemskanning" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://download.bleepingcomputer.com/sUBs/dds.scr

eller her: http://www.forospyware.com/sUBs/dds

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt herind.

OBS - DDS skal gemmes på på computeren og ikke køres fra nettet

Synes godt om

SteWe Nybegynder

09. april 2009 - 14:03 #3

Det ser ikke ud til Malwarebytes' ... fandt noget:

Malwarebytes' Anti-Malware 1.36
Database version: 1955
Windows 5.1.2600 Service Pack 3

09-04-2009 13:58:38
mbam-log-2009-04-09 (13-58-38).txt

Skan type: Fuldstændig skanning (C:\|E:\|)
Objekter skannet: 117874
Tid tilbagelagt: 13 minute(s), 53 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

DDS log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by ZV at 13:59:12,01 on 09-04-2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3070.2230 [GMT 2:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Fælles filer\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Programmer\Fælles filer\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programmer\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\Programmer\BitDefender\BitDefender 2009\seccenter.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\BitDefender\BitDefender 2009\vsserv.exe
C:\Programmer\Lenovo\System Update\SUService.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Games\World of Warcraft\BackgroundDownloader.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ZV\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.dk/
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\programmer\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows

live\WindowsLiveLogin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\programmer\orbitdownloader\GrabPro.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\programmer\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programmer\fælles filer\nero\lib\NMIndexStoreSvr.exe"

ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WinampAgent] c:\programmer\winamp\winampa.exe
mRun: [NeroFilterCheck] c:\programmer\fælles filer\nero\lib\NeroCheck.exe
mRun: [RemoteControl] c:\programmer\cyberlink\powerdvd\PDVDServ.exe
mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime
mRun: [NexusServer] "c:\programmer\fælles filer\grass valley\procoder 3\kernel\PNXSERVR.exe" -SelfLaunch
mRun: [TVT Scheduler Proxy] c:\programmer\fælles filer\lenovo\scheduler\scheduler_proxy.exe
mRun: [SoundMAXPnP] c:\programmer\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\programmer\analog devices\soundmax\Smax4.exe" /tray
mRun: [CTHelper] CTHELPER.EXE
mRun: [Windows Defender] "c:\programmer\windows defender\MSASCui.exe" -hide
mRun: [BDAgent] "c:\programmer\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\programmer\bitdefender\bitdefender 2009\IEShow.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: &Download by Orbit - c:\programmer\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmer\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programmer\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmer\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.3.0_02/jinstall-130_02-win.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {E19F9331-3110-11d4-991C-005004D3B3DB} - hxxp://java.sun.com/products/plugin/1.3.0_02/jinstall-130_02-win.cab
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zv\applic~1\mozilla\firefox\profiles\xvmuzozk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - plugin: c:\program files\javasoft\jre\1.3.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\javasoft\jre\1.3.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\javasoft\jre\1.3.0_02\bin\NPJava130_02.dll
FF - plugin: c:\program files\javasoft\jre\1.3.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\javasoft\jre\1.3.0_02\bin\NPOJI600.dll

============= SERVICES / DRIVERS ===============

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 81688]
R2 WinDefend;Windows Defender;c:\programmer\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-3-4 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-3-4 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-3-4 566296]
R3 hcwPVRP2;Hauppauge WinTV PVR PCI II (Encoder/Decoder);c:\windows\system32\drivers\hcwPVRP2.sys [2009-1-4 824512]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-9 38496]
S1 PDIDRV;PDIDRV; [x]
S3 Arrakis3;BitDefender Arrakis Server;c:\programmer\fælles filer\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-3-4 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programmer\fælles filer\creative labs shared\service\CTAELicensing.exe

[2009-4-4 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-3-4 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-3-4 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-3-4 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-3-4 566296]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmer\nos\bin\getPlus_HelperSvc.exe [2009-1-8 33752]

=============== Created Last 30 ================

2009-04-09 13:36 <DIR> --d----- c:\docume~1\zv\applic~1\Malwarebytes
2009-04-09 13:36 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-09 13:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 13:36 <DIR> --d----- c:\programmer\Malwarebytes' Anti-Malware
2009-04-09 13:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-09 12:13 <DIR> --d----- c:\programmer\Trend Micro
2009-04-09 11:55 <DIR> --d----- c:\docume~1\zv\applic~1\BitDefender
2009-04-09 11:30 <DIR> --dsh--- c:\windows\system32\28463
2009-04-04 18:44 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-04-04 18:44 1,080 a------- c:\windows\system32\settings.sfm
2009-04-04 16:02 <DIR> --d----- c:\programmer\Runtime Software
2009-04-04 15:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-04-04 15:53 <DIR> --d----- c:\docume~1\zv\applic~1\Azureus
2009-04-04 15:52 <DIR> --d----- c:\programmer\Vuze
2009-04-04 15:52 <DIR> --d----- c:\programmer\fælles filer\i4j_jres
2009-04-04 12:59 <DIR> --d----- C:\Bryllup
2009-04-04 11:58 <DIR> --d----- c:\programmer\fælles filer\Blizzard Entertainment
2009-04-04 11:48 30,528 a------- c:\windows\system32\BMXCtrlState-{00000011-00000000-0000000A-00001102-00000004-20021102}.rfx
2009-04-04 11:48 30,528 a------- c:\windows\system32\BMXBkpCtrlState-{00000011-00000000-0000000A-00001102-00000004-20021102}.rfx
2009-04-04 11:48 11,564 a------- c:\windows\system32\DVCState-{00000011-00000000-0000000A-00001102-00000004-20021102}.rfx
2009-04-04 11:47 4,933,105 a------- c:\windows\{00000011-00000000-0000000A-00001102-00000004-20021102}.BAK
2009-04-04 11:43 <DIR> --d----- c:\programmer\fælles filer\Creative Labs Shared
2009-04-04 11:43 4,933,105 a------- c:\windows\{00000011-00000000-0000000A-00001102-00000004-20021102}.CDF
2009-04-01 11:24 1,285,632 -------- c:\windows\system32\SMMedia.dll
2009-04-01 11:24 53,248 -------- c:\windows\system32\wdmioctl.dll
2009-04-01 11:24 <DIR> --d----- c:\programmer\Analog Devices
2009-04-01 11:24 49,152 -------- c:\windows\system32\DSndUp.exe
2009-04-01 11:24 45,056 -------- c:\windows\system32\CleanUp.exe
2009-04-01 09:59 13,780 a------- c:\windows\system32\drivers\pfc.sys
2009-03-31 13:59 <DIR> --d----- c:\windows\system32\(null)
2009-03-31 13:59 <DIR> --d----- c:\programmer\Lenovo
2009-03-31 13:59 <DIR> --d----- c:\programmer\fælles filer\Lenovo
2009-03-31 13:59 21,376 a------- c:\windows\system32\drivers\psadd.sys
2009-03-31 13:16 <DIR> --d----- C:\SWTOOLS
2009-03-30 16:47 <DIR> --d----- c:\programmer\fælles filer\Digidesign
2009-03-30 16:47 540,672 a------- c:\windows\system32\Dsi.dll
2009-03-30 16:47 90,112 a------- c:\windows\system32\WinMMFix.dll
2009-03-30 16:47 15,872 a------- c:\windows\system32\KeyFilter.dll
2009-03-30 16:46 45,056 a------- c:\windows\system32\wnaspi32.dll
2009-03-30 16:46 <DIR> --d----- c:\programmer\Avid
2009-03-30 16:46 24,683 a------- c:\windows\system32\plugincpl130_02.cpl
2009-03-30 16:46 <DIR> --d----- C:\Program Files
2009-03-30 16:46 <DIR> --d----- c:\documents and settings\zv\WINDOWS
2009-03-30 16:46 <DIR> --d----- c:\programmer\Rainbow Technologies
2009-03-29 00:04 <DIR> --d----- c:\programmer\OpenOffice.org 2.4
2009-03-25 18:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grass Valley
2009-03-25 18:22 685,056 a------- c:\windows\system32\drivers\hardlock.sys
2009-03-25 18:22 0 a------- c:\windows\TempFile
2009-03-25 18:22 835,665 a------- c:\windows\system32\cseuvec.dll
2009-03-25 18:22 671,815 a------- c:\windows\system32\csehqa.dll
2009-03-25 18:22 258,048 a------- c:\windows\system32\cllccodc.dll
2009-03-25 18:22 122,961 a------- c:\windows\system32\csellc.dll
2009-03-25 18:22 69,632 a------- c:\windows\system32\cuvccodc.dll
2009-03-25 18:22 69,632 a------- c:\windows\system32\cdv5codc.dll
2009-03-25 18:22 65,536 a------- c:\windows\system32\cdvhcodc.dll
2009-03-25 18:22 49,152 a------- c:\windows\system32\cvpcdvc.dll
2009-03-25 18:22 4,096 a------- c:\windows\system32\paveno.dll
2009-03-25 18:21 <DIR> --d----- c:\programmer\fælles filer\Snell & Wilcox Shared
2009-03-25 18:21 <DIR> --d----- c:\programmer\Grass Valley
2009-03-25 18:21 <DIR> --d----- c:\programmer\fælles filer\Grass Valley
2009-03-25 18:21 <DIR> --d----- c:\programmer\fælles filer\Canopus Shared
2009-03-24 14:45 4,096 a------- c:\windows\system32\ftx32.dll
2009-03-24 14:45 <DIR> --d----- c:\programmer\FinalData
2009-03-24 14:44 306,688 a------- c:\windows\IsUninst.exe
2009-03-21 20:07 <DIR> --d----- c:\docume~1\zv\applic~1\Mumble
2009-03-21 20:06 <DIR> --d----- c:\programmer\Mumble
2009-03-20 18:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\e-Safekey
2009-03-20 10:41 <DIR> --d----- C:\downloads
2009-03-20 10:41 <DIR> --d----- c:\docume~1\zv\applic~1\GrabPro
2009-03-20 10:41 <DIR> --d----- c:\programmer\Orbitdownloader

==================== Find3M ====================

2009-04-09 11:52 81,984 a------- c:\windows\system32\bdod.bin
2009-04-04 11:43 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-04-04 11:43 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-04-01 11:24 406,966 a------- c:\windows\system32\perfh006.dat
2009-04-01 11:24 68,966 a------- c:\windows\system32\perfc006.dat
2009-03-04 14:47 15,896 a------- c:\windows\system32\drivers\pfmodnt.sys
2009-03-04 14:46 189,464 a------- c:\windows\system32\drivers\haP17v2k.sys
2009-03-04 14:46 162,840 a------- c:\windows\system32\drivers\haP16v2k.sys
2009-03-04 14:46 798,744 a------- c:\windows\system32\drivers\ha10kx2k.sys
2009-03-04 14:46 92,696 a------- c:\windows\system32\drivers\emupia2k.sys
2009-03-04 14:46 157,208 a------- c:\windows\system32\drivers\ctsfm2k.sys
2009-03-04 14:45 14,360 a------- c:\windows\system32\drivers\ctprxy2k.sys
2009-03-04 14:45 127,512 a------- c:\windows\system32\drivers\ctoss2k.sys
2009-03-04 14:45 1,395,992 a------- c:\windows\system32\drivers\CTMMFILT.SYS
2009-03-04 14:45 18,840 a------- c:\windows\system32\drivers\CTGAME.SYS
2009-03-04 14:44 347,080 a------- c:\windows\system32\drivers\ctdvda2k.sys
2009-03-04 14:44 528,408 a------- c:\windows\system32\drivers\ctaud2k.sys
2009-03-04 14:44 511,000 a------- c:\windows\system32\drivers\ctac32k.sys
2009-03-04 14:44 1,366,424 a------- c:\windows\system32\drivers\CT0531FL.SYS
2009-03-04 14:42 100,888 a------- c:\windows\system32\drivers\CTERFXFX.sys
2009-03-04 14:42 566,296 a------- c:\windows\system32\drivers\CTSBLFX.sys
2009-03-04 14:42 555,032 a------- c:\windows\system32\drivers\CTAUDFX.sys
2009-03-04 14:42 99,352 a------- c:\windows\system32\drivers\COMMONFX.sys
2009-03-04 12:47 43,520 a------- c:\windows\system32\CTBurst.dll
2009-03-04 12:47 11,776 a------- c:\windows\system32\inres.dll
2009-03-04 12:47 11,776 a------- c:\windows\INRES.DLL
2009-03-04 12:47 182,272 a------- c:\windows\system32\ctdvinst.dll
2009-03-04 12:47 86,528 a------- c:\windows\system32\ctcoinst.dll
2009-03-04 12:46 10,752 a------- c:\windows\system32\a3d.dll
2009-03-04 12:46 11,776 a------- c:\windows\system32\ac3api.dll
2009-03-04 12:45 38,400 a------- c:\windows\system32\readreg.exe
2009-03-04 12:45 37,888 a------- c:\windows\system32\psconv.exe
2009-03-04 12:45 19,456 a------- c:\windows\system32\CtHelper.exe
2009-03-04 12:45 8,704 a------- c:\windows\system32\ctagent.dll
2009-03-04 12:45 45,568 a------- c:\windows\system32\ctspkhlp.dll
2009-03-04 12:45 56,832 a------- c:\windows\system32\CTpcmcia.dll
2009-03-04 12:45 12,800 a------- c:\windows\system32\ctmmep.dll
2009-03-04 12:45 9,216 a------- c:\windows\system32\ctpres.dll
2009-03-04 12:45 9,216 a------- c:\windows\CTPRES.DLL
2009-03-04 12:45 32,768 a------- c:\windows\system32\ctthxcal.dll
2009-03-04 12:44 131,072 a------- c:\windows\system32\ctdcifce.dll
2009-03-04 12:44 41,472 a------- c:\windows\system32\ctscal.dll
2009-03-04 12:44 330,752 a------- c:\windows\system32\ctdc0001.dll
2009-03-04 12:44 227,840 a------- c:\windows\system32\ctdc0000.dll
2009-03-04 12:44 10,240 a------- c:\windows\system32\ctdcres.dll
2009-03-04 12:44 10,240 a------- c:\windows\CTDCRES.DLL
2009-03-04 12:33 386,852 a------- c:\windows\system32\ctdnlstr.dat
2009-03-04 12:33 51,787 a------- c:\windows\system32\ctdlang.dat
2009-03-04 12:33 196,096 a------- c:\windows\system32\ctemupia.dll
2009-03-04 12:30 176,128 a------- c:\windows\system32\ct_oal.dll
2009-03-04 12:30 46,592 a------- c:\windows\system32\ctasio.dll
2009-03-04 12:30 49,152 a------- c:\windows\system32\ctdproxy.dll
2009-03-04 12:29 69,632 a------- c:\windows\system32\ctosuser.dll
2009-03-04 12:29 6,144 a------- c:\windows\system32\sfman32.dll
2009-03-04 12:29 125,952 a------- c:\windows\system32\sfms32.dll
2009-03-04 12:28 13,312 a------- c:\windows\system32\regplib.exe
2009-03-04 12:28 64,512 a------- c:\windows\system32\piaproxy.dll
2009-03-04 12:28 149,838 a------- c:\windows\system32\ctbas2w.dat
2009-03-04 12:26 274,587 a------- c:\windows\system32\ctsbas2w.dat
2009-03-04 12:26 241,084 a------- c:\windows\system32\CTSBASW.DAT
2009-03-04 12:26 115,166 a------- c:\windows\system32\CTBASICW.DAT
2009-03-04 12:25 313,207 a------- c:\windows\system32\ctstatic.dat
2009-03-04 12:25 53,932 a------- c:\windows\system32\ctdaught.dat
2009-03-04 12:25 5,120 a------- c:\windows\system32\enlocstr.exe
2009-03-04 12:25 10,240 a------- c:\windows\system32\killapps.exe
2009-03-04 12:25 28,672 a------- c:\windows\system32\MIDIDEF.EXE
2009-03-04 12:25 33,792 a------- c:\windows\system32\devreg.dll
2009-02-13 14:50 87,712 a------- c:\windows\system32\ctpxst32.exe
2009-02-09 16:07 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-31 03:27 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-16 17:38 17,346,824 a------- c:\windows\system32\AppSetup.exe

============= FINISH: 13:59:20,71 ===============

Synes godt om

Computer Hjælp (Gratis) Mester

09. april 2009 - 15:06 #4

[Azureus] - Hmmm...

Synes godt om

f-arn Guru

09. april 2009 - 17:07 #5

Der er noget der ikke ser helt rigtig ud!

-------------------

Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start superantispyware, klik på Check for updates, når det er opdateret skal du lade det skanne din computer
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.

Start så superantispyware, klik på preferences, statitics/logs, view log. Indholdet af denne log må du gerne kopiere herind.

-----------------------

Bagefter hent combofix her
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Gem den som noget tilfældigt ved at vælge "gem som"

Kør så combofix.exe og følg anvisningerne.
Vigtigt--> Deaktiver dit antivirusprogram da det kan forstyrrer combofix
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her: C:\Combofix.txt

Synes godt om

SteWe Nybegynder

13. april 2009 - 12:53 #6

SuperAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/10/2009 at 10:49 AM

Application Version : 4.0.1154

Core Rules Database Version : 3838
Trace Rules Database Version: 1794

Scan type : Complete Scan
Total Scan Time : 00:12:48

Memory items scanned : 431
Memory threats detected : 0
Registry items scanned : 4518
Registry threats detected : 0
File items scanned : 15297
File threats detected : 75

Adware.Tracking Cookie
C:\Documents and Settings\ZV\Cookies\zv@adserver.adreactor[1].txt
C:\Documents and Settings\ZV\Cookies\zv@postclicktracking[1].txt
C:\Documents and Settings\ZV\Cookies\zv@at.atwola[1].txt
C:\Documents and Settings\ZV\Cookies\zv@adopt.specificclick[2].txt
C:\Documents and Settings\ZV\Cookies\zv@adtech[1].txt
C:\Documents and Settings\ZV\Cookies\zv@chitika[1].txt
C:\Documents and Settings\ZV\Cookies\zv@specificclick[1].txt
C:\Documents and Settings\ZV\Cookies\zv@fastclick[1].txt
C:\Documents and Settings\ZV\Cookies\zv@ads.dvinfo[2].txt
C:\Documents and Settings\ZV\Cookies\zv@ero-advertising[1].txt
C:\Documents and Settings\ZV\Cookies\zv@media6degrees[1].txt
C:\Documents and Settings\ZV\Cookies\zv@atdmt[2].txt
C:\Documents and Settings\ZV\Cookies\zv@www.googleadservices[1].txt
C:\Documents and Settings\ZV\Cookies\zv@www.googleadservices[2].txt
C:\Documents and Settings\ZV\Cookies\zv@partypoker[2].txt
C:\Documents and Settings\ZV\Cookies\zv@eas.apm.emediate[2].txt
C:\Documents and Settings\ZV\Cookies\zv@collective-media[1].txt
C:\Documents and Settings\ZV\Cookies\zv@tribalfusion[1].txt
C:\Documents and Settings\ZV\Cookies\zv@ads.warcraftmovies[2].txt
C:\Documents and Settings\ZV\Cookies\zv@hitbox[1].txt
C:\Documents and Settings\ZV\Cookies\zv@elitebastards[2].txt
C:\Documents and Settings\ZV\Cookies\zv@serving-sys[1].txt
C:\Documents and Settings\ZV\Cookies\zv@list[1].txt
C:\Documents and Settings\ZV\Cookies\zv@advertising[1].txt
C:\Documents and Settings\ZV\Cookies\zv@trafficmp[1].txt
C:\Documents and Settings\ZV\Cookies\zv@247realmedia[1].txt
C:\Documents and Settings\ZV\Cookies\zv@smartadserver[1].txt
C:\Documents and Settings\ZV\Cookies\zv@pro-market[2].txt
C:\Documents and Settings\ZV\Cookies\zv@bs.serving-sys[2].txt
C:\Documents and Settings\ZV\Cookies\zv@msnportal.112.2o7[1].txt
C:\Documents and Settings\ZV\Cookies\zv@valueclick[1].txt
C:\Documents and Settings\ZV\Cookies\zv@findfiles[2].txt
C:\Documents and Settings\ZV\Cookies\zv@ads.ad4game[2].txt
C:\Documents and Settings\ZV\Cookies\zv@mediaplex[1].txt
C:\Documents and Settings\ZV\Cookies\zv@adserver.adtechus[1].txt
C:\Documents and Settings\ZV\Cookies\zv@zedo[2].txt
C:\Documents and Settings\ZV\Cookies\zv@ads.widgetbucks[1].txt
C:\Documents and Settings\ZV\Cookies\zv@nextag.co[1].txt
C:\Documents and Settings\ZV\Cookies\zv@doubleclick[1].txt
C:\Documents and Settings\ZV\Cookies\zv@adbureau[1].txt
C:\Documents and Settings\ZV\Cookies\zv@ads.incgamers[2].txt
C:\Documents and Settings\ZV\Cookies\zv@realmedia[1].txt
C:\Documents and Settings\ZV\Cookies\zv@danskebank.112.2o7[1].txt
C:\Documents and Settings\ZV\Cookies\zv@imrworldwide[2].txt
C:\Documents and Settings\ZV\Cookies\zv@burstnet[1].txt
C:\Documents and Settings\ZV\Cookies\zv@movia.112.2o7[1].txt
C:\Documents and Settings\ZV\Cookies\zv@aller.112.2o7[1].txt
C:\Documents and Settings\ZV\Cookies\zv@track.adform[2].txt
C:\Documents and Settings\ZV\Cookies\zv@adbrite[1].txt
C:\Documents and Settings\ZV\Cookies\zv@c7.zedo[2].txt
C:\Documents and Settings\ZV\Cookies\zv@adinterax[1].txt
C:\Documents and Settings\ZV\Cookies\zv@lenovo.112.2o7[1].txt
C:\Documents and Settings\ZV\Cookies\zv@bluestreak[2].txt
C:\Documents and Settings\ZV\Cookies\zv@tacoda[1].txt
C:\Documents and Settings\ZV\Cookies\zv@ad.yieldmanager[2].txt
C:\Documents and Settings\ZV\Cookies\zv@adopt.euroclick[1].txt
C:\Documents and Settings\ZV\Cookies\zv@e2.emediate[1].txt
C:\Documents and Settings\ZV\Cookies\zv@xiti[1].txt
C:\Documents and Settings\ZV\Cookies\zv@tradedoubler[1].txt
C:\Documents and Settings\ZV\Cookies\zv@indextools[2].txt
C:\Documents and Settings\ZV\Cookies\zv@ad.dragonstar.dmoglobal[2].txt
C:\Documents and Settings\ZV\Cookies\zv@adrevolver[2].txt
C:\Documents and Settings\ZV\Cookies\zv@ehg-techtarget.hitbox[1].txt
C:\Documents and Settings\ZV\Cookies\zv@ad1.emediate[2].txt
C:\Documents and Settings\ZV\Cookies\zv@eas4.emediate[1].txt
C:\Documents and Settings\ZV\Cookies\zv@statcounter[1].txt
C:\Documents and Settings\ZV\Cookies\zv@overture[2].txt
C:\Documents and Settings\ZV\Cookies\zv@horisont.adservinginternational[1].txt
C:\Documents and Settings\ZV\Cookies\zv@2o7[2].txt
C:\Documents and Settings\ZV\Cookies\zv@cgm.adbureau[2].txt
C:\Documents and Settings\ZV\Cookies\zv@homeentertainment.112.2o7[1].txt
C:\Documents and Settings\ZV\Cookies\zv@media.adrevolver[1].txt
C:\Documents and Settings\ZV\Cookies\zv@revsci[1].txt

Combofix log:

ComboFix 09-04-13.A2 - ZV 2009-04-13 12:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1030.18.3070.2605 [GMT 2:00]
Kører fra: c:\documents and settings\ZV\Skrivebord\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
* Dannede nyt systemgendannelsespunkt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\28463
c:\windows\system32\28463\AKV.exe
c:\windows\system32\28463\IKSI.exe
c:\windows\system32\ftx32.dll

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-03-13 til 2009-04-13 )))))))))))))))))))))))))))))))))))
.

2009-04-10 08:35 . 2009-04-10 08:35 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-10 08:35 . 2009-04-10 08:35 -------- d-----w c:\documents and settings\ZV\Application Data\SUPERAntiSpyware.com
2009-04-09 11:36 . 2009-04-09 11:36 -------- d-----w c:\documents and settings\ZV\Application Data\Malwarebytes
2009-04-09 11:36 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-09 11:36 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 11:36 . 2009-04-09 11:36 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-04 16:44 . 2009-04-04 16:44 1080 ----a-w c:\windows\system32\settingsbkup.sfm
2009-04-04 16:44 . 2009-04-04 16:44 1080 ----a-w c:\windows\system32\settings.sfm
2009-04-04 13:53 . 2009-04-04 13:53 -------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-04-04 13:53 . 2009-04-04 14:19 -------- d-----w c:\documents and settings\ZV\Application Data\Azureus
2009-04-04 10:59 . 2009-04-04 14:08 -------- d-----w C:\Bryllup
2009-04-04 09:48 . 2009-04-11 16:01 30528 ----a-w c:\windows\system32\BMXCtrlState-{00000011-00000000-0000000A-00001102-00000004-20021102}.rfx
2009-04-04 09:48 . 2009-04-11 16:01 30528 ----a-w c:\windows\system32\BMXBkpCtrlState-{00000011-00000000-0000000A-00001102-00000004-20021102}.rfx
2009-04-04 09:48 . 2009-04-11 16:01 11564 ----a-w c:\windows\system32\DVCState-{00000011-00000000-0000000A-00001102-00000004-20021102}.rfx
2009-04-04 09:47 . 2009-04-13 10:41 4933105 ----a-w c:\windows\{00000011-00000000-0000000A-00001102-00000004-20021102}.BAK
2009-04-04 09:43 . 2009-04-13 10:41 4933105 ----a-w c:\windows\{00000011-00000000-0000000A-00001102-00000004-20021102}.CDF
2009-04-01 14:51 . 2009-04-01 14:51 -------- d-----w c:\documents and settings\ZV\Lokale indstillinger\Application Data\Identities
2009-04-01 09:24 . 2005-05-04 06:20 53248 ------w c:\windows\system32\wdmioctl.dll
2009-04-01 09:24 . 2001-09-11 12:20 1285632 ------w c:\windows\system32\SMMedia.dll
2009-04-01 09:24 . 2006-07-10 12:42 49152 ------w c:\windows\system32\DSndUp.exe
2009-04-01 09:24 . 2002-04-17 12:05 45056 ------w c:\windows\system32\CleanUp.exe
2009-04-01 07:59 . 2002-06-11 17:55 13780 ----a-w c:\windows\system32\drivers\pfc.sys
2009-04-01 07:58 . 2009-04-01 07:58 -------- d-----w c:\documents and settings\ZV\Application Data\Apple Computer
2009-03-31 11:59 . 2009-03-31 11:59 -------- d-----w c:\windows\system32\(null)
2009-03-31 11:59 . 2007-02-19 05:56 21376 ----a-w c:\windows\system32\drivers\psadd.sys
2009-03-31 11:16 . 2009-03-31 11:16 -------- d-----w C:\SWTOOLS
2009-03-30 14:47 . 2003-06-19 11:08 15872 ----a-w c:\windows\system32\KeyFilter.dll
2009-03-30 14:47 . 2003-06-19 11:05 90112 ----a-w c:\windows\system32\WinMMFix.dll
2009-03-30 14:47 . 2003-06-19 11:05 540672 ----a-w c:\windows\system32\Dsi.dll
2009-03-30 14:46 . 2001-02-01 13:10 45056 ----a-w c:\windows\system32\wnaspi32.dll
2009-03-30 14:46 . 2001-01-30 09:21 24683 ----a-w c:\windows\system32\plugincpl130_02.cpl
2009-03-30 14:46 . 2009-03-30 14:46 -------- d-----w C:\Program Files
2009-03-30 14:46 . 2009-03-30 14:46 -------- d-----w c:\documents and settings\ZV\WINDOWS
2009-03-28 22:05 . 2009-04-04 12:57 -------- d-----w c:\documents and settings\ZV\Application Data\OpenOffice.org2
2009-03-26 14:09 . 2009-03-26 14:09 -------- d-----w c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Apple
2009-03-25 16:23 . 2009-03-25 16:23 -------- d-----w c:\documents and settings\All Users\Application Data\Grass Valley
2009-03-25 16:22 . 2009-04-13 10:29 0 ----a-w c:\windows\TempFile
2009-03-25 16:22 . 2005-07-28 07:18 685056 ----a-w c:\windows\system32\drivers\hardlock.sys
2009-03-25 16:22 . 2006-10-30 08:56 69632 ----a-w c:\windows\system32\cuvccodc.dll
2009-03-25 16:22 . 2006-10-30 08:56 258048 ----a-w c:\windows\system32\cllccodc.dll
2009-03-25 16:22 . 2006-09-21 15:22 65536 ----a-w c:\windows\system32\cdvhcodc.dll
2009-03-25 16:22 . 2006-09-21 15:22 69632 ----a-w c:\windows\system32\cdv5codc.dll
2009-03-25 16:22 . 2006-05-01 10:08 4096 ----a-w c:\windows\system32\paveno.dll
2009-03-25 16:22 . 2006-03-26 12:48 671815 ----a-w c:\windows\system32\csehqa.dll
2009-03-25 16:22 . 2005-06-08 10:13 835665 ----a-w c:\windows\system32\cseuvec.dll
2009-03-25 16:22 . 2004-09-09 14:36 122961 ----a-w c:\windows\system32\csellc.dll
2009-03-25 16:22 . 2002-12-02 09:42 49152 ----a-w c:\windows\system32\cvpcdvc.dll
2009-03-25 16:20 . 2009-03-25 16:20 -------- d-----w c:\documents and settings\ZV\Application Data\InstallShield
2009-03-25 16:19 . 2009-03-25 16:19 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-25 16:19 . 2009-03-25 16:19 -------- d-----w c:\documents and settings\ZV\Lokale indstillinger\Application Data\Apple
2009-03-25 16:19 . 2009-03-25 16:19 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-03-25 16:18 . 2009-03-25 16:18 -------- d-----w c:\documents and settings\ZV\Lokale indstillinger\Application Data\Apple Computer
2009-03-24 12:44 . 1998-10-29 15:45 306688 ----a-w c:\windows\IsUninst.exe
2009-03-21 18:07 . 2009-03-21 18:39 -------- d-----w c:\documents and settings\ZV\Application Data\Mumble
2009-03-20 16:54 . 2009-03-20 16:54 -------- d-----w c:\documents and settings\All Users\Application Data\e-Safekey
2009-03-20 08:41 . 2009-03-20 16:54 -------- d-----w C:\downloads
2009-03-20 08:41 . 2009-03-20 08:41 -------- d-----w c:\documents and settings\ZV\Application Data\GrabPro
2009-03-20 08:41 . 2009-03-21 12:31 -------- d-----w c:\documents and settings\ZV\Application Data\Orbit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 10:44 . 2009-01-04 10:48 -------- d-----w c:\programmer\Fælles filer\BitDefender
2009-04-13 10:43 . 2009-01-17 11:08 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-13 10:32 . 2009-04-13 10:30 32768 --sha-w c:\windows\Temp\History\History.IE5\MSHist012009041320090414\index.dat
2009-04-13 10:30 . 2009-04-13 10:30 32768 --sha-w c:\windows\Temp\History\History.IE5\MSHist012009040620090413\index.dat
2009-04-13 10:30 . 2009-01-24 11:21 32768 --sha-w c:\windows\Temp\History\History.IE5\index.dat
2009-04-13 10:30 . 2009-01-24 11:21 16384 --sha-w c:\windows\Temp\Cookies\index.dat
2009-04-13 10:30 . 2009-01-24 11:21 32768 --sha-w c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
2009-04-13 10:29 . 2009-04-10 08:35 -------- d-----w c:\programmer\SUPERAntiSpyware
2009-04-10 08:35 . 2009-01-04 10:10 -------- d-----w c:\programmer\Fælles filer\Wise Installation Wizard
2009-04-09 11:36 . 2009-04-09 11:36 -------- d-----w c:\programmer\Malwarebytes' Anti-Malware
2009-04-09 10:18 . 2009-03-20 08:41 -------- d-----w c:\programmer\Orbitdownloader
2009-04-09 10:13 . 2009-04-09 10:13 -------- d-----w c:\programmer\Trend Micro
2009-04-09 09:41 . 2009-04-09 09:41 -------- d-----w c:\programmer\Windows Defender
2009-04-06 21:35 . 2009-01-04 10:26 -------- d-----w c:\programmer\WinTV
2009-04-04 14:02 . 2009-04-04 14:02 -------- d-----w c:\programmer\Runtime Software
2009-04-04 13:53 . 2009-04-04 13:52 -------- d-----w c:\programmer\Vuze
2009-04-04 13:52 . 2009-04-04 13:52 -------- d-----w c:\programmer\Fælles filer\i4j_jres
2009-04-04 09:58 . 2009-04-04 09:58 -------- d-----w c:\programmer\Fælles filer\Blizzard Entertainment
2009-04-04 09:43 . 2009-01-04 10:27 -------- d--h--w c:\programmer\InstallShield Installation Information
2009-04-04 09:43 . 2009-04-04 09:43 -------- d-----w c:\programmer\Fælles filer\Creative Labs Shared
2009-04-04 09:43 . 2009-01-04 10:50 -------- d-----w c:\programmer\Creative
2009-04-04 09:43 . 2009-01-04 10:49 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-04 09:43 . 2009-01-04 10:49 109080 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-04 09:43 . 2009-01-04 10:49 -------- d-----w c:\documents and settings\ZV\Application Data\Creative
2009-04-04 09:40 . 2009-01-04 10:48 -------- d-----w c:\programmer\Winamp
2009-04-04 09:27 . 2009-03-30 14:46 -------- d-----w c:\programmer\Avid
2009-04-01 09:24 . 2001-10-09 11:00 68966 ----a-w c:\windows\system32\perfc006.dat
2009-04-01 09:24 . 2001-10-09 11:00 406966 ----a-w c:\windows\system32\perfh006.dat
2009-04-01 09:24 . 2009-04-01 09:24 -------- d-----w c:\programmer\Analog Devices
2009-04-01 07:56 . 2009-04-01 07:56 -------- d-----w c:\programmer\Smart Projects
2009-03-31 11:59 . 2009-03-31 11:59 -------- d-----w c:\programmer\Lenovo
2009-03-31 11:59 . 2009-03-31 11:59 -------- d-----w c:\programmer\Fælles filer\Lenovo
2009-03-30 14:47 . 2009-03-30 14:47 -------- d-----w c:\programmer\Fælles filer\Digidesign
2009-03-30 14:46 . 2009-03-30 14:46 -------- d-----w c:\programmer\Rainbow Technologies
2009-03-29 10:16 . 2009-01-04 10:57 17088 ----a-w c:\documents and settings\ZV\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-03-28 22:05 . 2009-03-28 22:04 -------- d-----w c:\programmer\OpenOffice.org 2.4
2009-03-25 16:22 . 2009-03-25 16:21 -------- d-----w c:\programmer\Fælles filer\Canopus Shared
2009-03-25 16:21 . 2009-03-25 16:21 -------- d-----w c:\programmer\Fælles filer\Snell & Wilcox Shared
2009-03-25 16:21 . 2009-03-25 16:21 -------- d-----w c:\programmer\Grass Valley
2009-03-25 16:21 . 2009-03-25 16:21 -------- d-----w c:\programmer\Fælles filer\Grass Valley
2009-03-25 16:19 . 2009-03-25 16:19 -------- d-----w c:\programmer\QuickTime
2009-03-25 16:19 . 2009-03-25 16:19 -------- d-----w c:\programmer\Apple Software Update
2009-03-24 12:45 . 2009-03-24 12:45 -------- d-----w c:\programmer\FinalData
2009-03-21 18:07 . 2009-03-21 18:06 -------- d-----w c:\programmer\Mumble
2009-03-09 00:57 . 2009-03-09 00:57 -------- d-----w c:\programmer\Fælles filer\TechSmith Shared
2009-03-09 00:57 . 2009-03-09 00:57 -------- d-----w c:\programmer\TechSmith
2009-03-04 12:47 . 2009-03-04 12:47 15896 ----a-w c:\windows\system32\drivers\pfmodnt.sys
2009-03-04 12:46 . 2009-03-04 12:46 189464 ----a-w c:\windows\system32\drivers\haP17v2k.sys
2009-03-04 12:46 . 2009-03-04 12:46 162840 ----a-w c:\windows\system32\drivers\haP16v2k.sys
2009-03-04 12:46 . 2009-03-04 12:46 798744 ----a-w c:\windows\system32\drivers\ha10kx2k.sys
2009-03-04 12:46 . 2009-03-04 12:46 92696 ----a-w c:\windows\system32\drivers\emupia2k.sys
2009-03-04 12:46 . 2009-03-04 12:46 157208 ----a-w c:\windows\system32\drivers\ctsfm2k.sys
2009-03-04 12:45 . 2009-03-04 12:45 14360 ----a-w c:\windows\system32\drivers\ctprxy2k.sys
2009-03-04 12:45 . 2009-03-04 12:45 127512 ----a-w c:\windows\system32\drivers\ctoss2k.sys
2009-03-04 12:45 . 2009-03-04 12:45 1395992 ----a-w c:\windows\system32\drivers\CTMMFILT.SYS
2009-03-04 12:45 . 2009-03-04 12:45 18840 ----a-w c:\windows\system32\drivers\CTGAME.SYS
2009-03-04 12:44 . 2009-03-04 12:44 347080 ----a-w c:\windows\system32\drivers\ctdvda2k.sys
2009-03-04 12:44 . 2009-03-04 12:44 528408 ----a-w c:\windows\system32\drivers\ctaud2k.sys
2009-03-04 12:44 . 2009-03-04 12:44 511000 ----a-w c:\windows\system32\drivers\ctac32k.sys
2009-03-04 12:44 . 2009-03-04 12:44 1366424 ----a-w c:\windows\system32\drivers\CT0531FL.SYS
2009-03-04 12:42 . 2009-03-04 12:42 100888 ----a-w c:\windows\system32\drivers\CTERFXFX.sys
2009-03-04 12:42 . 2009-03-04 12:42 566296 ----a-w c:\windows\system32\drivers\CTSBLFX.sys
2009-03-04 12:42 . 2009-03-04 12:42 555032 ----a-w c:\windows\system32\drivers\CTAUDFX.sys
2009-03-04 12:42 . 2009-03-04 12:42 99352 ----a-w c:\windows\system32\drivers\COMMONFX.sys
2009-03-04 10:47 . 2009-03-04 10:47 43520 ----a-w c:\windows\system32\CTBurst.dll
2009-03-04 10:47 . 2009-03-04 10:47 11776 ----a-w c:\windows\system32\inres.dll
2009-03-04 10:47 . 2009-03-04 10:47 11776 ----a-w c:\windows\INRES.DLL
2009-03-04 10:47 . 2008-06-27 16:27 182272 ----a-w c:\windows\system32\ctdvinst.dll
2009-03-04 10:47 . 2008-06-27 16:27 86528 ----a-w c:\windows\system32\ctcoinst.dll
2009-03-04 10:46 . 2009-03-04 10:46 10752 ----a-w c:\windows\system32\a3d.dll
2009-03-04 10:46 . 2009-03-04 10:46 11776 ----a-w c:\windows\system32\ac3api.dll
2009-03-04 10:45 . 2009-03-04 10:45 38400 ----a-w c:\windows\system32\readreg.exe
2009-03-04 10:45 . 2009-03-04 10:45 37888 ----a-w c:\windows\system32\psconv.exe
2009-03-04 10:45 . 2009-03-04 10:45 19456 ----a-w c:\windows\system32\CtHelper.exe
2009-03-04 10:45 . 2009-03-04 10:45 8704 ----a-w c:\windows\system32\ctagent.dll
2009-03-04 10:45 . 2009-03-04 10:45 45568 ----a-w c:\windows\system32\ctspkhlp.dll
2009-03-04 10:45 . 2009-03-04 10:45 56832 ----a-w c:\windows\system32\CTpcmcia.dll
2009-03-04 10:45 . 2009-03-04 10:45 12800 ----a-w c:\windows\system32\ctmmep.dll
2009-03-04 10:45 . 2009-03-04 10:45 9216 ----a-w c:\windows\system32\ctpres.dll
2009-03-04 10:45 . 2009-03-04 10:45 9216 ----a-w c:\windows\CTPRES.DLL
2009-03-04 10:45 . 2009-03-04 10:45 32768 ----a-w c:\windows\system32\ctthxcal.dll
2009-03-04 10:44 . 2009-03-04 10:44 41472 ----a-w c:\windows\system32\ctscal.dll
2009-03-04 10:44 . 2009-03-04 10:44 131072 ----a-w c:\windows\system32\ctdcifce.dll
2009-03-04 10:44 . 2009-03-04 10:44 330752 ----a-w c:\windows\system32\ctdc0001.dll
2009-03-04 10:44 . 2009-03-04 10:44 227840 ----a-w c:\windows\system32\ctdc0000.dll
2009-03-04 10:44 . 2009-03-04 10:44 10240 ----a-w c:\windows\system32\ctdcres.dll
2009-03-04 10:44 . 2009-03-04 10:44 10240 ----a-w c:\windows\CTDCRES.DLL
2009-03-04 10:33 . 2009-03-04 10:33 51787 ----a-w c:\windows\system32\ctdlang.dat
2009-03-04 10:33 . 2009-03-04 10:33 386852 ----a-w c:\windows\system32\ctdnlstr.dat
2009-03-04 10:33 . 2009-03-04 10:33 196096 ----a-w c:\windows\system32\ctemupia.dll
2009-03-04 10:30 . 2009-03-04 10:30 176128 ----a-w c:\windows\system32\ct_oal.dll
2009-03-04 10:30 . 2009-03-04 10:30 46592 ----a-w c:\windows\system32\ctasio.dll
2009-03-04 10:30 . 2009-03-04 10:30 49152 ----a-w c:\windows\system32\ctdproxy.dll
2009-03-04 10:29 . 2009-03-04 10:29 69632 ----a-w c:\windows\system32\ctosuser.dll
2009-03-04 10:29 . 2009-03-04 10:29 6144 ----a-w c:\windows\system32\sfman32.dll
2009-03-04 10:29 . 2009-03-04 10:29 125952 ----a-w c:\windows\system32\sfms32.dll
2009-03-04 10:28 . 2009-03-04 10:28 13312 ----a-w c:\windows\system32\regplib.exe
2009-03-04 10:28 . 2009-03-04 10:28 64512 ----a-w c:\windows\system32\piaproxy.dll
2009-03-04 10:28 . 2009-03-04 10:28 149838 ----a-w c:\windows\system32\ctbas2w.dat
2009-03-04 10:26 . 2009-03-04 10:26 274587 ----a-w c:\windows\system32\ctsbas2w.dat
2009-03-05 16:2009-04-09 23:23 08:04 . c:\programmer\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

2008-04-14 07:06 14336 555F8F4CB284FE94059DCACF6074F9EC c:\windows\system32\svchost.exe

2008-04-14 07:06 14336 555F8F4CB284FE94059DCACF6074F9EC c:\windows\system32\dllcache\svchost.exe

2008-04-14 07:05 578560 A45B00E0410E44E7177A403ECAD4B12A c:\windows\system32\user32.dll

2008-04-14 07:05 578560 A45B00E0410E44E7177A403ECAD4B12A c:\windows\system32\dllcache\user32.dll

2008-04-14 07:05 82432 4C92DB1CD4ABC8A986896FCD3070B4CE c:\windows\system32\ws2_32.dll

2008-04-14 07:05 82432 4C92DB1CD4ABC8A986896FCD3070B4CE c:\windows\system32\dllcache\ws2_32.dll

2008-04-14 07:06 507904 E0339362391BF6AC04D1622EF8E3A61B c:\windows\system32\winlogon.exe

2008-04-14 07:06 507904 E0339362391BF6AC04D1622EF8E3A61B c:\windows\system32\dllcache\winlogon.exe

2008-04-13 10:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys

2008-04-13 10:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

2008-04-13 09:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\ip6fw.sys

2008-04-13 09:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

2008-08-14 18:27 2068608 879F6F04D5BBC90B261F8C25AB68539D c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

2008-04-14 07:18 2026496 A1BA9C3748329ACB5C5A0E39004042F8 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

2008-08-14 13:25 2068608 EDFAC73972E95151A1C95E4EB811545D c:\windows\Driver Cache\i386\ntkrnlpa.exe

2008-08-14 13:25 2026496 00315E597422FEFB19B6586323933CE2 c:\windows\system32\ntkrnlpa.exe

2008-08-14 13:25 2068608 EDFAC73972E95151A1C95E4EB811545D c:\windows\system32\dllcache\ntkrnlpa.exe

2008-08-14 18:27 2191744 F88F5258032106D211EC7B1167D4B434 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

2008-04-14 06:44 2147840 1AAE08DE2AE92E1244E94C6BAD07E248 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

2008-08-14 13:25 2191744 A9B263F4FCF70BFD47BC6C9D6476502F c:\windows\Driver Cache\i386\ntoskrnl.exe

2008-08-14 13:25 2147840 0706E1752A43CE555D73D8931367756C c:\windows\system32\ntoskrnl.exe

