Avatar billede lene5000 Nybegynder
09. januar 2010 - 15:37 Der er 4 kommentarer og
1 løsning

Er der nogen som vil se paa disse logs

Hej
Jeg har en computer Fujitsu Siemens amilo L 1310G
Den er meget langsom baade til at starte op og den staar paa windows lukkes skaermen i mindst 10 minutter foer den slukker helt ned. Derudover er den meget langsom og alt lyd paa den er hakket. Jeg har afinstalleret antivirus da den var udloebet.(men problemet opstod foer det loeb ud.

Jeg ville helst omformatere hele computeren men den stopper altid ved at bede om sata drive. Jeg har original recovery cd til den. CD/DVD'en i computeren duer ikke saa jeg har proevet at om formatere fra en extern dvd/cd.

Jeg har nu lavet koert de 4 programmer som i instruktionen.
Den ene sagde at der var en rootkit og har via et andet program fundet udaf at den hedder app/PSExc-gen.

Her er de 3 logfiler


Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-01-09 13:54:40
mbam-log-2010-01-09 (13-54-40).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 187197
Tid tilbagelagt: 4 hour(s), 41 minute(s), 30 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)


ComboFix 10-01-04.01 - Lene 2010-01-09  7:25.5.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1030.18.894.600 [GMT 1:00]
Kører fra: c:\documents and settings\Lene\Skrivebord\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lene\Dokumenter\cc_20090324_221931.reg
c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx

c:\windows\system32\DRIVERS\atapi.sys . . . er inficeret!!

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-12-09 til 2010-01-09  )))))))))))))))))))))))))))))))))))
.

2010-01-08 05:22 . 2010-01-08 05:22    5115823    ----a-w-    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 12:14 . 2010-01-07 12:14    --------    d-----w-    c:\programmer\MSSOAP
2010-01-07 12:11 . 2010-01-07 12:44    --------    d-----w-    c:\documents and settings\All Users\Application Data\Webroot
2010-01-07 12:11 . 2010-01-07 12:11    --------    d-----w-    c:\documents and settings\Lene\Application Data\Webroot
2010-01-07 12:11 . 2009-11-06 14:19    1563008    ----a-w-    c:\windows\WRSetup.dll
2010-01-07 12:11 . 2010-01-07 12:11    --------    d-----w-    c:\programmer\Webroot
2010-01-07 11:12 . 2010-01-07 11:12    164    ----a-w-    c:\windows\install.dat
2010-01-06 19:36 . 2010-01-06 19:36    --------    d-----w-    c:\programmer\Microsoft
2010-01-02 10:38 . 2009-10-21 05:39    75776    -c----w-    c:\windows\system32\dllcache\strmfilt.dll
2010-01-02 10:38 . 2009-10-21 05:39    25088    -c----w-    c:\windows\system32\dllcache\httpapi.dll
2010-01-02 10:38 . 2009-10-20 16:20    265728    -c----w-    c:\windows\system32\dllcache\http.sys
2010-01-02 10:34 . 2009-10-12 13:40    79872    -c----w-    c:\windows\system32\dllcache\raschap.dll
2010-01-02 10:34 . 2009-10-12 13:40    150016    -c----w-    c:\windows\system32\dllcache\rastls.dll
2010-01-02 09:39 . 2010-01-02 09:39    79488    ----a-w-    c:\documents and settings\Lene\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 06:38 . 2009-05-25 17:02    7420704    --sha-w-    c:\windows\system32\drivers\fidbox.dat
2010-01-09 06:37 . 2009-05-25 17:02    327456    --sha-w-    c:\windows\system32\drivers\fidbox2.dat
2010-01-09 06:18 . 2006-02-16 17:22    --------    d-----w-    c:\programmer\Fælles filer\Symantec Shared
2010-01-09 06:18 . 2009-06-11 08:39    --------    d-----w-    c:\programmer\Norton AntiVirus
2010-01-09 06:04 . 2009-05-25 17:02    99812    --sha-w-    c:\windows\system32\drivers\fidbox.idx
2010-01-09 06:04 . 2009-05-25 17:02    31580    --sha-w-    c:\windows\system32\drivers\fidbox2.idx
2010-01-09 05:55 . 2006-02-15 18:25    --------    d-----w-    c:\documents and settings\Lene\Application Data\Skype
2010-01-08 21:51 . 2009-06-10 18:49    --------    d-----w-    c:\documents and settings\All Users\Application Data\Symantec
2010-01-08 05:25 . 2009-03-16 09:08    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2009-03-16 09:08    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-03-16 09:08    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-01-06 19:24 . 2006-02-15 17:47    75552    ----a-w-    c:\documents and settings\Lene\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 17:45 . 2005-09-04 14:57    464514    ----a-w-    c:\windows\system32\perfh006.dat
2010-01-02 17:45 . 2005-09-04 14:57    86410    ----a-w-    c:\windows\system32\perfc006.dat
2009-11-11 10:46 . 2009-11-11 10:50    391680    ----a-w-    c:\windows\system32\CF29086.exe
2009-11-06 11:00 . 2009-11-06 11:00    23152    ----a-w-    c:\windows\system32\drivers\sshrmd.sys
2009-11-06 11:00 . 2009-11-06 11:00    176752    ----a-w-    c:\windows\system32\drivers\ssidrv.sys
2009-11-06 11:00 . 2009-11-06 11:00    29808    ----a-w-    c:\windows\system32\drivers\ssfs0bbc.sys
2009-10-29 07:43 . 2005-09-04 14:57    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2005-09-04 14:57    75776    ----a-w-    c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2005-09-04 14:56    25088    ----a-w-    c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00    265728    ----a-w-    c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2005-09-04 14:56    270848    ----a-w-    c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2005-09-04 14:56    150016    ----a-w-    c:\windows\system32\rastls.dll
2009-10-12 13:40 . 2005-09-04 14:56    79872    ----a-w-    c:\windows\system32\raschap.dll
2007-04-25 08:49 . 2008-04-26 20:40    328    ------w-    c:\programmer\GuideMenuSetup.iss
2007-04-06 03:28 . 2008-04-26 20:44    1237    ------w-    c:\programmer\WinDVDSetup.iss
2008-04-26 21:05 . 2008-04-26 21:05    8    --sh--r-    c:\windows\system32\0EADB8B601.sys
2008-05-13 21:04 . 2008-04-26 21:05    2828    --sha-w-    c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
  • 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 14:14    238968    ----a-w-    c:\programmer\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2004-11-24 53248]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2009-03-11 24095528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-08-01 77824]
"SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]
"PowerManager"="c:\programmer\Power Manager\PM.exe" [2005-08-19 163840]
"Net-It Launcher"="c:\windows\system32\NILaunch.exe" [1998-02-05 24576]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"SpySweeper"="c:\programmer\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
PGPtray.lnk - c:\programmer\PGP Corporation\PGP for Windows XP\PGPtray.exe [2006-3-19 331776]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GuideMenu
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-03-12 21:43    81920    ----a-w-    c:\programmer\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-04-03 18:55    1862144    ----a-w-    c:\programmer\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50    155648    ----a-w-    c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBMGRNT.EXE]
2002-07-17 16:42    69692    ----a-w-    c:\progra~2\SAFEBO~1\sbmgrnt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus DX3800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"eFax 4.1"="c:\programmer\eFax Messenger 4.1\J2GDllCmd.exe" /R
"eFax 4.3"="c:\programmer\eFax Messenger 4.3\J2GDllCmd.exe" /R
"EPSON Stylus DX3800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
"HP Software Update"=c:\programmer\hp\HP Software Update\HPWuSchd2.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"ATIPTA"=c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmer\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmer\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2006-04-12 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2006-04-12 5248]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\safeboot.sys [2002-07-17 24280]
R0 SBAlg;SBAlg;c:\windows\system32\drivers\sbalg.sys [2002-02-09 44688]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-06 29808]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2002-07-17 4368]
R1 SBFlop;SBFlop;c:\windows\system32\drivers\sbflop.sys [2002-07-17 5808]
R2 PGPsdkServ;PGPsdkService;c:\windows\system32\PGPsdkServ.exe [2006-03-19 65536]
R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\SafeBoot Solo\sbmgrnt.exe [2002-07-17 69692]
R2 WRConsumerService;Webroot Client Service;c:\programmer\Webroot\WebrootSecurity\WRConsumerService.exe [2010-01-07 1201640]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [2005-09-04 5504]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [2008-04-28 93440]
S3 krdpdre;krdpdre;\??\c:\docume~1\Lene\LOKALE~1\Temp\krdpdre.sys --> c:\docume~1\Lene\LOKALE~1\Temp\krdpdre.sys [?]
S3 UsbCmxp;Scientific Atlanta WebSTAR 2000 series Cable Modem;c:\windows\system32\DRIVERS\sacmxp2.sys --> c:\windows\system32\DRIVERS\sacmxp2.sys [?]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [2008-03-06 98432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Indhold af mappen 'Planlagte Opgaver'

2010-01-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmer\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 05:51]

2010-01-08 c:\windows\Tasks\wrSpySweeper_LDD7D1476CE28482C98ADA9056AF7438D.job
- c:\programmer\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-01-07 14:19]

2010-01-08 c:\windows\Tasks\wrSpySweeper_LDD7D1476CE28482C98ADA9056AF7438D.job
- c:\programmer\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-01-07 14:19]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.jubii.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = 172.16.0.1:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
.
------- Fil Associationer -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-QuickTime Task - c:\programmer\QuickTime\QTTask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 07:37
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85779AE8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7636f28
\Driver\ACPI -> ACPI.sys @ 0xf7442cb8
\Driver\atapi -> 0x85779ae8
\Driver\iaStor -> iaStor.sys @ 0xf7318974
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
Gennemført tid: 2010-01-09  07:44:46
ComboFix-quarantined-files.txt  2010-01-09 06:44
ComboFix2.txt  2009-03-26 08:01
ComboFix3.txt  2009-03-17 05:37

Pre-Kørsel: 53,376,278,528 byte ledig
Post-Kørsel: 53,361,848,320 byte ledig

- - End Of File - - 9789228D8F2D824EB2472337CBA4D916


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55, on 2010-01-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PGPsdkServ.exe
C:\Programmer\Fælles filer\Protexis\License Service\PSIService.exe
C:\Program Files\SafeBoot Solo\SBMGRNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Programmer\Power Manager\PM.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\DrvMon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [SMSERIAL] "sm56hlpr.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Programmer\Power Manager\PM.exe
O4 - HKLM\..\Run: [Net-It Launcher] "C:\WINDOWS\system32\NILaunch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DrvMon.exe] "C:\WINDOWS\system32\DrvMon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Programmer\Fælles filer\Protexis\License Service\PSIService.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot Solo\SBMGRNT.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe (file missing)

--
End of file - 8156 bytes


Paa forhaand tak for hjaelpen.

MVH

Lene
Avatar billede f-arn Guru
09. januar 2010 - 15:54 #1
Jeg synes du skulle henvende dig her:
http://www.spywarefri.dk/forum
Der er ting i dine logs jeg ikke er helt sikker på.
Avatar billede f-arn Guru
09. januar 2010 - 17:11 #2
Hvis du har set svaret på spywarefri kan du nok lukke her
http://www.eksperten.dk/faq
09. januar 2010 - 17:36 #3
Ref. link på http://www.spywarefri.dk/forum ???
Avatar billede lene5000 Nybegynder
09. januar 2010 - 17:38 #4
jeg vil gerne lukke den men kan ikke rigtigt finde ud af det

MVH

Lene
Avatar billede fromsej Praktikant
10. januar 2010 - 10:35 #5
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester



IT-JOB

Ejner Hessel A/S

Tech Lead

Cognizant Technology Solutions Denmark ApS

Data Architect

Frode Laursen A/S

IT Supporter