Notifikationer

Markér alle som læst Log ud

cykleren Nybegynder

05. januar 2008 - 14:15 Der er 4 kommentarer og
1 løsning

hijack-log

Hvem kan hjælpe med at se en log fil igennem og kommentere den?

Synes godt om

fromsej Praktikant

05. januar 2008 - 14:24 #1

Det kan jeg bl.a.
Følg vejledningen i denne artikel:
http://www.eksperten.dk/artikler/1123

Synes godt om

cykleren Nybegynder

05. januar 2008 - 16:31 #2

hej Fromsej, så er anvisningerne fulgt, og her er resultatnerne:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:37, on 05-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\DDC\LevelOne_USB_802.11g_Utility\LevelOneWlan.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\Bent\Skrivebord\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?hl=da
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Siemens SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: LevelOne 11g Wireless USB.lnk = C:\Programmer\DDC\LevelOne_USB_802.11g_Utility\LevelOneWlan.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe

--
End of file - 7665 bytes

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/05/2008 at 04:04 PM

Application Version : 3.7.1018

Core Rules Database Version : 3374
Trace Rules Database Version: 1369

Scan type : Complete Scan
Total Scan Time : 00:44:29

Memory items scanned : 160
Memory threats detected : 0
Registry items scanned : 4618
Registry threats detected : 0
File items scanned : 29302
File threats detected : 20

Adware.Tracking Cookie
C:\Documents and Settings\Bent\Cookies\bent@adtech[1].txt
C:\Documents and Settings\Bent\Cookies\bent@www.googleadservices[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@ad.yieldmanager[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@ad1.emediate[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@adfair[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@ads.tibaco[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@adserver.adremedy[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@advertising[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@atdmt[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@e2.emediate[2].txt
C:\Documents and Settings\Heidi\Cookies\heidi@eas.apm.emediate[2].txt
C:\Documents and Settings\Heidi\Cookies\heidi@edsa.122.2o7[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@fastclick[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@ilead.itrack[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@playnetwork.112.2o7[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@questionmarket[2].txt
C:\Documents and Settings\Heidi\Cookies\heidi@statse.webtrendslive[1].txt
C:\Documents and Settings\Heidi\Cookies\heidi@track.adform[2].txt
C:\Documents and Settings\Heidi\Cookies\heidi@tradedoubler[2].txt
C:\Documents and Settings\Heidi\Cookies\heidi@zedo[1].txt

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
05-01-2008 16:17:49,29

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 16:17:50
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

ComboFix 08-01-04.1 - Bent 2008-01-05 16:21:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.489 [GMT 1:00]
Running from: C:\Documents and Settings\Bent\Skrivebord\hijack\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_install.exe blev ikke fundet.

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 16:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 15:12 . 2008-01-05 15:12 <DIR> d-------- C:\Documents and Settings\Bent\Application Data\SUPERAntiSpyware.com
2008-01-05 15:11 . 2008-01-05 15:11 <DIR> d-------- C:\Programmer\Fælles filer\Wise Installation Wizard
2008-01-05 15:08 . 2008-01-05 15:08 <DIR> d-------- C:\Programmer\CCleaner
2008-01-05 13:33 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-01-05 13:09 . 2001-08-17 21:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-01-05 13:09 . 2001-08-17 21:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-01-05 13:09 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-01-05 13:09 . 2001-10-04 17:07 54,272 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-01-05 13:09 . 2001-08-17 20:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2008-01-05 13:09 . 2001-10-04 16:36 35,402 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-01-05 13:09 . 2004-08-03 22:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2008-01-05 13:09 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-01-05 13:07 . 2001-10-04 17:07 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-05 13:06 . 2001-10-04 16:28 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-05 13:05 . 2001-10-04 17:07 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-01-05 13:04 . 2001-10-04 17:07 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-01-05 13:03 . 2001-08-17 21:51 23,936 --a--c--- C:\WINDOWS\system32\dllcache\sccmusbm.sys
2008-01-05 13:03 . 2001-10-04 16:50 17,536 --a--c--- C:\WINDOWS\system32\dllcache\scr111.sys
2008-01-05 13:03 . 2001-10-04 16:50 16,640 --a--c--- C:\WINDOWS\system32\dllcache\scmstcs.sys
2008-01-05 13:03 . 2001-08-17 21:52 11,648 --a--c--- C:\WINDOWS\system32\dllcache\scsiprnt.sys
2008-01-05 13:03 . 2001-08-17 21:53 10,880 --a--c--- C:\WINDOWS\system32\dllcache\scsiscan.sys
2008-01-05 13:03 . 2001-08-17 21:53 6,912 --a--c--- C:\WINDOWS\system32\dllcache\seaddsmc.sys
2008-01-05 13:01 . 2001-10-04 16:47 899,274 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-05 13:01 . 2001-10-04 16:47 714,858 --a--c--- C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
2008-01-05 13:01 . 2001-08-17 21:52 49,024 --a--c--- C:\WINDOWS\system32\dllcache\ql1280.sys
2008-01-05 13:01 . 2001-08-17 21:52 45,312 --a--c--- C:\WINDOWS\system32\dllcache\ql12160.sys
2008-01-05 13:01 . 2001-10-04 17:07 41,472 --a--c--- C:\WINDOWS\system32\dllcache\qvusd.dll
2008-01-05 13:01 . 2001-08-17 21:52 40,448 --a--c--- C:\WINDOWS\system32\dllcache\ql1240.sys
2008-01-05 13:01 . 2001-08-17 21:52 40,320 --a--c--- C:\WINDOWS\system32\dllcache\ql1080.sys
2008-01-05 13:01 . 2001-08-17 21:52 33,152 --a--c--- C:\WINDOWS\system32\dllcache\ql10wnt.sys
2008-01-05 13:01 . 2001-08-17 21:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2008-01-05 13:01 . 2004-08-03 23:00 6,016 --a--c--- C:\WINDOWS\system32\dllcache\qic157.sys
2008-01-05 13:01 . 2001-08-17 21:53 3,328 --a--c--- C:\WINDOWS\system32\dllcache\qv2kux.sys
2008-01-05 12:59 . 2001-08-17 22:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-05 12:58 . 2004-08-26 17:49 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-05 12:58 . 2001-08-17 20:20 126,080 --a--c--- C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
2008-01-05 12:58 . 2001-08-17 20:20 87,040 --a--c--- C:\WINDOWS\system32\dllcache\nm6wdm.sys
2008-01-05 12:58 . 2001-10-04 16:40 65,278 --a--c--- C:\WINDOWS\system32\dllcache\netflx3.sys
2008-01-05 12:58 . 2001-10-04 17:07 60,480 --a--c--- C:\WINDOWS\system32\dllcache\neo20xx.dll
2008-01-05 12:58 . 2001-08-17 20:50 39,264 --a--c--- C:\WINDOWS\system32\dllcache\neo20xx.sys
2008-01-05 12:58 . 2001-08-17 20:12 32,840 --a--c--- C:\WINDOWS\system32\dllcache\ngrpci.sys
2008-01-05 12:58 . 2004-08-03 23:00 28,672 --a--c--- C:\WINDOWS\system32\dllcache\nscirda.sys
2008-01-05 12:58 . 2001-10-04 16:41 9,472 --a--c--- C:\WINDOWS\system32\dllcache\ntapm.sys
2008-01-05 12:58 . 2001-08-17 21:53 7,552 --a--c--- C:\WINDOWS\system32\dllcache\nsmmc.sys
2008-01-05 12:56 . 2001-10-04 16:34 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-01-05 12:56 . 2001-10-04 17:07 235,648 --a--c--- C:\WINDOWS\system32\dllcache\mgaud.dll
2008-01-05 12:56 . 2004-08-26 17:53 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-01-05 12:56 . 2004-08-03 23:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-01-05 12:56 . 2001-08-17 22:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-01-05 12:56 . 2004-08-03 23:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-01-05 12:56 . 2001-08-17 21:52 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys
2008-01-05 12:56 . 2001-08-17 21:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-05 12:56 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-01-05 12:56 . 2001-08-17 21:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys
2008-01-05 12:56 . 2001-08-17 21:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-01-05 12:54 . 2001-10-04 17:07 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-01-05 12:53 . 2004-08-26 17:53 153,088 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-01-05 12:53 . 2001-10-04 17:07 90,200 --a--c--- C:\WINDOWS\system32\dllcache\io8ports.dll
2008-01-05 12:53 . 2004-08-03 23:00 87,424 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2008-01-05 12:53 . 2001-08-17 20:12 45,632 --a--c--- C:\WINDOWS\system32\dllcache\ip5515.sys
2008-01-05 12:53 . 2001-08-17 21:50 38,784 --a--c--- C:\WINDOWS\system32\dllcache\io8.sys
2008-01-05 12:53 . 2004-08-26 17:53 27,648 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-01-05 12:53 . 2001-08-17 21:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys
2008-01-05 12:53 . 2004-08-26 17:53 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-01-05 12:53 . 2001-08-17 21:52 16,000 --a--c--- C:\WINDOWS\system32\dllcache\ini910u.sys
2008-01-05 12:53 . 2001-10-04 16:28 13,312 --a--c--- C:\WINDOWS\system32\dllcache\inport.sys
2008-01-05 12:53 . 2004-08-26 17:49 5,504 --a--c--- C:\WINDOWS\system32\dllcache\intelide.sys
2008-01-05 12:51 . 2001-10-04 16:48 907,872 --a--c--- C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-01-05 12:50 . 2001-10-04 17:07 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-05 12:48 . 2001-10-04 17:07 45,568 --a--c--- C:\WINDOWS\system32\dllcache\esunib.dll
2008-01-05 12:48 . 2001-10-04 17:07 45,568 --a--c--- C:\WINDOWS\system32\dllcache\esuni.dll
2008-01-05 12:48 . 2001-10-04 17:07 34,816 --a--c--- C:\WINDOWS\system32\dllcache\esuimg.dll
2008-01-05 12:48 . 2001-08-17 20:12 24,618 --a--c--- C:\WINDOWS\system32\dllcache\fa410nd5.sys
2008-01-05 12:48 . 2001-08-17 20:12 16,998 --a--c--- C:\WINDOWS\system32\dllcache\ex10.sys
2008-01-05 12:48 . 2001-08-17 20:12 16,074 --a--c--- C:\WINDOWS\system32\dllcache\fa312nd5.sys
2008-01-05 12:48 . 2001-08-17 20:11 12,362 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xi.sys
2008-01-05 12:48 . 2001-08-17 20:11 11,850 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xj.sys
2008-01-05 12:48 . 2001-08-17 21:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\exabyte2.sys
2008-01-05 12:46 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-05 12:45 . 2001-10-04 17:07 256,512 --a--c--- C:\WINDOWS\system32\dllcache\devcon32.dll
2008-01-05 12:44 . 2001-10-04 16:34 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-01-05 12:43 . 2001-08-17 22:05 314,752 --a--c--- C:\WINDOWS\system32\dllcache\camdro21.sys
2008-01-05 12:42 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-04 17:30 . 2001-10-04 17:07 87,552 --a--c--- C:\WINDOWS\system32\dllcache\avmcoxp.dll
2008-01-04 17:30 . 2004-08-03 23:10 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2008-01-04 17:30 . 2001-08-17 22:01 36,096 --a--c--- C:\WINDOWS\system32\dllcache\avcaudio.sys
2008-01-04 17:30 . 2001-08-17 20:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\ativxbar.sys
2008-01-04 17:30 . 2001-08-17 20:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\atixbar.sys
2008-01-04 17:30 . 2001-08-17 20:49 19,456 --a--c--- C:\WINDOWS\system32\dllcache\ativttxx.sys
2008-01-04 17:30 . 2004-08-03 23:10 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys
2008-01-04 17:28 . 2001-10-04 17:07 24,576 --a--c--- C:\WINDOWS\system32\dllcache\agcgauge.ax
2008-01-04 17:20 . 2001-10-04 17:07 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-04 15:51 . 2008-01-04 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-02 17:30 . 2008-01-02 17:30 <DIR> d-------- C:\fsaua.data
2007-12-25 14:16 . 2008-01-04 13:26 <DIR> d-------- C:\iTunes
2007-12-25 14:06 . 2008-01-05 16:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 14:06 . 2007-12-25 14:06 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 14:05 . 2007-12-25 14:05 <DIR> d-------- C:\Programmer\iPod
2007-12-25 14:05 . 2007-12-25 14:05 <DIR> d-------- C:\Documents and Settings\Bent\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 14:19 --------- d-----w C:\Programmer\SUPERAntiSpyware
2008-01-02 12:22 --------- d-----w C:\Programmer\PacketVideo
2007-12-26 23:25 --------- d-----w C:\Documents and Settings\Bent\Application Data\MSN6
2007-12-24 14:37 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-12-16 18:31 --------- d-----w C:\Programmer\Lexmark X1100 Series
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-26 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:44 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-12-30 13:27 25,754,672 -c--a-w C:\Programmer\wmp11-windowsxp-x86-DA-DK.exe
2006-12-30 08:45 805,947 -c--a-w C:\Programmer\spampal-1.594.exe
2006-12-30 08:36 5,585,184 -c--a-w C:\Programmer\SUPERAntiSpyware1241.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53 15360]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 06:42 401491]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-07-16 15:50 55296 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"IE Privacy Keeper"="C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-12-03 14:52 1015808]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"Siemens SmartSync - ScheduleSync"="C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2005-03-16 10:15 45056]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 17:53 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
LevelOne 11g Wireless USB.lnk - C:\Programmer\DDC\LevelOne_USB_802.11g_Utility\LevelOneWlan.exe [2006-12-29 12:37:53]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]
R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 04:42]
R2 LogWatch;Event Log Watch;C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 17:29]
R3 ZD1211U(Digital Data Communication);LevelOne WNC-0301USB 11g Wireless USB Adapter(Digital Data Communication);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-12-22 20:05]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\system32\drivers\ASUSHWIO.sys []
S3 CA_LIC_CLNT;CA License Client;C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 17:27]
S3 CA_LIC_SRVR;CA License Server;C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 17:41]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 13:54]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 13:02:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 16:24:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 16:25:33
.
2008-01-05 12:50:34 --- E O F ---

Synes godt om

fromsej Praktikant

05. januar 2008 - 20:37 #3

Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

---------------------------------------
Genstart.

Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Upload denne fil hos Jotti eller Virustotal:
C:\WINDOWS\000001_.tmp
http://virusscan.jotti.org/ http://www.virustotal.com/
Fortæl resultatet.

Synes godt om

cykleren Nybegynder

06. januar 2008 - 12:18 #4

Hej fromsej. Nu er alle opgave udført. resultatet af scanning hos virustotal var: 0.

Hvis der ikke er mere der skal gøres, så smid lige et svar så jeg kan give dig point. og mange tak for hjælpen

Synes godt om

fromsej Praktikant

06. januar 2008 - 13:00 #5

Der skulle ikke være mere. :-)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Windows kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Bitlocker fordele-ulemper, samt nulstille PC Af Uvanga i Windows	8	21/05/202611:03	21/05/202614:44
Bitlocker Af Chevy396 i Windows	7	20/05/202609:01	20/05/202617:48
Vælg indstilling - blå skærm med med flere muligheder for fejlretning Af Uvanga i Windows	11	15/05/202611:50	16/05/202620:52
Mærkeligt ikon på proceslinjen Af ErikHg i Windows	1	11/05/202618:27	11/05/202620:12
slet windows Af jajoh i Windows	2	10/05/202610:08	10/05/202611:05

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

22/05

Sådan får du din egen AI-maskine til rimelige penge

22/05

Thorborg dropper omstridt AI-funktion: "Jeg skal ikke nyde noget af, at de kommer på besøg igen"

22/05

Nørgaard: Først gik Nets ned, så gik EU i stå, og nu må hobbyavlere ikke engang lave vin i fred

22/05

Finanstilsynet kræver svar fra Nets: Nedbrud for anden gang på blot ti måneder

22/05

AI-topchefer var på vej til Det Hvide Hus, men efter telefonsamtaler med Musk og Zuckerberg skiftede Trump pludselig holdning

22/05

Salget af Lenovo-pc'er eksploderer: Kunder køber ind med arme og ben af frygt for stigende priser

22/05

Sci-fi: Brutal bogserie om overmagt og underkastelse

22/05

USA pumper milliarder i kvantekapløbet - IBM er den store vinder

22/05

Myndighed stopper AI-satsning fra Thorborg: Dinero trækker AI-assistent tilbage

22/05

Computerworld går helt tæt på kampen om ERP og CRM: Sådan påvirker AI de vigtigste systemer, som du har

22/05

Rapport fra dansk tænketank: Vibe-coding har en overraskende - amerikansk - skjult slagside

Vis flere artikler

IT-JOB

Fonden DBK

Vi søger en .NET/C#-udvikler til at supplere vores i forvejen stærke team

Politiets Efterretningstjeneste

Bliv applikationsspecialist i PET og få et arbejde med et højere formål

Danoffice IT

Infrastructure Specialist

Statens IT

Koordinator til Statens Its sikkerhedssøjle

Digitaliseringsstyrelsen

Vær med til at implementere EU’s digitale identitetstegnebog i Danmark

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 14:56	Udseende af datoer Af ErikHg i Excel
23/0509:37	hvilken AI synes I er bedst? Af jcr18 i Andre onlineløsninger
22/0518:51	Pausepil på youtube i chrome Af valby i Browsere
22/0511:42	Mail med endelsen ".lat" Af ErikHg i E-mail
21/0511:48	Nyåbnede sider flimrer på Android tablet, hvorfor Af annam i Andet software

White papers

Arctic Wolf Threat Report 2026: Sådan ændrer ransomware-landskabet sig
Arctic Wolf
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
E-fakturering bliver et krav – er din forretning klar?
Tabellae
Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta

Flere white papers »