2008-08-14 13:25 2191744 A9B263F4FCF70BFD47BC6C9D6476502F c:\windows\system32\dllcache\ntoskrnl.exe

2008-04-14 07:05 1034752 1D9BD1CAA1E4CF63370F201DF742DC7D c:\windows\explorer.exe

2008-04-14 07:05 1034752 1D9BD1CAA1E4CF63370F201DF742DC7D c:\windows\system32\dllcache\explorer.exe

2008-04-14 07:06 108544 AB2B6ABF3FCDA803FF0E2251F9A5274E c:\windows\system32\services.exe

2008-04-14 07:06 108544 AB2B6ABF3FCDA803FF0E2251F9A5274E c:\windows\system32\dllcache\services.exe

2008-04-14 07:05 13312 AC9FCA8BCD685ABDB9928B1964B731A2 c:\windows\system32\lsass.exe

2008-04-14 07:05 13312 AC9FCA8BCD685ABDB9928B1964B731A2 c:\windows\system32\dllcache\lsass.exe

2008-04-14 07:05 15360 CB8D8AB9CED50556501014F97A9FA270 c:\windows\system32\ctfmon.exe

2008-04-14 07:05 15360 CB8D8AB9CED50556501014F97A9FA270 c:\windows\system32\dllcache\ctfmon.exe

2008-04-14 07:06 57856 E06D0A59737CF479466A86AB5E2A0B6B c:\windows\system32\spoolsv.exe

2008-04-14 07:06 57856 E06D0A59737CF479466A86AB5E2A0B6B c:\windows\system32\dllcache\spoolsv.exe

2008-04-14 07:06 26112 7B3770DB760FBBA068454EAFCAA89772 c:\windows\system32\userinit.exe

2008-04-14 07:06 26112 7B3770DB760FBBA068454EAFCAA89772 c:\windows\system32\dllcache\userinit.exe

2008-04-14 07:05 296448 14C8EC0AA06A33CCC5407E4324F91312 c:\windows\system32\termsrv.dll

2008-04-14 07:05 296448 14C8EC0AA06A33CCC5407E4324F91312 c:\windows\system32\dllcache\termsrv.dll

2008-04-14 07:05 1006080 99ED0BF23810EC30271A5B1A00968791 c:\windows\system32\kernel32.dll

2008-04-14 07:05 1006080 99ED0BF23810EC30271A5B1A00968791 c:\windows\system32\dllcache\kernel32.dll

2008-04-14 07:05 17408 71F270F3E6092CA48920FA3876ED86A2 c:\windows\system32\powrprof.dll

2008-04-14 07:05 17408 71F270F3E6092CA48920FA3876ED86A2 c:\windows\system32\dllcache\powrprof.dll

2008-04-14 07:05 110080 E8C6B982597CD2BA53D73A068CDF9D8C c:\windows\system32\imm32.dll

2008-04-14 07:05 110080 E8C6B982597CD2BA53D73A068CDF9D8C c:\windows\system32\dllcache\imm32.dll

.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-13 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\programmer\Fælles filer\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"RemoteControl"="c:\programmer\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2009-01-05 413696]
"NexusServer"="c:\programmer\Fælles filer\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 389120]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SoundMAXPnP"="c:\programmer\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2009-03-04 c:\windows\system32\CtHelper.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2009-04-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-04-13 12:29 356352 c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.CDVC"= cdvccodc.dll
"vidc.CDVH"= cdvhcodc.dll
"vidc.CUVC"= cuvccodc.dll
"vidc.CLLC"= cllccodc.dll
"vidc.CDV5"= cdv5codc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Games\\Guitar Hero III\\GH3.exe"=
"c:\\Programmer\\Ventrilo\\Ventrilo.exe"=
"e:\\Games\\World of Warcraft\\Launcher.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmer\\Orbitdownloader\\orbitnet.exe"=
"e:\\Games\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programmer\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - SASDIFSV
.
Indhold af mappen 'Planlagte Opgaver'

2009-04-07 c:\windows\Tasks\!Chunks1e02.job
- c:\progra~1\WinTV\Scheduler\StayAwake.exe [2008-03-06 14:04]

2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-07 c:\windows\Tasks\Chunks1e02.job
- c:\progra~1\WinTV\WinTV2K.EXE [2006-03-29 17:28]

2009-04-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmer\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-WinampAgent - c:\programmer\Winamp\winampa.exe

.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
IE: &Download by Orbit - c:\programmer\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmer\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programmer\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmer\Orbitdownloader\orbitmxt.dll/202
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\ZV\Application Data\Mozilla\Firefox\Profiles\xvmuzozk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - component: c:\programmer\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.0_02\bin\NPJava130_02.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.0_02\bin\NPOJI600.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 12:47
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-04-13 12:48
ComboFix-quarantined-files.txt 2009-04-13 10:48

Pre-Kørsel: 50.982.600.704 byte ledig
Post-Kørsel: 52,271,890,432 byte ledig

319 --- E O F --- 2009-04-09 12:06

Synes godt om

fromsej Praktikant

13. april 2009 - 13:42 #7

Det kan være Virut, så jeg tillader mig lige at blande mig.

Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Find og upload følgende hos Jotti eller Virustotal:
c:\windows\system32\svchost.exe
c:\windows\system32\winlogon.exe
http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Fortæl resultatet.

Synes godt om

SteWe Nybegynder

13. april 2009 - 20:07 #8

Til fromsej
Begge sider siger 0 til begge filer.

Synes godt om

fromsej Praktikant

14. april 2009 - 18:26 #9

OK, men jeg kan ikke lide alle de systemfiler der er listet i ---Sigcheck---

Sæt din XP-CD i drevet.
Klik på Start->Kør, kopier denne linie ind og klik på OK:
X:\i386\winnt32.exe /cmdcons

Du skal lige rette X til det rigtige DREV bogstav, sikkert D eller E

Synes godt om

fromsej Praktikant

14. april 2009 - 18:35 #10

Hmm, jeg fik sendt for hurtigt.
Når det er gjort, så få lukket din netbankkonto, indtil du har fået et nyt password, de linier i ---Sigcheck--- kan indikere at du er ramt af en bankpatcher, den går målrettet efter Danske bank.
Afinstaller så alle fildelingsprogrammer, samt hvis du har keygeneratorer eller andre patchprogrammer, til at omgå copyrightbeskyttelse, slet dem, de er den mest sandsynlige kilde til infektionerne, og 99% af den slags skrammel er pakket med en eller flere trojans eller rootkits.

Når alt dette er på plads:
Hent en ny Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
pop up black friday Af Malm i Virus	10	22/11/202420:49	23/11/202410:46
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS