tjek af log

Hvorfor er der ikke SP 3 på den maskine?

------

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

--------------

Killall::
Snapshot::

-------------

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

jeg vil installere sp3 snart...min computer har bare været meget langsom!! men vil gøre det efter jeg har ryddet op.

Min combofix log:
ComboFix 10-02-18.03 - xxxx 18-02-2010  21:13:17.1.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.26xxxxxxxxxx [GMT 1:00]
Running from: c:\documents and settings\xxxx\Desktop\scanner\combofix\ComboFix.exe
Command switches used :: c:\documents and settings\xxxx\Desktop\scanner\combofix\CFScript.txt.txt
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

.
(((((((((((((((((((((((((  Files Created from 2010-01-18 to 2010-02-18  )))))))))))))))))))))))))))))))
.

2010-03-30 17:36 . 2010-03-30 17:36    --------    d-----w-    C:\C_DILLA
2010-03-30 17:36 . 2001-09-10 17:09    57392    ----a-w-    c:\windows\system32\drivers\CDANT.SYS
2010-03-30 17:36 . 2001-09-10 17:09    45056    ----a-w-    c:\windows\CDILLA13.DLL
2010-03-30 17:36 . 2001-09-10 17:09    260096    ----a-w-    c:\windows\CDILLA32.DLL
2010-03-30 17:36 . 2001-09-10 17:08    32256    ----a-w-    c:\windows\system32\drivers\CDANTSRV.EXE
2010-03-30 17:36 . 2001-09-10 17:08    60416    ----a-w-    c:\windows\CDILLA64.EXE
2010-03-30 17:36 . 2001-09-10 17:04    7056    ----a-w-    c:\windows\CDILLA16.EXE
2010-03-30 17:36 . 2001-09-10 17:04    23856    ----a-w-    c:\windows\CDILLA10.EXE
2010-03-30 17:36 . 2001-09-10 17:04    63344    ----a-w-    c:\windows\CDILLA05.DLL
2010-03-30 17:36 . 2001-09-10 15:38    55376    ----a-w-    c:\windows\CDILLA40.DLL
2010-02-15 21:46 . 2010-02-15 21:46    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-15 21:45 . 2010-02-15 21:45    --------    d-----w-    c:\program files\SUPERAntiSpyware
2010-02-15 21:45 . 2010-02-15 21:45    --------    d-----w-    c:\documents and settings\xxxx\Application Data\SUPERAntiSpyware.com
2010-02-15 21:30 . 2010-02-15 21:30    --------    d-----w-    c:\documents and settings\xxxx\Application Data\Malwarebytes
2010-02-15 21:30 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 21:30 . 2010-02-15 21:30    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-15 21:30 . 2010-01-07 15:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-02-15 21:30 . 2010-02-15 21:30    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-02-15 21:24 . 2010-02-15 21:24    --------    d-----w-    c:\program files\CCleaner

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 21:45 . 2006-07-26 05:55    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2009-12-11 21:20 . 2009-12-11 21:20    71253    ----a-w-    c:\windows\Huawei ModemsUninstall.exe
2009-11-21 23:29 . 2009-11-21 23:29    552    ----a-w-    c:\windows\system32\d3d8caps.dat
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperAdBlocker"="c:\program files\Super Ad Blocker\SAdBlock.exe" [2007-12-26 1564672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-09 94208]
"TpShocks"="TpShocks.exe" [2005-11-07 106496]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-06 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-06 208896]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 512000]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
"TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-08 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-25 31232]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-08-22 1029632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\xxxx\Start Menu\Programs\Startup\
Palm Registration.lnk - c:\program files\Palm\register.exe [2005-8-8 2494464]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-31 110592]
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-6-11 245760]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-7-25 1425424]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-26 24576]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Update Agent.lnk - c:\program files\Connect it\AutoUpdateSrv.exe [2009-12-11 667648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= "c:\program files\Super Ad Blocker\SABSEHB.DLL" [2007-12-26 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
2007-12-26 11:41    176128    ----a-w-    c:\program files\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41    294912    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 17:20    40448    ----a-w-    c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 21:45    28672    ----a-w-    c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 18:16    24576    ----a-w-    c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ      scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-562591055-725345543-4224\Scripts\Logon\0\0]
"Script"=svf.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-562591055-725345543-7464\Scripts\Logon\0\0]
"Script"=svf.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [25-07-2006 11:37 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [25-07-2006 11:38 38528]
R2 NightWatchman40;NightWatchman40;c:\program files\1E\NightWatchman40\NightWatchman.exe [08-07-2006 08:57 550616]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [05-10-2009 13:22 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [21-08-2008 14:04 98304]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25-04-2006 18:00 3456]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
S1 SABDIFSV;SABDIFSV;c:\program files\Super Ad Blocker\sabdifsv.sys [21-09-2005 10:17 5632]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [29-07-2009 12:18 39424]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11-07-2009 11:05 14976]
.
Contents of the 'Scheduled Tasks' folder

