Søg
Avatar billede badazz Novice
14. november 2007 - 20:11 Der er 6 kommentarer og
1 løsning

Hijack This Log

Hejsa er der vil tjekke?

Computeren er meget langsom til at starte op.. og det er det hvor den står med sort baggrund og win xp logoet.. jeg kan umidlbart ikke finde andet på computeren


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:08:41, on 14-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Rikke Johansen\Skrivebord\hj.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HotKey.lnk = C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10096 bytes
Avatar billede arlet Juniormester
14. november 2007 - 20:18 #1
1)Lad ccleaner lave en oprydning : www.arlet.dk/ccleaner.htm

2)Kør trin 1 og 2 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg log´ne ind

3)Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Avatar billede badazz Novice
14. november 2007 - 20:37 #2
Jeg er i fuld gang og vender tilbage
Avatar billede badazz Novice
14. november 2007 - 22:13 #3
Stadigvæk utrolig langsom til at starte op....

ComboFix 07-11-08.1 - Rikke Johansen 2007-11-14 22:01:23.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.598 [GMT 1:00]
Running from: C:\Documents and Settings\Rikke Johansen\Skrivebord\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Rikke Johansen\new.txt
C:\WINDOWS\images012.zip
C:\WINDOWS\images015.zip
C:\WINDOWS\images039.zip
C:\WINDOWS\images049.zip
C:\WINDOWS\images057.zip
C:\WINDOWS\images060.zip
C:\WINDOWS\photo10.zip
C:\WINDOWS\photos013.zip
C:\WINDOWS\photos052.zip
C:\WINDOWS\photos065.zip
C:\WINDOWS\photos080.zip
C:\WINDOWS\picture15.zip
C:\WINDOWS\pictures017.zip
C:\WINDOWS\pictures022.zip
C:\WINDOWS\pictures050.zip
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\printers.exe

.
(((((((((((((((((((((((((  Files Created from 2007-10-14 to 2007-11-14  )))))))))))))))))))))))))))))))
.

2007-11-14 21:59    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-11-14 20:35    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-11-14 20:35    <DIR>    d--------    C:\Documents and Settings\Rikke Johansen\Application Data\SUPERAntiSpyware.com
2007-11-14 20:35    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-14 20:30    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-14 20:25    <DIR>    d--------    C:\Programmer\Yahoo!
2007-11-14 20:25    <DIR>    d--------    C:\Programmer\CCleaner
2007-11-14 19:56    <DIR>    d--------    C:\WINDOWS\pss
2007-11-13 22:21    <DIR>    d--------    C:\Programmer\Lavasoft
2007-10-30 19:55    625,032    --a------    C:\WINDOWS\system32\SymNeti.dll
2007-10-30 19:55    242,056    --a------    C:\WINDOWS\system32\SymRedir.dll
2007-10-30 19:55    191,536    --a------    C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 19:55    145,968    --a------    C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 19:55    39,856    --a------    C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 19:55    37,936    --a------    C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 19:55    35,120    --a------    C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 19:55    27,696    --a------    C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 19:55    12,848    --a------    C:\WINDOWS\system32\drivers\symdns.sys
2007-10-28 10:18    <DIR>    d--hs----    C:\FOUND.010

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 18:24    12,963    ----a-w    C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 18:24    1,358    ----a-w    C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-25 16:43    8,472,064    ----a-w    C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-14 19:43    805    ----a-w    C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-14 19:43    60,800    ----a-w    C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-14 19:43    123,952    ----a-w    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-14 19:43    10,740    ----a-w    C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-05 14:44    ---------    d-----w    C:\Programmer\MSECache
2007-09-18 13:44    10,662    ----a-w    C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 13:44    10,662    ----a-w    C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 13:44    10,658    ----a-w    C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 13:44    1,430    ----a-w    C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 13:44    1,421    ----a-w    C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 13:44    1,415    ----a-w    C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 13:43    43,696    ----a-w    C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 13:43    317,616    ----a-w    C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 13:43    278,576    ----a-w    C:\WINDOWS\system32\drivers\srtsp.sys
2007-08-21 07:17    683,520    ----a-w    C:\WINDOWS\system32\inetcomm.dll
2007-08-21 07:17    683,520    ----a-w    C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 11:00    824,832    ----a-w    C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 11:00    671,232    ----a-w    C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 11:00    63,488    ------w    C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 11:00    6,058,496    ------w    C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 11:00    52,224    ------w    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 11:00    477,696    ----a-w    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 11:00    459,264    ------w    C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 11:00    44,544    ----a-w    C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 11:00    384,512    ----a-w    C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 11:00    383,488    ------w    C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 11:00    3,584,512    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 11:00    27,648    ----a-w    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 11:00    267,776    ------w    C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 11:00    232,960    ----a-w    C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 11:00    230,400    ----a-w    C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 11:00    214,528    ----a-w    C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 11:00    193,024    ----a-w    C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 11:00    153,088    ----a-w    C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 11:00    132,608    ----a-w    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 11:00    124,928    ----a-w    C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 11:00    105,984    ----a-w    C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 11:00    102,400    ----a-w    C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 11:00    1,152,000    ----a-w    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 11:19    63,488    ----a-w    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 11:19    625,152    ----a-w    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 11:19    13,824    ------w    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 08:34    161,792    ----a-w    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-23 12:41    11,520    ----a-w    C:\Documents and Settings\Rikke Johansen\oakuoq.exe
2007-07-23 12:26    11,518    ----a-w    C:\Documents and Settings\Rikke Johansen\uhcypm.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 16:18]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-10-26 16:11]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-27 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 05:00]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07]
"LaunchAp"="C:\Programmer\Launch Manager\LaunchAp.exe" [2005-07-25 13:36]
"PowerKey"="C:\Programmer\Launch Manager\PowerKey.exe" [2002-08-30 15:02]
"LManager"="C:\Programmer\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52]
"CtrlVol"="C:\Programmer\Launch Manager\CtrlVol.exe" [2003-09-16 14:28]
"LMgrOSD"="C:\Programmer\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45]
"Wbutton"="C:\Programmer\Launch Manager\Wbutton.exe" [2005-07-25 13:34]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 19:05]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Programmer\Norton AntiVirus\osCheck.exe" [2007-01-14 00:11]
"PCSuiteTrayApplication"="C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 05:00]
"Creative Detector"="C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Steam"="c:\programmer\valve\steam\steam.exe" [2007-10-05 15:26]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]
HotKey.lnk - C:\Programmer\TEXTware\HotKey\TWALINK.EXE [2007-01-26 08:54:29]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys
R2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
R3 POWERKEY;POWERKEY;\??\C:\Programmer\Launch Manager\POWERKEY.sys
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
S3 lac97inf;lac97inf;\??\C:\DOCUME~1\RIKKEJ~1\LOKALE~1\Temp\lac97inf.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-29 20:00:50 C:\WINDOWS\Tasks\Norton AntiVirus - Kør fuld systemskanning - Rikke Johansen.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 22:03:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  MsnMsgr = "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background??r

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 22:04:13
.
    --- E O F ---
Avatar billede arlet Juniormester
17. november 2007 - 09:47 #4
Beklager ventetiden..

Gå i Start=>Kør og skriv: msconfig. Klik OK og gå i fanebladet Start. Fjern vingen til venstre for flg. programmer:

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

Skulle du på et senere tidspunkt fortryde at have fravalgt noget af det i opstart, kan du bare gå ind samme sted og sæt flueben ved programmet igen.

Genstart PC.
OBS! Du får nu en advarsel om, at ”Start” er lavet om. Sig OK til det og fjern flueben i Vis denne advarsel.

Hjalp det på opstartstiden??
Avatar billede badazz Novice
17. november 2007 - 20:19 #5
den er stadig meget lang tid om at starte op.. har lige taget tid på det.. 5 min hvor den bare står med windows logoet på sort baggrund og processbaren køre lidt i hakker nedenunder..
Avatar billede arlet Juniormester
17. november 2007 - 20:46 #6
lad mig se en ny hijackthis log og combofix log
Avatar billede badazz Novice
30. november 2007 - 22:29 #7
jeg formatterede maskinen.. det var hurtigere.. tak for hjælpen
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Windows kategorien

Titel Indlæg Oprettet Seneste aktivitet
Lokal konto Af Bent i Windows 1 I dag 13:18 I dag 13:32
Bitlocker fordele-ulemper, samt nulstille PC Af Uvanga i Windows 8 21/05/202611:03 21/05/202614:44
Bitlocker Af Chevy396 i Windows 7 20/05/202609:01 20/05/202617:48
Vælg indstilling - blå skærm med med flere muligheder for fejlretning Af Uvanga i Windows 11 15/05/202611:50 16/05/202620:52
Mærkeligt ikon på proceslinjen Af ErikHg i Windows 1 11/05/202618:27 11/05/202620:12
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:18 Lokal konto Af Bent i Windows
I går 16:16 Inverse formler Af tdktman i Excel
I går 15:33 disk plads på server Af dcedata1977 i Servere
I går 09:09 Flere brugere i 1 delt pivottabel Af mira96ac i Excel
25/0518:29 Beregning af flextid - formler Af Slettet bruger i Excel
White papers
Flere white papers »