Søg
Avatar billede fizk Nybegynder
15. juli 2007 - 22:11 Der er 5 kommentarer og
1 løsning

Hijack This log til gennemkig

Tja, som så mange andre, så har jeg en Hijack This log til gennemkig.
Jeg har fået et eller andet der bliver ved med at poppe om onliner kasinoer og jeg kan ihvertfald se at flyufqsx.exe skal fjernes, men jeg vil nu gerne lige have en lidt mere kompentent end mig selv til at kigge på loggen:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:09:36, on 15-07-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Avast\aswUpdSv.exe
C:\Programmer\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Drivere\BlueTooth\BTNtService.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\IFXSPMGT.exe
C:\WINDOWS\System32\IFXTCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\IfxPsdSv.exe
C:\WINDOWS\System32\PGPserv.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Avast\ashMaiSv.exe
C:\Programmer\Avast\ashWebSv.exe
C:\Programmer\webcam\RemoteControl.exe
C:\WINDOWS\BisonCam\BisonMnt.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\sm56hlpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\Programmer\DU Meter\DUMeter.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmer\Zone Labs\zlclient.exe
C:\Programmer\Infineon\Security Platform Software\PSDrt.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Infineon\Security Platform Software\SpTna.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\flyufqsx.exe
C:\Documents and Settings\Fizk\Dokumenter\Shared\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A2F4ED6D-5A8E-4922-BB83-B71681349CF8} - C:\WINDOWS\System32\pmnnl.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\System32\gebyyvw.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\System32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [DTVRemote] "C:\Programmer\webcam\RemoteControl.exe"
O4 - HKLM\..\Run: [BisonMnt] C:\WINDOWS\BisonCam\BisonMnt.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183971010625
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: gebyyvw - C:\WINDOWS\SYSTEM32\gebyyvw.dll
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\System32\pmnnl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Avast\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Drivere\BlueTooth\BTNtService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\System32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\System32\IFXTCS.exe
O23 - Service: Memorex Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winsntp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\System32\IfxPsdSv.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Senao Network Controller - Unknown owner - C:\WINDOWS\System32\dllcache\winsno.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9220 bytes

På forhånd mange tak!
Avatar billede fromsej Praktikant
15. juli 2007 - 23:39 #1
Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-- Kør så combofix.exe, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind, sammen med en frisk Hijackthislog.
Avatar billede fizk Nybegynder
16. juli 2007 - 11:50 #2
Indholdet af c:\combofix.txt er som følger:
"Fizk" - 2007-07-16 11:31:00 - ComboFix 07-07-14.6 - Service Pack 2  NTFS 