2010-02-12 c:\windows\Tasks\Fredag 12 [0].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [10].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [11].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [12].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [13].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [14].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [15].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [16].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [1].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [2].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [3].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [4].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [5].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [6].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [7].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [8].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [9].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-18 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-07-26 23:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://bestilling.photocare.dk/ImageUploader6.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp03.photoprintit.de/microsite/4066/defaults/activex/ImageUploader3.cab
.
- - - - ORPHANS REMOVED - - - -

Notify-ACNotify - ACNotify.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 21:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-562591055-725345543-4224\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CA6CEE41-42F2-8942-BA82-DD7D1786DC96}*]
"dakahcaf"=hex:64,62,66,6f,69,69,6b,63,68,6a,69,6a,68,6f,69,68,64,6a,62,6f,61,
  69,6d,6f,64,66,6e,6b,6f,63,64,6a,67,66,6e,6e,6b,6a,6f,66,00,00
"iabngmhappfieflolm"=hex:6a,61,6e,64,6c,6b,6a,69,67,6e,6b,68,68,65,67,6b,62,6e,
  6d,64,00,00
"halomhbbcbleebkh"=hex:6a,61,6e,64,6c,6b,6a,69,67,6e,6b,68,68,65,67,6b,62,6e,
  6d,64,00,f0

[HKEY_USERS\S-1-5-21-2052111302-562591055-725345543-4224\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E157A971-32A9-A8CC-0684-8C812999A41B}*]
"eadcjkcngb"=hex:66,61,6e,64,69,69,64,6b,64,68,63,64,00,fc
"daocdpeh"=hex:64,62,66,61,63,6f,68,61,70,66,67,6d,6b,64,65,6e,6c,67,65,6f,64,
  70,65,67,6f,68,61,66,6a,66,6c,6c,66,62,6d,63,63,62,67,6b,00,00
"ialamkgjbbebeoimfp"=hex:6a,61,68,67,6b,61,61,6f,6e,6c,61,69,70,65,70,65,63,6a,
  6e,6a,00,5a
"hafacigfdgpedjko"=hex:6a,61,68,67,6b,61,61,6f,6e,6c,61,69,70,65,70,65,63,6a,
  6e,6a,00,f0

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1496)
c:\windows\system32\vrlogon.dll
c:\windows\system32\CSGina.dll
c:\windows\system32\VPNAPI.DLL
c:\program files\Super Ad Blocker\SABWINLO.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\windows\system32\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\windows\system32\NWMgina.dll

- - - - - - - > 'lsass.exe'(1552)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

- - - - - - - > 'explorer.exe'(4824)
c:\program files\Super Ad Blocker\sabmsghk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Super Ad Blocker\SABSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Sophos\Remote Management System\RouterNT.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-18  21:30:11 - machine was rebooted
ComboFix-quarantined-files.txt  2010-02-18 20:30

Pre-Run: 13.598.814.208 bytes free
Post-Run: 12.466.573.312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 280067041C425B43E806FEDEAD68FAA6

Find og upload nedenstående hos Jotti eller Virustotal:

c:\program files\Connect it\AutoUpdateSrv.exe

http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Kopier resultatet herind.

------

Hvorfor har du alle de sophos opgaver liggende i planlagte opgaver i dit kontrolpanel?

------

Hvor meget ram er der i maskinen?

resultat fra Jotti

Filename:  AutoUpdateSrv.exe 
Status:  Scan finished. 0 out of 20 scanners reported malware.

Der er 1GB ram på maskinen...jeg mangler dog af lave nogle opdateringer af sophos som kun kan ske ved at opkoble direkte på uni's netværk.

Hey,

Alt min computer ren nu?

Tak for hjælpen:)

Der er ikke tegn på Malware - med mindre det gemmer sig her.
"Script"=svf.bat
Men det går jeg ud fra du har styr på?

hey,

tak for det. Glemte helt at dele point ud. Hvis du kan ligge et svar kan vi ordne det hurtigt :) ?

:)