Søg
Avatar billede targa55 Praktikant
22. juni 2008 - 15:49 Der er 3 kommentarer og
1 løsning

Check af HJT. mv.

Har ingen problemer, men vil bare ta` et check.
Avatar billede levich Nybegynder
22. juni 2008 - 19:09 #1
Følg vejledningen her: http://www.eksperten.dk/artikler/1123
Bagefter send loggen fra SuperAntiSpyware, Combofix og hijackthis herind.
Avatar billede targa55 Praktikant
22. juni 2008 - 19:21 #2
De 3 logs, kom ikke med første gana, men her er de.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/22/2008 at 03:10 PM

Application Version : 4.0.1154

Core Rules Database Version : 3487
Trace Rules Database Version: 1478

Scan type      : Complete Scan
Total Scan Time : 01:18:16

Memory items scanned      : 408
Memory threats detected  : 0
Registry items scanned    : 6564
Registry threats detected : 0
File items scanned        : 32419
File threats detected    : 0




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:54, on 22-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\StartupMonitor.exe
C:\Programmer\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Programmer\FreeNote\FreeNote.exe
C:\Programmer\Vista Start Menu\VistaStartMenu.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\H. Sørensen\Skrivebord\HS\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - :C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - :C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmer\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Cmaudio] :RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] :C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UnlockerAssistant] :"C:\Programmer\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] :C:\Programmer\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] :"C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] :"C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] :"C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Programmer\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Programmer\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [FreeNote] C:\Programmer\FreeNote\FreeNote.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Programmer\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ~Disabled
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmer\Fælles filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programmer\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www3.king.com/ctl/kingcomie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193903578211
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmer\CDBurnerXP\NMSAccessU.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Beskyttelse mod spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9022 bytes





ComboFix 08-06-20.4 - H. Sørensen 2008-06-22 15:24:43.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.182 [GMT 2:00]
Running from: C:\Documents and Settings\H. Sørensen\Skrivebord\HS\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-05-22 to 2008-06-22  )))))))))))))))))))))))))))))))
.

2008-06-22 13:48 . 2008-06-22 13:48    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-22 13:47 . 2008-06-22 13:47    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-06-22 13:47 . 2008-06-22 13:47    <DIR>    d--------    C:\Documents and Settings\H. Sørensen\Application Data\SUPERAntiSpyware.com
2008-06-20 03:48 . 2008-06-20 03:48    <DIR>    d--------    C:\Documents and Settings\H. Sørensen\Application Data\vlc
2008-06-18 23:39 . 2008-06-22 01:09    <DIR>    d--------    C:\Programmer\CDBurnerXP
2008-06-18 17:53 . 2008-06-18 17:53    <DIR>    d--------    C:\Programmer\iTunes
2008-06-18 17:53 . 2008-06-18 17:53    <DIR>    d--------    C:\Programmer\iPod
2008-06-18 17:50 . 2008-06-18 17:50    <DIR>    d--------    C:\Programmer\filehippo.com
2008-06-18 17:47 . 2008-06-18 17:47    <DIR>    d--------    C:\Programmer\QuickTime
2008-06-18 17:44 . 2008-06-18 17:44    <DIR>    d--------    C:\Programmer\Apple Software Update
2008-06-17 20:37 . 2008-06-17 20:37    <DIR>    d--------    C:\Documents and Settings\H. Sørensen\Application Data\Leadertech
2008-06-17 19:03 . 2008-06-17 20:42    <DIR>    d--------    C:\Documents and Settings\H. Sørensen\Application Data\Sonic
2008-06-17 19:02 . 2008-06-17 19:03    138    --a------    C:\WINDOWS\wininit.ini
2008-06-17 18:57 . 2008-06-17 18:57    <DIR>    d--------    C:\WINDOWS\system32\Fonts
2008-06-17 18:57 . 2003-03-21 12:34    9,856    --a------    C:\WINDOWS\system32\drivers\pfc.sys
2008-06-12 00:20 . 2008-06-12 00:20    <DIR>    d--------    C:\Documents and Settings\H. Sørensen\Application Data\FinalBurner .ISO
2008-06-11 23:18 . 2008-06-11 23:22    <DIR>    d--------    C:\Documents and Settings\H. Sørensen\Application Data\Desktopicon
2008-06-11 22:49 . 2008-06-21 03:17    <DIR>    d--------    C:\Documents and Settings\H. Sørensen\Application Data\Vista Start Menu
2008-06-10 23:28 . 2008-06-14 19:35    272,256    -----c---    C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 23:28 . 2008-05-08 16:02    203,136    -----c---    C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 21:11 . 2008-06-10 21:11    <DIR>    d--------    C:\Programmer\VS Revo Group
2008-06-05 22:37 . 2008-06-05 22:37    <DIR>    d--------    C:\Programmer\FreeNote
2008-06-05 17:23 . 2008-06-05 17:23    244    --ah-----    C:\sqmnoopt12.sqm
2008-06-05 17:23 . 2008-06-05 17:23    232    --ah-----    C:\sqmdata12.sqm
2008-06-05 16:40 . 2008-06-12 02:59    <DIR>    d--------    C:\Programmer\A.F.5 Rename your files 1.1
2008-06-04 01:14 . 2008-06-04 01:14    71    --a------    C:\WINDOWS\pex.INI
2008-06-04 01:11 . 2008-06-04 01:14    <DIR>    d--------    C:\Documents and Settings\H. Sørensen\Application Data\Ulead Systems
2008-06-03 18:14 . 2008-06-22 13:47    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-05-27 10:50 . 2008-05-27 10:50    90,112    --a------    C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50    57,344    --a------    C:\WINDOWS\system32\QuickTime.qts

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 23:45    16,248    ----a-w    C:\Documents and Settings\H. Sørensen\Application Data\wklnhst.dat
2008-06-21 23:09    ---------    d-----w    C:\Programmer\Windows Media Connect 2
2008-06-21 23:09    ---------    d-----w    C:\Programmer\Vista Start Menu
2008-06-21 23:09    ---------    d-----w    C:\Programmer\Picture It! Premium 10
2008-06-21 23:09    ---------    d-----w    C:\Programmer\FinalBurner
2008-06-18 15:19    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-06-18 15:15    ---------    d-----w    C:\Documents and Settings\H. Sørensen\Application Data\Skype
2008-06-18 15:03    ---------    d-----w    C:\Programmer\Paint.NET
2008-06-17 17:01    ---------    d-----w    C:\Documents and Settings\H. Sørensen\Application Data\ArcSoft
2008-06-17 16:58    ---------    d-----w    C:\Programmer\ArcSoft
2008-06-14 17:35    272,256    ------w    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 22:31    ---------    d-----w    C:\Programmer\Unlocker
2008-06-04 21:42    ---------    d-----w    C:\Programmer\Java
2008-06-03 16:16    15,648    ----a-w    C:\WINDOWS\system32\drivers\NSDriver.sys
2008-06-03 16:16    15,648    ----a-w    C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-06-03 16:16    12,960    ----a-w    C:\WINDOWS\system32\drivers\AWRTPD.sys
2008-06-03 16:14    ---------    d-----w    C:\Programmer\Lavasoft
2008-06-03 16:14    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 16:00    ---------    d-----w    C:\Programmer\IrfanView
2008-05-18 19:52    ---------    d-----w    C:\Programmer\Google
2008-05-16 09:58    12,632    ----a-w    C:\WINDOWS\system32\lsdelete.exe
2008-05-08 14:02    203,136    ----a-w    C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:11    1,292,288    ----a-w    C:\WINDOWS\system32\quartz.dll
2008-05-02 14:22    205,328    ----a-w    C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-05-02 14:21    36,368    ----a-w    C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-05-02 14:18    ---------    d-----w    C:\Documents and Settings\H. Sørensen\Application Data\FinalBurner DATA
2008-05-02 14:17    1,169,240    ----a-w    C:\WINDOWS\system32\drivers\vsapint.sys
2008-05-02 12:19    ---------    d-----w    C:\Programmer\Glocalnet
2008-05-01 22:01    ---------    d-----w    C:\Documents and Settings\H. Sørensen\Application Data\dvdcss
2008-05-01 19:24    ---------    d-----w    C:\Documents and Settings\H. Sørensen\Application Data\Glocalnet
2008-04-21 06:44    667,648    ----a-w    C:\WINDOWS\system32\wininet.dll
2008-04-14 16:20    1,804    ----a-w    C:\WINDOWS\system32\dcache.bin
2008-04-14 16:09    331,264    ----a-w    C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:05    998,400    ----a-w    C:\WINDOWS\system32\msgina.dll
2008-04-14 16:04    811,064    ----a-w    C:\WINDOWS\system32\imjp81k.dll
2008-04-14 16:03    9,344    ----a-w    C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:03    7,168    ----a-w    C:\WINDOWS\system32\f3ahvoas.dll
2008-04-14 16:03    539,648    ----a-w    C:\WINDOWS\system32\comuid.dll
2008-04-14 16:03    3,072    ----a-w    C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:03    3,072    ----a-w    C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:03    285,696    ----a-w    C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:03    16,896    ----a-w    C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:45    2,191,616    ----a-w    C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:44    4,096    ----a-w    C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:44    2,068,480    ----a-w    C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:42    83,456    ----a-w    C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:42    77,824    ------w    C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:40    559,104    ----a-w    C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:40    49,152    ----a-w    C:\WINDOWS\system32\inetres.dll
2008-04-14 15:38    9,728    ----a-w    C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:38    1,845,632    ----a-w    C:\WINDOWS\system32\win32k.sys
2008-04-14 15:37    65,536    ----a-w    C:\WINDOWS\system32\browselc.dll
2008-04-14 15:36    57,344    ----a-w    C:\WINDOWS\system32\mshtmler.dll
2008-04-14 07:06    11,264    ----a-w    C:\WINDOWS\system32\spnpinst.exe
2008-04-14 07:05    995,328    ----a-w    C:\WINDOWS\system32\setupapi.dll
2008-04-14 07:05    423,936    ----a-w    C:\WINDOWS\system32\licdll.dll
2008-04-13 18:44    17,664    ----a-w    C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43    9,728    ------w    C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43    12,800    ----a-w    C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:40    454,144    ----a-w    C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36    2,935,808    ----a-w    C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35    192,000    ----a-w    C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31    7,424    ----a-w    C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30    61,440    ----a-w    C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37    208,384    ----a-w    C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37    138,752    ----a-w    C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26    12,288    ----a-w    C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26    12,288    ----a-w    C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21    733,696    ----a-w    C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48    1,647,616    ----a-w    C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45    216,064    ----a-w    C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23    48,128    ----a-w    C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39    884,736    ----a-w    C:\WINDOWS\system32\msimsg.dll
2007-11-01 21:49    774,144    ----a-w    C:\Programmer\RngInterstitial.dll
2003-01-13 10:30    278,528    ------w    C:\Programmer\internet explorer\plugins\PanoViewer.dll
1999-04-30 15:00    98,304    ------w    C:\Programmer\internet explorer\plugins\UPjpeg.dll
2007-11-01 17:02    23    -csha-w    C:\WINDOWS\system32\feadf_d.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 2.6"="C:\Programmer\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 11:29 913408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:05 15360]
"OE"="C:\Programmer\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2007-03-08 04:47 321040]
"FreeNote"="C:\Programmer\FreeNote\FreeNote.exe" [2008-02-19 22:28 1040384]
"VistaStartMenu"="C:\Programmer\Vista Start Menu\VistaStartMenu.exe" [2008-05-23 09:50 2079232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Programmer\Trend Micro\Internet Security 2007\pccguide.exe" [2007-03-08 04:43 3429904]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 18:23 86016 C:\WINDOWS\StartupMonitor.exe]
"Cmaudio"=":RunDll32 cmicnfg.cpl,CMICtrlWnd" []
"ATIPTA"=":C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"UnlockerAssistant"=":C:\Programmer\Unlocker\UnlockerAssistant.exe" [ ]
"Ulead Photo Express Calendar Checker"=":C:\Programmer\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [ ]
"SunJavaUpdateSched"=":C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe" [ ]
"QuickTime Task"=":C:\Programmer\QuickTime\QTTask.exe" [ ]
"iTunesHelper"=":C:\Programmer\iTunes\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:05 15360]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\~Disabled
Wireless PCI_CardBus utility V1.01.exe.lnk - C:\Programmer\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe [2007-11-01 18:20:20 913408]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
:C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
:C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
:C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
:C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
:C:\Programmer\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
:c:\programmer\ahead\nero backitup\nbj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
:c:\windows\system32\nerocheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
:C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
:C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
:C:\Programmer\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
:C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
:C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TQ566808]
:G:\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 09:10]
R2 NMSAccessU;NMSAccessU;C:\Programmer\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-19 12:34]

*Newly Created Service* - CATCHME
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 15:44:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 15:28:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-22 15:31:26
ComboFix-quarantined-files.txt  2008-06-22 13:30:44

Pre-Run: 21,009,752,064 byte ledig
Post-Run: 21,014,933,504 byte ledig

218    --- E O F ---    2008-06-20 00:03:38
Avatar billede levich Nybegynder
22. juni 2008 - 19:27 #3
Der ser ikke ud til at være noget galt.
Avatar billede targa55 Praktikant
22. juni 2008 - 19:38 #4
Det regnede jeg heller ikke med.
Tak for hjælpen.
Ha` en fortsat god dag.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 14:46 Offline opdatering af co-working excell sheet Af morten vestergaard i Excel
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
White papers
Flere white papers »