Søg
Avatar billede fedora Nybegynder
07. oktober 2007 - 00:36 Der er 4 kommentarer og
1 løsning

En venlig sjæl som kan hjælpe - logs

Min computer har lige kørt underligt. Windows XP crashede over 20 gange i træk, men nu kører den igen :S jeg har 4 logs i kan kigge på. Jeg har også kørt CCleaner.

HijackThis Log:
~~~~~~~~~~~~~~~~~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:36, on 06-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FLLESF~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programmer\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\ZyXEL Communications Corporation\ZyXEL G-220 Utility\srvany.exe
C:\Programmer\ZyXEL Communications Corporation\ZyXEL G-220 Utility\ZyAirDummyG-220.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programmer\ZyXEL Communications Corporation\ZyXEL G-220 Utility\ZyXEL_G-220_GUI.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Steam\steam.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
D:\Download\alternative.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.udvikleren.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmer\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: ZyXEL G-220 Utility GUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://dk.mcafee.com/Apps/WSC/da/WscWlanScannerCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5130/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FLLESF~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FLLESF~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmer\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ZyXELWlanG220 - Unknown owner - C:\Programmer\ZyXEL Communications Corporation\ZyXEL G-220 Utility\srvany.exe

--
End of file - 7480 bytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Combofix:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 07-10-06.5 - Askj‘r 2007-10-06 23:23:01.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.493 [GMT 2:00]
Running from: C:\Documents and Settings\Askj‘r\Skrivebord\Op rydning\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((  Files Created from 2007-09-06 to 2007-10-06  )))))))))))))))))))))))))))))))
.

2007-10-06 23:17    <DIR>    d--------    C:\Programmer\CCleaner
2007-10-06 16:32    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-03 20:02    94,208    --a------    C:\WINDOWS\system32\TI68kTool.dll
2007-10-03 20:02    65,536    --a------    C:\WINDOWS\system32\FSutil.dll
2007-10-03 20:02    1,060,864    --a------    C:\WINDOWS\system32\TISim68K.dll
2007-10-03 20:02    <DIR>    d--------    C:\Programmer\TI Flash Studio
2007-10-03 19:37    49,536    --a------    C:\WINDOWS\system32\drivers\tiehdusb.sys
2007-10-03 19:37    21,456    --a------    C:\WINDOWS\system32\drivers\SilvrLnk.sys
2007-10-03 19:37    <DIR>    d--------    C:\Programmer\F‘lles filer\TI Shared
2007-10-01 21:12    71,496    --a------    C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-01 21:12    37,480    --a------    C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-10-01 21:12    34,184    --a------    C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-01 21:12    32,008    --a------    C:\WINDOWS\system32\drivers\mferkdk.sys
2007-10-01 21:12    170,408    --a------    C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-01 21:12    109,608    --a------    C:\WINDOWS\system32\drivers\Mpfp.sys
2007-10-01 21:11    <DIR>    d--------    C:\Programmer\McAfee.com
2007-10-01 21:11    <DIR>    d--------    C:\Programmer\McAfee
2007-10-01 21:11    <DIR>    d--------    C:\Programmer\F‘lles filer\McAfee
2007-10-01 20:59    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-01 20:55    <DIR>    d--------    C:\Programmer\PowerISO
2007-10-01 15:31    <DIR>    d--------    C:\Programmer\MSECache
2007-09-30 17:37    <DIR>    d--------    C:\WINDOWS\McAfee.com
2007-09-30 16:39    <DIR>    d--h-----    C:\WINDOWS\PIF
2007-09-22 12:24    <DIR>    d--------    C:\Programmer\TI Education
2007-09-22 01:21    <DIR>    d--------    C:\Programmer\Real Alternative
2007-09-22 01:21    <DIR>    d--------    C:\Programmer\Media Player Classic
2007-09-22 01:21    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Real
2007-09-19 21:57    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-16 19:56    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-15 14:09    <DIR>    d--------    C:\Programmer\uTorrent
2007-09-12 20:37    <DIR>    d--------    C:\Programmer\Windows Media Connect 2
2007-09-12 20:35    <DIR>    d--------    C:\WINDOWS\system32\drivers\UMDF
2007-09-12 17:54    <DIR>    d--------    C:\Documents and Settings\Askj‘r\.ultramixer
2007-09-08 19:04    <DIR>    d--------    C:\Programmer\Microsoft Visual Studio 9.0
2007-09-06 16:38    <DIR>    d--------    C:\Programmer\Project64 1.6