((((((((((((((((((((((((((((((((((((((((((((  V Log  )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\nnnkljk.dll
C:\WINDOWS\system32\awtrrqp.dll
C:\WINDOWS\system32\awtstut.dll
C:\WINDOWS\system32\awtttrp.dll
C:\WINDOWS\system32\byxuvwv.dll
C:\WINDOWS\system32\byxvvwu.dll
C:\WINDOWS\system32\byxvvwv.dll
C:\WINDOWS\system32\byxyyvv.dll
C:\WINDOWS\system32\cbxuvvs.dll
C:\WINDOWS\system32\cbxxxuu.dll
C:\WINDOWS\system32\cbxyvsq.dll
C:\WINDOWS\system32\cbxyyxx.dll
C:\WINDOWS\system32\ddcdcyy.dll
C:\WINDOWS\system32\efcbaba.dll
C:\WINDOWS\system32\efcbawu.dll
C:\WINDOWS\system32\efccbxu.dll
C:\WINDOWS\system32\efcyywv.dll
C:\WINDOWS\system32\fccbcyw.dll
C:\WINDOWS\system32\fcccyvt.dll
C:\WINDOWS\system32\fccyvtu.dll
C:\WINDOWS\system32\gebaxvu.dll
C:\WINDOWS\system32\hggfcdb.dll
C:\WINDOWS\system32\hgggfgh.dll
C:\WINDOWS\system32\hgghged.dll
C:\WINDOWS\system32\iifdcyy.dll
C:\WINDOWS\system32\iifdedc.dll
C:\WINDOWS\system32\jkklmkh.dll
C:\WINDOWS\system32\khfcbcc.dll
C:\WINDOWS\system32\khffffg.dll
C:\WINDOWS\system32\khfgede.dll
C:\WINDOWS\system32\mljhfeb.dll
C:\WINDOWS\system32\nnnllii.dll
C:\WINDOWS\system32\nnnmnlj.dll
C:\WINDOWS\system32\opnkjhg.dll
C:\WINDOWS\system32\opnopmn.dll
C:\WINDOWS\system32\pmnlmjh.dll
C:\WINDOWS\system32\pmnmjjg.dll
C:\WINDOWS\system32\pmnomli.dll
C:\WINDOWS\system32\qomnlkl.dll
C:\WINDOWS\system32\rqropmj.dll
C:\WINDOWS\system32\rqrpnki.dll
C:\WINDOWS\system32\ssqrrrr.dll
C:\WINDOWS\system32\tuvsppq.dll
C:\WINDOWS\system32\tuvtqrq.dll
C:\WINDOWS\system32\tuvutro.dll
C:\WINDOWS\system32\vtustuv.dll
C:\WINDOWS\system32\wvurpnk.dll
C:\WINDOWS\system32\wvurqqp.dll
C:\WINDOWS\system32\xxyxvuv.dll
C:\WINDOWS\system32\yaywvwt.dll
C:\WINDOWS\system32\yaywxus.dll
C:\WINDOWS\system32\flyufqsx.exe
C:\WINDOWS\system32\okdpvufq.exe
C:\WINDOWS\system32\dcujhfvv.dll
C:\WINDOWS\system32\plwbygie.dll
C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\gebyyvw.dll
C:\WINDOWS\system32\pmnnl.dll


* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\_003688_.tmp.dll
C:\WINDOWS\system32\_003689_.tmp.dll
C:\WINDOWS\system32\_003690_.tmp.dll
C:\WINDOWS\system32\_003691_.tmp.dll
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\xqcarbfx.exe
C:\WINDOWS\system32\youthtie.exe


(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\nm
-------\npf


(((((((((((((((((((((((((  Files Created from 2007-06-16 to 2007-07-16  )))))))))))))))))))))))))))))))


2007-07-16 11:30    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-07-14 07:32    776,224    --ahs----    C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-14 07:32    75,932    --a------    C:\WINDOWS\system32\drivers\klick.dat
2007-07-14 07:32    75,248    --a------    C:\WINDOWS\zllsputility.exe
2007-07-14 07:32    74,396    --a------    C:\WINDOWS\system32\drivers\klin.dat
2007-07-14 07:32    11,264    --a------    C:\WINDOWS\system32\SpOrder.dll
2007-07-14 07:32    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-07-14 07:31    110,360    --a------    C:\WINDOWS\system32\drivers\kl1.sys
2007-07-14 07:31    1,086,952    --a------    C:\WINDOWS\system32\zpeng24.dll
2007-07-14 07:31    <DIR>    d--------    C:\WINDOWS\system32\ZoneLabs
2007-07-12 10:44    <DIR>    d--------    C:\Programmer\Windows Media Connect 2
2007-07-12 10:40    <DIR>    d--------    C:\WINDOWS\system32\LogFiles
2007-07-12 10:40    <DIR>    d--------    C:\WINDOWS\system32\drivers\UMDF
2007-07-12 10:34    <DIR>    d--------    C:\WINDOWS\system32\da-dk
2007-07-12 09:15    <DIR>    d--------    C:\Programmer\DOSBox-0.70
2007-07-11 23:42    <DIR>    d--------    C:\Programmer\Microsoft CAPICOM 2.1.0.2
2007-07-11 21:33    <DIR>    d--------    C:\WINDOWS\network diagnostic
2007-07-11 18:01    4,316    --a------    C:\WINDOWS\desctemp.dat
2007-07-11 11:25    <DIR>    d--------    C:\WINDOWS\Downloaded Installations
2007-07-11 10:25    271,224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-11 10:03    32,592    --a------    C:\WINDOWS\system32\msonpmon.dll
2007-07-11 09:49    <DIR>    d--------    C:\Programmer\MSBuild
2007-07-11 09:49    <DIR>    d--------    C:\Programmer\Microsoft Works
2007-07-11 09:38    <DIR>    d--------    C:\WINDOWS\SHELLNEW
2007-07-11 09:35    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-07-11 09:34    <DIR>    dr-h-----    C:\MSOCache
2007-07-11 09:32    <DIR>    d--------    C:\Programmer\DAEMON Tools
2007-07-11 09:25    682,232    --a------    C:\WINDOWS\system32\drivers\sptd.sys
2007-07-10 09:31    221,184    --a------    C:\WINDOWS\system32\wmpns.dll
2007-07-09 20:04    <DIR>    d--------    C:\Programmer\DivX
2007-07-09 18:32    <DIR>    d--------    C:\DOCUME~1\Fizk\APPLIC~1\WinRAR
2007-07-09 16:18    <DIR>    d--------    C:\DOCUME~1\Fizk\APPLIC~1\Help
2007-07-09 16:15    92,208    --a------    C:\WINDOWS\system32\WING.DLL
2007-07-09 16:15    241,664    --a------    C:\WINDOWS\system32\HDK3CTNT.DLL
2007-07-09 16:15    188,960    --a------    C:\WINDOWS\system32\WINGDE.DLL
2007-07-09 16:15    172,544    --a------    C:\WINDOWS\system32\HDK3ANIM.DLL
2007-07-09 16:15    12,800    --a------    C:\WINDOWS\system32\WING32.DLL
2007-07-09 16:15    <DIR>    d--------    C:\Programmer\Superscape
2007-07-09 16:14    <DIR>    d--------    C:\DOCUME~1\Fizk\WINDOWS
2007-07-09 14:36    <DIR>    d--------    C:\DOCUME~1\Fizk\APPLIC~1\nView_Wallpaper
2007-07-09 14:14    <DIR>    d--------    C:\DOCUME~1\Fizk\Incomplete
2007-07-09 14:14    <DIR>    d--------    C:\DOCUME~1\Fizk\APPLIC~1\LimeWire
2007-07-09 14:06    <DIR>    d--------    C:\Programmer\LimeWire
2007-07-09 13:24    <DIR>    d--------    C:\DOCUME~1\LOCALS~1\Menuen Start
2007-07-09 13:22    <DIR>    d--------    C:\WINDOWS\Prefetch
2007-07-09 13:01    <DIR>    d--------    C:\WINDOWS\ServicePackFiles
2007-07-09 12:36    <DIR>    d--------    C:\WINDOWS\provisioning
2007-07-09 12:36    <DIR>    d--------    C:\WINDOWS\peernet
2007-07-09 12:31    97,280    --a------    C:\WINDOWS\system32\dpcdll.dll
2007-07-09 12:31    937,984    --a------    C:\WINDOWS\system32\winbrand.dll
2007-07-09 12:31    8,192    ---------    C:\WINDOWS\system32\bitsprx2.dll
2007-07-09 12:31    7,168    --a------    C:\WINDOWS\system32\hccoin.dll
2007-07-09 12:31    7,168    ---------    C:\WINDOWS\system32\bitsprx3.dll
2007-07-09 12:31    6,656    --a------    C:\WINDOWS\system32\wuauserv.dll
2007-07-09 12:31    454,144    --a------    C:\WINDOWS\system32\xpob2res.dll
2007-07-09 12:31    41,216    --a------    C:\WINDOWS\system32\drivers\amdk7.sys
2007-07-09 12:31    4,096    --a------    C:\WINDOWS\system32\dsprpres.dll
2007-07-09 12:31    382,464    --a------    C:\WINDOWS\system32\qmgr.dll
2007-07-09 12:31    351,232    --a------    C:\WINDOWS\system32\winhttp.dll
2007-07-09 12:31    270,848    --a------    C:\WINDOWS\system32\sbe.dll
2007-07-09 12:31    26,624    --a------    C:\WINDOWS\system32\drivers\usbehci.sys
2007-07-09 12:31    24,064    --a------    C:\WINDOWS\system32\pidgen.dll
2007-07-09 12:31    20,480    --a------    C:\WINDOWS\system32\encapi.dll
2007-07-09 12:31    2,935,808    --a------    C:\WINDOWS\system32\xpsp2res.dll
2007-07-09 12:31    2,113,536    --a------    C:\WINDOWS\system32\dxdiagn.dll
2007-07-09 12:31    192,512    --a------    C:\WINDOWS\system32\xpsp1res.dll
2007-07-09 12:31    186,368    --a------    C:\WINDOWS\system32\encdec.dll
2007-07-09 12:31    159,232    --a------    C:\WINDOWS\system32\sbeio.dll
2007-07-09 12:31    134,656    --a------    C:\WINDOWS\system32\mssap.dll
2007-07-09 12:31    12,416    --a------    C:\WINDOWS\system32\drivers\tunmp.sys
2007-07-09 12:31    1,689,088    --a------    C:\WINDOWS\system32\d3d9.dll
2007-07-09 12:30    995,328    --a------    C:\WINDOWS\system32\msgina.dll
2007-07-09 12:30    993,792    --a------    C:\WINDOWS\system32\setupapi.dll
2007-07-09 12:30    990,208    --a------    C:\WINDOWS\system32\syssetup.dll
2007-07-09 12:30    99,840    --a------    C:\WINDOWS\system32\wmpshell.dll
2007-07-09 12:30    99,328    --a------    C:\WINDOWS\system32\winscard.dll
2007-07-09 12:30    981,760    --a------    C:\WINDOWS\system32\mfc42u.dll
2007-07-09 12:30    98,304    --a------    C:\WINDOWS\system32\slbiop.dll
2007-07-09 12:30    98,304    --a------    C:\WINDOWS\system32\odbcint.dll
2007-07-09 12:30    98,304    --a------    C:\WINDOWS\system32\loadperf.dll
2007-07-09 12:30    98,304    --a------    C:\WINDOWS\system32\cscript.exe
2007-07-09 12:30    98,304    --a------    C:\WINDOWS\system32\ahui.exe
2007-07-09 12:30    97,280    --a------    C:\WINDOWS\system32\scardsvr.exe
2007-07-09 12:30    97,280    --a------    C:\WINDOWS\system32\psbase.dll
2007-07-09 12:30    96,768    --a------    C:\WINDOWS\system32\srvsvc.dll
2007-07-09 12:30    96,256    --a------    C:\WINDOWS\system32\drivers\scsiport.sys
2007-07-09 12:30    956,416    --a------    C:\WINDOWS\system32\msdtctm.dll
2007-07-09 12:30    95,360    --a------    C:\WINDOWS\system32\drivers\atapi.sys
2007-07-09 12:30    94,208    --a------    C:\WINDOWS\system32\tscfgwmi.dll
2007-07-09 12:30    93,184    --a------    C:\WINDOWS\system32\wlnotify.dll
2007-07-09 12:30    93,184    --a------    C:\WINDOWS\system32\dskquota.dll
2007-07-09 12:30    92,168    --a------    C:\WINDOWS\system32\rdpdd.dll
2007-07-09 12:30    92,128    --a------    C:\WINDOWS\system32\krnl386.exe
2007-07-09 12:30    92,032    --a------    C:\WINDOWS\system32\drivers\ksecdd.sys
2007-07-09 12:30    91,776    --a------    C:\WINDOWS\system32\drivers\ndiswan.sys
2007-07-09 12:30    91,648    --a------    C:\WINDOWS\system32\xactsrv.dll
2007-07-09 12:30    91,136    --a------    C:\WINDOWS\system32\ntprint.dll
2007-07-09 12:30    91,136    --a------    C:\WINDOWS\system32\mydocs.dll
2007-07-09 12:30    91,136    --a------    C:\WINDOWS\system32\mtxoci.dll
2007-07-09 12:30    90,624    --a------    C:\WINDOWS\system32\trkwks.dll


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-14 21:33:34    10,172    --sha-w    C:\WINDOWS\system32\drivers\fidbox.idx
2007-07-11 09:26:21    --------    d-----w    C:\Programmer\Fælles filer
2007-07-11 07:49:11    --------    d-----w    C:\Programmer\Fælles filer\Microsoft Shared
2007-07-11 07:48:11    --------    d-----w    C:\Programmer\Fælles filer\DESIGNER
2007-07-11 07:39:25    --------    d-----w    C:\Programmer\Fælles filer\System
2007-07-10 09:14:53    47,474    ----a-w    C:\WINDOWS\system32\perfc006.dat
2007-07-10 09:14:53    325,198    ----a-w    C:\WINDOWS\system32\perfh006.dat
2007-07-08 17:25:07    --------    d-----w    C:\Programmer\Fælles filer\Jasc Software Inc
2007-07-08 17:24:47    --------    d-----w    C:\Programmer\Fælles filer\InstallShield
2007-06-29 13:09:23    --------    d-----w    C:\Programmer\Fælles filer\PGP Corporation
2007-06-28 19:54:14    --------    d-----w    C:\Programmer\Fælles filer\Blizzard Entertainment
2007-06-28 13:22:15    --------    d-----w    C:\Programmer\Fælles filer\ODBC
2007-06-28 13:22:10    --------    d-----w    C:\Programmer\Fælles filer\SpeechEngines
2007-06-28 12:29:46    --------    d-----w    C:\Programmer\Fælles filer\Tjenester
2007-06-28 12:29:36    --------    d-----w    C:\Programmer\Fælles filer\MSSoap
2007-04-28 17:05:00    958,464    ----a-w    C:\WINDOWS\system32\nvmobls.dll
2007-04-28 17:05:00    815,104    ----a-w    C:\WINDOWS\system32\nvcplui.exe
2007-04-28 17:05:00    81,920    ----a-w    C:\WINDOWS\system32\nvwddi.dll
2007-04-28 17:05:00    81,920    ----a-w    C:\WINDOWS\system32\nvmctray.dll
2007-04-28 17:05:00    8,429,568    ----a-w    C:\WINDOWS\system32\nvcpl.dll
2007-04-28 17:05:00    6,660,096    ----a-w    C:\WINDOWS\system32\nvoglnt.dll
2007-04-28 17:05:00    6,074,368    ----a-w    C:\WINDOWS\system32\nvdisps.dll
2007-04-28 17:05:00    5,464,320    ----a-w    C:\WINDOWS\system32\nv4_disp.dll
2007-04-28 17:05:00    5,427,200    ----a-w    C:\WINDOWS\system32\nvdispsr.dll
2007-04-28 17:05:00    466,944    ----a-w    C:\WINDOWS\system32\nvshell.dll
2007-04-28 17:05:00    458,752    ----a-w    C:\WINDOWS\system32\nvmccssr.dll
2007-04-28 17:05:00    442,368    ----a-w    C:\WINDOWS\system32\nvappbar.exe
2007-04-28 17:05:00    425,984    ----a-w    C:\WINDOWS\system32\keystone.exe
2007-04-28 17:05:00    36,864    ----a-w    C:\WINDOWS\system32\nvcodins.dll
2007-04-28 17:05:00    36,864    ----a-w    C:\WINDOWS\system32\nvcod.dll
2007-04-28 17:05:00    339,968    ----a-w    C:\WINDOWS\system32\nvapi.dll
2007-04-28 17:05:00    335,872    ----a-w    C:\WINDOWS\system32\nvwrses.dll
2007-04-28 17:05:00    335,872    ----a-w    C:\WINDOWS\system32\nvwrsel.dll
2007-04-28 17:05:00    327,680    ----a-w    C:\WINDOWS\system32\nvwrsfr.dll
2007-04-28 17:05:00    327,680    ----a-w    C:\WINDOWS\system32\nvrshe.dll
2007-04-28 17:05:00    327,680    ----a-w    C:\WINDOWS\system32\nvrsar.dll
2007-04-28 17:05:00    323,584    ----a-w    C:\WINDOWS\system32\nvwrspt.dll
2007-04-28 17:05:00    323,584    ----a-w    C:\WINDOWS\system32\nvwrsit.dll
2007-04-28 17:05:00    319,488    ----a-w    C:\WINDOWS\system32\nvwrsptb.dll
2007-04-28 17:05:00    319,488    ----a-w    C:\WINDOWS\system32\nvwrsnl.dll
2007-04-28 17:05:00    315,392    ----a-w    C:\WINDOWS\system32\nvwrsru.dll
2007-04-28 17:05:00    315,392    ----a-w    C:\WINDOWS\system32\nvwrshu.dll
2007-04-28 17:05:00    311,296    ----a-w    C:\WINDOWS\system32\nvwrsde.dll
2007-04-28 17:05:00    307,200    ----a-w    C:\WINDOWS\system32\nvexpbar.dll
2007-04-28 17:05:00    303,104    ----a-w    C:\WINDOWS\system32\nvwrstr.dll
2007-04-28 17:05:00    303,104    ----a-w    C:\WINDOWS\system32\nvwrssl.dll
2007-04-28 17:05:00    303,104    ----a-w    C:\WINDOWS\system32\nvwrsfi.dll
2007-04-28 17:05:00    3,620,864    ----a-w    C:\WINDOWS\system32\nvvitvsr.dll
2007-04-28 17:05:00    3,391,488    ----a-w    C:\WINDOWS\system32\nvvitvs.dll
2007-04-28 17:05:00    3,235,840    ----a-w    C:\WINDOWS\system32\nvgamesr.dll
2007-04-28 17:05:00    3,145,728    ----a-w    C:\WINDOWS\system32\nvgames.dll
2007-04-28 17:05:00    299,008    ----a-w    C:\WINDOWS\system32\nvwrssk.dll
2007-04-28 17:05:00    299,008    ----a-w    C:\WINDOWS\system32\nvwrsno.dll
2007-04-28 17:05:00    294,912    ----a-w    C:\WINDOWS\system32\nvwrssv.dll
2007-04-28 17:05:00    294,912    ----a-w    C:\WINDOWS\system32\nvwrspl.dll
2007-04-28 17:05:00    294,912    ----a-w    C:\WINDOWS\system32\nvwrsda.dll
2007-04-28 17:05:00    286,720    ----a-w    C:\WINDOWS\system32\nvwrseng.dll
2007-04-28 17:05:00    286,720    ----a-w    C:\WINDOWS\system32\nvwrscs.dll
2007-04-28 17:05:00    282,624    ----a-w    C:\WINDOWS\system32\nvwrsar.dll
2007-04-28 17:05:00    282,624    ----a-w    C:\WINDOWS\system32\nvrsfr.dll
2007-04-28 17:05:00    282,624    ----a-w    C:\WINDOWS\system32\nvrses.dll
2007-04-28 17:05:00    282,624    ----a-w    C:\WINDOWS\system32\nvrsel.dll
2007-04-28 17:05:00    278,528    ----a-w    C:\WINDOWS\system32\nvwrshe.dll
2007-04-28 17:05:00    278,528    ----a-w    C:\WINDOWS\system32\nvrsit.dll
2007-04-28 17:05:00    278,528    ----a-w    C:\WINDOWS\system32\nvrsde.dll
2007-04-28 17:05:00    274,432    ----a-w    C:\WINDOWS\system32\nvrsnl.dll
2007-04-28 17:05:00    270,336    ----a-w    C:\WINDOWS\system32\nvrspt.dll
2007-04-28 17:05:00    266,240    ----a-w    C:\WINDOWS\system32\nvrsru.dll
2007-04-28 17:05:00    266,240    ----a-w    C:\WINDOWS\system32\nvrsptb.dll
2007-04-28 17:05:00    266,240    ----a-w    C:\WINDOWS\system32\nvrsja.dll
2007-04-28 17:05:00    262,144    ----a-w    C:\WINDOWS\system32\nvrsko.dll
2007-04-28 17:05:00    258,048    ----a-w    C:\WINDOWS\system32\nvrssk.dll
2007-04-28 17:05:00    258,048    ----a-w    C:\WINDOWS\system32\nvrshu.dll
2007-04-28 17:05:00    253,952    ----a-w    C:\WINDOWS\system32\nvrstr.dll
2007-04-28 17:05:00    253,952    ----a-w    C:\WINDOWS\system32\nvrssv.dll
2007-04-28 17:05:00    253,952    ----a-w    C:\WINDOWS\system32\nvrssl.dll
2007-04-28 17:05:00    253,952    ----a-w    C:\WINDOWS\system32\nvrspl.dll
2007-04-28 17:05:00    253,952    ----a-w    C:\WINDOWS\system32\nvrsno.dll
2007-04-28 17:05:00    253,952    ----a-w    C:\WINDOWS\system32\nvrsda.dll
2007-04-28 17:05:00    249,856    ----a-w    C:\WINDOWS\system32\nvrsfi.dll
2007-04-28 17:05:00    245,760    ----a-w    C:\WINDOWS\system32\nvrseng.dll
2007-04-28 17:05:00    245,760    ----a-w    C:\WINDOWS\system32\nvrscs.dll
2007-04-28 17:05:00    225,280    ----a-w    C:\WINDOWS\system32\nvrszhc.dll
2007-04-28 17:05:00    212,992    ----a-w    C:\WINDOWS\system32\nvwrsja.dll
2007-04-28 17:05:00    2,854,912    ----a-w    C:\WINDOWS\system32\nvmoblsr.dll
2007-04-28 17:05:00    2,379,776    ----a-w    C:\WINDOWS\system32\nvwssr.dll
2007-04-28 17:05:00    2,113,536    ----a-w    C:\WINDOWS\system32\nvwss.dll
2007-04-28 17:05:00    196,608    ----a-w    C:\WINDOWS\system32\nvwrsko.dll
2007-04-28 17:05:00    188,416    ----a-w    C:\WINDOWS\system32\nvmccss.dll
2007-04-28 17:05:00    167,936    ----a-w    C:\WINDOWS\system32\nvwrszht.dll
2007-04-28 17:05:00    163,908    ----a-w    C:\WINDOWS\system32\nvsvc32.exe
2007-04-28 17:05:00    163,840    ----a-w    C:\WINDOWS\system32\nvwrszhc.dll
2007-04-28 17:05:00    122,880    ----a-w    C:\WINDOWS\system32\nvrszht.dll
2007-04-28 17:05:00    1,703,936    ----a-w    C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-28 17:05:00    1,626,112    ----a-w    C:\WINDOWS\system32\nwiz.exe
2007-04-28 17:05:00    1,474,560    ----a-w    C:\WINDOWS\system32\nview.dll
2007-04-28 17:05:00    1,339,392    ----a-w    C:\WINDOWS\system32\nvdspsch.exe
2007-04-28 17:05:00    1,069,056    ----a-w    C:\WINDOWS\system32\nvcpluir.dll
2007-04-28 17:05:00    1,019,904    ----a-w    C:\WINDOWS\system32\nvwimg.dll
2007-04-18 16:14:26    2,854,400    ----a-w    C:\WINDOWS\system32\msi.dll


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
            C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04    853672    --a------    C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
2006-10-27 00:48    2210608    --a------    C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43    501400    --a------    C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-04-28 19:05 C:\WINDOWS\system32\nwiz.exe]
"DTVRemote"="C:\Programmer\webcam\RemoteControl.exe" [2006-04-18 18:01]
"IntelZeroConfig"="C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19]
"IntelWireless"="C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17]
"SMSERIAL"="sm56hlpr.exe" [2007-03-09 15:21 C:\WINDOWS\sm56hlpr.exe]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 08:51]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 12:43 C:\WINDOWS\Alcmtr.exe]
"avast!"="C:\PROGRA~1\Avast\ashDisp.exe" [2007-04-30 17:42]
"DU Meter"="C:\Programmer\DU Meter\DUMeter.exe" [2005-02-01 19:28]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"ZoneAlarm Client"="C:\Programmer\Zone Labs\zlclient.exe" [2007-06-21 21:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=OCMAPIHK.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    scecli scecli


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-16 11:44:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-16 11:46:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-16 11:46

    --- E O F ---


Og indholdet af min HijackTHis log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:49:53, on 16-07-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Avast\aswUpdSv.exe
C:\Programmer\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Drivere\BlueTooth\BTNtService.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\IFXSPMGT.exe
C:\WINDOWS\System32\IFXTCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\IfxPsdSv.exe
C:\WINDOWS\System32\PGPserv.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\webcam\RemoteControl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\sm56hlpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\Programmer\DU Meter\DUMeter.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmer\Zone Labs\zlclient.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Programmer\Avast\ashMaiSv.exe
C:\Programmer\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Programmer\Avast\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fizk\Dokumenter\Shared\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DTVRemote] "C:\Programmer\webcam\RemoteControl.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183971010625
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Avast\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Drivere\BlueTooth\BTNtService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\System32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\System32\IFXTCS.exe
O23 - Service: Memorex Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winsntp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\System32\IfxPsdSv.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Senao Network Controller - Unknown owner - C:\WINDOWS\System32\dllcache\winsno.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8540 bytes
Avatar billede fromsej Praktikant
16. juli 2007 - 13:05 #3
Afinstaller Limewire i Tilføj/fjern programmer og drop det sk.de fildeling, det er den største årsag overhovedet til spredning af infektioner.

Her er lidt læsning om P2P og risici ved at bruge dem.

http://newz.dk/forum/item/51863/ - http://www.benedelman.org/news/010205-1.html (engelsk desværre)
http://www.microsoft.com/danmark/athome/security/online/p2p_file_sharing.mspx
http://www.computerworld.dk/art/29010
http://www.pressbox.dk/Default.asp?obj=arkiv&id=10118

P2P er noget skrammel, man åbner sin maskine for omverdenen, det beskyttelse man i dyre domme har købt, eller hentet freewareversioner af, bliver udsat for alle mulige angreb, heldigvis kan nogle programmer holde det ude, men da det i sagens natur er "skidt"programmøren der er foran, vil der uværgerligt slippe noget igennem.

Den seneste tids debat om Rootkits, og hvor stort et problem de allerede er, burde også få folk til at genoverveje brugen af P2P.
http://www.computerforensics.dk/rootkits.htm
Der er ingen garanti for at det spil, program, film eller musik man henter ikke er inficeret, tværtimod er risikoen for det enorm.

Loggen er ren, Combofix har gjort et godt stykke arbejde.
Hvordan kører maskinen?
Avatar billede fizk Nybegynder
17. juli 2007 - 10:51 #4
Den kører helt fint - har ikke haft problemer af nogen art endnu ^^
Mange tak for hjælpen
Avatar billede fizk Nybegynder
17. juli 2007 - 10:51 #5
... giv lige et svar...
Avatar billede fromsej Praktikant
17. juli 2007 - 11:52 #6
Velbekomme. :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed 4 13/11/202515:09 14/11/202510:45
Google fake Af johp i Andet sikkerhed 3 27/10/202516:31 28/10/202506:52
Generator til strømafbrydelse Af arnepedersen i Andet sikkerhed 11 06/10/202510:26 07/10/202516:37
Sophus Scan og Clean på USB- samler den "snavs" op? Af Uvanga i Andet sikkerhed 7 24/09/202522:06 25/09/202518:27
synology surveillance Af johnnylassen i Andet sikkerhed 2 09/06/202514:49 09/06/202518:18
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36 Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows
White papers
Flere white papers »