Søg
Avatar billede lonepeter Novice
02. juni 2007 - 20:18 Der er 6 kommentarer og
1 løsning

Hijackthis log

Hejsa...

I forbindelse med dette spørgsmål: http://www.eksperten.dk/spm/781337 er der så nogle der vil se denne log igennem. Jeg opretter dette som et nyt spg da jeg gerne vil give points til den/de som gider at se den igennem, uanset om der findes noget eller ej i loggen... - løses spørgsmålet i ovenstående spg ved hjælp af denne log gennemgang lukker jeg selvfølgelig det første spørgsmål.

Peter

Logfile of HijackThis v1.99.1
Scan saved at 20:17:36, on 02-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Microsoft ActiveSync\WCESMgr.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\x\Lokale indstillinger\Temporary Internet Files\Content.IE5\1BBZ4Z38\alternativ[1].exe
F:\Temp 8 - Skal uploades\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar4.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Aminova WordSeeker] "C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" SHORTCUT
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\system32\uohuoz.exe
O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\system32\gmbxnqm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [navapp] C:\Programmer\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/compaq.v2/vet_install_popup.pl?1&4&04.00.05.04&http://h41111.www4.hp.com/viewpoint3d/show.php?cc=dk
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.betterphoto.com/_shared/uploadImageBulk/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} (Drag and Drop Uploader Control) - http://www.betterphoto.com/_shared/uploadImageDragDrop/DragAndDropUploader2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
Avatar billede Computer Hjælp (Gratis) Mester
02. juni 2007 - 20:41 #1
Der er nogle 'mistænkelig' elementer ifølge din log:
[JVM0.12] C:\WINDOWS\system32\uohuoz.exe
[JVM0.14] C:\WINDOWS\system32\gmbxnqm.exe

Derfor rul i første omgang lige denne pakke:

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind... sammen med en frisk HiJackThis Log ...
Avatar billede lonepeter Novice
02. juni 2007 - 21:18 #2
Hej igen Larry...

Nu har jeg gennemført de to scanninger og du får lige resultatet af dem her:

----------------
Combofix
----------------
"x" - 2007-06-02 21:00:11    Service Pack 2 
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\x\Skrivebord\"


((((((((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\install.log"


(((((((((((((((((((((((((((((((  Files Created from 2007-05-02 to 2007-06-02  ))))))))))))))))))))))))))))))))))


2007-06-02 20:28    <DIR>    d--------    C:\DOCUME~1\x\APPLIC~1\Lavasoft
2007-06-02 20:27    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-06-02 12:38    <DIR>    d--------    C:\DOCUME~1\x\APPLIC~1\Joost
2007-06-02 12:37    <DIR>    d--------    C:\Programmer\Joost
2007-06-02 11:21    <DIR>    d--------    C:\Programmer\Windows Defender
2007-06-02 10:37    <DIR>    d--------    C:\Backup af F 020607
2007-05-10 14:59    <DIR>    d--------    C:\Programmer\Paint.NET
2007-05-10 14:44    <DIR>    d--------    C:\Programmer\MSBuild
2007-05-10 14:36    <DIR>    d--------    C:\WINDOWS\system32\XPSViewer
2007-05-10 14:34    14,048    ---------    C:\WINDOWS\system32\spmsg2.dll
2007-05-10 14:34    <DIR>    d--------    C:\Programmer\Reference Assemblies
2007-05-07 10:34    <DIR>    d--------    C:\Programmer\Microsoft User Agent String Utility


((((((((((((((((((((((((((((((((((((((((((((((((  Find3M Report  )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-02 18:27:39    --------    d-----w    C:\Programmer\Lavasoft
2007-06-02 18:27:18    --------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-06-02 18:27:18    --------    d-----w    C:\Programmer\Fælles filer
2007-06-02 18:06:44    24    ----a-w    C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000B-00001102-00000002-80651102}.dat
2007-06-02 18:06:44    24    ----a-w    C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000B-00001102-00000002-80651102}.dat
2007-06-02 07:55:58    --------    d-----w    C:\DOCUME~1\x\APPLIC~1\Canon
2007-05-19 10:18:36    --------    d-----w    C:\Programmer\Winamp
2007-05-10 12:55:23    82,236    ----a-w    C:\WINDOWS\system32\perfc006.dat
2007-05-10 12:55:23    454,146    ----a-w    C:\WINDOWS\system32\perfh006.dat
2007-05-10 12:16:37    --------    d-----w    C:\Programmer\Fælles filer\Microsoft Shared
2007-05-10 12:15:39    --------    d-----w    C:\Programmer\Photomatix
2007-05-10 12:14:23    --------    d-----w    C:\Programmer\Super DVD Ripper
2007-05-10 12:14:10    --------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-04-30 16:33:06    --------    d-----w    C:\Programmer\Fælles filer\Nokia
2007-04-30 16:33:04    --------    d-----w    C:\Programmer\Nokia
2007-04-18 16:14:26    2,854,400    ----a-w    C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36    33,624    ----a-w    C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54    1,710,936    ----a-w    C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48    549,720    ----a-w    C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42    325,976    ----a-w    C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36    203,096    ----a-w    C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28    92,504    ----a-w    C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20    53,080    ----a-w    C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20    43,352    ----a-w    C:\WINDOWS\system32\wups2.dll
2007-04-06 16:27:12    4    ----a-w    C:\WINDOWS\system32\micr0st.dll
2007-04-05 21:09:50    --------    d--h--w    C:\Programmer\Zero G Registry
2007-03-23 04:07:56    1,683,280    ------w    C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 04:07:54    583,504    ------w    C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 18:25:02    124,928    ------w    C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:45:03    292,864    ----a-w    C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:38:16    577,536    ----a-w    C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:16    40,960    ----a-w    C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:16    281,600    ----a-w    C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:35:19    1,843,584    ----a-w    C:\WINDOWS\system32\win32k.sys
2007-03-07 23:51:00    129,784    ------w    C:\WINDOWS\system32\pxafs.dll


((((((((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programmer\google\googletoolbar4.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"CTStartup"="C:\Programmer\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00]
"zBrowser Launcher"="C:\Programmer\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
"Logitech Utility"="Logi_MwX.Exe" []
"Microsoft Works Update Detection"="C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe" []
"Aminova WordSeeker"="C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" []
"InCD"="C:\Programmer\Ahead\InCD\InCD.exe" [2004-07-16 14:50]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"navapp"="C:\Programmer\NavExcel\NavHelper\v2.0.4d\navapp.exe" []
"Easy-PrintToolBox"="C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52]
"HydraVisionDesktopManager"="C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 17:41]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-03-09 18:12]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 08:55]
"avgnt"="C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-20 13:31]
"PCSuiteTrayApplication"="C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 14:51]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
   

Contents of the 'Scheduled Tasks' folder
2007-06-02 18:11:09  C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-02 15:50:24  C:\WINDOWS\tasks\User_Feed_Synchronization-{7BF5D837-05CA-4FB5-A6B0-05B73B54E7BA}.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 21:06:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTStartup = C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run??????h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&7???6~??6~????????\???\???????????U?6~??6~\???\?????????_??????C@?\???\??????s????\??????s\????&7?A??s?&7??C@?x???`|?w\?????@
  HydraVisionDesktopManager = C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe??\?A?T?I? ?H?y?d?r?a?V?i?s?i?o?n?\?H?y?d?r?a?D?M?.?e?x?e????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-06-02 21:07:36
C:\ComboFix-quarantined-files.txt ... 2007-06-02 21:07

    --- E O F ---
----------------------
Hijackthis
----------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:17:52, on 02-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Microsoft ActiveSync\WCESMgr.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
F:\Temp 8 - Skal uploades\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar4.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Aminova WordSeeker] "C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" SHORTCUT
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [navapp] C:\Programmer\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/compaq.v2/vet_install_popup.pl?1&4&04.00.05.04&http://h41111.www4.hp.com/viewpoint3d/show.php?cc=dk
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.betterphoto.com/_shared/uploadImageBulk/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} (Drag and Drop Uploader Control) - http://www.betterphoto.com/_shared/uploadImageDragDrop/DragAndDropUploader2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
Avatar billede Computer Hjælp (Gratis) Mester
02. juni 2007 - 21:31 #3
Du er hermed 'ren' ifølge din LOG - oplever du problemer ?

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller nej til den.
Avatar billede lonepeter Novice
02. juni 2007 - 21:41 #4
Jamen jeg siger mange tak for hjælpen - om det har hjulpet på det oprindelige problem, at nogle links pludselig holder op med at virke ved jeg jo selvfølgelig ikke før om en dag eller to...

Har du nogen ide om hvad de to filer som vi fjernede gjorde godt for, eller måske nærmere gjorde ondt for?!

Jeg vil lige prøve at se nærmere på ccleaner...

Smid iøvrigt lige et svar...
Avatar billede Computer Hjælp (Gratis) Mester
02. juni 2007 - 22:39 #5
Tja ???

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede lonepeter Novice
02. juni 2007 - 23:17 #6
Hej igen!

Jeg siger endnu engang tak for hjælpen! - Så må vi se om det har hjulpet på problemet med at link går hen og blive inaktive, men uanset så er det rigtig rart at få ryder op på maskinen!

Jeg har kørt CClean som du foreslog og der var vel omkring 1000 ting som den har taget sig af... og har også lige slået systemgendannelse fra og til igen...
Avatar billede lonepeter Novice
02. juni 2007 - 23:41 #7
Det virkede desværre ikke på at den æder links, der gik ikke mange minutter fra jeg lavede en ny www.dr.dk til den var inaktiv igen... - har oprettet nyt spg. http://www.eksperten.dk/spm/781435
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed 4 13/11/202515:09 14/11/202510:45
Google fake Af johp i Andet sikkerhed 3 27/10/202516:31 28/10/202506:52
Generator til strømafbrydelse Af arnepedersen i Andet sikkerhed 11 06/10/202510:26 07/10/202516:37
Sophus Scan og Clean på USB- samler den "snavs" op? Af Uvanga i Andet sikkerhed 7 24/09/202522:06 25/09/202518:27
synology surveillance Af johnnylassen i Andet sikkerhed 2 09/06/202514:49 09/06/202518:18
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
IT-JOB

Forsvarsministeriets Materiel- og Indkøbsstyrelse

SAP logistikproces specialist til Forsvarsministeriet Materiel- og indkøbsstyrelsen

Csis Security Group A/S

Senior Director, People & Culture

Netcompany A/S

Data Management Consultant

Forsvarsministeriets Materiel- og Indkøbsstyrelse

Strategiske planlæggere til program Digital og Operativ Transformation

Lindhardt og Ringhof Forlag

Data Engineer
Seneste spørgsmål Seneste aktivitet
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36 Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows
White papers
Flere white papers »