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 22:17    ---------    d--------    C:\Programmer\Steam
2007-10-01 21:05    ---------    d--------    C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-10-01 20:42    685816    --a------    C:\WINDOWS\system32\drivers\sptd.sys
2007-09-26 16:51    ---------    d--------    C:\Documents and Settings\All Users\Application Data\VMware
2007-09-26 16:44    ---------    d--------    C:\WINDOWS\system32\config\systemprofile\Application Data\VMware
2007-09-26 16:44    ---------    d--------    C:\WINDOWS\system32\config\systemprofile\Application Data\VMware
2007-09-26 16:44    ---------    d--------    C:\Documents and Settings\LocalService\Application Data\VMware
2007-09-19 07:29    ---------    d--------    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-17 22:07    ---------    d--------    C:\Programmer\vzzmirc
2007-09-14 19:15    ---------    d--------    C:\Programmer\Microsoft Visual Studio 8
2007-09-13 20:18    286720    ---------    C:\WINDOWS\Setup1.exe
2007-08-14 20:17    ---------    d--------    C:\Programmer\MSXML 6.0
2007-08-07 02:15    33052    --a------    C:\WINDOWS\system32\drivers\scdemu.sys
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-19 19:22    108144    --a------    C:\WINDOWS\system32\CmdLineExt.dll
2001-11-23 06:08    712704    --a--c---    C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
            C:\Documents and Settings\Askjær\.cb_layout.bin
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\TI Shared
    ---------        C:\Programmer\Fælles filer\Microsoft Shared
    ---------        C:\Programmer\Fælles filer\McAfee
    ---------        C:\Programmer\Fælles filer
2007-06-21 17:53:24    5    -csha-w    C:\WINDOWS\system32\aeabcbe_g.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 11:40]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-26 17:53 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"PWRISOVM.EXE"="C:\Programmer\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53]
"Steam"="c:\programmer\steam\steam.exe" [2007-10-05 07:25]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
hpoddt01.exe.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
ZyXEL G-220 Utility GUI.lnk - C:\Programmer\ZyXEL Communications Corporation\ZyXEL G-220 Utility\ZyXEL_G-220_GUI.exe [2007-08-02 18:45:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Askjær^Menuen Start^Programmer^Start^OpenOffice.org 2.2.lnk]
path=C:\Documents and Settings\Askjær\Menuen Start\Programmer\Start\OpenOffice.org 2.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"C:\Programmer\DAEMON Tools SearchBar\Search.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
"C:\Programmer\DAEMON Tools SearchBar\whse.exe"

R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpiosys.sys
R2 ZyXELWlanG220;ZyXELWlanG220;"C:\Programmer\ZyXEL Communications Corporation\ZyXEL G-220 Utility\srvany.exe"
R3 ZD1211U(ZyXEL);ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL);C:\WINDOWS\system32\DRIVERS\zd1211u.sys
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\System32\ZDPNDIS5.SYS
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-06-09 07:17:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1176448549.job"
- C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-10-01 19:11:53 C:\WINDOWS\Tasks\McDefragTask.job"
"2007-10-01 19:11:52 C:\WINDOWS\Tasks\McQcTask.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 23:25:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???\?????%[????`?'[??'[`?'[??????????????%[??%[??'[??'[$?????%[??????????????%[??????????%[???w????(????3?w???w?????3?w ??w??%[:???????d???r?%[1?%[??'[d?????%[?-%[????z??w8h%[\2%[?1%[htinst.INI?[?u%[????d????????F?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-06 23:26:22
.
    --- E O F ---
~~~~~~~~~~~~~~~~~~~~~~~

Rootlog:
~~~~~~~~~~~~~~~~~~~~~~~
********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
06-10-2007 23:27:02,79

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 23:27:03
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd600e12]
"0015b957b3f9"=hex:c1,a7,2f,ae,0f,91,48,0f,7b,37,64,e0,4b,b2,da,0e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2b,2e,db,98,10,a8,47,c6,ca,77,d0,21,f8,ee,42,6f,3f,f2,98,28,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd600e12]
"0015b957b3f9"=hex:c1,a7,2f,ae,0f,91,48,0f,7b,37,64,e0,4b,b2,da,0e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2b,2e,db,98,10,a8,47,c6,ca,77,d0,21,f8,ee,42,6f,3f,f2,98,28,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd600e12]
"0015b957b3f9"=hex:c1,a7,2f,ae,0f,91,48,0f,7b,37,64,e0,4b,b2,da,0e
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:9474c432
"s2"=dword:8b8c4831
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2b,2e,db,98,10,a8,47,c6,ca,77,d0,21,f8,ee,42,6f,3f,f2,98,28,1c,..

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000008c1

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SuperAntiSpyware:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/07/2007 at 00:17 AM

Application Version : 3.7.1018

Core Rules Database Version : 3320
Trace Rules Database Version: 1321

Scan type      : Complete Scan
Total Scan Time : 00:38:17

Memory items scanned      : 163
Memory threats detected  : 0
Registry items scanned    : 6319
Registry threats detected : 0
File items scanned        : 37408
File threats detected    : 71

Adware.Tracking Cookie
    C:\Documents and Settings\Askjær\Cookies\askjær@2o7[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@3.adbrite[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ad.yieldmanager[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ad.zanox[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ad1.clickhype[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ad1.emediate[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@adbrite[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@adfair[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ads.adbrite[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ads.planetactive[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ads.pointroll[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ads.techguy[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ads.tripod.lycos.co[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ads2.jubii[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@adserver.adreactor[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@adtech[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@advertising[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@atdmt[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@blobmedia[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@bs.serving-sys[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@casalemedia[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@clicksor[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@clicktorrent[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@dnsstuff.adbureau[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@doubleclick[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@e2.emediate[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@eas.apm.emediate[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ehg-dig.hitbox[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ehg-seagate.hitbox[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ehg-techtarget.hitbox[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ehg-ti.hitbox[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ehg-vmware.hitbox[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@fastclick[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@hitbox[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@imrworldwide[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@indexstats[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@itxt.vibrantmedia[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@jubiisexbio[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@keywordmax[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@media.adrevolver[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@mediabuy.uk.smarttargetting[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@mediaplex[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@msnservices.112.2o7[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@ncom.banneradministration[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@overture[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@partypoker[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@postclicktracking[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@questionmarket[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@qxl.banneradministration[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@revsci[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@sales.liveperson[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@sales.liveperson[3].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@serving-sys[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@specificclick[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@statcounter[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@statse.webtrendslive[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@tacoda[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@toplist[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@track.adform[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@tradedoubler[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@tribalfusion[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@windowsmedia[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@www.burstnet[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@www.googleadservices[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@www.googleadservices[2].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@www.jubiisexbio[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@www.windowsmedia[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@www2.addfreestats[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@yadro[1].txt
    C:\Documents and Settings\Askjær\Cookies\askjær@zedo[1].txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

På forhånd tak.
Avatar billede arlet Juniormester
07. oktober 2007 - 09:34 #1
Der er ikke meget at kommet efter..

Prøv at uploade denne fil til http://www.virustotal.com/
C:\WINDOWS\system32\aeabcbe_g.dll

Læg resultatet ind her
Avatar billede fedora Nybegynder
07. oktober 2007 - 11:38 #2
Jeg kunne ikke se filen i system32 men førte jeg filens position ind, så kunne den godt finde den.

VirusTotal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File aeabcbe_g.dll received on 10.07.2007 11:31:34 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.10.6.0 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 -
Authentium 4.93.8 2007.10.05 -
Avast 4.7.1051.0 2007.10.06 -
AVG 7.5.0.488 2007.10.06 -
BitDefender 7.2 2007.10.07 -
CAT-QuickHeal 9.00 2007.10.06 -
ClamAV 0.91.2 2007.10.07 -
DrWeb 4.44.0.09170 2007.10.07 -
eSafe 7.0.15.0 2007.10.04 -
eTrust-Vet 31.2.5190 2007.10.06 -
Ewido 4.0 2007.10.07 -
FileAdvisor 1 2007.10.07 -
Fortinet 3.11.0.0 2007.10.07 -
F-Prot 4.3.2.48 2007.10.06 -
F-Secure 6.70.13030.0 2007.10.06 -
Ikarus T3.1.1.12 2007.10.07 -
Kaspersky 7.0.0.125 2007.10.07 -
McAfee 5135 2007.10.05 -
Microsoft 1.2908 2007.10.07 -
NOD32v2 2576 2007.10.07 -
Norman 5.80.02 2007.10.05 -
Panda 9.0.0.4 2007.10.06 -
Prevx1 V2 2007.10.07 -
Rising 19.43.60.00 2007.10.07 -
Sophos 4.22.0 2007.10.07 -
Sunbelt 2.2.907.0 2007.10.06 -
Symantec 10 2007.10.07 -
TheHacker 6.2.6.078 2007.10.06 -
VBA32 3.12.2.4 2007.10.07 -
VirusBuster 4.3.26:9 2007.10.06 -
Webwasher-Gateway 6.0.1 2007.10.05 -

Additional information
File size: 5 bytes
MD5: 877a5708a27524820595087ad41f9831
SHA1: 801b85c3de275c947652af9b112d1268e0d09626

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Negativ.....
Avatar billede arlet Juniormester
07. oktober 2007 - 15:08 #3
Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Derefter er der ikke mere at komme efter
Avatar billede fedora Nybegynder
07. oktober 2007 - 15:40 #4
Ok så er det klaret. Har fundet ud af at det måske er mit bundkort som er begyndt at få ildebefindende, men tak for hjælpen.
Avatar billede arlet Juniormester
07. oktober 2007 - 15:43 #5
Velbekommen..

Håber du får liv i det igen ;-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:36 godt råd søges Alternativ styresystem på Mac pc Af luffe1955 i Andre styresystemer
I dag 11:32 Hjælp til kontrol af sygefravær Af Maja i Excel
I går 13:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
White papers
Flere white papers »