Avatar billede NielsGJohansen Nybegynder
29. juni 2010 - 09:02 Der er 8 kommentarer og
1 løsning

hijacktihis

Hej
Vores bærbare er blevet uhyggelig langsom. Jeg har kørt CC-cleaner men kan forstå det er en god ide med hijackthis og jeres assistance.
mvh.

Niels Johansen
Avatar billede tfswebguy Nybegynder
29. juni 2010 - 12:39 #1
Bare smid en HJT log ind, så vil der komme en og kigge på den
Avatar billede NielsGJohansen Nybegynder
29. juni 2010 - 13:00 #2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:32, on 29-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\TDCSikkerhedspakke\Anti-Virus\fsgk32st.exe
C:\Programmer\TDCSikkerhedspakke\Common\FSMA32.EXE
C:\Programmer\TDCSikkerhedspakke\Anti-Virus\FSGK32.EXE
C:\Programmer\TDCSikkerhedspakke\Common\FSHDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Fælles filer\Lenovo\Logger\logmon.exe
C:\Programmer\TDCSikkerhedspakke\FWES\Program\fsdfwd.exe
C:\Programmer\TDCSikkerhedspakke\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\TDCSikkerhedspakke\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\Lenovo\Client Security Solution\cssauth.exe
C:\Programmer\TDCSikkerhedspakke\Common\FSM32.EXE
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\Ulla Inger Johansen\Skrivebord\Hijackthis\HiJackThis.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?hl=da&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUserRegSetup?clid=1030
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programmer\TDCSikkerhedspakke\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programmer\TDCSikkerhedspakke\NRS\iescript\baselitmus.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\TDCSikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\TDCSikkerhedspakke\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ulla Inger Johansen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/DK/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {25C29129-E95F-4564-BFE3-000000007100} (KvikVideo 7.1) - http://www.123hjemmeside.dk/builder/pages/KvikVideo-7-1-0-0.CAB
O16 - DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} (MultiUpload Class) - http://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-6.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://fotomail.billedbutikken.dk/upload/xupload/XUpload2101.ocx
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Programmer\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\TDCSikkerhedspakke\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\TDCSikkerhedspakke\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmer\TDCSikkerhedspakke\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programmer\TDCSikkerhedspakke\ORSP Client\fsorsp.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 14794 bytes
Avatar billede fromsej Praktikant
29. juni 2010 - 18:17 #3
Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html


Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).

Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.

Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind, sammen med loggen fra Malwarebytes.
Avatar billede NielsGJohansen Nybegynder
29. juni 2010 - 18:29 #4
Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4252

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29-06-2010 10:31:24
mbam-log-2010-06-29 (10-31-24).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 235885
Tid gået: 1 time(e), 20 minut(ter), 30 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)
Avatar billede NielsGJohansen Nybegynder
29. juni 2010 - 18:34 #5
jeg fik blokeret et program: NirCmd, så jeg tror ikke combofix blev færdig.
Avatar billede NielsGJohansen Nybegynder
29. juni 2010 - 19:02 #6
Så lykkedes det:
ComboFix 10-06-28.01 - Ulla Inger Johansen 29-06-2010  18:43:27.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1014.412 [GMT 2:00]
Kører fra: c:\documents and settings\Ulla Inger Johansen\Skrivebord\ComboFix\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Ulla Inger Johansen\Skrivebord\ComboFix\CFScript.txt
AV: TDC Sikkerhedspakke 9.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: TDC Sikkerhedspakke 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Ijl11.dll

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-05-28 til 2010-06-29  )))))))))))))))))))))))))))))))))))
.

