CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede nokia6280 Nybegynder
11. januar 2008 - 11:01 Der er 2 kommentarer og
1 løsning

Langsom PC

Jeg har kørt "1123"
Superantispyware, CCleaner, Hijackthis, Rootchk og combifix
og her div. log filer :
Superantispyware logfil kan jeg ikke finde, heller ikke når jeg følger fromsej's manual.

Håber der er en der kan hjælpe
På forhånd tak.

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:55 AM, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programmer\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\TrayIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\DU meter\DUMeter.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Internet Download Manager\IDMan.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programmer\Internet Download Manager\IEMonitor.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Trend Micro\HijackThis\Alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tdconline.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tdconline.dk/start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programmer\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\Programmer\PopupPopper\PopLib.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmer\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU meter\DUMeter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Programmer\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows Sound Manager] SndMon32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows Sound Manager] SndMon32.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\Programmer\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Programmer\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Programmer\HiDownload\HDGet.htm
O8 - Extra context menu item: Download with IDM - C:\Programmer\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SABWinLogon - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10443 bytes

Rootkits:

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
Fri 11/01/2008 10:13:56.04

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 10:13:57
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:4d,90,82,d9,69,67,1e,b0,76,69,8a,6c,07,b1,5f,cd,5c,02,15,90,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,30,15,2c,53,31,fe,87,a8,f8,4b,e9,19,a4,22,22,f8,a6,..
"khjeh"=hex:f1,35,fa,35,45,a2,8f,68,8e,77,f7,f7,1a,57,30,1e,64,2a,9a,cf,4c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cc,0c,85,36,a9,34,66,dd,35,02,74,f3,e6,de,fe,4e,c7,cc,b6,7a,b9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:db50f9e2
"s1"=dword:23ac05d0
"s2"=dword:0cd5ed23
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:88,7c,d1,25,43,99,9d,07,27,3e,d9,c4,9c,8c,05,26,67,52,17,11,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:88,7c,d1,25,43,99,9d,07,27,3e,d9,c4,9c,8c,05,26,67,52,17,11,7a,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

Combofix :

ComboFix 08-01-10.2 - Allan Bryld 2008-01-11 10:19:15.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.45.1030.18.494 [GMT 1:00]
Running from: D:\Dokumenter\Downloads\Programs\Sik\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\4_exception.nls

.
(((((((((((((((((((((((((  Files Created from 2007-12-11 to 2008-01-11  )))))))))))))))))))))))))))))))
.

2008-01-11 10:16 . 2000-08-31 08:00    51,200    --a------    C:\WINDOWS\NirCmd.exe
2008-01-09 19:55 . 2008-01-09 19:55    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-01-09 19:55 . 2008-01-09 19:55    1,409    --a------    C:\WINDOWS\QTFont.for
2008-01-05 21:52 . 2008-01-05 21:52    <DIR>    d--------    C:\WINDOWS\system32\RMBin
2008-01-05 21:52 . 2008-01-05 21:55    <DIR>    d--------    C:\Programmer\A-one Video Joiner
2008-01-05 21:52 . 2005-05-25 15:24    764,416    --a------    C:\WINDOWS\system32\NCTRMFile.dll
2008-01-05 21:52 . 2006-03-28 22:35    475,136    --a------    C:\WINDOWS\system32\SkinCrafter.dll
2008-01-05 21:52 . 2005-11-25 21:46    421,888    --a------    C:\WINDOWS\system32\RealMediaSplitter.ax
2008-01-05 21:52 . 2007-03-09 07:35    208,896    --a------    C:\WINDOWS\system32\VideoEdit.ocx
2008-01-05 21:52 . 2005-01-25 17:12    201,216    --a------    C:\WINDOWS\system32\NCTVideoPlayer.dll
2008-01-05 21:52 . 2007-03-09 07:37    147,456    --a------    C:\WINDOWS\system32\viscomqtenc.dll
2008-01-05 21:52 . 2007-03-09 07:37    139,264    --a------    C:\WINDOWS\system32\viscomqtde.dll
2008-01-05 21:52 . 2007-03-09 07:36    81,920    --a------    C:\WINDOWS\system32\viscomwave.dll
2007-12-30 18:54 . 2007-12-12 16:03    17,100,800    --a------    C:\WINDOWS\system32\Santa's Home 3D Screensaver.scr
2007-12-30 18:50 . 2007-12-30 18:50    <DIR>    d--------    C:\Documents and Settings\Allan Bryld\Application Data\Astro Gemini Software
2007-12-30 18:50 . 2007-12-12 16:33    10,387,456    --a------    C:\WINDOWS\system32\Winter 3D Screensaver.scr
2007-12-21 20:14 . 2007-12-21 20:14    <DIR>    d--------    C:\Programmer\ZoneAlarmSB
2007-12-16 18:26 . 2007-12-16 18:28    <DIR>    d--------    C:\Programmer\Windows Live Safety Center

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 09:27    1,980,448    --sha-w    C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-11 09:06    ---------    d-----w    C:\Documents and Settings\Allan Bryld\Application Data\DMCache
2008-01-11 07:45    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2008-01-11 07:39    23,876    --sha-w    C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-11 07:35    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 21:23    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-01-04 18:48    ---------    d-----w    C:\Programmer\SuperAdBlocker.com
2007-12-30 17:54    ---------    d-----w    C:\Programmer\Astro Gemini Software
2007-12-28 15:56    ---------    d-----w    C:\Programmer\SpywareBlaster
2007-12-24 16:11    ---------    d-----w    C:\Programmer\Warcraft III
2007-12-24 12:36    ---------    d-----w    C:\Programmer\SpywareGuard
2007-12-21 19:06    ---------    d-----w    C:\Programmer\Spil
2007-12-17 17:38    ---------    d-----w    C:\Programmer\1Click DVD Copy 4.2
2007-12-17 17:37    ---------    d-----w    C:\Documents and Settings\Allan Bryld\Application Data\CopyToDvd
2007-12-11 13:56    ---------    d-----w    C:\Documents and Settings\Allan Bryld\Application Data\Skype
2007-12-10 06:56    ---------    d-----w    C:\Programmer\EA GAMES
2007-12-09 14:15    ---------    d-----w    C:\Programmer\Elaborate Bytes
2007-12-08 13:39    ---------    d-----w    C:\Documents and Settings\Allan Bryld\Application Data\Vso
2007-12-08 13:37    ---------    d-----w    C:\Programmer\Plato DVD Copy
2007-12-08 13:35    81,920    ----a-w    C:\Documents and Settings\Allan Bryld\Application Data\ezpinst.exe
2007-12-08 13:35    47,360    ----a-w    C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-08 13:35    47,360    ----a-w    C:\Documents and Settings\Allan Bryld\Application Data\pcouffin.sys
2007-12-04 14:56    93,264    ----a-w    C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55    94,544    ----a-w    C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53    23,152    ----a-w    C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51    42,912    ----a-w    C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49    26,624    ----a-w    C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04    837,496    ----a-w    C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54    95,608    ----a-w    C:\WINDOWS\system32\AVASTSS.scr
2007-11-14 15:05    75,248    ----a-w    C:\WINDOWS\zllsputility.exe
2007-11-14 15:05    1,086,952    ----a-w    C:\WINDOWS\system32\zpeng24.dll
2007-11-13 18:37    ---------    d-----w    C:\Documents and Settings\Allan Bryld\Application Data\Sony Corporation
2007-11-13 18:27    ---------    d-----w    C:\Programmer\Sony
2007-11-13 18:26    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-11-13 17:31    ---------    d-----w    C:\Programmer\Wondershare
2007-11-13 10:25    20,480    ----a-w    C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 18:04    ---------    d-----w    C:\Programmer\CD Label Designer
2007-11-07 09:28    723,456    ----a-w    C:\WINDOWS\system32\lsasrv.dll
2007-11-06 16:46    106,496    ----a-w    C:\WINDOWS\system32\Astro Gemini Screensaver Manager.scr
2007-10-29 22:44    1,291,776    ----a-w    C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28    222,720    ----a-w    C:\WINDOWS\system32\wmasf.dll
2007-10-18 18:59    3,043,273    ----a-w    C:\WINDOWS\Internet Logs\tvDebug.zip
2007-09-13 15:45    92,064    ----a-w    C:\Documents and Settings\Allan Bryld\mqdmmdm.sys
2007-09-13 15:45    9,232    ----a-w    C:\Documents and Settings\Allan Bryld\mqdmmdfl.sys
2007-09-13 15:45    79,328    ----a-w    C:\Documents and Settings\Allan Bryld\mqdmserd.sys
2007-09-13 15:45    66,656    ----a-w    C:\Documents and Settings\Allan Bryld\mqdmbus.sys
2007-09-13 15:45    6,208    ----a-w    C:\Documents and Settings\Allan Bryld\mqdmcmnt.sys
2007-09-13 15:45    5,936    ----a-w    C:\Documents and Settings\Allan Bryld\mqdmwhnt.sys
2007-09-13 15:45    4,048    ----a-w    C:\Documents and Settings\Allan Bryld\mqdmcr.sys
2007-09-13 15:45    25,600    ----a-w    C:\Documents and Settings\Allan Bryld\usbsermptxp.sys
2007-09-13 15:45    22,768    ----a-w    C:\Documents and Settings\Allan Bryld\usbsermpt.sys
2005-02-06 17:26    5,303,775    ----a-w    C:\Programmer\Galtensparekasse.exe
2000-01-27 08:13    2,334,208    ----a-w    C:\Programmer\AcroRd32.exe
.
[code]<pre>
----a-w          812,344 2007-09-25 18:08:18  C:\Documents and Settings\Allan Bryld\Skrivebord\Allan\HI Jack this\hijackthis ny\Allan .exe
</pre>[/code]


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B4B3001E-0F56-4E51-8250-BDE11547EC55}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-27 15:39 1318912]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53 15360]
"IDMan"="C:\Programmer\Internet Download Manager\IDMan.exe" [2007-01-20 09:48 886016]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 14:10 405583]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-06-15 16:20 6803456]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-06-15 16:20 86016]
"DisplayTrayIcon"="C:\WINDOWS\System32\TrayIcon.exe" [2001-10-17 14:27 147456]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"DU Meter"="C:\Programmer\DU meter\DUMeter.exe" [2005-02-01 19:28 1469952]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 17:20 866584]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"ZoneAlarm Client"="C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 01:53 15360]
"Windows Sound Manager"="SndMon32.exe" []
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 13:57 68856]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Sound Manager"="SndMon32.exe" []

C:\Documents and Settings\Allan Bryld\Menuen Start\Programmer\Start\
Picture Motion Browser Media Check Tool.lnk - C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-13 19:27:26]
SpywareGuard.lnk - C:\Programmer\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-20 22:09 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2007-01-20 09:43 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-08-23 14:44 176128 C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL 2007-04-29 07:43 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

R1 SABKUTIL;SABKUTIL;C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-03-08 16:52]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 09:50]
S1 SABDIFSV;SABDIFSV;C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 10:17]
S3 idrmkl;idrmkl;C:\DOCUME~1\ALLANB~1\LOKALE~1\Temp\idrmkl.sys []
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-12-10 11:53]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 09:07:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 10:27:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 10:28:51
ComboFix-quarantined-files.txt  2008-01-11 09:28:46
.
2008-01-09 19:09:01    --- E O F ---
Avatar billede Computer Hjælp (Gratis) Mester
12. januar 2008 - 14:49 #1
... ikke umiddelbart noget at gi' af ifølge loggen...

http://www.spywarefri.dk/tipsogtricks.htm#langsom ???

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller nej til den.
Avatar billede nokia6280 Nybegynder
13. januar 2008 - 12:35 #2
Jeg har kørt ccleaner.Jeg prøver nogle af de andre tips de lyder ok.

Tak for hjælpen.

Smider du lige et svar. :-)
Avatar billede Computer Hjælp (Gratis) Mester
13. januar 2008 - 17:28 #3
Ping...
(Det var et [svar]...)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:17 Prosonic Af Biavleren i PC
I går 13:17 Canon MF631c Af bsn i Printere
I går 00:58 Nokia software recovery tool Af xMsBx i Andet software
05/0810:10 Klik Event i MS Project Af per2edb i Visual Basic
04/0813:17 Indsæt billede i celle ud fra en data kilde Af lurup i Excel
White papers
Flere white papers »


Premium
Teaser billede
Dell har sagt farvel til mere end hver femte danske medarbejder på et år
Læs mere »
Næstkommanderende i DSV's kæmpe it-afdeling siger farvel og tak: Skifter til topstilling i dansk transport-kæmpe
Her er prisen for et databrud: Langt dyrere i USA end i resten af verden
FE’s pludselige lukning af it-overvågningsnetværk lander nu på regeringens bord
Se alle »
Computerworld
Teaser billede
I næste uge kan det være slut med MitID for tusindvis af danskere: Kan din telefon håndtere den nye opdatering?
Læs mere »
Forsvarets Efterretningstjeneste lukker sit store overvågningsnetværk: Er for farligt
Test: Whiteboardet er tilbage i ny digital indpakning – og det er ret smart
George Lucas løfter sløret for sit næste store projekt
Se alle »
CIO
Teaser billede
Microsoft bekræfter: Afbrød energi-gigants adgang til skyen - vil ikke svare på helt centrale spørgsmål
Læs mere »
Her er de 10 mest fremadstormende ERP-leverandører lige nu
Det danske smykkefirma Pandora ramt af hackerangreb: Læs firmaets besked til kunderne her
Næstkommanderende i DSV's kæmpe it-afdeling siger farvel og tak: Skifter til topstilling i dansk transport-kæmpe
Se alle »
Job & Karriere
Teaser billede
Danske it-folk tør ikke længere skifte job hele tiden - og det er der en særlig årsag til
Læs mere »
Itm8 fyrer: Opsiger ansatte og reorganiserer
Lille dansk it-virksomhed fra Vanløse lander drømmekontrakt, der rækker langt ind i stifterens pension
Larry Ellison er blevet 165 milliarder kroner rigere på få timer: Er nu pludselig verdens næstrigeste mand
Se alle »
White paper
Teaser billede
Sådan samler du virtualisering og containerdrift i én løsning
Læs mere »
IT i front: Sådan bliver netværk en strategisk driver
NIS2: Sådan styrker du både cybersikkerhed og compliance
Revolutionér kundeoplevelsen med AI og automatisering
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »