CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

targa55 Praktikant

14. november 2010 - 06:24 Der er 33 kommentarer og
1 løsning

Check af log`s efter virus mv.

Er ved at rense pc` efter virus... Er der en der vil se på disse logs.
Styresystem er XP.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13-11-2010 19:52:56
mbam-log-2010-11-13 (19-52-56).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 157402
Tid gået: 29 minut(ter), 51 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 6
Registreringsdatabaseværdier Inficeret: 2
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 2

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
D:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

**************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:09:13, on 14-11-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Programmer\Java\jre6\bin\jqs.exe
D:\Programmer\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
D:\Programmer\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmer\Fælles filer\Authentium\AntiVirus5\vsedsps.exe
D:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Programmer\Fælles filer\Authentium\AntiVirus5\vseamps.exe
D:\Programmer\Fælles filer\Authentium\AntiVirus5\vseqrts.exe
D:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Programmer\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Programmer\Unlocker\UnlockerAssistant.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\system32\msiexec.exe
D:\Documents and Settings\Stefan\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/webhp?sourceid=navclient&hl=da&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - :D:\Programmer\Celebrity Toolbar\tbcore3.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - :D:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - :D:\Programmer\KeyScrambler\KeyScramblerIE.dll (file missing)
O2 - BHO: Oryte Games 1 Toolbar - {50bcbfa7-2a6a-41ed-9d96-34d2073a8943} - :D:\Programmer\Oryte_Games_1\tbOry0.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Programmer\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Programmer\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - :D:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - :D:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - :D:\Programmer\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (file missing)
O2 - BHO: MyHeritage New Tab - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - :D:\Programmer\Celebrity Toolbar\mhxpcomi.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - :D:\Programmer\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - :D:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Programmer\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: Oryte Games 1 Toolbar - {50bcbfa7-2a6a-41ed-9d96-34d2073a8943} - :D:\Programmer\Oryte_Games_1\tbOry0.dll (file missing)
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - D:\Programmer\Celebrity Toolbar\tbcore3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SkyTel] :SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "D:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LXBSCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] :D:\Programmer\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] :"D:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Sunkist2k] :D:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] :"D:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] :"D:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] :"D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] :"D:\Programmer\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] :"D:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ~Disabled
O4 - Global Startup: ~Disabled
O8 - Extra context menu item: Google Sidewiki ... - res://D:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Programmer\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Programmer\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://D:\Programmer\Risk\Images\stg_drm.ocx
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://D:\Programmer\Risk\Images\armhelper.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - D:\Programmer\Celebrity Toolbar\mhxpcomi.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - D:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - D:\WINDOWS\system32\lxbscoms.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - D:\Programmer\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NMIndexingService - Unknown owner - D:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - D:\Programmer\CDBurnerXP\NMSAccessU.exe
O23 - Service: vseamps - Authentium, Inc - D:\Programmer\Fælles filer\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - D:\Programmer\Fælles filer\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - D:\Programmer\Fælles filer\Authentium\AntiVirus5\vseqrts.exe

--
End of file - 9538 bytes

Synes godt om

targa55 Praktikant

14. november 2010 - 06:44 #1

Tilføjelse.........

Når XP starter op, skal man vælge enten XP Home eller XP Pro...
Der er bare kun XP Home der virker, og kan ses !

Synes godt om

f-arn Guru

14. november 2010 - 09:03 #2

Hent og kør her

ellerher

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet

Synes godt om

f-arn Guru

14. november 2010 - 09:08 #3

Sikke noget vås jeg fik fyret af - mangel på kaffe ?

Jeg prøver igen :)

Hent og kør DDS her

ellerher

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet

Synes godt om

targa55 Praktikant

14. november 2010 - 09:17 #4

..... og her er så de 2 logs.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 05-06-2009 14:52:26
System Uptime: 14-11-2010 08:27:10 (1 hours ago)

Motherboard: Acer | | EM61SM/EM61PM
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket M2 | 2209/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 107 GiB total, 105,831 GiB free.
D: is FIXED (NTFS) - 117 GiB total, 99,807 GiB free.
E: is CDROM ()
J: is CDROM ()
K: is CDROM ()
L: is CDROM ()
M: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP243: 14-11-2010 06:59:51 - Systemkontrolpunkt

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4 - Dansk
Adobe Shockwave Player 11.5
AIDA32 v3.88
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVSDK5
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
CDBurnerXP
Celebrity Toolbar
Digital Camera Driver
Digital Signatur
EASEUS Partition Master 6.5.1 Home Edition
FinePixViewer Resource
FinePixViewer Ver.5.5
FinePixViewer YTUPL
Google Chrome
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix til Windows Media Player 11 (KB939683)
Hotfix til Windows XP (KB2158563)
Hotfix til Windows XP (KB952287)
Hotfix til Windows XP (KB961118)
Hotfix til Windows XP (KB970653-v3)
Hotfix til Windows XP (KB976098-v2)
Hotfix til Windows XP (KB979306)
Hotfix til Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 20
KeyScrambler
Lexmark 810 Series
Lexmark Precision Photo
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Language Pack - DAN
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 cd 2
Microsoft Office 2000 Premium
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 7.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
neroxml
Norton Internet Security
NVIDIA Drivers
Opdatering til Windows Internet Explorer 8 (KB973874)
Opdatering til Windows Internet Explorer 8 (KB976662)
Opdatering til Windows Internet Explorer 8 (KB976749)
Opdatering til Windows Internet Explorer 8 (KB980182)
Opdatering til Windows XP (KB2141007)
Opdatering til Windows XP (KB2345886)
Opdatering til Windows XP (KB951978)
Opdatering til Windows XP (KB955759)
Opdatering til Windows XP (KB955839)
Opdatering til Windows XP (KB961503)
Opdatering til Windows XP (KB967715)
Opdatering til Windows XP (KB968389)
Opdatering til Windows XP (KB971737)
Opdatering til Windows XP (KB973687)
Opdatering til Windows XP (KB973815)
Oryte_Games_1 Toolbar
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.30
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2183461)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2360131)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB971961)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB972260)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB974455)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB976325)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB978207)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB981332)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB982381)
Sikkerhedsopdatering til Windows Media Player (KB2378111)
Sikkerhedsopdatering til Windows Media Player (KB952069)
Sikkerhedsopdatering til Windows Media Player (KB954155)
Sikkerhedsopdatering til Windows Media Player (KB968816)
Sikkerhedsopdatering til Windows Media Player (KB973540)
Sikkerhedsopdatering til Windows Media Player (KB975558)
Sikkerhedsopdatering til Windows Media Player (KB978695)
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
Sikkerhedsopdatering til Windows XP (KB2079403)
Sikkerhedsopdatering til Windows XP (KB2115168)
Sikkerhedsopdatering til Windows XP (KB2121546)
Sikkerhedsopdatering til Windows XP (KB2160329)
Sikkerhedsopdatering til Windows XP (KB2229593)
Sikkerhedsopdatering til Windows XP (KB2259922)
Sikkerhedsopdatering til Windows XP (KB2279986)
Sikkerhedsopdatering til Windows XP (KB2286198)
Sikkerhedsopdatering til Windows XP (KB2296011)
Sikkerhedsopdatering til Windows XP (KB2347290)
Sikkerhedsopdatering til Windows XP (KB2360937)
Sikkerhedsopdatering til Windows XP (KB2387149)
Sikkerhedsopdatering til Windows XP (KB923561)
Sikkerhedsopdatering til Windows XP (KB923789)
Sikkerhedsopdatering til Windows XP (KB938464-v2)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB946648)
Sikkerhedsopdatering til Windows XP (KB950760)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951066)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952004)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB954459)
Sikkerhedsopdatering til Windows XP (KB954600)
Sikkerhedsopdatering til Windows XP (KB955069)
Sikkerhedsopdatering til Windows XP (KB956572)
Sikkerhedsopdatering til Windows XP (KB956744)
Sikkerhedsopdatering til Windows XP (KB956802)
Sikkerhedsopdatering til Windows XP (KB956803)
Sikkerhedsopdatering til Windows XP (KB956844)
Sikkerhedsopdatering til Windows XP (KB957097)
Sikkerhedsopdatering til Windows XP (KB958644)
Sikkerhedsopdatering til Windows XP (KB958687)
Sikkerhedsopdatering til Windows XP (KB958690)
Sikkerhedsopdatering til Windows XP (KB958869)
Sikkerhedsopdatering til Windows XP (KB959426)
Sikkerhedsopdatering til Windows XP (KB960225)
Sikkerhedsopdatering til Windows XP (KB960715)
Sikkerhedsopdatering til Windows XP (KB960803)
Sikkerhedsopdatering til Windows XP (KB960859)
Sikkerhedsopdatering til Windows XP (KB961371)
Sikkerhedsopdatering til Windows XP (KB961373)
Sikkerhedsopdatering til Windows XP (KB961501)
Sikkerhedsopdatering til Windows XP (KB963027)
Sikkerhedsopdatering til Windows XP (KB968537)
Sikkerhedsopdatering til Windows XP (KB969059)
Sikkerhedsopdatering til Windows XP (KB969897)
Sikkerhedsopdatering til Windows XP (KB969898)
Sikkerhedsopdatering til Windows XP (KB969947)
Sikkerhedsopdatering til Windows XP (KB970238)
Sikkerhedsopdatering til Windows XP (KB970430)
Sikkerhedsopdatering til Windows XP (KB971468)
Sikkerhedsopdatering til Windows XP (KB971486)
Sikkerhedsopdatering til Windows XP (KB971557)
Sikkerhedsopdatering til Windows XP (KB971633)
Sikkerhedsopdatering til Windows XP (KB971657)
Sikkerhedsopdatering til Windows XP (KB971961)
Sikkerhedsopdatering til Windows XP (KB972260)
Sikkerhedsopdatering til Windows XP (KB972270)
Sikkerhedsopdatering til Windows XP (KB973346)
Sikkerhedsopdatering til Windows XP (KB973354)
Sikkerhedsopdatering til Windows XP (KB973507)
Sikkerhedsopdatering til Windows XP (KB973525)
Sikkerhedsopdatering til Windows XP (KB973869)
Sikkerhedsopdatering til Windows XP (KB973904)
Sikkerhedsopdatering til Windows XP (KB974112)
Sikkerhedsopdatering til Windows XP (KB974318)
Sikkerhedsopdatering til Windows XP (KB974392)
Sikkerhedsopdatering til Windows XP (KB974571)
Sikkerhedsopdatering til Windows XP (KB975025)
Sikkerhedsopdatering til Windows XP (KB975467)
Sikkerhedsopdatering til Windows XP (KB975560)
Sikkerhedsopdatering til Windows XP (KB975561)
Sikkerhedsopdatering til Windows XP (KB975562)
Sikkerhedsopdatering til Windows XP (KB975713)
Sikkerhedsopdatering til Windows XP (KB977165)
Sikkerhedsopdatering til Windows XP (KB977816)
Sikkerhedsopdatering til Windows XP (KB977914)
Sikkerhedsopdatering til Windows XP (KB978037)
Sikkerhedsopdatering til Windows XP (KB978251)
Sikkerhedsopdatering til Windows XP (KB978262)
Sikkerhedsopdatering til Windows XP (KB978338)
Sikkerhedsopdatering til Windows XP (KB978542)
Sikkerhedsopdatering til Windows XP (KB978601)
Sikkerhedsopdatering til Windows XP (KB978706)
Sikkerhedsopdatering til Windows XP (KB979309)
Sikkerhedsopdatering til Windows XP (KB979482)
Sikkerhedsopdatering til Windows XP (KB979559)
Sikkerhedsopdatering til Windows XP (KB979683)
Sikkerhedsopdatering til Windows XP (KB979687)
Sikkerhedsopdatering til Windows XP (KB980195)
Sikkerhedsopdatering til Windows XP (KB980218)
Sikkerhedsopdatering til Windows XP (KB980232)
Sikkerhedsopdatering til Windows XP (KB980436)
Sikkerhedsopdatering til Windows XP (KB981322)
Sikkerhedsopdatering til Windows XP (KB981852)
Sikkerhedsopdatering til Windows XP (KB981957)
Sikkerhedsopdatering til Windows XP (KB981997)
Sikkerhedsopdatering til Windows XP (KB982132)
Sikkerhedsopdatering til Windows XP (KB982214)
Sikkerhedsopdatering til Windows XP (KB982665)
Sikkerhedsopdatering til Windows XP (KB982802)
Skins
Spelling Dictionaries Support For Adobe Reader 9
TDC fotoservice
TVUPlayer 2.4.9.1
Ultimate Spider-Man (TM)
Unity Web Player
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vigtig opdatering til Windows Media Player 11 (KB959772)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows-driverpakke - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

13-11-2010 22:23:18, oplysninger: Windows File Protection [64017] - Filsøgning med Windows Filbeskyttelse blev fuldført.
13-11-2010 21:59:30, oplysninger: Windows File Protection [64020] - Windows Filbeskyttelse konstaterede, at systemfilen d:\windows\system32\sysocmgr.exe har en forkert signatur. Denne fil blev gendannet til sin oprindelige version for at bevare systemets stabilitet. Systemfilens filversion er 5.1.2600.5512.
13-11-2010 21:59:30, oplysninger: Windows File Protection [64019] - Windows Filbeskyttelse konstaterede, at systemfilen d:\windows\system32\sysocmgr.exe har en forkert signatur. Denne fil blev gendannet til sin oprindelige version for at bevare systemets stabilitet.
13-11-2010 21:59:08, oplysninger: Windows File Protection [64016] - Windows Filbeskyttelse startede søgning efter filer.

==== End Of File ===========================

DDS (Ver_10-11-10.01) - NTFSx86
Run by Stefan at 9:10:45,03 on 14-11-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1023.405 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Programmer\Java\jre6\bin\jqs.exe
D:\Programmer\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
D:\WINDOWS\Explorer.EXE
D:\Programmer\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Programmer\Fælles filer\Authentium\AntiVirus5\vsedsps.exe
D:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Programmer\Fælles filer\Authentium\AntiVirus5\vseamps.exe
D:\Programmer\Fælles filer\Authentium\AntiVirus5\vseqrts.exe
D:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Programmer\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
D:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programmer\Internet Explorer\iexplore.exe
D:\Programmer\Internet Explorer\iexplore.exe
D:\Programmer\Internet Explorer\iexplore.exe
D:\Documents and Settings\Stefan\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.dk/webhp?sourceid=navclient&hl=da&ie=UTF-8
mStart Page = hxxp://search.myheritage.com
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
uURLSearchHooks: H - No File
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - :d:\programmer\celebrity toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - :d:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - :d:\programmer\keyscrambler\KeyScramblerIE.dll
BHO: Oryte Games 1 Toolbar: {50bcbfa7-2a6a-41ed-9d96-34d2073a8943} - :d:\programmer\oryte_games_1\tbOry0.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - d:\programmer\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - d:\programmer\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - :d:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - :d:\programmer\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - :d:\programmer\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CMySite Class: {d62ec836-bf1e-4cac-81be-fb9179835d8e} - :d:\programmer\celebrity toolbar\mhxpcomi.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - :d:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - :d:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - d:\programmer\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: Oryte Games 1 Toolbar: {50bcbfa7-2a6a-41ed-9d96-34d2073a8943} - :d:\programmer\oryte_games_1\tbOry0.dll
TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - d:\programmer\celebrity toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\programmer\google\google toolbar\GoogleToolbar_32.dll
TB: {DD662A0C-12FE-4B38-BA53-247F7EC82F46} - No File
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [swg] :"d:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SkyTel] :SkyTel.EXE
mRun: [StartCCC] "d:\programmer\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LXBSCATS] rundll32 d:\windows\system32\spool\drivers\w32x86\3\LXBStime.dll,_RunDLLEntry@16
mRun: [MemoryCardManager] :d:\programmer\lexmark\lexmark precision photo\MemCard.exe -startup
mRun: [SunJavaUpdateSched] :"d:\programmer\fælles filer\java\java update\jusched.exe"
mRun: [Sunkist2k] :d:\programmer\multimedia card reader\shwicon2k.exe
mRun: [Adobe Reader Speed Launcher] :"d:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] :"d:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] :"d:\programmer\quicktime\qttask.exe" -atboottime
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [UnlockerAssistant] :"d:\programmer\unlocker\UnlockerAssistant.exe"
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\stefan\menuen~1\progra~1\start\~disab~1\magicd~1.lnk - d:\programmer\magicdisc\MagicDisc.exe
StartupFolder: d:\docume~1\alluse~1\menuen~1\progra~1\start\~disab~1\exifla~1.lnk - d:\programmer\finepixviewer\QuickDCF2.exe
StartupFolder: d:\docume~1\alluse~1\menuen~1\progra~1\start\~disab~1\micros~1.lnk - d:\programmer\microsoft office\office\OSA9.EXE
IE: Google Sidewiki ... - d:\programmer\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\programmer\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - d:\programmer\keyscrambler\KeyScramblerIE.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-11-14 06:00:51 -------- d-----w- d:\docume~1\stefan\applic~1\TVU Networks
2010-11-14 05:01:45 -------- d-----w- d:\docume~1\stefan\applic~1\SignupShield
2010-11-14 03:44:34 -------- d-----w- d:\programmer\Unlocker
2010-11-14 03:13:10 86016 ----a-w- d:\windows\SOUNDMAN.EXE
2010-11-14 03:13:10 2879488 ----a-w- d:\windows\SkyTel.exe
2010-11-14 03:13:09 266240 ----a-w- d:\windows\system32\RTSndMgr.CPL
2010-11-14 03:13:08 364544 ----a-w- d:\windows\RtlUpd.exe
2010-11-14 03:13:07 9709568 ----a-w- d:\windows\RTLCPL.EXE
2010-11-14 03:13:03 4284928 ----a-w- d:\windows\system32\drivers\RtkHDAud.sys
2010-11-14 03:12:56 16208384 ----a-w- d:\windows\RTHDCPL.EXE
2010-11-14 03:12:51 2158592 ----a-w- d:\windows\MicCal.exe
2010-11-14 03:12:49 299008 ----a-w- d:\windows\system32\ALSNDMGR.CPL
2010-11-14 03:12:49 2808832 ----a-w- d:\windows\ALCWZRD.EXE
2010-11-14 03:12:48 69632 ----a-w- d:\windows\ALCMTR.EXE
2010-11-14 03:03:27 244864 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2010-11-14 03:03:27 -------- d-----w- D:\Dell Drivere
2010-11-14 01:01:48 -------- d-----w- d:\programmer\AIDA32 - Enterprise System Information
2010-11-14 00:15:38 86408 ----a-w- d:\windows\system32\setupempdrv03.exe
2010-11-14 00:15:38 8456 ----a-w- d:\windows\system32\EuGdiDrv.sys
2010-11-14 00:15:38 2217088 ----a-w- d:\windows\system32\BootMan.exe
2010-11-14 00:15:38 14848 ----a-w- d:\windows\system32\EuEpmGdi.dll
2010-11-14 00:15:38 13192 ----a-w- d:\windows\system32\epmntdrv.sys
2010-11-14 00:15:31 -------- d-----w- d:\programmer\EASEUS
2010-11-13 21:23:16 116224 -c--a-w- d:\windows\system32\dllcache\xrxwiadr.dll
2010-11-13 21:23:12 23040 -c--a-w- d:\windows\system32\dllcache\xrxwbtmp.dll
2010-11-13 21:23:11 18944 -c--a-w- d:\windows\system32\dllcache\xrxscnui.dll
2010-11-13 21:23:08 27648 -c--a-w- d:\windows\system32\dllcache\xrxftplt.exe
2010-11-13 21:23:04 4608 -c--a-w- d:\windows\system32\dllcache\xrxflnch.exe
2010-11-13 21:23:01 99865 -c--a-w- d:\windows\system32\dllcache\xlog.exe
2010-11-13 21:21:56 16925 -c--a-w- d:\windows\system32\dllcache\w940nd.sys
2010-11-13 21:20:58 20608 -c--a-w- d:\windows\system32\dllcache\usbuhci.sys
2010-11-13 21:19:57 222336 -c--a-w- d:\windows\system32\dllcache\trid3dm.sys
2010-11-13 21:18:58 36640 -c--a-w- d:\windows\system32\dllcache\t2r4mini.sys
2010-11-13 21:17:55 24660 -c--a-w- d:\windows\system32\dllcache\spxupchk.dll
2010-11-13 21:16:58 45568 -c--a-w- d:\windows\system32\dllcache\smb3w.dll
2010-11-13 21:15:58 386560 -c--a-w- d:\windows\system32\dllcache\sgiul50.dll
2010-11-13 21:14:59 62496 -c--a-w- d:\windows\system32\dllcache\s3mtrio.dll
2010-11-13 21:13:59 3328 -c--a-w- d:\windows\system32\dllcache\qv2kux.sys
2010-11-13 21:12:59 173696 -c--a-w- d:\windows\system32\dllcache\philcam2.sys
2010-11-13 21:11:59 31872 -c--a-w- d:\windows\system32\dllcache\ovce.sys
2010-11-13 21:10:59 60480 -c--a-w- d:\windows\system32\dllcache\neo20xx.dll
2010-11-13 21:09:55 35200 -c--a-w- d:\windows\system32\dllcache\msgame.sys
2010-11-13 21:08:58 802683 -c--a-w- d:\windows\system32\dllcache\ltsm.sys
2010-11-13 21:07:59 6144 -c--a-w- d:\windows\system32\dllcache\kbd101b.dll
2010-11-13 21:06:58 38528 -c--a-w- d:\windows\system32\dllcache\ibmvcap.sys
2010-11-13 21:05:58 19456 -c--a-w- d:\windows\system32\dllcache\hr1w.dll
2010-11-13 21:04:54 92160 -c--a-w- d:\windows\system32\dllcache\fuusd.dll
2010-11-13 21:03:58 37120 -c--a-w- d:\windows\system32\dllcache\es1370mp.sys
2010-11-13 21:02:59 26698 -c--a-w- d:\windows\system32\dllcache\dlh5xnd5.sys
2010-11-13 21:01:59 4096 -c--a-w- d:\windows\system32\dllcache\ctwdm32.dll
2010-11-13 21:00:46 13824 -c--a-w- d:\windows\system32\dllcache\bulltlp3.sys
2010-11-13 20:59:59 5248 -c--a-w- d:\windows\system32\dllcache\aliide.sys
2010-11-13 18:04:26 -------- d-----w- d:\docume~1\stefan\applic~1\Malwarebytes
2010-11-13 18:04:00 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-11-13 18:03:59 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-11-13 18:03:59 -------- d-----w- d:\programmer\Malwarebytes' Anti-Malware
2010-11-13 18:03:59 -------- d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-13 17:47:30 -------- d-----w- d:\programmer\VS Revo Group
2010-11-13 00:22:56 -------- d-----w- d:\programmer\Microsoft
2010-11-13 00:21:18 96200 ----a-w- d:\windows\system32\drivers\CDAVFS.sys
2010-11-13 00:20:48 -------- d-----w- d:\programmer\fælles filer\Authentium
2010-11-13 00:20:46 -------- d-----w- d:\programmer\Bing Bar Installer
2010-11-13 00:05:29 114952 ----a-w- d:\windows\system32\drivers\keyscrambler.sys
2010-11-13 00:05:29 -------- d-----w- d:\programmer\KeyScrambler
2010-11-12 21:24:51 -------- d-----w- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-11-12 21:24:41 -------- d-----w- d:\programmer\SUPERAntiSpyware
2010-11-12 21:24:41 -------- d-----w- d:\docume~1\stefan\applic~1\SUPERAntiSpyware.com
2010-11-12 18:51:07 -------- d-----w- d:\docume~1\alluse~1\applic~1\PC Tools
2010-11-09 15:16:46 -------- d-----w- d:\documents and settings\stefan\.oces2

==================== Find3M ====================

2010-09-18 10:23:40 974848 ----a-w- d:\windows\system32\mfc42u.dll
2010-09-18 06:53:39 974848 ----a-w- d:\windows\system32\mfc42.dll
2010-09-18 06:53:39 953856 ----a-w- d:\windows\system32\mfc40u.dll
2010-09-18 06:53:38 954368 ----a-w- d:\windows\system32\mfc40.dll
2010-09-10 05:51:36 916480 ----a-w- d:\windows\system32\wininet.dll
2010-09-10 05:51:33 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-09-10 05:51:33 1469440 ------w- d:\windows\system32\inetcpl.cpl
2010-09-01 11:52:04 285824 ----a-w- d:\windows\system32\atmfd.dll
2010-09-01 07:57:39 1852800 ----a-w- d:\windows\system32\win32k.sys
2010-08-27 08:03:32 119808 ----a-w- d:\windows\system32\t2embed.dll
2010-08-27 05:53:18 99840 ----a-w- d:\windows\system32\srvsvc.dll
2010-08-27 01:43:50 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2010-08-23 16:12:33 617472 ----a-w- d:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- d:\windows\system32\spoolsv.exe
2010-08-16 08:45:02 590848 ----a-w- d:\windows\system32\rpcrt4.dll

============= FINISH: 9:11:48,89 ===============

Synes godt om

f-arn Guru

14. november 2010 - 10:46 #5

Der er noget der undrer mig. Den ene log viser tegn på infektioner som den anden ikke viser.

------

Hent og gem ComboFix på dit skrivebord:

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

targa55 Praktikant

14. november 2010 - 11:15 #6

Har prøvet at køre Combofix, men får denne meddelelse:
Navnet, CFScript synes at være stavet forkert.

Synes godt om

f-arn Guru

14. november 2010 - 11:44 #7

Slet den ComboFix du har og hent en ny.

------

Hent og gem Combofix på dit skrivebord som IEXPLORE.exe:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Start IEXPLORE.exe og følg anvisningerne.

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

targa55 Praktikant

14. november 2010 - 11:50 #8

Pludselig startede den op alligevel..... her er loggen

ComboFix 10-11-12.06 - Stefan 14-11-2010 11:30:24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1023.502 [GMT 1:00]
Kører fra: d:\documents and settings\Stefan\Skrivebord\ComboFix.exe
Kommandoer benyttet :: d:\documents and settings\Stefan\Skrivebord\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Stefan\Application Data\inst.exe
d:\documents and settings\Stefan\Application Data\PriceGong
d:\documents and settings\Stefan\Application Data\PriceGong\Data\1.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\a.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\b.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\c.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\d.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\e.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\f.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\g.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\h.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\i.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\J.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\k.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\l.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\m.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\mru.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\n.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\o.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\p.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\q.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\r.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\s.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\t.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\u.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\v.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\w.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\x.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\y.xml
d:\documents and settings\Stefan\Application Data\PriceGong\Data\z.xml
d:\programmer\AskSearch\bin\DefaultSearch.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((((((( Filer skabt fra 2010-10-14 til 2010-11-14 )))))))))))))))))))))))))))))))))))
.

2010-11-14 06:00 . 2010-11-14 06:00 -------- d-----w- d:\documents and settings\Stefan\Application Data\TVU Networks
2010-11-14 05:01 . 2010-11-14 05:01 -------- d-----w- d:\documents and settings\Stefan\Application Data\SignupShield
2010-11-14 03:44 . 2010-11-14 03:45 -------- d-----w- d:\programmer\Unlocker
2010-11-14 03:13 . 2006-05-16 09:04 2879488 ----a-w- d:\windows\SkyTel.exe
2010-11-14 03:13 . 2006-05-04 07:22 86016 ----a-w- d:\windows\SOUNDMAN.EXE
2010-11-14 03:13 . 2006-01-10 04:58 266240 ----a-w- d:\windows\system32\RTSndMgr.CPL
2010-11-14 03:13 . 2006-03-09 08:45 364544 ----a-w- d:\windows\RtlUpd.exe
2010-11-14 03:13 . 2006-05-04 07:35 9709568 ----a-w- d:\windows\RTLCPL.EXE
2010-11-14 03:13 . 2006-06-06 03:09 4284928 ----a-w- d:\windows\system32\drivers\RtkHDAud.sys
2010-11-14 03:12 . 2006-06-01 07:48 16208384 ----a-w- d:\windows\RTHDCPL.EXE
2010-11-14 03:12 . 2006-03-10 10:32 2158592 ----a-w- d:\windows\MicCal.exe
2010-11-14 03:12 . 2006-05-04 07:26 2808832 ----a-w- d:\windows\ALCWZRD.EXE
2010-11-14 03:12 . 2005-09-21 01:25 299008 ----a-w- d:\windows\system32\ALSNDMGR.CPL
2010-11-14 03:12 . 2005-05-03 09:43 69632 ----a-w- d:\windows\ALCMTR.EXE
2010-11-14 03:03 . 2010-11-14 03:12 -------- d-----w- D:\Dell Drivere
2010-11-14 03:03 . 2006-06-29 07:53 244864 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2010-11-14 01:01 . 2010-11-14 01:01 -------- d-----w- d:\programmer\AIDA32 - Enterprise System Information
2010-11-14 00:15 . 2010-10-28 11:23 2217088 ----a-w- d:\windows\system32\BootMan.exe
2010-11-14 00:15 . 2010-07-15 07:44 86408 ----a-w- d:\windows\system32\setupempdrv03.exe
2010-11-14 00:15 . 2010-07-15 07:44 8456 ----a-w- d:\windows\system32\EuGdiDrv.sys
2010-11-14 00:15 . 2010-07-15 07:44 13192 ----a-w- d:\windows\system32\epmntdrv.sys
2010-11-14 00:15 . 2010-07-15 07:44 14848 ----a-w- d:\windows\system32\EuEpmGdi.dll
2010-11-14 00:15 . 2010-11-14 00:15 -------- d-----w- d:\programmer\EASEUS
2010-11-13 21:23 . 2008-04-14 17:05 116224 -c--a-w- d:\windows\system32\dllcache\xrxwiadr.dll
2010-11-13 21:23 . 2001-10-04 16:07 23040 -c--a-w- d:\windows\system32\dllcache\xrxwbtmp.dll
2010-11-13 21:23 . 2008-04-14 17:05 18944 -c--a-w- d:\windows\system32\dllcache\xrxscnui.dll
2010-11-13 21:23 . 2001-10-04 16:07 27648 -c--a-w- d:\windows\system32\dllcache\xrxftplt.exe
2010-11-13 21:23 . 2001-10-04 16:07 4608 -c--a-w- d:\windows\system32\dllcache\xrxflnch.exe
2010-11-13 21:23 . 2001-08-18 05:37 99865 -c--a-w- d:\windows\system32\dllcache\xlog.exe
2010-11-13 21:21 . 2001-08-17 19:13 16925 -c--a-w- d:\windows\system32\dllcache\w940nd.sys
2010-11-13 21:20 . 2008-04-13 19:45 20608 -c--a-w- d:\windows\system32\dllcache\usbuhci.sys
2010-11-13 21:19 . 2001-08-17 19:51 222336 -c--a-w- d:\windows\system32\dllcache\trid3dm.sys
2010-11-13 21:18 . 2001-08-17 19:50 36640 -c--a-w- d:\windows\system32\dllcache\t2r4mini.sys
2010-11-13 21:17 . 2001-10-04 16:07 24660 -c--a-w- d:\windows\system32\dllcache\spxupchk.dll
2010-11-13 21:16 . 2001-10-04 16:07 45568 -c--a-w- d:\windows\system32\dllcache\smb3w.dll
2010-11-13 21:15 . 2001-10-04 16:07 386560 -c--a-w- d:\windows\system32\dllcache\sgiul50.dll
2010-11-13 21:14 . 2001-10-04 16:07 62496 -c--a-w- d:\windows\system32\dllcache\s3mtrio.dll
2010-11-13 21:13 . 2001-08-17 20:53 3328 -c--a-w- d:\windows\system32\dllcache\qv2kux.sys
2010-11-13 21:12 . 2001-08-17 21:04 173696 -c--a-w- d:\windows\system32\dllcache\philcam2.sys
2010-11-13 21:11 . 2001-08-17 21:05 31872 -c--a-w- d:\windows\system32\dllcache\ovce.sys
2010-11-13 21:10 . 2001-10-04 16:07 60480 -c--a-w- d:\windows\system32\dllcache\neo20xx.dll
2010-11-13 21:09 . 2001-08-17 21:02 35200 -c--a-w- d:\windows\system32\dllcache\msgame.sys
2010-11-13 21:08 . 2008-04-13 19:40 7040 -c--a-w- d:\windows\system32\dllcache\ltotape.sys
2010-11-13 21:07 . 2001-08-17 21:55 6144 -c--a-w- d:\windows\system32\dllcache\kbd101b.dll
2010-11-13 21:06 . 2001-08-17 21:06 38528 -c--a-w- d:\windows\system32\dllcache\ibmvcap.sys
2010-11-13 21:05 . 2001-10-04 16:07 19456 -c--a-w- d:\windows\system32\dllcache\hr1w.dll
2010-11-13 21:04 . 2001-10-04 16:07 92160 -c--a-w- d:\windows\system32\dllcache\fuusd.dll
2010-11-13 21:03 . 2001-08-17 19:19 37120 -c--a-w- d:\windows\system32\dllcache\es1370mp.sys
2010-11-13 21:02 . 2001-08-17 19:11 26698 -c--a-w- d:\windows\system32\dllcache\dlh5xnd5.sys
2010-11-13 21:01 . 2001-10-04 16:07 4096 -c--a-w- d:\windows\system32\dllcache\ctwdm32.dll
2010-11-13 21:00 . 2001-10-04 15:32 13824 -c--a-w- d:\windows\system32\dllcache\bulltlp3.sys
2010-11-13 20:59 . 2001-08-17 20:51 5248 -c--a-w- d:\windows\system32\dllcache\aliide.sys
2010-11-13 20:45 . 2010-11-13 20:45 -------- d-----w- d:\documents and settings\Administrator
2010-11-13 18:04 . 2010-11-13 18:04 -------- d-----w- d:\documents and settings\Stefan\Application Data\Malwarebytes
2010-11-13 18:04 . 2010-04-29 14:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-11-13 18:03 . 2010-11-13 18:04 -------- d-----w- d:\programmer\Malwarebytes' Anti-Malware
2010-11-13 18:03 . 2010-11-13 18:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-13 18:03 . 2010-04-29 14:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-11-13 17:47 . 2010-11-13 17:47 -------- d-----w- d:\programmer\VS Revo Group
2010-11-13 00:22 . 2010-11-13 17:49 -------- d-----w- d:\programmer\Microsoft
2010-11-13 00:22 . 2010-11-13 17:35 -------- d-----w- d:\programmer\Microsoft Silverlight
2010-11-13 00:21 . 2010-11-13 00:19 96200 ----a-w- d:\windows\system32\drivers\CDAVFS.sys
2010-11-13 00:20 . 2010-11-13 00:20 -------- d-----w- d:\programmer\Fælles filer\Authentium
2010-11-13 00:20 . 2010-11-13 17:49 -------- d-----w- d:\programmer\Bing Bar Installer
2010-11-13 00:05 . 2010-11-13 00:05 -------- d-----w- d:\programmer\KeyScrambler
2010-11-13 00:05 . 2010-02-11 15:03 114952 ----a-w- d:\windows\system32\drivers\keyscrambler.sys
2010-11-12 21:24 . 2010-11-12 21:24 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-12 21:24 . 2010-11-14 04:38 -------- d-----w- d:\documents and settings\Stefan\Application Data\SUPERAntiSpyware.com
2010-11-12 21:24 . 2010-11-14 04:38 -------- d-----w- d:\programmer\SUPERAntiSpyware
2010-11-12 18:51 . 2010-11-12 21:16 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Tools
2010-11-09 15:16 . 2010-11-09 15:16 -------- d-----w- d:\documents and settings\Stefan\.oces2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 18:59 . 2009-11-26 12:46 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- d:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- d:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- d:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- d:\windows\system32\mfc40.dll
2010-09-10 05:51 . 2006-03-02 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-09-10 05:51 . 2006-03-02 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-09-10 05:51 . 2006-03-02 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2006-03-02 12:00 285824 ----a-w- d:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2006-03-02 12:00 1852800 ----a-w- d:\windows\system32\win32k.sys
2010-08-27 08:03 . 2006-03-02 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2010-08-27 05:53 . 2006-03-02 12:00 99840 ----a-w- d:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-03-02 12:00 357248 ----a-w- d:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2006-03-02 12:00 617472 ----a-w- d:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- d:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "d:\programmer\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "d:\programmer\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"LXBSCATS"="d:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 65536]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Stefan\Menuen Start\Programmer\Start\~Disabled
MagicDisc.lnk - d:\programmer\MagicDisc\MagicDisc.exe [2009-7-25 576000]

d:\documents and settings\All Users\Menuen Start\Programmer\Start\~Disabled
ExifLauncher2.lnk - d:\programmer\FinePixViewer\QuickDCF2.exe [2010-9-8 303104]
Microsoft Office.lnk - d:\programmer\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [18-07-2009 23:40 721904]
R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\NIS\1108000.005\symds.sys [24-09-2010 11:13 328752]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\NIS\1108000.005\symefa.sys [24-09-2010 11:13 173104]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [04-11-2010 01:07 691248]
R1 ccHP;Symantec Hash Provider;d:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys [24-09-2010 11:13 501888]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\NIS\1108000.005\ironx86.sys [24-09-2010 11:13 116784]
R2 NIS;Norton Internet Security;d:\programmer\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [24-09-2010 11:13 126392]
R2 vseamps;vseamps;d:\programmer\Fælles filer\Authentium\AntiVirus5\vseamps.exe [08-04-2010 16:46 117288]
R2 vsedsps;vsedsps;d:\programmer\Fælles filer\Authentium\AntiVirus5\vsedsps.exe [08-04-2010 16:46 117288]
R2 vseqrts;vseqrts;d:\programmer\Fælles filer\Authentium\AntiVirus5\vseqrts.exe [08-04-2010 16:46 154152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\programmer\Fælles filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14-11-2010 04:07 102448]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101112.001\IDSXpx86.sys [19-10-2010 21:36 341880]
R3 KeyScrambler;KeyScrambler;d:\windows\system32\drivers\keyscrambler.sys [13-11-2010 01:05 114952]
S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASKUTIL;SASKUTIL;\??\d:\programmer\SUPERAntiSpyware\SASKUTIL.sys --> d:\programmer\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate;Tjenesten Google Update (gupdate);d:\programmer\Google\Update\GoogleUpdate.exe [21-10-2009 16:09 133104]
S3 epmntdrv;epmntdrv;d:\windows\system32\epmntdrv.sys [14-11-2010 01:15 13192]
S3 EuGdiDrv;EuGdiDrv;d:\windows\system32\EuGdiDrv.sys [14-11-2010 01:15 8456]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\d:\programmer\Lavasoft\Ad-Aware\KernExplorer.sys --> d:\programmer\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Indhold af mappen 'Planlagte Opgaver'

2010-10-26 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-11-14 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\programmer\Google\Update\GoogleUpdate.exe [2009-10-21 15:09]

2010-11-14 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\programmer\Google\Update\GoogleUpdate.exe [2009-10-21 15:09]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/webhp?sourceid=navclient&hl=da&ie=UTF-8
mStart Page = hxxp://search.myheritage.com
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: Google Sidewiki ... - d:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: danid.dk
Trusted Zone: danid.dk
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - d:\programmer\Celebrity Toolbar\mhxpcomi.dll
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{0C37B053-FD68-456a-82E1-D788EE342E6F} - :d:\programmer\Celebrity Toolbar\tbcore3.dll
BHO-{50bcbfa7-2a6a-41ed-9d96-34d2073a8943} - :d:\programmer\Oryte_Games_1\tbOry0.dll
BHO-{D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - :d:\programmer\Celebrity Toolbar\mhxpcomi.dll
Toolbar-{50bcbfa7-2a6a-41ed-9d96-34d2073a8943} - :d:\programmer\Oryte_Games_1\tbOry0.dll
WebBrowser-{50BCBFA7-2A6A-41ED-9D96-34D2073A8943} - :d:\programmer\Oryte_Games_1\tbOry0.dll
WebBrowser-{DD662A0C-12FE-4B38-BA53-247F7EC82F46} - (no file)
HKCU-Run-swg - :d:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-SkyTel - :SkyTel.EXE
HKLM-Run-MemoryCardManager - :d:\programmer\Lexmark\Lexmark Precision Photo\MemCard.exe
HKLM-Run-SunJavaUpdateSched - :d:\programmer\Fælles filer\Java\Java Update\jusched.exe
HKLM-Run-Sunkist2k - :d:\programmer\Multimedia Card Reader\shwicon2k.exe
HKLM-Run-Adobe Reader Speed Launcher - :d:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
HKLM-Run-Adobe ARM - :d:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
HKLM-Run-QuickTime Task - :d:\programmer\QuickTime\qttask.exe
HKLM-Run-UnlockerAssistant - :d:\programmer\Unlocker\UnlockerAssistant.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 11:38
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBSCATS = rundll32 d:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"d:\programmer\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"d:\programmer\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1659004503-515967899-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,1f,72,23,02,6d,7f,a0,33,9b,c0,9a,ff,78,5c,20,1f,55,fe,00,3b,fe,b0,
04,61,98,be,ee,e8,90,ff,36,37,27,a4,cb,0e,52,f9,19,c3,a1,e4,fe,56,ad,84,68,\
"??"=hex:fc,d4,d2,f7,20,0e,78,4d,83,f6,c9,77,ea,4e,55,57
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(736)
d:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3712)
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\programmer\Java\jre6\bin\jqs.exe
d:\programmer\CDBurnerXP\NMSAccessU.exe
d:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
d:\windows\system32\wscntfy.exe
d:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
d:\programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\windows\RTHDCPL.EXE
d:\programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\windows\system32\imapi.exe
.
**************************************************************************
.
Gennemført tid: 2010-11-14 11:42:15 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-11-14 10:42

Pre-Kørsel: 107.095.597.056 byte ledig
Post-Kørsel: 107.080.642.560 byte ledig

- - End Of File - - 7BC424129E96CE86F8DE07DE3876D22B

Synes godt om

targa55 Praktikant

14. november 2010 - 12:33 #9

Er bare lidt nysgerrig ... kan du bruge loggen fra Combofix, eller skal jeg prøve at køre den anden du linker til i #8 ?...

Synes godt om

f-arn Guru

14. november 2010 - 17:07 #10

Ja, den combolog har fortalt en masse.
Hvilket sikkerheds program bruger du ?
Jeg kan se både authentium og Norton.

Synes godt om

targa55 Praktikant

14. november 2010 - 17:18 #11

Det er Norton

Synes godt om

targa55 Praktikant

14. november 2010 - 17:44 #12

Ser nu at Authentium er McAfee, og den skulle gerne være afst... men det er nok efter at jeg sendte log.

Synes godt om

f-arn Guru

14. november 2010 - 17:55 #13

Ser nu at Authentium er McAfee, og den skulle gerne være afst... men det er nok efter at jeg sendte log.

Fint.

------

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
Driver::
epmntdrv

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

targa55 Praktikant

14. november 2010 - 18:25 #14

Her er den nye log ...
Kan samtidig oplyse dig om, at alt fungerer perfekt... der er overhoved ikke problemer med noget !.... Ser du nogle problemer ?

ComboFix 10-11-12.06 - Stefan 14-11-2010 18:06:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1023.536 [GMT 1:00]
Kører fra: d:\documents and settings\Stefan\Skrivebord\ComboFix.exe
Kommandoer benyttet :: d:\documents and settings\Stefan\Skrivebord\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EPMNTDRV
-------\Service_epmntdrv

((((((((((((((((((((((((((((( Filer skabt fra 2010-10-14 til 2010-11-14 )))))))))))))))))))))))))))))))))))
.

2010-11-14 16:54 . 2010-11-14 16:54 -------- d-----w- d:\programmer\Windows Live SkyDrive
2010-11-14 16:53 . 2010-11-14 16:54 -------- d-----w- d:\programmer\Windows Live
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin7.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin6.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin.dll
2010-11-14 16:03 . 2010-11-14 16:04 -------- d-----w- d:\programmer\QuickTime
2010-11-14 16:03 . 2010-11-14 16:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2010-11-14 15:46 . 2010-11-14 15:46 -------- d-----w- d:\programmer\FileHippo.com
2010-11-14 15:44 . 2010-11-14 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\McAfee
2010-11-14 15:44 . 2010-11-14 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-11-14 15:40 . 2010-11-14 15:40 -------- d-----w- d:\programmer\Fælles filer\Java
2010-11-14 15:36 . 2010-11-14 15:36 -------- d-----w- d:\programmer\Fælles filer\Adobe
2010-11-14 06:00 . 2010-11-14 06:00 -------- d-----w- d:\documents and settings\Stefan\Application Data\TVU Networks
2010-11-14 05:01 . 2010-11-14 05:01 -------- d-----w- d:\documents and settings\Stefan\Application Data\SignupShield
2010-11-14 03:44 . 2010-11-14 03:45 -------- d-----w- d:\programmer\Unlocker
2010-11-14 03:13 . 2006-05-16 09:04 2879488 ----a-w- d:\windows\SkyTel.exe
2010-11-14 03:13 . 2006-05-04 07:22 86016 ----a-w- d:\windows\SOUNDMAN.EXE
2010-11-14 03:13 . 2006-01-10 04:58 266240 ----a-w- d:\windows\system32\RTSndMgr.CPL
2010-11-14 03:13 . 2006-03-09 08:45 364544 ----a-w- d:\windows\RtlUpd.exe
2010-11-14 03:13 . 2006-05-04 07:35 9709568 ----a-w- d:\windows\RTLCPL.EXE
2010-11-14 03:13 . 2006-06-06 03:09 4284928 ----a-w- d:\windows\system32\drivers\RtkHDAud.sys
2010-11-14 03:12 . 2006-06-01 07:48 16208384 ----a-w- d:\windows\RTHDCPL.EXE
2010-11-14 03:12 . 2006-03-10 10:32 2158592 ----a-w- d:\windows\MicCal.exe
2010-11-14 03:12 . 2006-05-04 07:26 2808832 ----a-w- d:\windows\ALCWZRD.EXE
2010-11-14 03:12 . 2005-09-21 01:25 299008 ----a-w- d:\windows\system32\ALSNDMGR.CPL
2010-11-14 03:12 . 2005-05-03 09:43 69632 ----a-w- d:\windows\ALCMTR.EXE
2010-11-14 03:03 . 2010-11-14 03:12 -------- d-----w- D:\Dell Drivere
2010-11-14 03:03 . 2006-06-29 07:53 244864 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2010-11-14 01:01 . 2010-11-14 01:01 -------- d-----w- d:\programmer\AIDA32 - Enterprise System Information
2010-11-14 00:15 . 2010-10-28 11:23 2217088 ----a-w- d:\windows\system32\BootMan.exe
2010-11-14 00:15 . 2010-07-15 07:44 86408 ----a-w- d:\windows\system32\setupempdrv03.exe
2010-11-14 00:15 . 2010-07-15 07:44 8456 ----a-w- d:\windows\system32\EuGdiDrv.sys
2010-11-14 00:15 . 2010-07-15 07:44 13192 ----a-w- d:\windows\system32\epmntdrv.sys
2010-11-14 00:15 . 2010-07-15 07:44 14848 ----a-w- d:\windows\system32\EuEpmGdi.dll
2010-11-14 00:15 . 2010-11-14 00:15 -------- d-----w- d:\programmer\EASEUS
2010-11-13 21:23 . 2008-04-14 17:05 116224 -c--a-w- d:\windows\system32\dllcache\xrxwiadr.dll
2010-11-13 21:23 . 2001-10-04 16:07 23040 -c--a-w- d:\windows\system32\dllcache\xrxwbtmp.dll
2010-11-13 21:23 . 2008-04-14 17:05 18944 -c--a-w- d:\windows\system32\dllcache\xrxscnui.dll
2010-11-13 21:23 . 2001-10-04 16:07 27648 -c--a-w- d:\windows\system32\dllcache\xrxftplt.exe
2010-11-13 21:23 . 2001-10-04 16:07 4608 -c--a-w- d:\windows\system32\dllcache\xrxflnch.exe
2010-11-13 21:23 . 2001-08-18 05:37 99865 -c--a-w- d:\windows\system32\dllcache\xlog.exe
2010-11-13 21:21 . 2001-08-17 19:13 16925 -c--a-w- d:\windows\system32\dllcache\w940nd.sys
2010-11-13 21:20 . 2008-04-13 19:45 20608 -c--a-w- d:\windows\system32\dllcache\usbuhci.sys
2010-11-13 21:19 . 2001-08-17 19:51 222336 -c--a-w- d:\windows\system32\dllcache\trid3dm.sys
2010-11-13 21:18 . 2001-08-17 19:50 36640 -c--a-w- d:\windows\system32\dllcache\t2r4mini.sys
2010-11-13 21:17 . 2001-10-04 16:07 24660 -c--a-w- d:\windows\system32\dllcache\spxupchk.dll
2010-11-13 21:16 . 2001-10-04 16:07 45568 -c--a-w- d:\windows\system32\dllcache\smb3w.dll
2010-11-13 21:15 . 2001-10-04 16:07 386560 -c--a-w- d:\windows\system32\dllcache\sgiul50.dll
2010-11-13 21:14 . 2001-10-04 16:07 62496 -c--a-w- d:\windows\system32\dllcache\s3mtrio.dll
2010-11-13 21:13 . 2001-08-17 20:53 3328 -c--a-w- d:\windows\system32\dllcache\qv2kux.sys
2010-11-13 21:12 . 2001-08-17 21:04 173696 -c--a-w- d:\windows\system32\dllcache\philcam2.sys
2010-11-13 21:11 . 2001-08-17 21:05 31872 -c--a-w- d:\windows\system32\dllcache\ovce.sys
2010-11-13 21:10 . 2001-10-04 16:07 60480 -c--a-w- d:\windows\system32\dllcache\neo20xx.dll
2010-11-13 21:09 . 2001-08-17 21:02 35200 -c--a-w- d:\windows\system32\dllcache\msgame.sys
2010-11-13 21:08 . 2008-04-13 19:40 7040 -c--a-w- d:\windows\system32\dllcache\ltotape.sys
2010-11-13 21:07 . 2001-08-17 21:55 6144 -c--a-w- d:\windows\system32\dllcache\kbd101b.dll
2010-11-13 21:06 . 2001-08-17 21:06 38528 -c--a-w- d:\windows\system32\dllcache\ibmvcap.sys
2010-11-13 21:05 . 2001-10-04 16:07 19456 -c--a-w- d:\windows\system32\dllcache\hr1w.dll
2010-11-13 21:04 . 2001-10-04 16:07 92160 -c--a-w- d:\windows\system32\dllcache\fuusd.dll
2010-11-13 21:03 . 2001-08-17 19:19 37120 -c--a-w- d:\windows\system32\dllcache\es1370mp.sys
2010-11-13 21:02 . 2001-08-17 19:11 26698 -c--a-w- d:\windows\system32\dllcache\dlh5xnd5.sys
2010-11-13 21:01 . 2001-10-04 16:07 4096 -c--a-w- d:\windows\system32\dllcache\ctwdm32.dll
2010-11-13 21:00 . 2001-10-04 15:32 13824 -c--a-w- d:\windows\system32\dllcache\bulltlp3.sys
2010-11-13 20:59 . 2001-08-17 20:51 5248 -c--a-w- d:\windows\system32\dllcache\aliide.sys
2010-11-13 20:45 . 2010-11-13 20:45 -------- d-----w- d:\documents and settings\Administrator
2010-11-13 18:04 . 2010-11-13 18:04 -------- d-----w- d:\documents and settings\Stefan\Application Data\Malwarebytes
2010-11-13 18:04 . 2010-04-29 14:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-11-13 18:03 . 2010-11-13 18:04 -------- d-----w- d:\programmer\Malwarebytes' Anti-Malware
2010-11-13 18:03 . 2010-11-13 18:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-13 18:03 . 2010-04-29 14:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-11-13 17:47 . 2010-11-13 17:47 -------- d-----w- d:\programmer\VS Revo Group
2010-11-13 00:22 . 2010-11-14 16:54 -------- d-----w- d:\programmer\Microsoft
2010-11-13 00:22 . 2010-11-13 17:35 -------- d-----w- d:\programmer\Microsoft Silverlight
2010-11-13 00:21 . 2010-11-13 00:19 96200 ----a-w- d:\windows\system32\drivers\CDAVFS.sys
2010-11-13 00:20 . 2010-11-13 00:20 -------- d-----w- d:\programmer\Fælles filer\Authentium
2010-11-13 00:20 . 2010-11-13 17:49 -------- d-----w- d:\programmer\Bing Bar Installer
2010-11-13 00:05 . 2010-11-13 00:05 -------- d-----w- d:\programmer\KeyScrambler
2010-11-13 00:05 . 2010-02-11 15:03 114952 ----a-w- d:\windows\system32\drivers\keyscrambler.sys
2010-11-12 21:24 . 2010-11-12 21:24 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-12 21:24 . 2010-11-14 04:38 -------- d-----w- d:\documents and settings\Stefan\Application Data\SUPERAntiSpyware.com
2010-11-12 21:24 . 2010-11-14 04:38 -------- d-----w- d:\programmer\SUPERAntiSpyware
2010-11-12 18:51 . 2010-11-12 21:16 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Tools
2010-11-09 15:16 . 2010-11-09 15:16 -------- d-----w- d:\documents and settings\Stefan\.oces2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 18:59 . 2009-11-26 12:46 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- d:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- d:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- d:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- d:\windows\system32\mfc40.dll
2010-09-15 03:50 . 2010-05-14 07:35 472808 ----a-w- d:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2009-10-30 07:53 73728 ----a-w- d:\windows\system32\javacpl.cpl
2010-09-10 05:51 . 2006-03-02 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-09-10 05:51 . 2006-03-02 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-09-10 05:51 . 2006-03-02 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- d:\windows\system32\QuickTime.qts
2010-09-01 11:52 . 2006-03-02 12:00 285824 ----a-w- d:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2006-03-02 12:00 1852800 ----a-w- d:\windows\system32\win32k.sys
2010-08-27 08:03 . 2006-03-02 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2010-08-27 05:53 . 2006-03-02 12:00 99840 ----a-w- d:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-03-02 12:00 357248 ----a-w- d:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2006-03-02 12:00 617472 ----a-w- d:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- d:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "d:\programmer\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "d:\programmer\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"LXBSCATS"="d:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 65536]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"Adobe Reader Speed Launcher"=":d:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [BU]
"Adobe ARM"=":d:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [BU]
"SunJavaUpdateSched"=":d:\programmer\Fælles filer\Java\Java Update\jusched.exe" [BU]
"QuickTime Task"=":d:\programmer\QuickTime\QTTask.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Stefan\Menuen Start\Programmer\Start\~Disabled
MagicDisc.lnk - d:\programmer\MagicDisc\MagicDisc.exe [2009-7-25 576000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programmer\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [18-07-2009 23:40 721904]
R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\NIS\1108000.005\symds.sys [24-09-2010 11:13 328752]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\NIS\1108000.005\symefa.sys [24-09-2010 11:13 173104]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [04-11-2010 01:07 691248]
R1 ccHP;Symantec Hash Provider;d:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys [24-09-2010 11:13 501888]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\NIS\1108000.005\ironx86.sys [24-09-2010 11:13 116784]
R2 NIS;Norton Internet Security;d:\programmer\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [24-09-2010 11:13 126392]
R2 vseamps;vseamps;d:\programmer\Fælles filer\Authentium\AntiVirus5\vseamps.exe [08-04-2010 16:46 117288]
R2 vsedsps;vsedsps;d:\programmer\Fælles filer\Authentium\AntiVirus5\vsedsps.exe [08-04-2010 16:46 117288]
R2 vseqrts;vseqrts;d:\programmer\Fælles filer\Authentium\AntiVirus5\vseqrts.exe [08-04-2010 16:46 154152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\programmer\Fælles filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14-11-2010 04:07 102448]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101112.001\IDSXpx86.sys [19-10-2010 21:36 341880]
R3 KeyScrambler;KeyScrambler;d:\windows\system32\drivers\keyscrambler.sys [13-11-2010 01:05 114952]
S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASKUTIL;SASKUTIL;\??\d:\programmer\SUPERAntiSpyware\SASKUTIL.sys --> d:\programmer\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate;Tjenesten Google Update (gupdate);d:\programmer\Google\Update\GoogleUpdate.exe [21-10-2009 16:09 133104]
S3 EuGdiDrv;EuGdiDrv;d:\windows\system32\EuGdiDrv.sys [14-11-2010 01:15 8456]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\d:\programmer\Lavasoft\Ad-Aware\KernExplorer.sys --> d:\programmer\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"d:\programmer\McAfee Security Scan\2.0.181\McCHSvc.exe" --> d:\programmer\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
Indhold af mappen 'Planlagte Opgaver'

2010-10-26 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-11-14 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\programmer\Google\Update\GoogleUpdate.exe [2009-10-21 15:09]

2010-11-14 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\programmer\Google\Update\GoogleUpdate.exe [2009-10-21 15:09]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/webhp?sourceid=navclient&hl=da&ie=UTF-8
mStart Page = hxxp://search.myheritage.com
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: Google Sidewiki ... - d:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: danid.dk
Trusted Zone: danid.dk
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - d:\programmer\Celebrity Toolbar\mhxpcomi.dll
.
- - - - TOMME GENVEJE FJERNET - - - -

HKCU-Run-msnmsgr - :d:\programmer\Windows Live\Messenger\msnmsgr.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 18:13
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBSCATS = rundll32 d:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"d:\programmer\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"d:\programmer\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1659004503-515967899-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,1f,72,23,02,6d,7f,a0,33,9b,c0,9a,ff,78,5c,20,1f,55,fe,00,3b,fe,b0,
04,61,98,be,ee,e8,90,ff,36,37,27,a4,cb,0e,52,f9,19,c3,a1,e4,fe,56,ad,84,68,\
"??"=hex:fc,d4,d2,f7,20,0e,78,4d,83,f6,c9,77,ea,4e,55,57

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(736)
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(1860)
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\programmer\Java\jre6\bin\jqs.exe
d:\programmer\CDBurnerXP\NMSAccessU.exe
d:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
d:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
d:\windows\system32\wscntfy.exe
d:\programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\windows\RTHDCPL.EXE
d:\programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\windows\system32\wbem\wmiapsrv.exe
d:\windows\system32\imapi.exe
.
**************************************************************************
.
Gennemført tid: 2010-11-14 18:16:32 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-11-14 17:16
ComboFix2.txt 2010-11-14 10:42

Pre-Kørsel: 106.711.830.528 byte ledig
Post-Kørsel: 106.707.980.288 byte ledig

- - End Of File - - EF87C5D4802C065FF93002509F31F9A2

Synes godt om

targa55 Praktikant

14. november 2010 - 19:16 #15

Er ikke ved pc et stykke tid ..... så sender lige en log fra HJT for en sikkerhedsskyld.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:05, on 14-11-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmer\Java\jre6\bin\jqs.exe
D:\Programmer\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
D:\Programmer\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmer\Fælles filer\Authentium\AntiVirus5\vsedsps.exe
D:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Programmer\Fælles filer\Authentium\AntiVirus5\vseamps.exe
D:\Programmer\Fælles filer\Authentium\AntiVirus5\vseqrts.exe
D:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Programmer\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
D:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\explorer.exe
D:\Programmer\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmer\Internet Explorer\iexplore.exe
D:\Documents and Settings\Stefan\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/webhp?sourceid=navclient&hl=da&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - :D:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - :D:\Programmer\KeyScrambler\KeyScramblerIE.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Programmer\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Programmer\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - :D:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - :D:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - :D:\Programmer\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - :D:\Programmer\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Programmer\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - D:\Programmer\Celebrity Toolbar\tbcore3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LXBSCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] :"D:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] :"D:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] :"D:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] :"D:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ~Disabled
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: ~Disabled
O8 - Extra context menu item: Google Sidewiki ... - res://D:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Programmer\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Programmer\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://D:\Programmer\Risk\Images\stg_drm.ocx
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://D:\Programmer\Risk\Images\armhelper.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - D:\Programmer\Celebrity Toolbar\mhxpcomi.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - D:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - D:\WINDOWS\system32\lxbscoms.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - D:\Programmer\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - D:\Programmer\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NMIndexingService - Unknown owner - D:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - D:\Programmer\CDBurnerXP\NMSAccessU.exe
O23 - Service: vseamps - Authentium, Inc - D:\Programmer\Fælles filer\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - D:\Programmer\Fælles filer\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - D:\Programmer\Fælles filer\Authentium\AntiVirus5\vseqrts.exe

--
End of file - 8775 bytes

Synes godt om

f-arn Guru

17. november 2010 - 03:23 #16

Authentium er ikke Afintalleret.

------

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
File::
d:\windows\system32\EuGdiDrv.sys
Driver::
EuGdiDrv

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

targa55 Praktikant

17. november 2010 - 14:15 #17

Her er log fra Combofix.........

ComboFix 10-11-12.06 - Stefan 17-11-2010 13:57:38.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1023.562 [GMT 1:00]
Kører fra: d:\documents and settings\Stefan\Skrivebord\ComboFix.exe
Kommandoer benyttet :: d:\documents and settings\Stefan\Skrivebord\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"d:\windows\system32\EuGdiDrv.sys"
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\EuGdiDrv.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EUGDIDRV
-------\Service_EuGdiDrv

((((((((((((((((((((((((((((( Filer skabt fra 2010-10-17 til 2010-11-17 )))))))))))))))))))))))))))))))))))
.

2010-11-16 19:25 . 2010-11-16 19:25 -------- d-----w- d:\programmer\Map To Atlantis
2010-11-16 17:51 . 2010-11-16 17:51 -------- d-----w- d:\programmer\Gadwin Systems
2010-11-16 13:25 . 2010-10-28 11:23 2217088 ----a-w- d:\windows\system32\BootMan.exe
2010-11-16 13:25 . 2010-07-15 07:44 86408 ----a-w- d:\windows\system32\setupempdrv03.exe
2010-11-16 13:25 . 2010-07-15 07:44 13192 ----a-w- d:\windows\system32\epmntdrv.sys
2010-11-16 13:25 . 2010-07-15 07:44 14848 ----a-w- d:\windows\system32\EuEpmGdi.dll
2010-11-16 13:22 . 2001-08-18 05:36 8704 -c--a-w- d:\windows\system32\dllcache\kbdjpn.dll
2010-11-16 13:22 . 2001-08-18 05:36 8704 ----a-w- d:\windows\system32\kbdjpn.dll
2010-11-16 13:22 . 2001-08-18 05:36 8192 -c--a-w- d:\windows\system32\dllcache\kbdkor.dll
2010-11-16 13:22 . 2001-08-18 05:36 8192 ----a-w- d:\windows\system32\kbdkor.dll
2010-11-16 13:22 . 2001-08-17 21:55 6144 -c--a-w- d:\windows\system32\dllcache\kbd101c.dll
2010-11-16 13:22 . 2001-08-17 21:55 6144 ----a-w- d:\windows\system32\kbd101c.dll
2010-11-16 13:22 . 2001-08-17 21:55 5632 -c--a-w- d:\windows\system32\dllcache\kbd103.dll
2010-11-16 13:22 . 2001-08-17 21:55 5632 ----a-w- d:\windows\system32\kbd103.dll
2010-11-16 13:22 . 2008-04-14 17:04 6144 -c--a-w- d:\windows\system32\dllcache\kbd106.dll
2010-11-16 13:22 . 2008-04-14 17:04 6144 ----a-w- d:\windows\system32\kbd106.dll
2010-11-16 13:22 . 2001-08-17 21:55 6144 -c--a-w- d:\windows\system32\dllcache\kbd101b.dll
2010-11-16 13:22 . 2001-08-17 21:55 6144 ----a-w- d:\windows\system32\kbd101b.dll
2010-11-15 15:02 . 2010-11-16 14:16 -------- d-----w- d:\windows\system32\NtmsData
2010-11-15 13:25 . 2010-11-15 13:25 -------- d-----w- d:\documents and settings\Stefan\Application Data\FastStone
2010-11-15 13:25 . 2010-11-15 13:25 -------- d-----w- d:\programmer\FastStone Image Viewer
2010-11-15 13:19 . 2010-11-15 13:19 -------- d-----w- d:\documents and settings\Stefan\Application Data\Canneverbe Limited
2010-11-15 01:30 . 2010-11-15 01:30 -------- d-----w- d:\programmer\Defraggler
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin7.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin6.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin.dll
2010-11-14 16:03 . 2010-11-14 16:04 -------- d-----w- d:\programmer\QuickTime
2010-11-14 16:03 . 2010-11-14 16:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2010-11-14 15:46 . 2010-11-14 15:46 -------- d-----w- d:\programmer\FileHippo.com
2010-11-14 15:44 . 2010-11-14 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\McAfee
2010-11-14 15:44 . 2010-11-14 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-11-14 15:40 . 2010-11-14 15:40 -------- d-----w- d:\programmer\Fælles filer\Java
2010-11-14 15:36 . 2010-11-14 15:36 -------- d-----w- d:\programmer\Fælles filer\Adobe
2010-11-14 06:00 . 2010-11-14 06:00 -------- d-----w- d:\documents and settings\Stefan\Application Data\TVU Networks
2010-11-14 05:01 . 2010-11-14 05:01 -------- d-----w- d:\documents and settings\Stefan\Application Data\SignupShield
2010-11-14 03:44 . 2010-11-14 03:45 -------- d-----w- d:\programmer\Unlocker
2010-11-14 03:13 . 2006-05-16 09:04 2879488 ----a-w- d:\windows\SkyTel.exe
2010-11-14 03:13 . 2006-05-04 07:22 86016 ----a-w- d:\windows\SOUNDMAN.EXE
2010-11-14 03:13 . 2006-01-10 04:58 266240 ----a-w- d:\windows\system32\RTSndMgr.CPL
2010-11-14 03:13 . 2006-03-09 08:45 364544 ----a-w- d:\windows\RtlUpd.exe
2010-11-14 03:13 . 2006-05-04 07:35 9709568 ----a-w- d:\windows\RTLCPL.EXE
2010-11-14 03:13 . 2006-06-06 03:09 4284928 ----a-w- d:\windows\system32\drivers\RtkHDAud.sys
2010-11-14 03:12 . 2006-06-01 07:48 16208384 ----a-w- d:\windows\RTHDCPL.EXE
2010-11-14 03:12 . 2006-03-10 10:32 2158592 ----a-w- d:\windows\MicCal.exe
2010-11-14 03:12 . 2006-05-04 07:26 2808832 ----a-w- d:\windows\ALCWZRD.EXE
2010-11-14 03:12 . 2005-09-21 01:25 299008 ----a-w- d:\windows\system32\ALSNDMGR.CPL
2010-11-14 03:12 . 2005-05-03 09:43 69632 ----a-w- d:\windows\ALCMTR.EXE
2010-11-14 03:03 . 2010-11-14 03:12 -------- d-----w- D:\Dell Drivere
2010-11-14 03:03 . 2006-06-29 07:53 244864 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2010-11-14 01:01 . 2010-11-14 01:01 -------- d-----w- d:\programmer\AIDA32 - Enterprise System Information
2010-11-14 00:15 . 2010-11-16 13:25 -------- d-----w- d:\programmer\EASEUS
2010-11-13 21:23 . 2008-04-14 17:05 116224 -c--a-w- d:\windows\system32\dllcache\xrxwiadr.dll
2010-11-13 21:23 . 2001-10-04 16:07 23040 -c--a-w- d:\windows\system32\dllcache\xrxwbtmp.dll
2010-11-13 21:23 . 2008-04-14 17:05 18944 -c--a-w- d:\windows\system32\dllcache\xrxscnui.dll
2010-11-13 21:23 . 2001-10-04 16:07 27648 -c--a-w- d:\windows\system32\dllcache\xrxftplt.exe
2010-11-13 21:23 . 2001-10-04 16:07 4608 -c--a-w- d:\windows\system32\dllcache\xrxflnch.exe
2010-11-13 21:23 . 2001-08-18 05:37 99865 -c--a-w- d:\windows\system32\dllcache\xlog.exe
2010-11-13 21:21 . 2001-08-17 19:13 16925 -c--a-w- d:\windows\system32\dllcache\w940nd.sys
2010-11-13 21:20 . 2008-04-13 19:45 20608 -c--a-w- d:\windows\system32\dllcache\usbuhci.sys
2010-11-13 21:19 . 2001-08-17 19:51 222336 -c--a-w- d:\windows\system32\dllcache\trid3dm.sys
2010-11-13 21:18 . 2001-08-17 19:50 36640 -c--a-w- d:\windows\system32\dllcache\t2r4mini.sys
2010-11-13 21:17 . 2001-10-04 16:07 24660 -c--a-w- d:\windows\system32\dllcache\spxupchk.dll
2010-11-13 21:16 . 2001-10-04 16:07 45568 -c--a-w- d:\windows\system32\dllcache\smb3w.dll
2010-11-13 21:15 . 2001-10-04 16:07 386560 -c--a-w- d:\windows\system32\dllcache\sgiul50.dll
2010-11-13 21:14 . 2001-10-04 16:07 62496 -c--a-w- d:\windows\system32\dllcache\s3mtrio.dll
2010-11-13 21:13 . 2001-08-17 20:53 3328 -c--a-w- d:\windows\system32\dllcache\qv2kux.sys
2010-11-13 21:12 . 2001-08-17 21:04 173696 -c--a-w- d:\windows\system32\dllcache\philcam2.sys
2010-11-13 21:11 . 2001-08-17 21:05 31872 -c--a-w- d:\windows\system32\dllcache\ovce.sys
2010-11-13 21:10 . 2001-10-04 16:07 60480 -c--a-w- d:\windows\system32\dllcache\neo20xx.dll
2010-11-13 21:09 . 2001-08-17 21:02 35200 -c--a-w- d:\windows\system32\dllcache\msgame.sys
2010-11-13 21:08 . 2008-04-13 19:40 7040 -c--a-w- d:\windows\system32\dllcache\ltotape.sys
2010-11-13 21:07 . 2001-08-17 20:49 26624 -c--a-w- d:\windows\system32\dllcache\irstusb.sys
2010-11-13 21:06 . 2001-08-17 21:06 38528 -c--a-w- d:\windows\system32\dllcache\ibmvcap.sys
2010-11-13 21:05 . 2001-10-04 16:07 19456 -c--a-w- d:\windows\system32\dllcache\hr1w.dll
2010-11-13 21:04 . 2001-10-04 16:07 92160 -c--a-w- d:\windows\system32\dllcache\fuusd.dll
2010-11-13 21:03 . 2001-08-17 19:19 37120 -c--a-w- d:\windows\system32\dllcache\es1370mp.sys
2010-11-13 21:02 . 2001-08-17 19:11 26698 -c--a-w- d:\windows\system32\dllcache\dlh5xnd5.sys
2010-11-13 21:01 . 2001-10-04 16:07 4096 -c--a-w- d:\windows\system32\dllcache\ctwdm32.dll
2010-11-13 21:00 . 2001-10-04 15:32 13824 -c--a-w- d:\windows\system32\dllcache\bulltlp3.sys
2010-11-13 20:59 . 2001-08-17 20:51 5248 -c--a-w- d:\windows\system32\dllcache\aliide.sys
2010-11-13 20:45 . 2010-11-13 20:45 -------- d-----w- d:\documents and settings\Administrator
2010-11-13 18:04 . 2010-11-13 18:04 -------- d-----w- d:\documents and settings\Stefan\Application Data\Malwarebytes
2010-11-13 18:04 . 2010-04-29 14:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-11-13 18:03 . 2010-11-13 18:04 -------- d-----w- d:\programmer\Malwarebytes' Anti-Malware
2010-11-13 18:03 . 2010-11-13 18:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-13 18:03 . 2010-04-29 14:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-11-13 17:47 . 2010-11-13 17:47 -------- d-----w- d:\programmer\VS Revo Group
2010-11-13 00:22 . 2010-11-14 16:54 -------- d-----w- d:\programmer\Microsoft
2010-11-13 00:22 . 2010-11-13 17:35 -------- d-----w- d:\programmer\Microsoft Silverlight
2010-11-13 00:21 . 2010-11-13 00:19 96200 ----a-w- d:\windows\system32\drivers\CDAVFS.sys
2010-11-13 00:20 . 2010-11-13 00:20 -------- d-----w- d:\programmer\Fælles filer\Authentium
2010-11-13 00:20 . 2010-11-13 17:49 -------- d-----w- d:\programmer\Bing Bar Installer
2010-11-13 00:05 . 2010-11-13 00:05 -------- d-----w- d:\programmer\KeyScrambler
2010-11-13 00:05 . 2010-02-11 15:03 114952 ----a-w- d:\windows\system32\drivers\keyscrambler.sys
2010-11-12 21:24 . 2010-11-12 21:24 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-12 21:24 . 2010-11-14 04:38 -------- d-----w- d:\documents and settings\Stefan\Application Data\SUPERAntiSpyware.com
2010-11-12 21:24 . 2010-11-14 04:38 -------- d-----w- d:\programmer\SUPERAntiSpyware
2010-11-12 18:51 . 2010-11-12 21:16 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Tools
2010-11-09 15:16 . 2010-11-09 15:16 -------- d-----w- d:\documents and settings\Stefan\.oces2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 18:59 . 2009-11-26 12:46 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- d:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- d:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- d:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- d:\windows\system32\mfc40.dll
2010-09-15 03:50 . 2010-05-14 07:35 472808 ----a-w- d:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2009-10-30 07:53 73728 ----a-w- d:\windows\system32\javacpl.cpl
2010-09-10 05:51 . 2006-03-02 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-09-10 05:51 . 2006-03-02 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-09-10 05:51 . 2006-03-02 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- d:\windows\system32\QuickTime.qts
2010-09-01 11:52 . 2006-03-02 12:00 285824 ----a-w- d:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2006-03-02 12:00 1852800 ----a-w- d:\windows\system32\win32k.sys
2010-08-27 08:03 . 2006-03-02 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2010-08-27 05:53 . 2006-03-02 12:00 99840 ----a-w- d:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-03-02 12:00 357248 ----a-w- d:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2006-03-02 12:00 617472 ----a-w- d:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-22 39408]
"Gadwin PrintScreen 2.6"="d:\programmer\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 913408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXBSCATS"="d:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 65536]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"Adobe Reader Speed Launcher"=":d:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [BU]
"Adobe ARM"=":d:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [BU]
"SunJavaUpdateSched"=":d:\programmer\Fælles filer\Java\Java Update\jusched.exe" [BU]
"QuickTime Task"=":d:\programmer\QuickTime\QTTask.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Stefan\Menuen Start\Programmer\Start\~Disabled
MagicDisc.lnk - d:\programmer\MagicDisc\MagicDisc.exe [2009-7-25 576000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [18-07-2009 23:40 721904]
R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\NIS\1108000.005\symds.sys [24-09-2010 11:13 328752]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\NIS\1108000.005\symefa.sys [24-09-2010 11:13 173104]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [04-11-2010 01:07 691248]
R1 ccHP;Symantec Hash Provider;d:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys [24-09-2010 11:13 501888]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\NIS\1108000.005\ironx86.sys [24-09-2010 11:13 116784]
R2 NIS;Norton Internet Security;d:\programmer\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [24-09-2010 11:13 126392]
R2 vseamps;vseamps;d:\programmer\Fælles filer\Authentium\AntiVirus5\vseamps.exe [08-04-2010 16:46 117288]
R2 vsedsps;vsedsps;d:\programmer\Fælles filer\Authentium\AntiVirus5\vsedsps.exe [08-04-2010 16:46 117288]
R2 vseqrts;vseqrts;d:\programmer\Fælles filer\Authentium\AntiVirus5\vseqrts.exe [08-04-2010 16:46 154152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\programmer\Fælles filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14-11-2010 04:07 102448]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101115.001\IDSXpx86.sys [19-10-2010 21:36 341880]
R3 KeyScrambler;KeyScrambler;d:\windows\system32\drivers\keyscrambler.sys [13-11-2010 01:05 114952]
S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASKUTIL;SASKUTIL;\??\d:\programmer\SUPERAntiSpyware\SASKUTIL.sys --> d:\programmer\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate;Tjenesten Google Update (gupdate);d:\programmer\Google\Update\GoogleUpdate.exe [21-10-2009 16:09 133104]
S3 epmntdrv;epmntdrv;d:\windows\system32\epmntdrv.sys [16-11-2010 14:25 13192]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\d:\programmer\Lavasoft\Ad-Aware\KernExplorer.sys --> d:\programmer\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"d:\programmer\McAfee Security Scan\2.0.181\McCHSvc.exe" --> d:\programmer\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
Indhold af mappen 'Planlagte Opgaver'

2010-10-26 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-11-17 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\programmer\Google\Update\GoogleUpdate.exe [2009-10-21 15:09]

2010-11-16 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\programmer\Google\Update\GoogleUpdate.exe [2009-10-21 15:09]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/webhp?sourceid=navclient&hl=da&ie=UTF-8
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: Google Sidewiki ... - d:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: danid.dk
Trusted Zone: danid.dk
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKLM-Run-StartCCC - :d:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 14:03
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBSCATS = rundll32 d:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"d:\programmer\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"d:\programmer\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1659004503-515967899-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,1f,72,23,02,6d,7f,a0,33,9b,c0,9a,ff,78,5c,20,1f,55,fe,00,3b,fe,b0,
04,61,98,be,ee,e8,90,ff,36,37,27,a4,cb,0e,52,f9,19,c3,a1,e4,fe,56,ad,84,68,\
"??"=hex:fc,d4,d2,f7,20,0e,78,4d,83,f6,c9,77,ea,4e,55,57

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(740)
d:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3720)
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\programmer\Java\jre6\bin\jqs.exe
d:\programmer\CDBurnerXP\NMSAccessU.exe
d:\windows\RTHDCPL.EXE
d:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Gennemført tid: 2010-11-17 14:06:06 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-11-17 13:06
ComboFix2.txt 2010-11-14 17:16
ComboFix3.txt 2010-11-14 10:42

Pre-Kørsel: 107.433.537.536 byte ledig
Post-Kørsel: 107.439.017.984 byte ledig

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 527C6531575DE071A0CCBCE07651BAF8

Synes godt om

f-arn Guru

18. november 2010 - 07:51 #18

Lad os se om der gemmer sig mere...

------

Deaktiver dit antivirus-program, kør en online scanning med ESET Online Scanner:
http://www.eset.com/onlinescan/

Du skal acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control er indlæst, vil det tage et par minutter for scanneren at blive klar.
Dernæst skal du sætte flueben i følgende felter:
Remove found threats
Scan archives

under advanced settings
Scan for potentialy unwanted applications
Scan for potentially unsafe applications
enable anti-stealth technology

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.

(hvis ikke, skal du gå til C:\Programmer\EsetOnlineScanner\ og åbne filen Log.txt).

Kopier den herind i næste indlæg.

______

Jeg kan se du har Revo Uninstaller. Prøv om den kan fjerne Authentium/McAfee.

Synes godt om

targa55 Praktikant

18. november 2010 - 19:17 #19

Her er ESET-log.....
Authentium/McAfee kan jeg ikke se/finde noget sted, så er den jo ikke nem at fjerne ... kan heller ikke finde den i reg.databasen !....

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a5a00fb566c8b041a359aac541a55b70
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-18 04:30:58
# local_time=2010-11-18 05:30:58 (+0100, Rom, normaltid)
# country="Denmark"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1026 16777214 0 2 35151978 35151978 0 0
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 7208 7208 0 0
# scanned=50627
# found=1
# cleaned=1
# scan_time=1839
C:\Holger\Start up run.exe Win32/StartupRun.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251

Synes godt om

f-arn Guru

19. november 2010 - 12:35 #20

Authentium/McAfee kan jeg ikke se/finde noget sted, så er den jo ikke nem at fjerne

Den "gemmer" sig som AVSDK5 under "Tilføj/Fjern Programmer" i Kontrolpanelet. Hvis den ikke kan fjernes der, bør du hente en ny Revo Uninstaller og bruge den.

------

hent Security Check af screen317
Start den og følg instruktionerne.
Kopier loggen herind.

Synes godt om

targa55 Praktikant

19. november 2010 - 23:41 #21

Har hentet ny Revo Uninstaller ..... Men AVSDK5 findes ikke i "Tilføj/Fjern Programmer" eller i den nye Revo Uninstaller.
Her er log fra Security Check........

Results of screen317's Security Check version 0.99.6
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 22
Adobe Flash Player 10.0.22.87
Adobe Reader 9.4.0 - Dansk
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
nslookup.exe missing!
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

Synes godt om

f-arn Guru

20. november 2010 - 09:44 #22

Klik Start -> Kør -> Skriv: sfc /scannow - bemærk mellemrummet efter sfc -> Klik OK
Der kommer en bjælke så længe scanningen kører, og når den er færdig, forsvinder den igen, og du får ikke andre meldinger.
Indsæt din Windows CD, hvis den be'r om det.
Genstart computeren

------

1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:filefind
nslookup.exe
vseamps.exe

3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.

Synes godt om

Computer Hjælp (Gratis) Mester

20. november 2010 - 09:53 #23

<f-arn>: Please GoSub http://www.eksperten.dk/spm/924434#reply_7689353 ?

Synes godt om

targa55 Praktikant

21. november 2010 - 15:16 #24

sfc /scannow er kørt, og her er log fra SystemLook.........
SystemLook 04.09.10 by jpshortstuff
Log created at 15:13 on 21/11/2010 by Stefan
Administrator - Elevation successful

========== filefind ==========

Searching for "nslookup.exe"
D:\WINDOWS\$NtServicePackUninstall$\nslookup.exe -----c- 76800 bytes [16:19 08/06/2009] [12:00 02/03/2006] 40E160C497D24BDD00FCE015CBAF7163
D:\WINDOWS\ServicePackFiles\i386\nslookup.exe ------- 76800 bytes [16:05 14/04/2008] [16:05 14/04/2008] D21DF2A7F1631FE60B2D93A6AD3ED686
D:\WINDOWS\system32\nslookup.exe --a---- 76800 bytes [12:00 02/03/2006] [16:05 14/04/2008] D21DF2A7F1631FE60B2D93A6AD3ED686
D:\WINDOWS\system32\dllcache\nslookup.exe --a--c- 76800 bytes [12:00 02/03/2006] [16:05 14/04/2008] D21DF2A7F1631FE60B2D93A6AD3ED686

Searching for "vseamps.exe"
No files found.

-= EOF =-

Synes godt om

f-arn Guru

21. november 2010 - 18:12 #25

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
File::
d:\windows\system32\epmntdrv.sys
Driver::
vseamps
vsedsps
vseqrts
epmntdrv

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

------

Vil du godt opdatere Malwarebyte, og køre en "Hurtig skan". Kopier loggen herind.

------

Kør lige Security Check igen. Kopier loggen herind.

Synes godt om

targa55 Praktikant

22. november 2010 - 15:05 #26

Så er her nye logs igen......
Det er noget af et arbejde du/vi er kommet på her !..... er det en orm der har fået lavet "alt balladen" ?........

ComboFix 10-11-21.02 - Stefan 22-11-2010 14:21:47.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1023.652 [GMT 1:00]
Kører fra: d:\documents and settings\Stefan\Skrivebord\ComboFix.exe
Kommandoer benyttet :: d:\documents and settings\Stefan\Skrivebord\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Dannede nyt systemgendannelsespunkt

FILE ::
"d:\windows\system32\epmntdrv.sys"
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\epmntdrv.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EPMNTDRV
-------\Legacy_VSEAMPS
-------\Legacy_VSEDSPS
-------\Legacy_VSEQRTS
-------\Service_epmntdrv
-------\Service_vseamps
-------\Service_vsedsps
-------\Service_vseqrts

((((((((((((((((((((((((((((( Filer skabt fra 2010-10-22 til 2010-11-22 )))))))))))))))))))))))))))))))))))
.

2010-11-19 21:13 . 2010-11-19 21:13 -------- d-----w- d:\documents and settings\Stefan\Application Data\VS Revo Group
2010-11-19 20:51 . 2010-11-19 20:51 -------- d-----w- d:\documents and settings\Stefan\Lokale indstillinger\Application Data\VS Revo Group
2010-11-19 20:51 . 2009-12-30 10:20 27064 ----a-w- d:\windows\system32\drivers\revoflt.sys
2010-11-18 15:00 . 2010-11-18 15:00 -------- d-----w- d:\programmer\ESET
2010-11-18 14:45 . 2010-11-18 14:45 -------- d-----w- d:\documents and settings\Stefan\Application Data\VSRevoGroup
2010-11-16 19:25 . 2010-11-16 19:25 -------- d-----w- d:\programmer\Map To Atlantis
2010-11-16 17:51 . 2010-11-16 17:51 -------- d-----w- d:\programmer\Gadwin Systems
2010-11-16 13:25 . 2010-10-28 11:23 2217088 ----a-w- d:\windows\system32\BootMan.exe
2010-11-16 13:25 . 2010-07-15 07:44 86408 ----a-w- d:\windows\system32\setupempdrv03.exe
2010-11-16 13:25 . 2010-07-15 07:44 14848 ----a-w- d:\windows\system32\EuEpmGdi.dll
2010-11-16 13:22 . 2001-08-18 05:36 8704 -c--a-w- d:\windows\system32\dllcache\kbdjpn.dll
2010-11-16 13:22 . 2001-08-18 05:36 8704 ----a-w- d:\windows\system32\kbdjpn.dll
2010-11-16 13:22 . 2001-08-18 05:36 8192 -c--a-w- d:\windows\system32\dllcache\kbdkor.dll
2010-11-16 13:22 . 2001-08-18 05:36 8192 ----a-w- d:\windows\system32\kbdkor.dll
2010-11-16 13:22 . 2001-08-17 21:55 6144 -c--a-w- d:\windows\system32\dllcache\kbd101c.dll
2010-11-16 13:22 . 2001-08-17 21:55 6144 ----a-w- d:\windows\system32\kbd101c.dll
2010-11-16 13:22 . 2001-08-17 21:55 5632 -c--a-w- d:\windows\system32\dllcache\kbd103.dll
2010-11-16 13:22 . 2001-08-17 21:55 5632 ----a-w- d:\windows\system32\kbd103.dll
2010-11-16 13:22 . 2008-04-14 17:04 6144 -c--a-w- d:\windows\system32\dllcache\kbd106.dll
2010-11-16 13:22 . 2008-04-14 17:04 6144 ----a-w- d:\windows\system32\kbd106.dll
2010-11-16 13:22 . 2001-08-17 21:55 6144 -c--a-w- d:\windows\system32\dllcache\kbd101b.dll
2010-11-16 13:22 . 2001-08-17 21:55 6144 ----a-w- d:\windows\system32\kbd101b.dll
2010-11-15 15:02 . 2010-11-16 14:16 -------- d-----w- d:\windows\system32\NtmsData
2010-11-15 13:25 . 2010-11-15 13:25 -------- d-----w- d:\documents and settings\Stefan\Application Data\FastStone
2010-11-15 13:25 . 2010-11-15 13:25 -------- d-----w- d:\programmer\FastStone Image Viewer
2010-11-15 13:19 . 2010-11-15 13:19 -------- d-----w- d:\documents and settings\Stefan\Application Data\Canneverbe Limited
2010-11-15 01:30 . 2010-11-15 01:30 -------- d-----w- d:\programmer\Defraggler
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin7.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin6.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-14 16:04 . 2010-11-14 16:04 159744 ----a-w- d:\programmer\Internet Explorer\Plugins\npqtplugin.dll
2010-11-14 16:03 . 2010-11-14 16:04 -------- d-----w- d:\programmer\QuickTime
2010-11-14 16:03 . 2010-11-14 16:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2010-11-14 15:46 . 2010-11-14 15:46 -------- d-----w- d:\programmer\FileHippo.com
2010-11-14 15:44 . 2010-11-14 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\McAfee
2010-11-14 15:44 . 2010-11-14 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-11-14 15:40 . 2010-11-14 15:40 -------- d-----w- d:\programmer\Fælles filer\Java
2010-11-14 15:36 . 2010-11-14 15:36 -------- d-----w- d:\programmer\Fælles filer\Adobe
2010-11-14 06:00 . 2010-11-14 06:00 -------- d-----w- d:\documents and settings\Stefan\Application Data\TVU Networks
2010-11-14 05:01 . 2010-11-14 05:01 -------- d-----w- d:\documents and settings\Stefan\Application Data\SignupShield
2010-11-14 03:44 . 2010-11-14 03:45 -------- d-----w- d:\programmer\Unlocker
2010-11-14 03:13 . 2006-05-16 09:04 2879488 ----a-w- d:\windows\SkyTel.exe
2010-11-14 03:13 . 2006-05-04 07:22 86016 ----a-w- d:\windows\SOUNDMAN.EXE
2010-11-14 03:13 . 2006-01-10 04:58 266240 ----a-w- d:\windows\system32\RTSndMgr.CPL
2010-11-14 03:13 . 2006-03-09 08:45 364544 ----a-w- d:\windows\RtlUpd.exe
2010-11-14 03:13 . 2006-05-04 07:35 9709568 ----a-w- d:\windows\RTLCPL.EXE
2010-11-14 03:13 . 2006-06-06 03:09 4284928 ----a-w- d:\windows\system32\drivers\RtkHDAud.sys
2010-11-14 03:12 . 2006-06-01 07:48 16208384 ----a-w- d:\windows\RTHDCPL.EXE
2010-11-14 03:12 . 2006-03-10 10:32 2158592 ----a-w- d:\windows\MicCal.exe
2010-11-14 03:12 . 2006-05-04 07:26 2808832 ----a-w- d:\windows\ALCWZRD.EXE
2010-11-14 03:12 . 2005-09-21 01:25 299008 ----a-w- d:\windows\system32\ALSNDMGR.CPL
2010-11-14 03:12 . 2005-05-03 09:43 69632 ----a-w- d:\windows\ALCMTR.EXE
2010-11-14 03:03 . 2010-11-14 03:12 -------- d-----w- D:\Dell Drivere
2010-11-14 03:03 . 2006-06-29 07:53 244864 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2010-11-14 01:01 . 2010-11-14 01:01 -------- d-----w- d:\programmer\AIDA32 - Enterprise System Information
2010-11-14 00:15 . 2010-11-16 13:25 -------- d-----w- d:\programmer\EASEUS
2010-11-13 21:23 . 2008-04-14 17:05 116224 -c--a-w- d:\windows\system32\dllcache\xrxwiadr.dll
2010-11-13 21:23 . 2001-10-04 16:07 23040 -c--a-w- d:\windows\system32\dllcache\xrxwbtmp.dll
2010-11-13 21:23 . 2008-04-14 17:05 18944 -c--a-w- d:\windows\system32\dllcache\xrxscnui.dll
2010-11-13 21:23 . 2001-10-04 16:07 27648 -c--a-w- d:\windows\system32\dllcache\xrxftplt.exe
2010-11-13 21:23 . 2001-10-04 16:07 4608 -c--a-w- d:\windows\system32\dllcache\xrxflnch.exe
2010-11-13 21:23 . 2001-08-18 05:37 99865 -c--a-w- d:\windows\system32\dllcache\xlog.exe
2010-11-13 21:21 . 2001-08-17 19:13 16925 -c--a-w- d:\windows\system32\dllcache\w940nd.sys
2010-11-13 21:20 . 2008-04-13 19:45 20608 -c--a-w- d:\windows\system32\dllcache\usbuhci.sys
2010-11-13 21:19 . 2001-08-17 19:51 222336 -c--a-w- d:\windows\system32\dllcache\trid3dm.sys
2010-11-13 21:18 . 2001-08-17 19:50 36640 -c--a-w- d:\windows\system32\dllcache\t2r4mini.sys
2010-11-13 21:17 . 2001-10-04 16:07 24660 -c--a-w- d:\windows\system32\dllcache\spxupchk.dll
2010-11-13 21:16 . 2001-10-04 16:07 45568 -c--a-w- d:\windows\system32\dllcache\smb3w.dll
2010-11-13 21:15 . 2001-10-04 16:07 386560 -c--a-w- d:\windows\system32\dllcache\sgiul50.dll
2010-11-13 21:14 . 2001-10-04 16:07 62496 -c--a-w- d:\windows\system32\dllcache\s3mtrio.dll
2010-11-13 21:13 . 2001-08-17 20:53 3328 -c--a-w- d:\windows\system32\dllcache\qv2kux.sys
2010-11-13 21:12 . 2001-08-17 21:04 173696 -c--a-w- d:\windows\system32\dllcache\philcam2.sys
2010-11-13 21:11 . 2001-08-17 21:05 31872 -c--a-w- d:\windows\system32\dllcache\ovce.sys
2010-11-13 21:10 . 2001-10-04 16:07 60480 -c--a-w- d:\windows\system32\dllcache\neo20xx.dll
2010-11-13 21:09 . 2001-08-17 21:02 35200 -c--a-w- d:\windows\system32\dllcache\msgame.sys
2010-11-13 21:08 . 2008-04-13 19:40 7040 -c--a-w- d:\windows\system32\dllcache\ltotape.sys
2010-11-13 21:07 . 2001-08-17 20:49 26624 -c--a-w- d:\windows\system32\dllcache\irstusb.sys
2010-11-13 21:06 . 2001-08-17 21:06 38528 -c--a-w- d:\windows\system32\dllcache\ibmvcap.sys
2010-11-13 21:05 . 2001-10-04 16:07 19456 -c--a-w- d:\windows\system32\dllcache\hr1w.dll
2010-11-13 21:04 . 2001-10-04 16:07 92160 -c--a-w- d:\windows\system32\dllcache\fuusd.dll
2010-11-13 21:03 . 2001-08-17 19:19 37120 -c--a-w- d:\windows\system32\dllcache\es1370mp.sys
2010-11-13 21:02 . 2001-08-17 19:11 26698 -c--a-w- d:\windows\system32\dllcache\dlh5xnd5.sys
2010-11-13 21:01 . 2001-10-04 16:07 4096 -c--a-w- d:\windows\system32\dllcache\ctwdm32.dll
2010-11-13 21:00 . 2001-10-04 15:32 13824 -c--a-w- d:\windows\system32\dllcache\bulltlp3.sys
2010-11-13 20:59 . 2001-08-17 20:51 5248 -c--a-w- d:\windows\system32\dllcache\aliide.sys
2010-11-13 20:45 . 2010-11-13 20:45 -------- d-----w- d:\documents and settings\Administrator
2010-11-13 18:04 . 2010-11-13 18:04 -------- d-----w- d:\documents and settings\Stefan\Application Data\Malwarebytes
2010-11-13 18:04 . 2010-04-29 14:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-11-13 18:03 . 2010-11-13 18:04 -------- d-----w- d:\programmer\Malwarebytes' Anti-Malware
2010-11-13 18:03 . 2010-11-13 18:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-13 18:03 . 2010-04-29 14:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-11-13 17:47 . 2010-11-19 20:51 -------- d-----w- d:\programmer\VS Revo Group
2010-11-13 00:22 . 2010-11-14 16:54 -------- d-----w- d:\programmer\Microsoft
2010-11-13 00:22 . 2010-11-13 17:35 -------- d-----w- d:\programmer\Microsoft Silverlight
2010-11-13 00:21 . 2010-11-13 00:19 96200 ----a-w- d:\windows\system32\drivers\CDAVFS.sys
2010-11-13 00:05 . 2010-11-13 00:05 -------- d-----w- d:\programmer\KeyScrambler
2010-11-13 00:05 . 2010-02-11 15:03 114952 ----a-w- d:\windows\system32\drivers\keyscrambler.sys
2010-11-12 21:24 . 2010-11-12 21:24 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-12 21:24 . 2010-11-14 04:38 -------- d-----w- d:\documents and settings\Stefan\Application Data\SUPERAntiSpyware.com
2010-11-12 18:51 . 2010-11-12 21:16 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Tools
2010-11-09 15:16 . 2010-11-09 15:16 -------- d-----w- d:\documents and settings\Stefan\.oces2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 18:59 . 2009-11-26 12:46 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- d:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- d:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- d:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- d:\windows\system32\mfc40.dll
2010-09-15 03:50 . 2010-05-14 07:35 472808 ----a-w- d:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2009-10-30 07:53 73728 ----a-w- d:\windows\system32\javacpl.cpl
2010-09-10 05:51 . 2006-03-02 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-09-10 05:51 . 2006-03-02 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-09-10 05:51 . 2006-03-02 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- d:\windows\system32\QuickTime.qts
2010-09-01 11:52 . 2006-03-02 12:00 285824 ----a-w- d:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2006-03-02 12:00 1852800 ----a-w- d:\windows\system32\win32k.sys
2010-08-27 08:03 . 2006-03-02 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2010-08-27 05:53 . 2006-03-02 12:00 99840 ----a-w- d:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-03-02 12:00 357248 ----a-w- d:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-22 39408]
"Gadwin PrintScreen 2.6"="d:\programmer\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 913408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXBSCATS"="d:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 65536]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"Adobe Reader Speed Launcher"=":d:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [BU]
"Adobe ARM"=":d:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [BU]
"SunJavaUpdateSched"=":d:\programmer\Fælles filer\Java\Java Update\jusched.exe" [BU]
"QuickTime Task"="d:\programmer\QuickTime\qttask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Stefan\Menuen Start\Programmer\Start\~Disabled
MagicDisc.lnk - d:\programmer\MagicDisc\MagicDisc.exe [2009-7-25 576000]

d:\documents and settings\All Users\Menuen Start\Programmer\Start\~Disabled
ExifLauncher2.lnk - d:\programmer\FinePixViewer\QuickDCF2.exe [2010-9-8 303104]
Microsoft Office.lnk - d:\programmer\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [18-07-2009 23:40 721904]
R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\NIS\1108000.005\symds.sys [24-09-2010 11:13 328752]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\NIS\1108000.005\symefa.sys [24-09-2010 11:13 173104]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [04-11-2010 01:07 691248]
R1 ccHP;Symantec Hash Provider;d:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys [24-09-2010 11:13 501888]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\NIS\1108000.005\ironx86.sys [24-09-2010 11:13 116784]
R2 NIS;Norton Internet Security;d:\programmer\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [24-09-2010 11:13 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\programmer\Fælles filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14-11-2010 04:07 102448]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101119.001\IDSXpx86.sys [19-10-2010 21:36 341880]
R3 KeyScrambler;KeyScrambler;d:\windows\system32\drivers\keyscrambler.sys [13-11-2010 01:05 114952]
S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASKUTIL;SASKUTIL;\??\d:\programmer\SUPERAntiSpyware\SASKUTIL.sys --> d:\programmer\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate;Tjenesten Google Update (gupdate);d:\programmer\Google\Update\GoogleUpdate.exe [21-10-2009 16:09 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\d:\programmer\Lavasoft\Ad-Aware\KernExplorer.sys --> d:\programmer\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"d:\programmer\McAfee Security Scan\2.0.181\McCHSvc.exe" --> d:\programmer\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 Revoflt;Revoflt;d:\windows\system32\drivers\revoflt.sys [19-11-2010 21:51 27064]
.
Indhold af mappen 'Planlagte Opgaver'

2010-10-26 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-11-22 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\programmer\Google\Update\GoogleUpdate.exe [2009-10-21 15:09]

2010-11-21 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\programmer\Google\Update\GoogleUpdate.exe [2009-10-21 15:09]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/webhp?sourceid=navclient&hl=da&ie=UTF-8
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: Google Sidewiki ... - d:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: danid.dk
Trusted Zone: danid.dk
.

*************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-22 14:31
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBSCATS = rundll32 d:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"d:\programmer\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"d:\programmer\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1659004503-515967899-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,1f,72,23,02,6d,7f,a0,33,9b,c0,9a,ff,78,5c,20,1f,55,fe,00,3b,fe,b0,
04,61,98,be,ee,e8,90,ff,36,37,27,a4,cb,0e,52,f9,19,c3,a1,e4,fe,56,ad,84,68,\
"??"=hex:fc,d4,d2,f7,20,0e,78,4d,83,f6,c9,77,ea,4e,55,57

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(744)
d:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3568)
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\programmer\Java\jre6\bin\jqs.exe
d:\programmer\CDBurnerXP\NMSAccessU.exe
d:\windows\RTHDCPL.EXE
d:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Gennemført tid: 2010-11-22 14:34:23 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-11-22 13:34
ComboFix2.txt 2010-11-17 13:06
ComboFix3.txt 2010-11-14 17:16
ComboFix4.txt 2010-11-14 10:42

Pre-Kørsel: 106.617.978.880 byte ledig
Post-Kørsel: 106.702.905.344 byte ledig

- - End Of File - - F4B3D4AC3F74599330EAE754FBA68D36

************************************************************

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5168

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22-11-2010 14:44:09
mbam-log-2010-11-22 (14-44-09).txt

Skanningstype: Hurtig skanning
Objekter skannet: 148387
Tid gået: 5 minut(ter), 47 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)

***************************************************************

Results of screen317's Security Check version 0.99.6
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 22
Adobe Flash Player 10.0.22.87
Adobe Reader 9.4.0 - Dansk
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
nslookup.exe missing!
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Synes godt om

f-arn Guru

27. november 2010 - 11:07 #27

Jeg mente jeg havde svaret her, men det er tilsyneladende ikke registreret.

1. Hent dette lille værktøj: (hvis du har slettet det)

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:filefind
nslookup.exe

3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.

Jeg ved godt vi har ledt efter den fil før, men Security Check påstår den mangler.

Er det med vilje du kører med en forældet Norton ?
NIS 2011 er udkommet for længe siden.

Ellers ser det fint ud.

Synes godt om

targa55 Praktikant

30. november 2010 - 21:38 #28

Her er loggen fra Security Check .....

SystemLook 04.09.10 by jpshortstuff
Log created at 21:32 on 30/11/2010 by Stefan
Administrator - Elevation successful

========== filefind ==========

Searching for "nslookup.exe"
D:\WINDOWS\$NtServicePackUninstall$\nslookup.exe -----c- 76800 bytes [16:19 08/06/2009] [12:00 02/03/2006] 40E160C497D24BDD00FCE015CBAF7163
D:\WINDOWS\ServicePackFiles\i386\nslookup.exe ------- 76800 bytes [16:05 14/04/2008] [16:05 14/04/2008] D21DF2A7F1631FE60B2D93A6AD3ED686
D:\WINDOWS\system32\nslookup.exe --a---- 76800 bytes [12:00 02/03/2006] [16:05 14/04/2008] D21DF2A7F1631FE60B2D93A6AD3ED686
D:\WINDOWS\system32\dllcache\nslookup.exe --a--c- 76800 bytes [12:00 02/03/2006] [16:05 14/04/2008] D21DF2A7F1631FE60B2D93A6AD3ED686

-= EOF =-

Synes godt om

f-arn Guru

01. december 2010 - 10:27 #29

Det ser fint ud, så jeg ved ikke hvorfor Security Check mener "nslookup.exe missing!"

Er det med vilje du kører med en forældet Norton ?
NIS 2011 er udkommet for længe siden.

Synes godt om

targa55 Praktikant

03. december 2010 - 00:09 #30

Årsagen til at Norton ikke er opdateret er at licensen er ved at udløbe og de taler om at lægge noget andet på ... muligvis Kaspersky.
Comp. kører uden problemer !.....
Lægger du et svar, så du kan få dine point.......

Synes godt om

f-arn Guru

03. december 2010 - 07:53 #31

Årsagen til at Norton ikke er opdateret er at licensen er ved at udløbe og de taler om at lægge noget andet på ... muligvis Kaspersky.

Ok. Hvis Norton skal erstattes med noget andet, skal i huske at køre Norton Removal Tool efter afinstallering. Ellers får i problemer.

Synes godt om

targa55 Praktikant

03. december 2010 - 13:13 #32

Jo tak, har haft problemet før.
Siger dig tusind tak for hjælpen her !....

Synes godt om

f-arn Guru

03. december 2010 - 14:07 #33

Det er nu ikke meningen du selv skal lægge svar...
http://www.eksperten.dk/faq#faq-3

Synes godt om

targa55 Praktikant

04. december 2010 - 00:22 #34

Ved det udmærket .... gad vide hvor tankerne har været henne !

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53
Total AV Af Malm i Virus	10	16/01/202516:48	17/01/202520:47
pop up black friday Af Malm i Virus	12	22/11/202420:49	03/12/202411:04

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS