Søg
Avatar billede logitech33 Nybegynder
30. november 2007 - 12:45 Der er 5 kommentarer og
1 løsning

clean pc virus

hej exp.

min pc er utrolig langsom og jeg fik en masser snavs ind
jeg har kørt ewido cleaner rootkit ting  combo og superantspyware...det meste af alt snavs er fjernet dog ikke helt...

her er nogle log...hvis en exp vi vurdere loggen og hjælpe mig...så bliver jeg en glad mand



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:40, on 30-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\V0400Mon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Habil\Desktop\HiJackThis.exe

R3 - URLSearchHook: (no name) - {274a2a5d-b92d-4dfa-abf7-256d1c3f887f} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {274a2a5d-b92d-4dfa-abf7-256d1c3f887f} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {274a2a5d-b92d-4dfa-abf7-256d1c3f887f} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Program Files\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?f60f4aa5ca004cf48819353f15d72c5e
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Program Files\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?f60f4aa5ca004cf48819353f15d72c5e
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184947742218
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9320 bytes


--------------------------------------

rootlog


catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 12:36:31
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,7f,e4,3f,e2,63,00,fd,b4,7a,c6,be,af,c8,d3,ad,76,67,fd,b8,c2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,38,30,d1,56,79,5b,fe,05,30,20,05,74,7c,07,12,47,1e,..
"khjeh"=hex:5c,af,21,12,3e,8a,fc,7a,b1,c8,52,a5,3a,22,29,a8,76,f6,03,68,f0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8f,e6,58,e8,cc,b3,75,25,ab,5f,ef,43,21,62,d9,7e,5a,e4,0b,0a,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,7f,e4,3f,e2,63,00,fd,b4,7a,c6,be,af,c8,d3,ad,76,67,fd,b8,c2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,38,30,d1,56,79,5b,fe,05,30,20,05,74,7c,07,12,47,1e,..
"khjeh"=hex:5c,af,21,12,3e,8a,fc,7a,b1,c8,52,a5,3a,22,29,a8,76,f6,03,68,f0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8f,e6,58,e8,cc,b3,75,25,ab,5f,ef,43,21,62,d9,7e,5a,e4,0b,0a,14,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
Avatar billede Computer Hjælp (Gratis) Mester
30. november 2007 - 21:37 #1
... brug også ComboFix som beskrevet ved ->
http://www.eksperten.dk/artikler/1123
Avatar billede logitech33 Nybegynder
01. december 2007 - 00:25 #2
ComboFix 07-11-19.4C - Habil 2007-12-01  0:23:08.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.309 [GMT 1:00]
Running from: C:\Documents and Settings\Habil\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-10-28 to 2007-11-30  )))))))))))))))))))))))))))))))
.

2007-11-30 13:01    <DIR>    d--------    C:\Documents and Settings\Habil\DoctorWeb
2007-11-29 23:21    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-11-29 23:21    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-11-29 23:21    25,600    --a------    C:\WINDOWS\system32\WS2Fix.exe
2007-11-29 23:21    3,542    --a------    C:\WINDOWS\system32\tmp.reg
2007-11-29 22:57    <DIR>    d--------    C:\ProWAGoN
2007-11-29 22:48    365,699    --a------    C:\rootkitbusterv1.6.1060.zip
2007-11-29 22:47    <DIR>    d--------    C:\Program Files\SpywareGuard
2007-11-29 22:43    7,467,056    --a------    C:\spybotsd15.exe
2007-11-29 22:22    2,566,736    --a------    C:\spywareblastersetup351.exe
2007-11-29 22:13    204,515    --a------    C:\rootchk.exe
2007-11-29 21:51    153,144    --a------    C:\ewido_micro.exe
2007-11-29 21:46    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2007-11-29 21:46    <DIR>    d--------    C:\Documents and Settings\Habil\Application Data\SUPERAntiSpyware.com
2007-11-29 21:46    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-29 21:45    <DIR>    d--------    C:\Program Files\Common Files\Wise Installation Wizard
2007-11-29 21:43    5,914,648    --a------    C:\SUPERAntiSpyware.exe
2007-11-29 21:43    4,766,536    --a------    C:\Norman_Malware_Cleaner.exe
2007-11-29 21:41    1,560,556    --a------    C:\ComboFix.exe
2007-11-29 21:32    <DIR>    d--------    C:\Program Files\Yahoo!
2007-11-29 21:30    2,724,328    --a------    C:\ccsetup203.exe
2007-11-29 21:28    <DIR>    d--------    C:\VundoFix Backups
2007-11-29 21:28    118,272    --a------    C:\VundoFix.exe
2007-11-24 17:46    <DIR>    d--------    C:\Program Files\DomPlayer
2007-11-24 13:38    <DIR>    d--------    C:\Program Files\Winamp
2007-11-24 13:17    <DIR>    d--------    C:\Program Files\uTorrent
2007-11-13 20:32    <DIR>    d--------    C:\My Games
2007-11-13 20:32    <DIR>    d--------    C:\My Download Files
2007-11-13 20:30    774,144    --a------    C:\Program Files\RngInterstitial.dll
2007-11-05 16:56    <DIR>    d--------    C:\Documents and Settings\Habil\Application Data\muvee Technologies
2007-11-05 16:56    <DIR>    d-a------    C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-05 16:54    <DIR>    d--------    C:\Live! Cam
2007-11-05 16:49    <DIR>    d--------    C:\Documents and Settings\Habil\Application Data\Creative
2007-11-05 16:49    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Creative
2007-11-05 16:46    7,062    --a------    C:\WINDOWS\system32\audiopid.vxd
2007-11-05 16:45    647,872    ---------    C:\WINDOWS\system32\Mscomct2.ocx
2007-11-05 16:45    53,248    ---------    C:\WINDOWS\Ctregrun.exe
2007-11-05 16:44    188,891    -ra------    C:\WINDOWS\system32\V0400Cvw.bff
2007-11-05 16:44    90,624    --a------    C:\WINDOWS\system32\kswdmcap.ax
2007-11-05 16:44    90,112    -ra------    C:\WINDOWS\CtDrvIns.exe
2007-11-05 16:44    61,952    --a------    C:\WINDOWS\system32\kstvtune.ax
2007-11-05 16:44    43,008    --a------    C:\WINDOWS\system32\ksxbar.ax
2007-11-05 16:44    36,864    -ra------    C:\WINDOWS\system32\CtCamMgr.dll
2007-11-05 16:44    32,768    -ra------    C:\WINDOWS\V0400Mon.exe
2007-11-05 16:44    28,672    -ra------    C:\WINDOWS\system32\V0400Afx.dll
2007-11-05 16:44    24,576    -ra------    C:\WINDOWS\V0400Cfg.exe
2007-11-05 16:44    24,576    -ra------    C:\WINDOWS\system32\CtCamPin.crl
2007-11-05 16:44    17,024    --a--c---    C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-11-05 16:44    16,384    --a------    C:\WINDOWS\system32\ipsink.ax
2007-11-05 16:43    <DIR>    d--------    C:\WINDOWS\CtDrvInstall
2007-11-05 16:42    158,456    ---------    C:\WINDOWS\system32\pxwma.dll
2007-11-05 16:41    <DIR>    d--------    C:\Program Files\muvee Technologies
2007-11-05 16:41    <DIR>    d--------    C:\Program Files\Common Files\muvee Technologies
2007-11-05 16:40    <DIR>    d--------    C:\Documents and Settings\Habil\Application Data\InstallShield
2007-11-05 16:40    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-11-05 16:39    <DIR>    d--------    C:\Program Files\SightSpeed
2007-11-05 16:35    <DIR>    d--------    C:\Program Files\Creative
2007-10-25 10:00    <DIR>    d--------    C:\Documents and Settings\Habil\Contacts
2007-10-25 09:59    <DIR>    d--------    C:\Program Files\Windows Live Toolbar
2007-10-25 09:59    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-25 09:58    <DIR>    d----c---    C:\WINDOWS\system32\DRVSTORE
2007-10-25 09:57    <DIR>    d--------    C:\Program Files\MSN Messenger
2007-10-24 20:14    <DIR>    d--------    C:\Documents and Settings\Habil\Application Data\VoipStunt
2007-10-24 20:12    <DIR>    d--------    C:\Program Files\VoipStunt.com
2007-10-19 16:16    86,016    --a------    C:\WINDOWS\unvise32.exe
2007-10-19 16:13    <DIR>    d--------    C:\Program Files\Bamse
2007-10-09 18:11    <DIR>    d--------    C:\Program Files\Common Files\xing shared
2007-10-09 16:22    18,706,432    --a------    C:\WINDOWS\system32\ALSNDMGR.CPL
2007-10-09 16:22    9,324,032    --a------    C:\WINDOWS\system32\RTLCPL.EXE
2007-10-09 16:22    2,317,504    --a------    C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-10-09 16:22    294,912    ---------    C:\WINDOWS\alcupd.exe
2007-10-09 16:22    200,704    ---------    C:\WINDOWS\alcrmv.exe
2007-10-09 16:22    192,512    ---------    C:\WINDOWS\RtlExUpd.dll
2007-10-09 16:22    156,672    --a------    C:\WINDOWS\system32\RTLCPAPI.dll
2007-10-09 16:22    141,016    --a------    C:\WINDOWS\system32\ALSNDMGR.WAV
2007-10-09 16:22    77,824    --a------    C:\WINDOWS\SOUNDMAN.EXE
2007-10-09 16:22    40,960    ---------    C:\WINDOWS\system32\ChCfg.exe
2007-10-05 14:01    <DIR>    d--------    C:\Program Files\Common Files\Symantec Shared
2007-10-03 23:52    <DIR>    d--------    C:\Program Files\Real
2007-10-03 23:51    <DIR>    d--------    C:\Program Files\Common Files\Real
2007-10-03 23:40    <DIR>    d--------    C:\Program Files\Windows Media Connect 2
2007-10-03 23:38    <DIR>    d--------    C:\WINDOWS\system32\LogFiles
2007-10-03 23:38    <DIR>    d--------    C:\WINDOWS\system32\drivers\UMDF

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 22:37    ---------    d-----w    C:\Program Files\SpywareBlaster
2007-11-29 22:12    ---------    d-----w    C:\Program Files\DAEMON Tools
2007-11-29 22:07    ---------    d-----w    C:\Program Files\Norton Security Scan
2007-11-29 21:50    102,800    ----a-w    C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-29 21:32    ---------    d-----w    C:\Program Files\Google
2007-11-29 09:47    ---------    d-----w    C:\Program Files\DL_cats
2007-11-24 22:05    ---------    d-----w    C:\Program Files\DaemonTools_WhenUSave_Installer
2007-11-24 20:00    ---------    d-----w    C:\Documents and Settings\Habil\Application Data\uTorrent
2007-11-15 08:22    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-05 15:46    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2007-10-25 17:05    94,416    ----a-w    C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05    93,264    ----a-w    C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03    23,152    ----a-w    C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01    42,912    ----a-w    C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58    26,624    ----a-w    C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 16:24    815,480    ----a-w    C:\WINDOWS\system32\aswBoot.exe
2007-10-25 16:14    95,608    ----a-w    C:\WINDOWS\system32\AvastSS.scr
2007-10-18 11:42    ---------    d-----w    C:\Program Files\Common Files\Adobe
2007-10-12 12:06    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-05 22:22    289,144    ----a-w    C:\WINDOWS\system32\VCCLSID.exe
2007-08-21 06:15    683,520    ----a-w    C:\WINDOWS\system32\inetcomm.dll
.

(((((((((((((((((((((((((((((  snapshot@2007-11-29_21.44.21,98  )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-29 20:46:14    29,696    ----a-r    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-11-29 20:46:14    18,944    ----a-r    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-11-29 20:46:14    65,024    ----a-r    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2001-07-05 13:05:00    40,448    ----a-w    C:\WINDOWS\system32\dsofile.dll
- 2007-08-20 15:37:34    1,469,312    ----a-w    C:\WINDOWS\system32\LegitCheckControl.DLL
+ 2007-10-11 13:12:48    1,468,968    ----a-w    C:\WINDOWS\system32\LegitCheckControl.DLL
- 2007-11-29 20:25:45    41,170    ----a-w    C:\WINDOWS\system32\perfc009.dat
+ 2007-11-29 22:18:28    41,170    ----a-w    C:\WINDOWS\system32\perfc009.dat
- 2007-11-29 20:25:45    314,842    ----a-w    C:\WINDOWS\system32\perfh009.dat
+ 2007-11-29 22:18:28    314,842    ----a-w    C:\WINDOWS\system32\perfh009.dat
+ 2007-11-29 22:14:07    16,384    ----atw    C:\WINDOWS\Temp\Perflib_Perfdata_544.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{274a2a5d-b92d-4dfa-abf7-256d1c3f887f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2007-07-02 12:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 14:01]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 13:17]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 09:03]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 11:50]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 11:47]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 11:51]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 10:36]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2005-01-31 07:05]
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 08:57]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 15:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-09 18:10]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 10:01 C:\WINDOWS\SOUNDMAN.EXE]
"V0400Mon.exe"="C:\WINDOWS\V0400Mon.exe" [2007-06-03 18:01]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-02-23 20:10]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []

C:\Documents and Settings\Habil\Start Menu\Programs\Startup\
Screen Clipper and Launcher til OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
S3 VF0400Afx;VF0400 Audio FX;C:\WINDOWS\system32\Drivers\V0400Afx.sys
S3 VF0400Vfx;VF0400 Video FX;C:\WINDOWS\system32\DRIVERS\V0400VFx.sys
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);C:\WINDOWS\system32\DRIVERS\V0400Vid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84f2648c-3eb7-11dc-9b70-0014a470194e}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91204ebc-4390-11dc-9b7a-000ae4f16b4f}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94eab7da-3f4a-11dc-9b73-e0e2028ac25e}]
\Shell\AutoRun\command - G:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 22:58:01 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 00:24:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLBXCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-01  0:25:25
C:\ComboFix2.txt ... 2007-11-29 23:46
C:\ComboFix3.txt ... 2007-11-29 21:45
.
    --- E O F ---
Avatar billede Computer Hjælp (Gratis) Mester
02. december 2007 - 12:14 #3
Sorry delay ...

Umiddelbart ikke noget opsigtvækkende...
Mest lidt 'oprydning' ...

------------------------------------------------------------------------

Hvad har du brugt denne til -> C:\Program Files\uTorrent ???
Du bør afinstall + slette mappen C:\Program Files\uTorrent !!!

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: (no name) - {274a2a5d-b92d-4dfa-abf7-256d1c3f887f} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {274a2a5d-b92d-4dfa-abf7-256d1c3f887f} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: (no name) - {274a2a5d-b92d-4dfa-abf7-256d1c3f887f} - (no file)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

Genstart normalt...

------------------------------------------------------------------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

------------------------------------------------------------------------
Avatar billede Computer Hjælp (Gratis) Mester
08. december 2007 - 02:15 #4
???
Avatar billede logitech33 Nybegynder
19. december 2007 - 18:00 #5
sorry, jeg valgt bare at formatere skidtet i sted. du skal naturligvis have point for den tid du brugte, smid et svar
Avatar billede Computer Hjælp (Gratis) Mester
19. december 2007 - 23:03 #6
Ping...
(Det var et [svar]...)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:59 2 skærme til en stationær computer Af BIRGER i Skærme
I går 19:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
25/0117:08 Problemer med borger.dk Af valby i Windows
25/0114:19 Fejl Af buls i Windows
White papers
Flere white papers »