CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

gitte123 Praktikant

09. november 2009 - 23:33 Der er 15 kommentarer og
1 løsning

Jeg er plaget af Trojan-virusser i alle afskykninger

Det er anden gang jeg skriver dette da jeg igen blev lukket ned fra IE.

Jeg har virkelig brug for hjælp og håber at der er nogen herinde i dette forum der kan hjælpe mig og se det som dagens udfordrig - hvilket det i den grad har været for mig - uden jeg så endnu er lykkedes.

Jeg benytter Microsoft Office XP og Outlook 2003. Kører jævnligt CC Cleaner og har nu 3 spyvære dectorer: NOD32, SuperAntiSpyware og PC Tools Spyware doctor.

1. Når jeg åbner computeren for jeg følgende fejlmeddelse:

Rundel
Fejli i indlæsning af ctfmon.dll
det angivne modul blev ikke fundet.

2. Når jeg åbner et link i mails i Outlook bliver jeg sendt videre til Private mapper angivet som "kædeoversigt" og under filer benævnt "eksekverbare filer". Derefter kan jeg være heldig at blive videresendt til URL adressen i Linket- men de fleste gange fryser IE. Jeg får altid en Trojan.#### virus efter dette. Når jeg har kørt spyware og fjernet alle viruser kan jeg være heldig at kunne åbne et par links på normal vis men ved 3 link går de tilbage til Kædeoversigten og eksekverbare filer.

3. Hvis jeg er på IE efter at jeg har fulgt et link og inden jeg har nået at fjerne virusen bliver jeg sendt til denne URL adresse:
http://malware-scan.net/?code=934

Jeg har søgt på Rundell, ctfmon.dll og eksekverbare filer på google og fulgt vejledningerne i bla. følgende blogs:

http://www.spywarefri.dk/forum/viewthread/38429/
som henviser til følgende blogs:
http://support.microsoft.com/kb/821692/da
http://support.microsoft.com/kb/821692/da?spid=914&sid=62

som jeg har fulgt.

Jeg har IE som standard.
Jeg har nulstillet internetindstillinger
Jeg har repereret outlook 2003.
Jeg har kørt regsvr32 urlmon.dll og scanreg i komandoprompt og iøvrigt fulgt anvisningerne i ovennævnte blogs.

Jeg har kørt alle 3 virusprogrammer igennem - fuldt scan med PC Tools spyware docter (det tog hele dagen pust...). Jeg har kørt CC cleaner og Hjackthis.log, se nedenfor.

På forhånd - tusind tak til den der tager udfordringen op :).

Gitte

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:39, on 09-11-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programmer\FileZilla Server\FileZilla Server.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
C:\Programmer\Eset\nod32krn.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmer\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Eset\nod32kui.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\mHotkey.exe
C:\Programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\V0415Mon.exe
C:\Programmer\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Personal\bin\Personal.exe
C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmer\Yahoo!\Widgets\YahooWidgets.exe
C:\Programmer\Yahoo!\Widgets\YahooWidgets.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gitte Lund Henriksen\Skrivebord\AM\downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.borsen.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {01444A2B-694E-4177-99BA-DFE697B8EABd} - C:\WINDOWS\System32\d3dx9_2532.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll (file missing)
O2 - BHO: Internet Million Dollars Toolbar - {10d73171-25eb-4d80-ad30-1cb8824e76c2} - C:\Programmer\Internet_Million_Dollars\tbInt0.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmer\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll (file missing)
O3 - Toolbar: Internet Million Dollars Toolbar - {10d73171-25eb-4d80-ad30-1cb8824e76c2} - C:\Programmer\Internet_Million_Dollars\tbInt0.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CtrlMod20] C:\DOCUME~1\GITTEL~1\LOKALE~1\Temp\ctrlAT20.exe -m 64 -p"G:"
O4 - HKLM\..\Run: [ctfmon.exe] rundll32.exe ctfmon.dll,RunSetup Install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [V0415Mon.exe] C:\WINDOWS\V0415Mon.exe
O4 - HKLM\..\Run: [Live! Central] "C:\Programmer\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" /mode2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Programmer\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Creative AutoUpdate v1.10.10)" -"http://www.miniclip.com/games/shrunken-heads/es/"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [VF0415Inst] RunDll32.exe C:\WINDOWS\system32\V0415Pin.dll,RunDLL32EP 515 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [VF0415Inst] RunDll32.exe C:\WINDOWS\system32\V0415Pin.dll,RunDLL32EP 515 (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programmer\Last.fm\LastFMHelper.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Programmer\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Personal.lnk = C:\Programmer\Personal\bin\Personal.exe
O4 - Global Startup: Service Manager.lnk = C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmer\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221036674031
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E172C1B6-3D9C-48C4-847C-FE4C942C46D0}: NameServer = 64.37.228.20,194.179.1.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\dssenh32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: d424e63a697 - C:\WINDOWS\System32\dssenh32.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmer\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmer\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programmer\FileZilla Server\FileZilla Server.exe
O23 - Service: Tjenesten Google Update (gupdate1ca2a2db9486aca) (gupdate1ca2a2db9486aca) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmer\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 14918 bytes

Synes godt om

gitte123 Praktikant

10. november 2009 - 00:06 #1

Når jeg lukker computeren ned for jeg følgende fejlmeddelse:

Afslutning af program

Rundell32.exe
dette program svarer ikke

Jeg for følgende virus besked vedr. links:

Fil: c:\windows\system32\gn1vNKh8seADy.vbs
virus: VBS/Disabler.NAB.trojan

Når jeg åbner computeren igen for jeg følgende besked:

Windows script host

scriptfilen "c:windows/system32/gN1CNKh8eAOy.vbs" blev ikke fundet

puha - det var lige de sidste 10 minutter. Håber der er nogen der kan tyde alle disse fejlmeddelser.

Synes godt om

nissen2630 Novice

10. november 2009 - 00:58 #2

Kør denne fremragende guide:
http://www.eksperten.dk/guide/1296

Så må vi håbe at der kommer en forbi der kan tyde log filerne. :-)

Synes godt om

Computer Hjælp (Gratis) Mester

10. november 2009 - 06:34 #3

Jeg kan godt se 'snavset' - du kører bare de nævnte værktøjer fra http://www.eksperten.dk/guide/1296 - så følger jeg op ....

---

Generelt: Du burde afinstall alle de der mere eller mindre ubruglige Toolbar, eks. [Yahoo! Toolbar] ...

---

Ved du selv hvad dette er ->
C:\Programmer\Personal\bin\Personal.exe

---

Har du noget SQL halløj kørende ?
Har du noget FTP Server halløj kørende ?

---

Synes godt om

gitte123 Praktikant

10. november 2009 - 09:40 #4

Hej - tusind tak for hurtig tilbagemelding. Jeg går igang med det samme.

Jeg er ikke helt sikker på hvad jeg har kørende der kan referer til SQL og FTP - jeg er på ikke nogen computer haj - selv om det ville have været rart lige nu. Udover Windows XP og Outlook 2003 samt normale downloads fra interenettet til brug for billed og lydhåndtering har jeg følgende kørende:

FileZila Server (software til uploading af hjemmeside)
NVU (Software redigering af hjemmeside)
SeNuke (MLM marketinssoftware)
Winfinans (bogføringsprogram)
Skype

C:\Programmer\Personal\bin\Personal.exe er Nexus Personal.

Jeg går igang med afmontering af Toolbar - jeg kan godt se det...

Når jeg har været guide 1296 igennem vender jeg lige tilbage med en ny log. Tusind tak for hjælpen indtil videre.

Synes godt om

Computer Hjælp (Gratis) Mester

10. november 2009 - 09:58 #5

NB: Logs - alle logs som nævnt i guiden...

Synes godt om

gitte123 Praktikant

10. november 2009 - 13:20 #6

Puha - nu har jeg kørt igennem guide 1232 - det ser ud som om links fungere nu - jeg for heller ikke de andre fejlmeddelser vedr. Rundell og CTFmon.dll. Jeg for ikke længere virusmeddelser når jeg er på IE og outlook. Jeg har imidlertid fået et andet og meget alvorligt problem - min sql server fungere ikke - jeg for følgende fejlmeddelse og er lidt desperat for det er mit bogføringsprogram.

SQL Server could not find the default instance/MSSQLSERVER) - please specify the name of an existing instance on the invocation of sqlservr.eke.
If you believe that your installation is corrupt or has been tampered with, uninstalle then re-run setup to correct this problem.

Jeg ved ikke helt hvordan jeg skal håndterer denne meddelse.

Vedlagt logfil fra combofix:
(Jeg lægger de andre logfiler ind efterfølgende)

ComboFix 09-11-09.01 - Gitte Lund Henriksen 10-11-2009 11:08.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1014.587 [GMT 1:00]
Kører fra: c:\documents and settings\Gitte Lund Henriksen\Skrivebord\AM\cleaning pc\ComboFix.exe
AV: ESET NOD32 Antivirussystem 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\33666.exe
c:\docume~1\GITTEL~1\LOKALE~1\Temp\48.tmp
c:\documents and settings\Gitte Lund Henriksen\Application Data\0200000037c44e33697C.manifest
c:\documents and settings\Gitte Lund Henriksen\Application Data\0200000037c44e33697O.manifest
c:\documents and settings\Gitte Lund Henriksen\Application Data\0200000037c44e33697P.manifest
c:\documents and settings\Gitte Lund Henriksen\Application Data\0200000037c44e33697S.manifest
c:\documents and settings\Gitte Lund Henriksen\Lokale indstillinger\Temp\48.tmp
c:\programmer\DDnsFilter
c:\programmer\Downloaded Installers
c:\programmer\Downloaded Installers\{FE90542A-55FA-4533-B740-E20AE5B93E64}\setup.msi
c:\recycler\S-1-5-21-606747145-1770027372-725345543-1003
c:\windows\010112010146116101.xe
c:\windows\0101120101465050.xe
c:\windows\0101120101465354.xe
c:\windows\GnuHashes.ini
c:\windows\rdr_1253280990.exe
c:\windows\rdr_1253437781.exe
c:\windows\rdr_1253445232.exe
c:\windows\rdr_1253445831.exe
c:\windows\rdr_1253449009.exe
c:\windows\rdr_1253469014.exe
c:\windows\rdr_1253471613.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\DIMAP32.DLL
c:\windows\system32\DSSENH32.DLL
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\Ijl11.dll
c:\windows\system32\LocalService\329.crack.zip
c:\windows\system32\LocalService\329.crack.zip.kwd
c:\windows\system32\LocalService\330.keygen.zip
c:\windows\system32\LocalService\330.keygen.zip.kwd
c:\windows\system32\LocalService\331.serial.zip
c:\windows\system32\LocalService\331.serial.zip.kwd
c:\windows\system32\LocalService\332.setup.zip
c:\windows\system32\LocalService\332.setup.zip.kwd
c:\windows\system32\LocalService\333.music.au.kwd
c:\windows\system32\LocalService\334.music2.au.kwd
c:\windows\system32\LocalService\335.music3.au.kwd
c:\windows\system32\LocalService\336.music4.au.kwd
c:\windows\system32\shellexec

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DDNSFILTER
-------\Legacy_SMSS
-------\Legacy_WMOPTIMIZER
-------\Service_ddnsfilter
-------\Service_smss
-------\Service_WMOptimizer

((((((((((((((((((((((((((((( Filer skabt fra 2009-10-10 til 2009-11-10 )))))))))))))))))))))))))))))))))))
.

2009-11-10 09:33 . 2009-11-10 11:29 -------- d-----w- C:\32788R22FWJFW
2009-11-09 23:44 . 2009-11-09 23:44 206848 ----a-w- c:\windows\system32\dgrpsetu32.dll
2009-11-09 22:49 . 2009-11-09 22:49 206848 ----a-w- c:\windows\system32\deskperf32.dll
2009-11-09 21:07 . 2009-11-09 21:07 206848 ----a-w- c:\windows\system32\d3dx9_2532.dll
2009-11-09 20:52 . 2009-11-09 22:39 902168 ----a-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2009-11-09 13:07 . 2009-11-09 13:07 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-11-09 13:07 . 2009-11-09 13:07 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-11-09 13:06 . 2009-11-09 13:06 -------- d-----w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Threat Expert
2009-11-09 13:06 . 2009-11-09 13:06 -------- d-----r- c:\documents and settings\LocalService\Foretrukne
2009-11-09 11:50 . 2009-10-08 10:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-09 11:50 . 2009-10-08 10:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-09 11:50 . 2009-10-08 10:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-09 11:50 . 2009-10-08 10:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 11:50 . 2009-10-02 13:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-09 11:50 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2009-11-09 11:48 . 2009-09-24 07:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-09 11:48 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-09 11:48 . 2009-09-23 15:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-09 11:48 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-09 11:48 . 2009-11-10 10:26 -------- d-----w- c:\programmer\Spyware Doctor
2009-11-09 11:48 . 2009-11-09 11:51 -------- d-----w- c:\programmer\Fælles filer\PC Tools
2009-11-09 11:48 . 2009-11-09 11:48 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\PC Tools
2009-11-09 11:48 . 2009-11-09 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-09 11:40 . 2009-11-09 11:40 206848 ----a-w- c:\windows\system32\dswave32.dll
2009-11-09 10:28 . 2004-08-04 06:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2009-11-09 10:27 . 2001-10-04 16:07 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-11-09 10:26 . 2001-08-17 20:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-11-09 10:25 . 2008-04-13 19:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2009-11-09 10:24 . 2008-04-14 17:04 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-11-09 10:23 . 2001-08-17 19:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2009-11-09 10:22 . 2001-10-04 16:07 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll
2009-11-09 10:21 . 2001-08-17 19:49 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2009-11-08 18:30 . 2009-11-08 18:30 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Lokale indstillinger\Application Data\Threat Expert
2009-11-08 18:11 . 2009-11-10 10:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-07 14:45 . 2009-11-07 14:45 -------- d-----w- C:\Program Files
2009-11-06 17:55 . 2009-11-06 17:55 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\Yahoo!
2009-11-06 17:32 . 2009-11-10 10:16 -------- d-sh--w- c:\windows\system32\LocalService
2009-11-06 16:14 . 2009-11-06 16:54 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\LimeWire
2009-11-06 16:14 . 2009-11-06 16:14 -------- d-----w- c:\programmer\360Share Pro
2009-10-23 21:50 . 2009-10-23 21:50 -------- d-----w- c:\programmer\CCleaner
2009-10-21 09:12 . 2009-03-21 17:40 1310720 ----a-w- c:\windows\system32\ChilkatUpload.dll
2009-10-21 09:12 . 2008-07-01 09:04 659456 ----a-w- c:\windows\system32\ChilkatCharset.dll
2009-10-21 09:12 . 2008-07-01 07:00 1642496 ----a-w- c:\windows\system32\ChilkatMail_v7_9.dll
2009-10-21 09:12 . 2008-03-26 06:20 569344 ----a-w- c:\windows\system32\CkString.dll
2009-10-21 09:12 . 2008-03-12 20:55 1294336 ----a-w- c:\windows\system32\ChilkatXml.dll
2009-10-21 09:12 . 2008-03-12 20:54 1085440 ----a-w- c:\windows\system32\ChilkatSocket.dll
2009-10-21 09:12 . 2007-12-28 11:16 1122304 ----a-w- c:\windows\system32\ChilkatHttp.dll
2009-10-21 09:12 . 1998-06-17 22:00 102912 --s-a-w- c:\windows\system32\VB6STKIT.DLL
2009-10-21 09:12 . 2009-11-04 15:39 -------- d-----w- c:\programmer\SENuke
2009-10-20 21:15 . 2009-10-20 21:15 70984 ----a-w- c:\documents and settings\Gitte Lund Henriksen\g2mdlhlpx.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 10:27 . 2009-08-31 11:26 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\Skype
2009-11-10 10:23 . 2004-02-22 13:09 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2009-11-10 09:00 . 2004-02-22 19:53 -------- d--h--w- c:\programmer\InstallShield Installation Information
2009-11-10 09:00 . 2009-03-04 19:56 -------- d-----w- c:\programmer\Jul i Valhal
2009-11-10 08:49 . 2009-05-08 12:13 -------- d-----w- c:\programmer\Yahoo!
2009-11-10 08:03 . 2009-08-31 11:28 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\skypePM
2009-11-09 09:16 . 2007-11-16 12:37 -------- d-----w- c:\programmer\IKEA HomePlanner
2009-11-09 09:16 . 2007-11-02 16:23 -------- d-----w- c:\programmer\Fælles filer\Wise Installation Wizard
2009-11-09 09:15 . 2009-10-08 13:35 -------- d-----w- c:\programmer\Uniblue
2009-10-25 07:33 . 2004-02-22 18:29 89488 ----a-w- c:\windows\system32\perfc006.dat
2009-10-25 07:33 . 2004-02-22 18:29 472974 ----a-w- c:\windows\system32\perfh006.dat
2009-10-20 08:55 . 2009-09-20 20:20 117760 ----a-w- c:\documents and settings\Gitte Lund Henriksen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-15 08:41 . 2009-09-20 20:19 -------- d-----w- c:\programmer\SUPERAntiSpyware
2009-10-09 10:54 . 2009-09-30 13:30 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\FileZilla
2009-10-08 15:34 . 2009-10-08 15:34 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\System Tweaker
2009-10-08 14:50 . 2009-10-08 14:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2009-10-08 13:36 . 2007-12-13 13:17 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\Uniblue
2009-10-08 09:33 . 2009-09-30 13:29 -------- d-----w- c:\programmer\FileZilla FTP Client
2009-09-30 11:06 . 2009-09-30 11:05 -------- d-----w- c:\programmer\FileZilla Server
2009-09-24 10:39 . 2009-09-24 09:48 -------- d-----w- c:\programmer\Nvu
2009-09-24 09:51 . 2009-09-24 09:48 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\Nvu
2009-09-20 20:19 . 2009-09-20 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-20 20:19 . 2009-09-20 20:19 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\SUPERAntiSpyware.com
2009-09-16 02:20 . 2009-11-09 11:48 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 05:20 . 2009-11-09 11:48 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 01:12 . 2009-11-09 11:48 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 00:01 . 2009-11-09 11:48 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-11 14:19 . 2004-02-22 18:29 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-02-22 18:29 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 20:51 . 2009-09-02 20:51 152576 ----a-w- c:\documents and settings\Gitte Lund Henriksen\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-31 11:28 . 2009-08-31 11:28 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-31 10:58 . 2009-08-31 10:55 41161104 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Live! Central v1.01.13__\LCTRL_PCAPP_LA_1_01_13.exe
2009-08-31 10:55 . 2009-08-31 10:55 1661616 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Live! Cam Video IM Ultra Driver v1.01.03__\LCVU_0415_PCDRV_US_1_01_03.exe
2009-08-31 07:25 . 2007-10-26 08:16 71880 ----a-w- c:\documents and settings\Gitte Lund Henriksen\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 07:58 . 2006-06-23 11:27 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2004-02-22 18:29 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 13:09 . 2009-08-20 13:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-01-26 13:30 . 2009-01-26 13:24 532616 ----a-w- c:\programmer\ImageResizerPowertoySetup.exe
2009-01-20 17:03 . 2009-01-20 16:58 526536 ----a-w- c:\programmer\setup-streamster-1-2498.exe
2008-10-26 11:34 . 2008-10-26 11:34 1094021 ----a-w- c:\programmer\dvdshrink32setup.zip
2008-04-21 09:34 . 2008-04-21 09:34 1612672 ----a-w- c:\programmer\CuteWriter.exe
2007-02-18 13:42 . 2007-10-26 00:37 378077 ----a-w- c:\programmer\.fonts.cache-1
2007-02-18 13:41 . 2007-10-26 00:37 54 ----a-w- c:\programmer\.gtk-bookmarks
2006-06-22 19:48 . 2007-10-26 00:44 0 ---ha-w- c:\programmer\S-1-5-21-3935220886-261281951-2852410564-1007.rrr.LOG
2006-05-31 19:38 . 2007-10-26 00:37 12348 ----a-w- c:\programmer\1149105114-USB_A668_2000.PNF
2006-05-31 19:38 . 2007-10-26 00:37 19644 ----a-w- c:\programmer\1149105112-USBMOT2000.PNF
2005-07-25 07:09 . 2007-10-26 00:37 5672 ----a-w- c:\programmer\1149105114-USB_A668_2000.INF
2005-07-25 07:09 . 2007-10-26 00:37 11167 ----a-w- c:\programmer\1149105112-USBMOT2000.INF
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 68856]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-15 2000112]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"nod32kui"="c:\programmer\Eset\nod32kui.exe" [2007-11-06 949376]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"D-Link AirPlus G"="c:\programmer\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="c:\programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"Microsoft Works Update Detection"="c:\programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-09 50688]
"PCMService"="c:\programmer\Home Cinema\PowerCinema\PCMService.exe" [2004-02-26 61440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Google Quick Search Box"="c:\programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-08 68592]
"V0415Mon.exe"="c:\windows\V0415Mon.exe" [2008-08-07 28672]
"Live! Central"="c:\programmer\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" [2009-06-05 438381]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"FileZilla Server Interface"="c:\programmer\FileZilla Server\FileZilla Server Interface.exe" [2009-09-06 1230336]
"ISTray"="c:\programmer\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]
"ledpointer"="CNYHKey.exe" - c:\windows\CNYHKey.exe [2004-02-04 5794816]
"Dit"="Dit.exe" - c:\windows\Dit.exe [2003-12-30 94208]
"Cmaudio"="cmicnfg.cpl" - c:\windows\CMICNFG.CPL [2004-01-07 2453504]
"CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2004-02-24 508416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VF0415Inst"="c:\windows\system32\V0415Pin.dll" [2009-08-04 40960]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Personal.lnk - c:\programmer\Personal\bin\Personal.exe [2007-10-26 722728]
Service Manager.lnk - c:\programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09-11-2009 12:48 207280]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [06-11-2007 15:32 15424]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [15-09-2009 10:42 9968]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [15-09-2009 10:42 74480]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmer\Spyware Doctor\BDT\BDTUpdateService.exe [09-11-2009 12:50 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programmer\Spyware Doctor\pctsAuxs.exe [09-11-2009 12:48 358600]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [07-10-2008 22:53 36864]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [31-08-2009 12:01 135616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [31-08-2009 12:02 31616]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [15-09-2009 10:42 7408]
R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [24-02-2004 20:52 11672]
R3 V0415Afx;Creative Camera VF0415 Audio Effects Driver;c:\windows\system32\drivers\V0415Afx.sys [31-08-2009 12:00 160768]
R3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\drivers\V0415Vid.sys [31-08-2009 12:00 286208]
S2 gupdate1ca2a2db9486aca;Tjenesten Google Update (gupdate1ca2a2db9486aca);c:\programmer\Google\Update\GoogleUpdate.exe [31-08-2009 12:25 133104]
S2 louis;louis; [x]
S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver; [x]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [22-02-2004 14:09 13440]
S3 IIUSBISP;USB Mass Storage for USB ISP; [x]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [03-02-2004 07:28 24704]
S3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [03-02-2004 07:28 380736]
S3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [22-02-2004 21:06 19928]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
.
Indhold af mappen 'Planlagte Opgaver'

2009-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2009-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-08-31 11:25]

2009-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-08-31 11:25]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.borsen.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\System32\imon.dll
Trusted Zone: danskebank.dk
TCP: {E172C1B6-3D9C-48C4-847C-FE4C942C46D0} = 64.37.228.20,194.179.1.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab
DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab
DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfcrypto.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{10d73171-25eb-4d80-ad30-1cb8824e76c2} - (no file)
Toolbar-{10d73171-25eb-4d80-ad30-1cb8824e76c2} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{10D73171-25EB-4D80-AD30-1CB8824E76C2} - (no file)
Notify-d424e63a697 - c:\windows\System32\dssenh32.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 11:31
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-3965608820-1148007279-402914071-1008\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-3965608820-1148007279-402914071-1008\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-3965608820-1148007279-402914071-1008\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-3965608820-1148007279-402914071-1008\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-3965608820-1148007279-402914071-1008\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1152)
c:\programmer\Spyware Doctor\pctgmhk.dll
c:\programmer\Google\Quick Search Box\bin\1.2.1150.162\qsb.dll
c:\windows\HKCYDLL.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmer\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\FileZilla Server\FileZilla Server.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
c:\programmer\Eset\nod32krn.exe
c:\programmer\Spyware Doctor\pctsSvc.exe
c:\windows\system32\fxssvc.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\igfxsrvc.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\programmer\iPod\bin\iPodService.exe
c:\programmer\Skype\Plugin Manager\skypePM.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Gennemført tid: 2009-11-10 11:34 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-11-10 10:34

Pre-Kørsel: 14.185.795.584 byte ledig
Post-Kørsel: 18.932.420.608 byte ledig

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 1574E7D25DFF1B05A006485402135A58

Synes godt om

gitte123 Praktikant

10. november 2009 - 14:05 #7

Jeg kørte fuld scan igår med PC tools spyware docter og troede at jeg kunne undlade det igen da det toge hele dagen. Men ak - der var virus igen da jeg lavede en hurtig scan med Anti-Malware - så jeg er igang med at køre en fuld scanning nu. Skal jeg kører combofix igen således at jeg følger rækkefølgen i guide 1232?

