CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede borgechristiansen Nybegynder
02. august 2007 - 22:12 Der er 9 kommentarer

Regisstreringsdatabase kan jeg slette følgengende

Hej, når jeg skanner min computer for spyvare framkommer denne databaseændreing, er det een jeg kan gå ind og slette uden at der går "kuk" i systemet?

Microsoft.WindowsSecurityCenter_disabled: Indstillinger (Registreringsdatabaseændring, nothing done)
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2


--- Spybot - Search && Destroy version: 1.3  ---
2007-08-01 Includes\Cookies.sbi
2007-07-25 Includes\Dialer.sbi
2007-08-01 Includes\DialerC.sbi
2007-07-11 Includes\Hijackers.sbi
2007-08-01 Includes\HijackersC.sbi
2007-07-25 Includes\Keyloggers.sbi
2007-08-01 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-08-01 Includes\Malware.sbi
2007-08-01 Includes\MalwareC.sbi
2007-07-11 Includes\PUPS.sbi
2007-08-01 Includes\PUPSC.sbi
2007-08-01 Includes\Revision.sbi
2007-05-30 Includes\Security.sbi
2007-08-01 Includes\SecurityC.sbi
2007-08-01 Includes\Spybots.sbi
2007-08-01 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi
2007-08-01 Includes\TrojansC.sbi
2007-06-06 Plugins\TCPIPAddress.dll
på forhånd tak
Avatar billede nva Praktikant
03. august 2007 - 08:17 #1
Er dit sikkerhedscenter under programmer-tilbehør-systemværktøjer iorden? Altså slået til og med automatiske opdateringer?
Avatar billede borgechristiansen Nybegynder
03. august 2007 - 11:25 #2
ja det er det, og mit Spyvareprogram som hedder Spybot-Search og Destroy siger godt nok at problemet er løst efter hver scanning, men efter genstart af computeren er det der igen.
Avatar billede nva Praktikant
03. august 2007 - 12:48 #3
Har du prøvet med Ad-aware? http://www.download.com/Ad-Aware-2007-Free/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5
Hvis det stadig ikke forsvinder vil jeg for en god ordens skyld foreslå at du kører denne vejledning igennem http://www.eksperten.dk/artikler/1123
Avatar billede nva Praktikant
03. august 2007 - 12:49 #4
Eller måske skal du forsøge at køre Spybot i fejlsikker tilstand.
Avatar billede borgechristiansen Nybegynder
04. august 2007 - 14:03 #5
Jeg har prøvet det i har foreslået, installeret Cleaner og kørt det, men ovennævnte fil er der stadig efter genstart...hvad betyder "intries"?
Avatar billede nva Praktikant
05. august 2007 - 10:53 #6
Entries er fx. linier i registreringsdatabasen - linier der indsættes når du installerer et program.

Jeg vil foreslå at du prøver at følge denne vejledning http://www.eksperten.dk/artikler/1123
Avatar billede borgechristiansen Nybegynder
07. august 2007 - 09:37 #7
Hej her er de log filer jeg kunne finde ud af at scanne mig frem til:
Logfile of HijackThis v1.99.1
Scan saved at 22:08:32, on 06-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\apps\ABoard\AOSD.exe
C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Børge Christiansen\Dokumenter\spywareprogram\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmer\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Picasa Media Detector] F:\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward &Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparnord.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129226648265
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.23.40.224/activex/AxisCamControl.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

ComboFix 07-08-04.3 - "B›rge Christiansen" 2007-08-06 22:40:20.1 [GMT 2:00] - NTFS
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.Sand
* Created a new restore point


(((((((((((((((((((((((((  Files Created from 2007-07-06 to 2007-08-06  )))))))))))))))))))))))))))))))


2007-08-06 22:10    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-08-06 18:30    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-06 18:29    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-08-06 18:29    <DIR>    d--------    C:\DOCUME~1\BRGECH~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-21 17:41    <DIR>    d--------    C:\Programmer\SPYWAREfighter
2007-07-21 17:41    <DIR>    d--------    C:\Programmer\F‘lles filer\Application


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-14 11:29    ---------    d--------    C:\Programmer\Norton Internet Security
2007-07-12 22:49    63686    --a------    C:\WINDOWS\system32\perfc006.dat
2007-07-12 22:49    398136    --a------    C:\WINDOWS\system32\perfh006.dat
2007-06-08 11:52    947096    --a------    C:\WINDOWS\system32\_ISource30.dll
2007-05-16 17:14    86528    ---------    C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:14    85504    ---------    C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:14    683520    --a------    C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:14    683520    ---------    C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:14    510976    ---------    C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:14    1314816    ---------    C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 11:00    3583488    --a------    C:\WINDOWS\system32\dllcache\mshtml.dll
2006-08-04 09:49    560    --a------    C:\DOCUME~1\BRGECH~1\APPLIC~1\ViewerApp.dat
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\System
    ---------        C:\Programmer\Fælles filer\Symantec Shared
    ---------        C:\Programmer\Fælles filer\Application
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 22:10]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" []
"URLLSTCK.exe"="C:\Programmer\Norton Internet Security\UrlLstCk.exe" [2004-02-02 10:36]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 04:14]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-02 21:48]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2005-03-24 13:45]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"Picasa Media Detector"="F:\Picasa2\PicasaMediaDetector.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Programmer\Ahead\InCD\InCD.exe" [2005-01-27 19:17]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 11:07]
"Easy-PrintToolBox"="C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"spywarefighterguard"="C:\Programmer\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07]
"NBJ"="C:\Programmer\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 14:28]
"LDM"="\Program\BackWeb-8876480.exe" []
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 11:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 15:00]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-09-23 22:54:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 gagp30kx;Microsoft AGPv3.0-standardfilter til K8-processorplatforme;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys
R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys
R1 AmdK8;Driver til AMD Athlon64-processor;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 SASKUTIL;SASKUTIL;\??\C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
R2 ScFBPNT3;CanoScan FBP3 Port Driver;\??\C:\WINDOWS\system32\drivers\ScFBPNT3.SYS
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys
R3 SASENUM;SASENUM;\??\C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
R3 SpyFighter;SpyFighter Guard Device;\??\C:\Programmer\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programmer\SPYWAREfighter\spfprc.exe"
S1 SASDIFSV;SASDIFSV;\??\C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
S2 Ca533av;MD Slimline, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys
S2 InCDsrvR;InCD Helper (read only);C:\Programmer\Ahead\InCD\InCDsrv.exe -r
S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
S3 StillCam;Driver til serielt digitalt kamera (stillbilleder);C:\WINDOWS\system32\DRIVERS\serscan.sys
S3 USBCamera;DSC Still Image Capture (CA100);C:\WINDOWS\system32\Drivers\Bulk533.sys


Contents of the 'Scheduled Tasks' folder
2007-08-06 16:48:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Programmer\Windows Defender\MpCmdRun.exe
2005-03-13 15:20:58 C:\WINDOWS\Tasks\Norton AntiVirus - Skan Denne computer - Børge Christiansen.job
2007-06-22 18:13:32 C:\WINDOWS\Tasks\Norton AntiVirus - Skan Denne computer.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
2007-08-03 22:28:42 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE
2007-08-06 20:22:01 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 22:42:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp1]
"ImagePath"="system32\DRIVERS\viaagp1.sys"

Completion time: 2007-08-06 22:43:20

    --- E O F ---

********************************* ROOTCHK-(21-07-07)-LOG, by ejvindh
2007-08-06 22:13:31.29

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 22:13:31
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0
mvh. B. Christiansen
Avatar billede nva Praktikant
08. august 2007 - 08:19 #8
Du kan lave lidt oprydning ved at fixe disse med HiJackThis:

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

og så ville jeg nok afinstallere SweetIM - mener at jeg har set alle andre steder at det bliver foreslået. Ellers ser jeg intet galt i din log, så hvis det stadig er et problem, ved jeg ikke hvad du kan gøre.
Avatar billede borgechristiansen Nybegynder
09. august 2007 - 17:45 #9
ok, jeg har stadig problemet men tak for hjælpen
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Database management kurser
Computerworld tilbyder specialiserede kurser i database-management
Se alle Database management kurser

Flere spørgsmål fra Andre databaser kategorien

Titel Indlæg Oprettet Seneste aktivitet
Kasserapporten Af Bjørn i Andre databaser 5 15/08/202318:05 19/08/202309:40
Project 13 Produkt nøgle Af per2edb i Andre databaser 8 13/09/202214:20 14/09/202211:20
Sådan finder du radiokoden til min Skoda-radio Af berbailey i Andre databaser 3 01/11/202116:42 02/11/202113:25
progra til at lave en database på nette med web interface Af TheBonden i Andre databaser 1 17/07/202116:54 19/07/202112:13
USPS til Danmark Af Clara Thrane i Andre databaser 1 23/03/202115:21 23/03/202115:41
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 21:02 Google my maps Af 1Dorte i Andet software
I går 20:30 Fortnite PS5 Af Sshansen i Andet hardware
I går 16:27 Musikafspiller på Samsung S10 telefon Af mort1 i Mobiltelefoner
I går 14:44 Markere et område der ikke skal med i sum Af lurup i Excel
I går 11:04 Bedste Bærbar Af mikerojakes i PC
White papers
Flere white papers »


Premium
Teaser billede
Nvidia efterforskes for brud på konkurrencelov
Læs mere »
Den store cloud-krig raser stadigvæk - og Amazon ser lige nu ud til at have overhånden
Apple præsenter første regnskab siden AI-udmelding: Her er tre bemærkelsesværdige pointer derfra
Sårbarhed kan let give administratorrettigheder til alle: Udnyttes allerede af ransomware-grupper
Se alle »
Computerworld
Teaser billede
Første test: Denne helt nye wunder-CPU vil du have i din næste laptop
Læs mere »
Alvorlig fejl i Intel-chips breder sig: Listen over ramte processor vokser og vokser – og de kan blive permanent beskadigede
’Apple Intelligence’ slippes løs: Her kommer første mulighed for at afprøve Apples kunstige intelligens
Guide til det perfekte trådløse netværk: Wi-fi til 'prepper'-typer
Se alle »
CIO
Teaser billede
Stor aftale gør Microsofts datacentre hurtigere - investerer i netværksudstyr
Læs mere »
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
NIS2 i Danmark udskydes med flere måneder: Her er den nye dato, hvor loven træder i kraft
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
KMD-direktør forlader selskabet: Det skal hun nu
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Se alle »
White paper
Teaser billede
MDR: Transparent sikkerhed og overvågning i realtid
Læs mere »
Sådan: Sikker, hurtig og fleksibel storage til dine kritiske data
Unbreakable - sådan sikrer du dig vedvarende og uafbrudt adgang til dine data
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »