Søg
Avatar billede jorgenveisig Nybegynder
24. juli 2007 - 07:44 Der er 5 kommentarer og
1 løsning

Tjek af 4 logs med brug af nye våben (artikel fra fromsej)

Jeg har førsøgt mig ned de nye våben, som fromsej har skrevet om. Er her nogen som kan tjekke disse 4 logs?

PS: Selve opgaven med at bruge våbnene kunne ikke udføres helt efter artiklen; fx kunne jeg ikke se nogen log i superantispyware i normaltilstand, kun i fejlsikret tilstand. Jeg tror selv det kan hænge sammen med de indstillinger jeg satte op under install - skal kun gælde for denne bruger. Men jeg er ikke sikker.

Disse drillerier med antispyware har ændret på rækkefølgen af logs, men jeg håber ikke dette har betydning.


"J›rgen V" - 2007-07-24  7:20:53 - ComboFix 07-07-23.6 - Service Pack 2  NTFS 


(((((((((((((((((((((((((  Files Created from 2007-06-24 to 2007-07-24  )))))))))))))))))))))))))))))))


2007-07-24 00:50    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-07-23 23:27    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-23 23:23    786,432    --ah-----    C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-23 23:23    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Menuen Start
2007-07-23 23:23    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Skabeloner
2007-07-23 23:23    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Printere
2007-07-23 23:23    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Lokale indstillinger
2007-07-23 23:23    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Andre computere
2007-07-23 23:23    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Skrivebord
2007-07-23 23:23    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Foretrukne
2007-07-23 23:23    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Dokumenter
2007-07-23 23:23    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
2007-07-23 23:15    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-07-23 23:15    <DIR>    d--------    C:\DOCUME~1\JRGENV~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-23 23:15    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-12 16:28    <DIR>    d--------    C:\Programmer\CloneSpy
2007-07-12 00:53    <DIR>    d--------    C:\DOCUME~1\JRGENV~1\APPLIC~1\wsInspector
2007-07-12 00:45    <DIR>    d--------    C:\Programmer\Startup Inspector for Windows
2007-07-10 18:45    <DIR>    d--------    C:\Programmer\Serif
2007-07-07 20:11    <DIR>    d--------    C:\Archive
2007-07-07 17:01    <DIR>    d--------    C:\Programmer\MSXML 6.0
2007-07-07 14:02    <DIR>    d--------    C:\Programmer\DIFX
2007-07-07 14:01    48,128    --a------    C:\WINDOWS\system32\drivers\Katclite.sys
2007-07-07 14:01    <DIR>    d--------    C:\Programmer\InventThings
2007-06-26 19:21    <DIR>    d--------    C:\APPS
2007-06-26 19:15    <DIR>    d--------    C:\DestinatorApps
2007-06-26 19:11    104,576    -ra------    C:\WINDOWS\system32\drivers\wceusbsh.sys


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-23 21:14:20    --------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-07-11 18:32:37    --------    d-----w    C:\Programmer\Windows Live Safety Center
2007-07-11 18:05:12    82,270    ----a-w    C:\WINDOWS\system32\perfc006.dat
2007-07-11 18:05:12    454,254    ----a-w    C:\WINDOWS\system32\perfh006.dat
2007-07-11 12:49:29    --------    d-----w    C:\DOCUME~1\JRGENV~1\APPLIC~1\Skype
2007-07-10 16:45:17    --------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-07-07 18:12:31    --------    d-----w    C:\DOCUME~1\JRGENV~1\APPLIC~1\Vso
2007-07-07 18:07:28    --------    d-----w    C:\DOCUME~1\JRGENV~1\APPLIC~1\OpenOffice.org2
2007-06-26 17:05:46    --------    d-----w    C:\Programmer\Microsoft ActiveSync
2007-06-25 18:07:46    --------    d-----w    C:\Programmer\Paint.NET
2007-06-22 21:13:38    --------    d-----w    C:\Programmer\Windows SteadyState
2007-06-18 20:28:06    --------    d-----w    C:\Programmer\DVDFab Platinum 3
2007-06-13 18:21:10    --------    d-----w    C:\Programmer\Fælles filer\System
2007-06-12 16:45:28    --------    d-----w    C:\DOCUME~1\JRGENV~1\APPLIC~1\FileOpen
2007-06-12 16:45:18    --------    d-----w    C:\Programmer\FileOpen
2007-06-09 15:09:37    98,304    ----a-w    C:\WINDOWS\system32CmdLineExt.dll
2007-06-09 14:54:50    --------    d-----w    C:\Programmer\Ubisoft
2007-06-03 11:26:56    --------    d-----w    C:\DOCUME~1\JRGENV~1\APPLIC~1\OfficeUpdate12
2007-06-03 10:14:50    --------    d-----w    C:\Programmer\Yahoo!
2007-06-03 09:01:28    --------    d-----w    C:\Programmer\CCleaner
2007-05-26 10:22:03    --------    d-----w    C:\Programmer\Avery Dennison
2007-05-26 08:08:15    --------    d-----w    C:\Programmer\Fælles filer\MAGIX Shared
2007-05-26 08:08:15    --------    d-----w    C:\Programmer\Fælles filer
2007-05-26 08:07:59    --------    d-----w    C:\Programmer\MAGIX
2007-05-26 07:48:53    --------    d-----w    C:\Programmer\Paragon Software
2007-05-16 15:14:25    683,520    ----a-w    C:\WINDOWS\system32\inetcomm.dll
2007-05-07 21:38:29    284    ----a-w    C:\DOCUME~1\JRGENV~1\APPLIC~1\ViewerApp.dat
2007-05-07 18:38:58    50    ----a-w    C:\AUTOEXEC.BAT
2007-05-04 19:48:33    87,520    ----a-w    C:\DOCUME~1\JRGENV~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-25 14:22:43    144,896    ----a-w    C:\WINDOWS\system32\schannel.dll
2007-04-25 02:00:54    26,488    ----a-w    C:\WINDOWS\system32\spupdsvc.exe
2007-04-18 17:21:22    87,608    ----a-w    C:\DOCUME~1\JRGENV~1\APPLIC~1\ezpinst.exe
2007-04-18 17:21:22    47,360    ----a-w    C:\DOCUME~1\JRGENV~1\APPLIC~1\pcouffin.sys


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-20 23:21]
"Genvej til egenskabsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 11:50 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 19:44]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 19:43]
"FLMOFFICE4DMOUSE"="C:\Programmer\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe" [2007-02-18 17:05]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"IntelZeroConfig"="C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe" [2006-11-08 11:28]
"IntelWireless"="C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2006-11-08 11:22]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 15:41]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 15:28 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"WinFSG"="C:\Programmer\Aladdin Systems\Internet Cleanup\MSFG.exe" [2004-07-19 11:58]
"Bubble"="%ProgramFiles%\Windows SteadyState\Bubble.exe" []
"Katchall License"="C:\Programmer\InventThings\Katchall Archive Lite\KatchallLicense.exe" [2007-02-23 21:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-18 21:01]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-07-24 00:58]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Windows SteadyState]

R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys
R0 KatchallLite;KatchallLite;C:\WINDOWS\system32\DRIVERS\Katclite.sys
R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R1 MPFIREWL;MPFIREWL;C:\WINDOWS\system32\Drivers\MpFirewall.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
R2 s24trans;WLAN-transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 Windows SteadyState;Windows SteadyState Service;"C:\Programmer\Windows SteadyState\SCTSvc.exe"
R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\pcouffin.sys
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 SASENUM;SASENUM;\??\C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 HdAudAddService;Microsoft UAA-funktionsdriver til High Definition Audio-tjeneste;C:\WINDOWS\system32\drivers\HdAudio.sys
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 mxInsMon;mxInsMon;\??\C:\PROGRA~1\ALADDI~1\INTERN~1\mxInsMon.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
S3 UMSSSTOR;C-Media Storage;C:\WINDOWS\system32\DRIVERS\UMSS.SYS
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


Contents of the 'Scheduled Tasks' folder
2007-07-24 05:18:53  C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 07:23:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-24  7:24:31
C:\ComboFix2.txt ... 2007-07-24 00:54

    --- E O F ---

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/24/2007 at 00:40 AM

Application Version : 3.7.1018

Core Rules Database Version : 3222
Trace Rules Database Version: 1233

Scan type      : Complete Scan
Total Scan Time : 01:10:55

Memory items scanned      : 208
Memory threats detected  : 0
Registry items scanned    : 7178
Registry threats detected : 0
File items scanned        : 39702
File threats detected    : 35

Adware.Tracking Cookie
    C:\Documents and Settings\Gæst\Cookies\gæst@ads2.jubii[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@advertising[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@atdmt[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@banner.casinofortune[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@e2.emediate[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@eas.apm.emediate[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@ilead.itrack[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@imrworldwide[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@nextag[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@track.adform[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@tradedoubler[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@www.googleadservices[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@www.googleadservices[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@www.googleadservices[3].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@www.googleadservices[4].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@www.googleadservices[5].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@www.googleadservices[6].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@www.googleadservices[7].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@ad1.emediate[2].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@ads2.jubii[1].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@adtech[2].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@advertising[1].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@doubleclick[1].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@e2.emediate[2].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@eas.apm.emediate[1].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@imrworldwide[2].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@m1.webstats.motigo[2].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@media.hotels[1].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@mediaplex[1].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@saxobfdk.122.2o7[1].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@track.adform[2].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@track.webgains[2].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@tracking.notabenestats[1].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@tradedoubler[2].txt
    C:\Documents and Settings\Lisbeth Baggesen\Cookies\lisbeth_baggesen@www.googleadservices[2].txt


********************************* ROOTCHK-(21-07-07)-LOG, by ejvindh
24-07-2007  7:31:19,35

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 07:31:19
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0