Synes godt om

gitte123 Praktikant

10. november 2009 - 18:16 #8

Ok - så har jeg kørt guide 1232 igennem igen.

Her er logs for

1. malwarebytes
2. combofix
3 hijackthis

Igen tusind tak for hjælpen. Nu vil jeg prøve og se om jeg kan få gang i den sql server som jeg nævnte ovenfor.

MALWAREBYTES

Malwarebytes' Anti-Malware 1.41
Database version: 3138
Windows 5.1.2600 Service Pack 3

10-11-2009 15:57:15
mbam-log-2009-11-10 (15-57-12).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 236568
Tid tilbagelagt: 1 hour(s), 50 minute(s), 18 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 24

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Qoobox\Quarantine\C\DOCUME~1\GITTEL~1\LOKALE~1\Temp\48.tmp.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253280990.exe.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253437781.exe.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253445232.exe.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253445831.exe.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253449009.exe.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253469014.exe.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253471613.exe.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dimap32.dll.vir (Trojan.Tracur) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP661\A0091387.exe (Rogue.RegTool) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP707\A0109026.dll (Trojan.Tracur) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP707\A0109028.dll (Trojan.Tracur) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP707\A0109029.dll (Trojan.Tracur) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP707\A0109027.dll (Trojan.Tracur) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109444.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109445.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109446.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109447.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109448.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109449.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109450.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109452.dll (Trojan.Tracur) -> No action taken.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109453.dll (Trojan.Tracur) -> No action taken.
D:\MÅ IKKE SLETTES\5d3dd628a3d0ab90b9aedc31d48f\Tools\Nero Burning ROM 6.3.0.2.b\Nero OEM\Nero Wave Editor\vplugins-hun.nls (Worm.Waledac) -> No action taken.

COMBOFIX

ComboFix 09-11-09.01 - Gitte Lund Henriksen 10-11-2009 17:00.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1014.373 [GMT 1:00]
Kører fra: c:\documents and settings\Gitte Lund Henriksen\Skrivebord\AM\cleaning pc\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Gitte Lund Henriksen\Skrivebord\AM\cleaning pc\CFScript.txt
AV: ESET NOD32 Antivirussystem 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DDNSFILTER
-------\Legacy_SMSS
-------\Legacy_WMOPTIMIZER

((((((((((((((((((((((((((((( Filer skabt fra 2009-10-10 til 2009-11-10 )))))))))))))))))))))))))))))))))))
.

2009-11-10 12:17 . 2009-11-10 12:17 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\Malwarebytes
2009-11-10 12:17 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-10 12:17 . 2009-11-10 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-10 12:17 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 12:17 . 2009-11-10 12:56 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2009-11-10 10:55 . 2009-11-10 10:55 -------- d-----w- c:\programmer\Microsoft
2009-11-09 20:52 . 2009-11-09 22:39 902168 ----a-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2009-11-09 13:07 . 2009-11-09 13:07 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-11-09 13:07 . 2009-11-09 13:07 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-11-09 13:06 . 2009-11-09 13:06 -------- d-----w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Threat Expert
2009-11-09 13:06 . 2009-11-09 13:06 -------- d-----r- c:\documents and settings\LocalService\Foretrukne
2009-11-09 11:50 . 2009-10-08 10:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-09 11:50 . 2009-10-08 10:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-09 11:50 . 2009-10-08 10:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-09 11:50 . 2009-10-08 10:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 11:50 . 2009-10-02 13:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-09 11:50 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2009-11-09 11:48 . 2009-09-24 07:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-09 11:48 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-09 11:48 . 2009-09-23 15:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-09 11:48 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-09 11:48 . 2009-11-10 16:32 -------- d-----w- c:\programmer\Spyware Doctor
2009-11-09 11:48 . 2009-11-09 11:51 -------- d-----w- c:\programmer\Fælles filer\PC Tools
2009-11-09 11:48 . 2009-11-09 11:48 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\PC Tools
2009-11-09 11:48 . 2009-11-09 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-09 10:28 . 2004-08-04 06:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2009-11-09 10:27 . 2001-10-04 16:07 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-11-09 10:26 . 2001-08-17 20:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-11-09 10:25 . 2008-04-13 19:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2009-11-09 10:24 . 2008-04-14 17:04 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-11-09 10:23 . 2001-08-17 19:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2009-11-09 10:22 . 2001-10-04 16:07 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll
2009-11-09 10:21 . 2001-08-17 19:49 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2009-11-08 18:30 . 2009-11-08 18:30 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Lokale indstillinger\Application Data\Threat Expert
2009-11-08 18:11 . 2009-11-10 16:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-07 14:45 . 2009-11-07 14:45 -------- d-----w- C:\Program Files
2009-11-06 17:55 . 2009-11-06 17:55 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\Yahoo!
2009-11-06 16:14 . 2009-11-06 16:54 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\LimeWire
2009-11-06 16:14 . 2009-11-06 16:14 -------- d-----w- c:\programmer\360Share Pro
2009-10-23 21:50 . 2009-10-23 21:50 -------- d-----w- c:\programmer\CCleaner
2009-10-21 09:12 . 2009-03-21 17:40 1310720 ----a-w- c:\windows\system32\ChilkatUpload.dll
2009-10-21 09:12 . 2008-07-01 09:04 659456 ----a-w- c:\windows\system32\ChilkatCharset.dll
2009-10-21 09:12 . 2008-07-01 07:00 1642496 ----a-w- c:\windows\system32\ChilkatMail_v7_9.dll
2009-10-21 09:12 . 2008-03-26 06:20 569344 ----a-w- c:\windows\system32\CkString.dll
2009-10-21 09:12 . 2008-03-12 20:55 1294336 ----a-w- c:\windows\system32\ChilkatXml.dll
2009-10-21 09:12 . 2008-03-12 20:54 1085440 ----a-w- c:\windows\system32\ChilkatSocket.dll
2009-10-21 09:12 . 2007-12-28 11:16 1122304 ----a-w- c:\windows\system32\ChilkatHttp.dll
2009-10-21 09:12 . 1998-06-17 22:00 102912 --s-a-w- c:\windows\system32\VB6STKIT.DLL
2009-10-21 09:12 . 2009-11-04 15:39 -------- d-----w- c:\programmer\SENuke
2009-10-20 21:15 . 2009-10-20 21:15 70984 ----a-w- c:\documents and settings\Gitte Lund Henriksen\g2mdlhlpx.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 16:34 . 2009-08-31 11:26 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\Skype
2009-11-10 16:34 . 2009-08-31 11:28 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\skypePM
2009-11-10 16:30 . 2004-02-22 13:09 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2009-11-10 11:18 . 2008-02-19 11:02 -------- d-----w- c:\programmer\Winfinance
2009-11-10 09:00 . 2004-02-22 19:53 -------- d--h--w- c:\programmer\InstallShield Installation Information
2009-11-10 09:00 . 2009-03-04 19:56 -------- d-----w- c:\programmer\Jul i Valhal
2009-11-10 08:49 . 2009-05-08 12:13 -------- d-----w- c:\programmer\Yahoo!
2009-11-09 09:16 . 2007-11-16 12:37 -------- d-----w- c:\programmer\IKEA HomePlanner
2009-11-09 09:16 . 2007-11-02 16:23 -------- d-----w- c:\programmer\Fælles filer\Wise Installation Wizard
2009-11-09 09:15 . 2009-10-08 13:35 -------- d-----w- c:\programmer\Uniblue
2009-10-25 07:33 . 2004-02-22 18:29 89488 ----a-w- c:\windows\system32\perfc006.dat
2009-10-25 07:33 . 2004-02-22 18:29 472974 ----a-w- c:\windows\system32\perfh006.dat
2009-10-20 08:55 . 2009-09-20 20:20 117760 ----a-w- c:\documents and settings\Gitte Lund Henriksen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-15 08:41 . 2009-09-20 20:19 -------- d-----w- c:\programmer\SUPERAntiSpyware
2009-10-09 10:54 . 2009-09-30 13:30 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\FileZilla
2009-10-08 15:34 . 2009-10-08 15:34 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\System Tweaker
2009-10-08 14:50 . 2009-10-08 14:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2009-10-08 13:36 . 2007-12-13 13:17 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\Uniblue
2009-10-08 09:33 . 2009-09-30 13:29 -------- d-----w- c:\programmer\FileZilla FTP Client
2009-09-30 11:06 . 2009-09-30 11:05 -------- d-----w- c:\programmer\FileZilla Server
2009-09-24 10:39 . 2009-09-24 09:48 -------- d-----w- c:\programmer\Nvu
2009-09-24 09:51 . 2009-09-24 09:48 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\Nvu
2009-09-20 20:19 . 2009-09-20 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-20 20:19 . 2009-09-20 20:19 -------- d-----w- c:\documents and settings\Gitte Lund Henriksen\Application Data\SUPERAntiSpyware.com
2009-09-16 02:20 . 2009-11-09 11:48 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 05:20 . 2009-11-09 11:48 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 01:12 . 2009-11-09 11:48 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 00:01 . 2009-11-09 11:48 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-11 14:19 . 2004-02-22 18:29 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-02-22 18:29 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 20:51 . 2009-09-02 20:51 152576 ----a-w- c:\documents and settings\Gitte Lund Henriksen\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-31 11:28 . 2009-08-31 11:28 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-31 10:58 . 2009-08-31 10:55 41161104 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Live! Central v1.01.13__\LCTRL_PCAPP_LA_1_01_13.exe
2009-08-31 10:55 . 2009-08-31 10:55 1661616 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Live! Cam Video IM Ultra Driver v1.01.03__\LCVU_0415_PCDRV_US_1_01_03.exe
2009-08-31 07:25 . 2007-10-26 08:16 71880 ----a-w- c:\documents and settings\Gitte Lund Henriksen\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 07:58 . 2006-06-23 11:27 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2004-02-22 18:29 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 13:09 . 2009-08-20 13:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-01-26 13:30 . 2009-01-26 13:24 532616 ----a-w- c:\programmer\ImageResizerPowertoySetup.exe
2009-01-20 17:03 . 2009-01-20 16:58 526536 ----a-w- c:\programmer\setup-streamster-1-2498.exe
2008-10-26 11:34 . 2008-10-26 11:34 1094021 ----a-w- c:\programmer\dvdshrink32setup.zip
2008-04-21 09:34 . 2008-04-21 09:34 1612672 ----a-w- c:\programmer\CuteWriter.exe
2007-02-18 13:42 . 2007-10-26 00:37 378077 ----a-w- c:\programmer\.fonts.cache-1
2007-02-18 13:41 . 2007-10-26 00:37 54 ----a-w- c:\programmer\.gtk-bookmarks
2006-06-22 19:48 . 2007-10-26 00:44 0 ---ha-w- c:\programmer\S-1-5-21-3935220886-261281951-2852410564-1007.rrr.LOG
2006-05-31 19:38 . 2007-10-26 00:37 12348 ----a-w- c:\programmer\1149105114-USB_A668_2000.PNF
2006-05-31 19:38 . 2007-10-26 00:37 19644 ----a-w- c:\programmer\1149105112-USBMOT2000.PNF
2005-07-25 07:09 . 2007-10-26 00:37 5672 ----a-w- c:\programmer\1149105114-USB_A668_2000.INF
2005-07-25 07:09 . 2007-10-26 00:37 11167 ----a-w- c:\programmer\1149105112-USBMOT2000.INF
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 68856]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-15 2000112]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"nod32kui"="c:\programmer\Eset\nod32kui.exe" [2007-11-06 949376]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"D-Link AirPlus G"="c:\programmer\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="c:\programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"Microsoft Works Update Detection"="c:\programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-09 50688]
"PCMService"="c:\programmer\Home Cinema\PowerCinema\PCMService.exe" [2004-02-26 61440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Google Quick Search Box"="c:\programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-08 68592]
"V0415Mon.exe"="c:\windows\V0415Mon.exe" [2008-08-07 28672]
"Live! Central"="c:\programmer\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" [2009-06-05 438381]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"FileZilla Server Interface"="c:\programmer\FileZilla Server\FileZilla Server Interface.exe" [2009-09-06 1230336]
"ISTray"="c:\programmer\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"Malwarebytes Anti-Malware (reboot)"="c:\programmer\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]
"ledpointer"="CNYHKey.exe" - c:\windows\CNYHKey.exe [2004-02-04 5794816]
"Dit"="Dit.exe" - c:\windows\Dit.exe [2003-12-30 94208]
"Cmaudio"="cmicnfg.cpl" - c:\windows\CMICNFG.CPL [2004-01-07 2453504]
"CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2004-02-24 508416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VF0415Inst"="c:\windows\system32\V0415Pin.dll" [2009-08-04 40960]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Personal.lnk - c:\programmer\Personal\bin\Personal.exe [2007-10-26 722728]
Service Manager.lnk - c:\programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09-11-2009 12:48 207280]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [06-11-2007 15:32 15424]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [15-09-2009 10:42 9968]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [15-09-2009 10:42 74480]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmer\Spyware Doctor\BDT\BDTUpdateService.exe [09-11-2009 12:50 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programmer\Spyware Doctor\pctsAuxs.exe [09-11-2009 12:48 358600]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [07-10-2008 22:53 36864]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [31-08-2009 12:01 135616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [31-08-2009 12:02 31616]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [15-09-2009 10:42 7408]
R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [24-02-2004 20:52 11672]
R3 V0415Afx;Creative Camera VF0415 Audio Effects Driver;c:\windows\system32\drivers\V0415Afx.sys [31-08-2009 12:00 160768]
R3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\drivers\V0415Vid.sys [31-08-2009 12:00 286208]
S2 gupdate1ca2a2db9486aca;Tjenesten Google Update (gupdate1ca2a2db9486aca);c:\programmer\Google\Update\GoogleUpdate.exe [31-08-2009 12:25 133104]
S2 louis;louis; [x]
S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver; [x]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [22-02-2004 14:09 13440]
S3 IIUSBISP;USB Mass Storage for USB ISP; [x]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [03-02-2004 07:28 24704]
S3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [03-02-2004 07:28 380736]
S3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [22-02-2004 21:06 19928]

--- Andre Services/Drivers i Hukommelsen ---

*Deregistered* - mbr
*Deregistered* - PCTSDInjDriver32
.
Indhold af mappen 'Planlagte Opgaver'

2009-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2009-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-08-31 11:25]

2009-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-08-31 11:25]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.borsen.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\System32\imon.dll
Trusted Zone: danskebank.dk
TCP: {E172C1B6-3D9C-48C4-847C-FE4C942C46D0} = 64.37.228.20,194.179.1.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab
DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab
DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfcrypto.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 17:29
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-3965608820-1148007279-402914071-1008\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-3965608820-1148007279-402914071-1008\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-3965608820-1148007279-402914071-1008\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-3965608820-1148007279-402914071-1008\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-3965608820-1148007279-402914071-1008\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3612)
c:\programmer\Spyware Doctor\pctgmhk.dll
c:\programmer\Google\Quick Search Box\bin\1.2.1150.162\qsb.dll
c:\windows\HKCYDLL.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\FileZilla Server\FileZilla Server.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
c:\programmer\Eset\nod32krn.exe
c:\programmer\Spyware Doctor\pctsSvc.exe
c:\windows\system32\fxssvc.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\igfxsrvc.exe
c:\programmer\iPod\bin\iPodService.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\programmer\Skype\Plugin Manager\skypePM.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Gennemført tid: 2009-11-10 17:38 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-11-10 16:38
ComboFix2.txt 2009-11-10 10:34

Pre-Kørsel: 18.807.418.880 byte ledig
Post-Kørsel: 18.898.403.328 byte ledig

- - End Of File - - 3ED006A5E4BB10F005E7BA220B256929

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:12, on 10-11-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programmer\FileZilla Server\FileZilla Server.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
C:\Programmer\Eset\nod32krn.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmer\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Eset\nod32kui.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\mHotkey.exe
C:\Programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\V0415Mon.exe
C:\Programmer\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Personal\bin\Personal.exe
C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Gitte Lund Henriksen\Skrivebord\AM\cleaning pc\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.borsen.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [V0415Mon.exe] C:\WINDOWS\V0415Mon.exe
O4 - HKLM\..\Run: [Live! Central] "C:\Programmer\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" /mode2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Programmer\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Creative AutoUpdate v1.10.10)" -"http://www.miniclip.com/games/shrunken-heads/es/"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [VF0415Inst] RunDll32.exe C:\WINDOWS\system32\V0415Pin.dll,RunDLL32EP 515 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [VF0415Inst] RunDll32.exe C:\WINDOWS\system32\V0415Pin.dll,RunDLL32EP 515 (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programmer\Last.fm\LastFMHelper.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Programmer\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Personal.lnk = C:\Programmer\Personal\bin\Personal.exe
O4 - Global Startup: Service Manager.lnk = C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmer\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221036674031
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E172C1B6-3D9C-48C4-847C-FE4C942C46D0}: NameServer = 64.37.228.20,194.179.1.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmer\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmer\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programmer\FileZilla Server\FileZilla Server.exe
O23 - Service: Tjenesten Google Update (gupdate1ca2a2db9486aca) (gupdate1ca2a2db9486aca) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmer\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13054 bytes

Synes godt om

gitte123 Praktikant

10. november 2009 - 20:45 #9

Hej igen

Nu har jeg test lidt på outlook, links osv. hvorefter jeg har kørt virus programmerne igennm. Umiddelbart ser det ud som om jeg er home run....

Men men men - jeg kan simplehent ikke få min sql database til winfinans op at køre. Jeg er helt på bar bund. Fejlmeddelsen

SQL Server could not find the default instance/MSSQLSERVER) - please specify the name of an existing instance on the invocation of sqlservr.exe.
If you believe that your installation is corrupt or has been tampered with, uninstalle then re-run setup to correct this problem.

kan jeg ikke helt tyde - jeg ved ikke hvor jeg skal lede og hvilket navn der mangler og hvor det skal indsættes. Kan man se dette i nogen af logfilerne?

Igen tusind tak for hjælpen på forhånd.

Synes godt om

Computer Hjælp (Gratis) Mester

11. november 2009 - 17:50 #10

Nok har du gennemført MalwareBytes, men hvad tror du dette betyder
-> No action taken. ?
Citat: ... Tryk på Vis resultater knappen efter scanningen - og herefter tryk på Fjern det valgte - ... ! Så en ny omgang med MalwareBytes ...

---

Rent 'oprydning' ->
Afinstall
* Apple Mobile Device
* iPod-tjeneste (iPod Service)
* Bonjour-tjeneste (Bonjour Service)

---

Med CCleaner - Værktøjer - Opstart - Disable/fjern følgende elementer fra din opstart:
* [QuickTime Task]
* [iTunesHelper]
* [Microsoft Works Update Detection]
* [PCMService]
* [NeroFilterCheck]
* [Adobe Reader Speed Launcher]

---

Synes godt om

Computer Hjælp (Gratis) Mester

11. november 2009 - 17:50 #11

Det omkring [SQL Server] kender jeg ikke en dyt til...

Synes godt om

gitte123 Praktikant

11. november 2009 - 19:17 #12

Jeg så det godt - men jeg forstår det ikke helt - for den hoppede bare ud efter loggen. Men jeg prøver igen.

Synes godt om

gitte123 Praktikant

11. november 2009 - 22:05 #13

ok - jeg havde gemt en log før og efter "action Taken" hi hi - jeg var lidt træt igår .... Nå men du for lige filen fra i går så du kan se den gik igennem. Efterfølgende har jeg lagt filen fra idag. Det undre mig imidlertid at der igen er Trojan.Dropper. De blev fjernet igår pust ....

Jeg har udskrevet en ny hijackthis hvis den skal bruges.

Igen tusind tak for din store hjælp. Jeg prøver at lave et seperat indlæg på den server. Jeg kan se at flere andre har haft nogle problemer der ligner.

IGÅR

Malwarebytes' Anti-Malware 1.41
Database version: 3138
Windows 5.1.2600 Service Pack 3

10-11-2009 15:57:27
mbam-log-2009-11-10 (15-57-27).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 236568
Tid tilbagelagt: 1 hour(s), 50 minute(s), 18 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 24

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Qoobox\Quarantine\C\DOCUME~1\GITTEL~1\LOKALE~1\Temp\48.tmp.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253280990.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253437781.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253445232.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253445831.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253449009.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253469014.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\rdr_1253471613.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dimap32.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP661\A0091387.exe (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP707\A0109026.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP707\A0109028.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP707\A0109029.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP707\A0109027.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109444.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109445.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109446.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109447.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109448.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109449.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109450.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109452.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109453.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
D:\MÅ IKKE SLETTES\5d3dd628a3d0ab90b9aedc31d48f\Tools\Nero Burning ROM 6.3.0.2.b\Nero OEM\Nero Wave Editor\vplugins-hun.nls (Worm.Waledac) -> Quarantined and deleted successfully.

IDAG

Malwarebytes' Anti-Malware 1.41
Database version: 3148
Windows 5.1.2600 Service Pack 3

11-11-2009 21:36:17
mbam-log-2009-11-11 (21-36-17).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 234888
Tid tilbagelagt: 1 hour(s), 44 minute(s), 27 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 6

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP711\A0109495.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP713\A0109672.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP713\A0109742.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP713\A0109818.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP713\A0109886.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3D555ECF-B3D2-45F0-BDEB-10D14817F0DD}\RP713\A0110054.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

HIHACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:56, on 11-11-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programmer\FileZilla Server\FileZilla Server.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
C:\Programmer\Eset\nod32krn.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Eset\nod32kui.exe
C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\Programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\V0415Mon.exe
C:\Programmer\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Personal\bin\Personal.exe
C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Gitte Lund Henriksen\Skrivebord\AM\cleaning pc\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.borsen.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [V0415Mon.exe] C:\WINDOWS\V0415Mon.exe
O4 - HKLM\..\Run: [Live! Central] "C:\Programmer\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" /mode2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Programmer\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Creative AutoUpdate v1.10.10)" -"http://www.miniclip.com/games/shrunken-heads/es/"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [VF0415Inst] RunDll32.exe C:\WINDOWS\system32\V0415Pin.dll,RunDLL32EP 515 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [VF0415Inst] RunDll32.exe C:\WINDOWS\system32\V0415Pin.dll,RunDLL32EP 515 (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programmer\Last.fm\LastFMHelper.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Programmer\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Personal.lnk = C:\Programmer\Personal\bin\Personal.exe
O4 - Global Startup: Service Manager.lnk = C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmer\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221036674031
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E172C1B6-3D9C-48C4-847C-FE4C942C46D0}: NameServer = 64.37.228.20,194.179.1.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmer\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmer\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programmer\FileZilla Server\FileZilla Server.exe
O23 - Service: Tjenesten Google Update (gupdate1ca2a2db9486aca) (gupdate1ca2a2db9486aca) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmer\Fælles filer\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmer\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12011 bytes

Synes godt om

Computer Hjælp (Gratis) Mester

12. november 2009 - 07:38 #14

Du er 'ren' ...

Du er velkommen en anden gang...

Afinstall ComboFix ->

[Start][Kør] - I boxen skriver du:

Combofix /u ENTER

---

Efter sådan en omgang skal du lige fjerne de inficerede filer i system restore.

Windows XP:
1. Højreklik på > Denne Computer > Egenskaber > Systemgendannelses.
2. Sæt flueben i > Deaktiver Systemgendannelse> Anvend > OK.
3. Dobbeltklik på > Denne computer > højreklik på (C:) drevet > Egenskaber.
5. Klik på > Diskoprydning > Flere indstillinger.
6. I feltet Systemgendannelse, klik på "Ryd op".
7. Luk alle vinduer og genstart computeren.
8. Efter genstart > Aktiver Systemgendannelse på samme måde du deaktiverede det - Punkt 2 bare omvendt...

---

Ta' en oprydning med CCleaner...

Synes godt om

gitte123 Praktikant

12. november 2009 - 12:42 #15

Hej igen

Så er ovenstående også på plads - rensningen af c-drevet tog en krig - så det har nok været hårdt påkrævet.

Så nu har jeg kun min serverudfordring tilbage....

Tusind tak for hjælpen - du bliver hermed medtaget i min aftenbøn.

Tusind tak
gitte

Synes godt om

Computer Hjælp (Gratis) Mester

12. november 2009 - 13:14 #16

... min aftenbøn.. tihi...

Ping...
(Det var et [svar]...)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Andet hardware kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Hvor kan man se Alan Turings mekaniske apparat til at løse Enignas koder Af KurtG i Andet hardware	2	I går 21:08	I dag 12:28
usb-stick kan ikke tilgås Af Nils Torben i Andet hardware	6	I går 09:26	I går 15:45
Bluetooth Højttalersæt Af valby i Andet hardware	14	03/07/202417:56	04/07/202400:06
Audacity Af Potten i Andet hardware	9	25/06/202410:24	27/06/202419:32
skanner driver Af Dittelit i Andet hardware	5	23/06/202406:48	25/06/202417:41

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS