Har kørt SAS, og Ewido, og Dr. Web, bare for at få maskinen lidt igang, dog fra en usb-nøgle,gar så lige kørt de 2 sidste..
ComboFix 08-07-05.1 - Jens og Lis 2008-07-06 16:55:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.160 [GMT 2:00]
Running from: C:\Documents and Settings\Jens og Lis\Skrivebord\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Programmer\NetProject
C:\Programmer\NetProject\myd.ico
C:\Programmer\NetProject\mym.ico
C:\Programmer\NetProject\myp.ico
C:\Programmer\NetProject\myv.ico
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\824223
C:\WINDOWS\system32\824223\824223.dll
C:\WINDOWS\system32\kdtqt.exe
.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.
2008-07-06 15:34 . 2008-07-06 15:34 <DIR> d-------- C:\Documents and Settings\Jens og Lis\DoctorWeb
2008-07-06 14:47 . 2008-07-06 14:47 <DIR> d-------- C:\Programmer\Trend Micro
2008-07-06 12:56 . 2008-07-06 12:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-06 12:54 . 2005-11-23 01:45 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-07-06 12:54 . 2005-11-23 00:50 <DIR> d--h----- C:\Documents and Settings\Administrator\Skabeloner
2008-07-06 12:54 . 2005-11-23 01:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Printere
2008-07-06 12:54 . 2005-11-23 01:45 <DIR> dr------- C:\Documents and Settings\Administrator\Menuen Start
2008-07-06 12:54 . 2005-11-23 01:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale indstillinger
2008-07-06 12:54 . 2005-11-23 00:56 <DIR> dr------- C:\Documents and Settings\Administrator\Foretrukne
2008-07-06 12:54 . 2005-11-23 00:56 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenter
2008-07-06 12:54 . 2007-04-06 10:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-07-06 12:54 . 2005-11-23 01:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Andre computere
2008-07-06 12:54 . 2008-07-06 12:54 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-06 11:58 . 2008-07-06 11:58 <DIR> d-------- C:\Programmer\CCleaner
2008-07-06 11:05 . 2008-07-06 11:05 <DIR> d-------- C:\Programmer\Enigma Software Group
2008-06-06 11:57 . 2008-07-06 15:36 <DIR> d-------- C:\WINDOWS\system32\247880
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 15:00 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2008-07-06 14:25 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-06 12:07 --------- d-----w C:\Programmer\SUPERAntiSpyware
2008-07-06 12:07 --------- d-----w C:\Documents and Settings\Jens og Lis\Application Data\SUPERAntiSpyware.com
2008-06-30 15:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 13:49 --------- d-----w C:\Programmer\Lx_cats
2007-04-06 09:13 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-04-05 09:48 292 ----a-w C:\Documents and Settings\Jens og Lis\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-07 21:00 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2005-08-14 01:34 57344]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-02-11 13:12 98304]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"lxdjamon"="C:\Programmer\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 04:40 20480]
"LXDJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [2007-02-10 01:21 102400]
"Genvej til egenskabsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 14:00 15360]
C:\Documents and Settings\Jens og Lis\Menuen Start\Programmer\Start\
StarOffice 6.0.lnk - C:\Programmer\StarOffice6.0\program\quickstart.exe [2002-05-01 06:00:00 61440]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
ATI CATALYST System Tray.lnk - C:\Programmer\ATI Technologies\ATI.ACE\CLI.exe [2005-08-14 01:34:44 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\WINDOWS\\system32\\lxdjcoms.exe"=
"C:\\Programmer\\Lexmark 1400 Series\\lxdjamon.exe"=
"C:\\Programmer\\Lexmark 1400 Series\\App4R.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjwbgw.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-06 17:00:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\StarOffice6.0\program\soffice.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-07-06 17:03:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 15:02:58
Pre-Run: 191,590,760,448 byte ledig
Post-Run: 191,660,101,632 byte ledig
117 --- E O F --- 2008-05-28 15:37:11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:04, on 06-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\Lexmark 1400 Series\lxdjamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\StarOffice6.0\program\soffice.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://internetsearchservice.comR1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
http://internetsearchservice.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://internetsearchservice.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.dk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://internetsearchservice.com/ie6.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Programmer\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 6.0.lnk = C:\Programmer\StarOffice6.0\program\quickstart.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmer\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.get2net.dk/
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} -
https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cabO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{368207CC-10AD-4267-AADE-790F201DC2C7}: NameServer = 85.255.116.102,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB7C985A-93BB-4592-9916-C8B2A8AFF8AD}: NameServer = 85.255.116.102,85.255.112.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7CF3C5B-D77D-4B8F-91CB-DC6BF8484AA9}: NameServer = 85.255.116.102,85.255.112.147
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Programmer\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Programmer\Spyware Doctor\swdsvc.exe (file missing)
O24 - Desktop Component 0: (no name) -
https://www.telmore.dk/img/decorators/top_da_DK.jpgO24 - Desktop Component 2: Produktet - TELMORE -
https://www.telmore.dk/product/index.jsp--
End of file - 6045 bytes
Ny bruger
Nybegynder
Opret
Preview