Logfile of HijackThis v1.99.1
Scan saved at 07:35:07, on 24-07-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\programmer\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Programmer\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\InventThings\Katchall Archive Lite\KatchallLicense.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jørgen V\Skrivebord\Oprydningsprogrammer\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.5.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ICHlprObj Class - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\PROGRA~1\ALADDI~1\INTERN~1\IC3hlpr.dll
O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRA~1\ALADDI~1\INTERN~1\PopFiltr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmer\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinFSG] "C:\Programmer\Aladdin Systems\Internet Cleanup\MSFG.exe"
O4 - HKLM\..\Run: [Bubble] "%ProgramFiles%\Windows SteadyState\Bubble.exe"
O4 - HKLM\..\Run: [Katchall License] "C:\Programmer\InventThings\Katchall Archive Lite\KatchallLicense.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_4.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171788977687
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4979/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmer\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
Avatar billede jorgenveisig Nybegynder
24. juli 2007 - 09:13 #1
Min AVG virus test giver følgende resultat:

C:\Windows\System32\kernell32.dll      Changed
C:\Windows\System32\user32.dll      Changed
C:\Windows\System32\ntoskrnl.exe      Changed
C:\Windows\System32\drivers\etc\hosts      Changed

Ellers siger testen at alt er ok.
Avatar billede fromsej Praktikant
29. juli 2007 - 19:30 #2
Det er nogle fine logs du kommer med.

Kør Hijackthis igen, klik på do a system scan only, sæt flueben ved følgende:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
Luk så alle andre vinduer og klik på fix checked.
Vi skal ikke se flere logs.

AVG´s resultat er også OK, det er fordi filerne er blevet opdateret.

Kan det passe at du har to Antivirus på maskinen?
Avatar billede jorgenveisig Nybegynder
30. juli 2007 - 16:27 #3
Kære Fromsej

Tak for dit gennemsyn af mine logs og for den præcise tilbagemelding om hvad jeg skal udføre/fixe.

Jeg har fixet og genstarten kørte fint.

Kan du oplyse hvad
(O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE) og
(O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB) er?

Jeg har her forleden dag måttet afinstallere superantispyware da den lukkede windows med blå skærm når jeg bad den om at scanne. Men det er måske fordi man kun må scanne i fejlsikret tilstand??

Jeg har AVG Free antvirus og jeg har Mcafee firewall. Så jeg har kun et virusprogram installeret.

Endnu en gang tak fromsej - og læg endelig et svar så du kan få nogle point. Og tak for din fine artikel med de nye våben.
Avatar billede fromsej Praktikant
31. juli 2007 - 18:40 #4
ALCMTR.EXE bliver brugt af Realtek til at indsamle data om brugerne af deres produkter, så den er på kanten af det acceptable, derfor foreslår vi den fjernet.
Filen er ikke skadelig, men i bedste fald unyttig, undtaget for Realtek.
http://www.bleepingcomputer.com/startups/ALCMTR.EXE-240.html

Fileopeninstaller fandt jeg ikke ret meget om, men den bliver "fixet" på SWI, et forum hvor vi henter mange oplysninger, så dem stoler jeg på.*S*
http://forums.spywareinfo.com/lofiversion/index.php/t67916.html

Det lyder ikke godt med blå skærm og SuperAntiSpyware, det burde den ikke gøre, selvom du har scannet i normal tilstand.
Sker det på andre tidspunkter, eller kun når du scanner med SaS?

Velbekomme, og tak for den pæne omtale.*S*
Avatar billede jorgenveisig Nybegynder
31. juli 2007 - 19:30 #5
Tak for info vedr. de fixede emner - og endnu en gang tak for hjælpen og for din kamp mod pc-utøj.

Den blå skærm har jeg kun fået ifm. SaS.
Avatar billede fromsej Praktikant
01. august 2007 - 19:26 #6
Tak for point. :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
hvilken afløser kan I anbefale? Af jcr18 i Andet sikkerhed 5 17/03/202610:32 18/03/202615:36
Advarsler om datalæk for nogle apps Af nu_igen i Andet sikkerhed 6 02/02/202614:54 03/02/202613:45
Mail fra Yousee ? Svindel? Af nu_igen i Andet sikkerhed 4 13/01/202617:27 14/01/202609:36
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed 4 13/11/202515:09 14/11/202510:45
Google fake Af johp i Andet sikkerhed 3 27/10/202516:31 28/10/202506:52
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 15:42 Kan ikke installere MitID app fra google play Af valby i Mobiltelefoner
23/0313:50 Ingen forb. fra ny pc'er til printer Af arnel i Printere
23/0313:24 Stempel ur start og stop Af lurup i Excel
21/0300:56 3 skærme 27 Af bbm i Skærme
20/0316:18 "gratis" "reklamefri" hjemmeside -næsten --som man kan lave i søvne : Af Novice-1 i Andet software
White papers
Flere white papers »