2010-06-29 07:10 . 2010-06-29 07:10    --------    d-----w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Malwarebytes
2010-06-29 07:09 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-29 07:09 . 2010-06-29 07:09    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-29 07:09 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-06-29 07:09 . 2010-06-29 07:09    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-06-22 21:52 . 2010-06-22 21:52    --------    d-----w-    c:\programmer\iPod
2010-06-22 21:40 . 2010-06-22 21:40    72504    ----a-w-    c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-16 08:40 . 2010-06-16 08:40    --------    d-----w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Sonic
2010-06-16 08:39 . 2010-06-16 08:39    --------    d-----w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Leadertech
2010-06-16 08:36 . 2010-06-16 08:36    71992    ----a-w-    c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-12 17:03 . 2010-06-12 17:04    0    ----a-w-    c:\documents and settings\Ulla Inger Johansen\temp.dat
2010-06-12 17:03 . 2010-06-12 17:03    --------    d-----w-    c:\documents and settings\Ulla Inger Johansen\.oces
2010-06-11 10:45 . 2010-06-11 10:45    --------    d-----w-    c:\documents and settings\Ulla Inger Johansen\Lokale indstillinger\Application Data\MetaGeek,_LLC
2010-06-11 10:42 . 2010-06-11 10:42    45126    ----a-r-    c:\documents and settings\Ulla Inger Johansen\Application Data\Microsoft\Installer\{882C685B-3735-452E-9B77-D562A6A6AFE3}\_C0EDDA7A92A80D14F7FA33.exe
2010-06-11 10:42 . 2010-06-11 10:42    45126    ----a-r-    c:\documents and settings\Ulla Inger Johansen\Application Data\Microsoft\Installer\{882C685B-3735-452E-9B77-D562A6A6AFE3}\_6FEFF9B68218417F98F549.exe
2010-06-11 10:42 . 2010-06-11 10:42    --------    d-----w-    c:\programmer\MetaGeek
2010-06-09 19:45 . 2010-05-06 10:34    743424    ------w-    c:\windows\system32\dllcache\iedvtool.dll
2010-06-02 16:01 . 2010-06-08 14:30    --------    d-----w-    c:\programmer\Norton Security Scan
2010-06-02 08:32 . 2010-06-02 08:32    --------    d-----w-    c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Zynga

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 19:32 . 2009-01-07 11:07    5427    ----a-w-    c:\windows\system32\EGATHDRV.SYS
2010-06-25 18:20 . 2010-01-27 07:48    --------    d-----w-    c:\programmer\CCleaner
2010-06-22 22:30 . 2006-02-18 04:32    514158    ----a-w-    c:\windows\system32\perfh006.dat
2010-06-22 22:30 . 2006-02-18 04:32    105218    ----a-w-    c:\windows\system32\perfc006.dat
2010-06-22 21:53 . 2010-05-12 07:14    --------    d-----w-    c:\programmer\iTunes
2010-06-22 21:51 . 2009-11-03 15:47    --------    d-----w-    c:\programmer\Fælles filer\Apple
2010-06-16 08:46 . 2009-07-02 20:24    --------    d-----w-    c:\documents and settings\Ulla Inger Johansen\Application Data\U3
2010-06-16 08:39 . 2010-05-12 07:02    --------    d-----w-    c:\programmer\Safari
2010-06-10 13:51 . 2009-01-07 11:15    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-08 16:44 . 2009-01-07 13:22    --------    d-----w-    c:\programmer\Nokia
2010-06-08 14:30 . 2009-11-09 11:11    --------    d-----w-    c:\documents and settings\All Users\Application Data\Norton
2010-06-08 14:29 . 2009-01-07 11:01    --------    d-----w-    c:\programmer\Fælles filer\Symantec Shared
2010-06-06 07:39 . 2010-01-13 21:29    --------    d-----w-    c:\programmer\Microsoft Silverlight
2010-06-02 16:00 . 2009-11-09 11:11    --------    d-----w-    c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-30 13:01 . 2010-04-02 13:01    664    ----a-w-    c:\windows\system32\d3d9caps.dat
2010-05-29 07:15 . 2010-05-29 07:15    503808    ----a-w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77b341e8-n\msvcp71.dll
2010-05-29 07:15 . 2010-05-29 07:15    61440    ----a-w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d5bf094-n\decora-sse.dll
2010-05-29 07:15 . 2010-05-29 07:15    499712    ----a-w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77b341e8-n\jmc.dll
2010-05-29 07:15 . 2010-05-29 07:15    348160    ----a-w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77b341e8-n\msvcr71.dll
2010-05-29 07:15 . 2010-05-29 07:15    12800    ----a-w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d5bf094-n\decora-d3d.dll
2010-05-14 19:27 . 2009-01-09 20:22    --------    d-----w-    c:\programmer\Google
2010-05-12 07:15 . 2010-05-12 07:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-12 07:10 . 2010-05-12 07:10    --------    d-----w-    c:\programmer\QuickTime
2010-05-12 07:00 . 2010-05-12 07:00    79144    ----a-w-    c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-05-11 17:16 . 2009-01-07 10:56    --------    d-----w-    c:\programmer\Java
2010-05-08 17:50 . 2009-01-07 13:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\Installations
2010-05-08 17:50 . 2010-05-08 17:50    --------    d-----w-    c:\programmer\PC Connectivity Solution
2010-05-08 17:45 . 2010-05-08 17:45    3351812    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}\Installer\CommonCustomActions\msxml6Exec.exe
2010-05-08 17:45 . 2010-05-08 17:45    36864    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}\Installer\CommonCustomActions\Sleep.exe
2010-05-08 17:45 . 2010-05-08 17:45    3203453    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}\Installer\CommonCustomActions\vcredistExec.exe
2010-05-08 17:44 . 2010-05-08 17:47    35762752    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}\NokiaSoftwareUpdaterSetup_da[1].exe
2010-05-06 10:34 . 2006-02-18 04:32    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2006-02-18 04:31    1851264    ------w-    c:\windows\system32\win32k.sys
2010-04-20 05:31 . 2006-02-18 04:31    285696    ----a-w-    c:\windows\system32\atmfd.dll
2010-04-13 07:02 . 2010-04-08 08:28    922400    ----a-w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Sun\Java\JRERunOnce.exe
2010-04-12 15:29 . 2010-05-11 17:17    411368    ----a-w-    c:\windows\system32\deployJava1.dll
2010-04-08 08:47 . 2010-04-08 08:47    503808    ----a-w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76cf89e7-n\msvcp71.dll
2010-04-08 08:47 . 2010-04-08 08:47    499712    ----a-w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76cf89e7-n\jmc.dll
2010-04-08 08:47 . 2010-04-08 08:47    348160    ----a-w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76cf89e7-n\msvcr71.dll
2010-04-08 08:47 . 2010-04-08 08:47    61440    ----a-w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cc74d18-n\decora-sse.dll
2010-04-08 08:47 . 2010-04-08 08:47    12800    ----a-w-    c:\documents and settings\Ulla Inger Johansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cc74d18-n\decora-d3d.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]
"Google Update"="c:\documents and settings\Ulla Inger Johansen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-15 133104]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"TPKMAPHELPER"="c:\programmer\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TpShocks"="TpShocks.exe" [2006-03-15 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\programmer\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programmer\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"DiskeeperSystray"="c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2007-02-19 409600]
"ACWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-02-19 110592]
"cssauth"="c:\programmer\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"F-Secure Manager"="c:\programmer\TDCSikkerhedspakke\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\programmer\TDCSikkerhedspakke\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-03-17 421888]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-7 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07    49152    ------w-    c:\programmer\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45    28672    ------w-    c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16    24576    ------w-    c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [07-01-2009 17:04 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [07-01-2009 16:30 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmer\TDCSikkerhedspakke\HIPS\drivers\fshs.sys [07-01-2009 16:29 68064]
R2 PrivateDisk;PrivateDisk;c:\programmer\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13-03-2006 17:05 58368]
R2 smi2;smi2;c:\programmer\SMI2\smi2.sys [14-07-2006 16:55 3968]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmer\TDCSikkerhedspakke\Anti-Virus\minifilter\fsgk.sys [07-01-2009 16:28 113864]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [28-01-2010 10:29 135664]
S3 FSORSPClient;F-Secure ORSP Client;c:\programmer\TDCSikkerhedspakke\ORSP Client\fsorsp.exe [07-01-2009 16:29 55992]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [06-04-2009 09:13 13224]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys --> c:\windows\system32\Drivers\usbaapl.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmer\TDCSikkerhedspakke\Anti-Virus\win2k\fsfilter.sys [07-01-2009 16:28 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmer\TDCSikkerhedspakke\Anti-Virus\win2k\fsrec.sys [07-01-2009 16:28 25184]
.
Indhold af mappen 'Planlagte Opgaver'

2010-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-28 08:29]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-28 08:29]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015256264-2327457422-3953637553-1008Core.job
- c:\documents and settings\Ulla Inger Johansen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-10-15 18:28]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015256264-2327457422-3953637553-1008UA.job
- c:\documents and settings\Ulla Inger Johansen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-10-15 18:28]

2010-06-29 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-01-07 16:13]

2010-06-28 c:\windows\Tasks\User_Feed_Synchronization-{E55C760B-E855-40F8-AB9E-052B7290A59F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/ig?hl=da&source=iglk
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\programmer\TDCSikkerhedspakke\FSPS\program\FSLSP.DLL
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/DK/Core/Player/2020PlayerAX_Win32.cab
DPF: {25C29129-E95F-4564-BFE3-000000007100} - hxxp://www.123hjemmeside.dk/builder/pages/KvikVideo-7-1-0-0.CAB
DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} - hxxp://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} - hxxp://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-6.CAB
.
- - - - TOMME GENVEJE FJERNET - - - -

Toolbar-Locked - (no file)
Notify-ACNotify - ACNotify.dll
Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 18:52
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\programmer\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programmer\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programmer\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programmer\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\tphklock.dll
c:\programmer\tdcsikkerhedspakke\hips\fshook32.dll
c:\programmer\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(1056)
c:\programmer\TDCSikkerhedspakke\FSPS\program\FSLSP.DLL
c:\programmer\tdcsikkerhedspakke\hips\fshook32.dll

- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\IPSSVC.EXE
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\TDCSikkerhedspakke\Anti-Virus\fsgk32st.exe
c:\programmer\TDCSikkerhedspakke\Common\FSMA32.EXE
c:\programmer\TDCSikkerhedspakke\Anti-Virus\FSGK32.EXE
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\programmer\Lenovo\Client Security Solution\tvttcsd.exe
c:\programmer\Lenovo\Rescue and Recovery\rrservice.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\lenovo\system update\suservice.exe
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\programmer\Fælles filer\Lenovo\Logger\logmon.exe
c:\programmer\TDCSikkerhedspakke\Anti-Virus\fssm32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\programmer\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\programmer\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programmer\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\programmer\TDCSikkerhedspakke\Common\FSLAUNCHER0.EXE
.
**************************************************************************
.
Gennemført tid: 2010-06-29  18:59:23 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-06-29 16:59

Pre-Kørsel: 4.816.961.536 byte ledig
Post-Kørsel: 4.784.861.184 byte ledig

- - End Of File - - 72C03799567AE5F0C89F7B39DAC31F8E
Avatar billede fromsej Praktikant
30. juni 2010 - 17:29 #7
Combofix har fjernet hvad der var, vi skal ikke se flere logs.

Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten Bluetooth Service stop den hvis den kører, højreklik på den, klik på Egenskaber og vælg Starttype Deaktiveret.
Medmindre i faktisk bruger Bluetooth, så skal du lade den være.

Klik på Start->Kør skriv Services.msc og klik OK.
Find nedenstående Tjenester stop dem hvis de kører, højreklik på dem, klik på Egenskaber og vælg Starttype Manuel.
Det skal du gøre enkeltvis.

iPod-tjeneste
ServiceLayer - Nokia

Genstart, se om det ændrer noget.
Avatar billede NielsGJohansen Nybegynder
01. juli 2010 - 07:21 #8
Hej fromsej

Det hjalp helt sikkert.

Mange tak for hjælpen.

Hvordan gør jeg mht. point?

mvh.

Niels
Avatar billede fromsej Praktikant
03. juli 2010 - 10:25 #9
Velbekomme. :)

Du kan give point, når jeg har lagt svar.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Alle kurser indenfor Microsoft 365 – både til begyndere og øvede.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester