CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede soljiah84 Nybegynder
05. august 2007 - 21:03 Der er 10 kommentarer og
1 løsning

hijack this - spy ware?

hey

Tror lige min pc, trænger til bliver luget ud for spyware, og lignende stads. For den går tit kold eller er ret langsom. :/

så hijack this tak. :)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:03:07, on 05-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Windows\Reminder.exe
C:\Programmer\OSD\OSD.EXE
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\SiteAdvisor\6066\SiteAdv.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Edyson\Skrivebord\subtitles\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmer\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmer\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmer\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Reminder] C:\Windows\Reminder.exe
O4 - HKLM\..\Run: [OSD] C:\Programmer\OSD\OSD.EXE
O4 - HKLM\..\Run: [googletalk] C:\Programmer\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmer\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitComet] "C:\Programmer\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HotKey.lnk = C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programmer\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-dk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553578000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O21 - SSODL: system32 - {388FA7E9-94D7-4A02-87EE-8A831850C39F} - sysprinters.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmer\SiteAdvisor\6066\SAService.exe

--
End of file - 10260 bytes
Avatar billede Jensen DK Novice
06. august 2007 - 07:51 #1
Du har en del åbne spørgsmål hvad med at få dem afsluttet.
Avatar billede Computer Hjælp (Gratis) Mester
06. august 2007 - 09:26 #2
Enig ! -> http://www.eksperten.dk/list.phtml?spm_creator=soljiah84&status_1=on&status_2=on&status_3=on&status_4=on

http://expfaq.1go.dk/?id=3#behandling_af_svar

(PS: Der er 'snavs' i ovenstående Log...)
Avatar billede soljiah84 Nybegynder
06. august 2007 - 09:48 #3
hey

har ikke været her lang tid! ;) Men håber at jeg har accepteret de tidligere svar nu rigtigt, og dermed givet dem point!
Avatar billede Jensen DK Novice
06. august 2007 - 13:33 #4
Denælste var fra 05-07-05 om det er længe siden tja.
Avatar billede Computer Hjælp (Gratis) Mester
06. august 2007 - 16:31 #5
... pga mistanke (sysprinters.dll) bør du følge proceduren her http://www.eksperten.dk/artikler/1123 ...
Avatar billede soljiah84 Nybegynder
07. august 2007 - 02:57 #6
ComboFix 07-08-04.3 - "Edyson" 2007-08-07  2:43:20.1 [GMT 2:00] - NTFS
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.Sand
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


G:\Autorun.inf


(((((((((((((((((((((((((  Files Created from 2007-07-07 to 2007-08-07  )))))))))))))))))))))))))))))))


2007-08-07 02:42    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-08-07 01:49    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-08-07 01:49    <DIR>    d--------    C:\DOCUME~1\Edyson\APPLIC~1\SUPERAntiSpyware.com
2007-08-07 01:49    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-07 01:22    <DIR>    d--------    C:\Programmer\Yahoo!
2007-08-07 01:22    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-07 01:10    <DIR>    d--------    C:\Programmer\CCleaner
2007-07-28 13:40    305,152    --a------    C:\WINDOWS\IsUn0406.exe
2007-07-28 13:40    29,696    --a------    C:\WINDOWS\SYSTEM32\WIN32CMI.DLL
2007-07-28 13:40    126,976    --a------    C:\WINDOWS\SYSTEM32\TWAHKY32.DLL
2007-07-28 13:40    <DIR>    d--------    C:\Programmer\TEXTware
2007-07-28 13:39    84,848    ---------    C:\WINDOWS\SYSTEM\TWAVBX.DLL
2007-07-28 13:39    7,437    ---------    C:\WINDOWS\SYSTEM\TWADST10.EXE
2007-07-28 13:39    6,800    ---------    C:\WINDOWS\SYSTEM\TWACALL.EXE
2007-07-28 13:39    46,112    ---------    C:\WINDOWS\SYSTEM\TWARSC01.DLL
2007-07-28 13:39    398,416    ---------    C:\WINDOWS\SYSTEM\VBRUN300.DLL
2007-07-28 13:39    37,216    ---------    C:\WINDOWS\SYSTEM\TWAOPS01.DLL
2007-07-28 13:39    29,696    ---------    C:\WINDOWS\SYSTEM\WIN32CMI.DLL
2007-07-28 13:39    20,480    ---------    C:\WINDOWS\SYSTEM\TWAOPS32.DLL
2007-07-28 13:39    19,456    ---------    C:\WINDOWS\SYSTEM\TWAVER32.EXE
2007-07-28 13:39    <DIR>    d--------    C:\BC31
2007-07-16 02:05    <DIR>    d--------    C:\Programmer\PartyGaming
2007-07-12 21:29    <DIR>    d--------    C:\DOCUME~1\Edyson\APPLIC~1\Sports Interactive
2007-07-12 21:19    <DIR>    d--------    C:\Programmer\Sports Interactive
2007-07-07 15:41    <DIR>    d--------    C:\DOCUME~1\Edyson\APPLIC~1\vlc
2007-07-07 15:38    <DIR>    d--------    C:\Programmer\VideoLAN


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 02:33    ---------    d--------    C:\Programmer\BitComet
2007-08-07 02:30    ---------    d--------    C:\Programmer\DAEMON Tools
2007-08-05 01:30    ---------    d--------    C:\Programmer\Winamp
2007-08-01 17:55    ---------    d--------    C:\Programmer\Acro Software
2007-07-25 13:47    ---------    d--------    C:\Programmer\SPSS
2007-07-25 11:41    205    --a------    C:\WINDOWS\system32\lsprst7.dll
2007-07-24 17:43    ---------    d--------    C:\DOCUME~1\Edyson\APPLIC~1\Apple Computer
2007-07-23 23:25    ---------    d--------    C:\Programmer\MSN Messenger
2007-07-20 00:55    22360    --a------    C:\DOCUME~1\Edyson\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-12 21:28    163644    --a------    C:\WINDOWS\system32\drivers\SECDRV.SYS
2007-07-03 10:49    ---------    d--------    C:\DOCUME~1\Edyson\APPLIC~1\Help
2007-07-02 01:12    ---------    d--------    C:\Programmer\Lavasoft
2007-06-29 20:41    ---------    d--------    C:\Programmer\iTunes
2007-06-29 20:41    ---------    d--------    C:\Programmer\iPod
2007-06-19 15:47    ---------    d--------    C:\Programmer\Windows Media Connect 2
2007-06-15 14:41    ---------    d--------    C:\Programmer\Lexmark X1100 Series
2007-06-08 22:31    ---------    d--------    C:\Programmer\Windows Live
2007-06-08 22:31    ---------    d--------    C:\Programmer\Messenger Plus! Live
2007-06-07 09:27    ---------    d--------    C:\DOCUME~1\Edyson\APPLIC~1\SiteAdvisor
2007-05-22 22:42    98304    --a------    C:\WINDOWS\system32\qttask.exe
2007-05-16 17:47    143360    --a------    C:\WINDOWS\system32\libexpatw.dll
2007-05-16 17:14    86528    --a------    C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:14    85504    --a------    C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:14    683520    --a------    C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:14    683520    --a------    C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:14    510976    --a------    C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:14    1314816    --a------    C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 11:00    3583488    --a------    C:\WINDOWS\system32\dllcache\mshtml.dll
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\System
    ---------        C:\Programmer\Fælles filer\Microsoft Shared
    ---------        C:\Programmer\Fælles filer\InstallShield
    ---------        C:\Programmer\Fælles filer\Apple
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-09-17 04:39 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-09-28 23:55 C:\WINDOWS\AGRSMMSG.exe]
"VTTrayp"="VTtrayp.exe" [2004-06-22 10:57 C:\WINDOWS\SYSTEM32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-09-02 00:28 C:\WINDOWS\SYSTEM32\VTTimer.exe]
"UpdateManager"="c:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" []
"Reminder"="C:\Windows\Reminder.exe" [2004-12-09 19:05]
"OSD"="C:\Programmer\OSD\OSD.EXE" [2004-01-30 11:18]
"googletalk"="C:\Programmer\Google\Google Talk\googletalk.exe" [2007-01-01 23:22]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 19:19]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2004-12-14 19:57]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2004-12-14 19:51]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-24 09:47]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-04-27 09:41]
"SiteAdvisor"="C:\Programmer\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 17:42]
"Lexmark X1100 Series"="C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:38]
"WinampAgent"="C:\Programmer\Winamp\winampa.exe" [2007-05-15 00:22]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 23:00]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 02:21]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-08-07 02:37]

C:\Documents and Settings\Edyson\Menuen Start\Programmer\Start\
DESKTOP.INI [2004-10-26 19:00:14]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
DESKTOP.INI [2004-10-26 19:00:14]
HotKey.lnk - C:\Programmer\TEXTware\HotKey\TWALINK.EXE [2007-07-28 13:40:33]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"system32"= {388FA7E9-94D7-4A02-87EE-8A831850C39F} - sysprinters.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R1 AmdK8;AMD Athlon64 Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 SASKUTIL;SASKUTIL;\??\C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
R3 NTPrime;NTPrime;\??\C:\WINDOWS\system32\Drivers\NTPrime.sys
R3 SASENUM;SASENUM;\??\C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S1 SASDIFSV;SASDIFSV;\??\C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
S4 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys


Contents of the 'Scheduled Tasks' folder
2007-07-27 18:35:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programmer\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 02:45:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice]
"ImagePath"="\"C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp1]
"ImagePath"="system32\DRIVERS\viaagp1.sys"

Completion time: 2007-08-07  2:46:19
C:\ComboFix-quarantined-files.txt ... 2007-08-07 02:46

    --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 02:39:49, on 07-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Windows\Reminder.exe
C:\Programmer\OSD\OSD.EXE
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\SiteAdvisor\6066\SiteAdv.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Edyson\Skrivebord\anti spy ware virus noget\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmer\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmer\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Reminder] C:\Windows\Reminder.exe
O4 - HKLM\..\Run: [OSD] C:\Programmer\OSD\OSD.EXE
O4 - HKLM\..\Run: [googletalk] C:\Programmer\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmer\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HotKey.lnk = C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-dk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553578000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmer\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: system32 - {388FA7E9-94D7-4A02-87EE-8A831850C39F} - sysprinters.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmer\SiteAdvisor\6066\SAService.exe
******************************** ROOTCHK-(21-07-07)-LOG, by ejvindh
07-08-2007  2:40:50,88

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 02:40:51
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:80,ca,48,88,bb,1a,f8,1b,bf,d4,1f,82,9f,c2,58,c3,eb,46,c0,3e,4d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,58,f6,43,43,d9,ff,63,f2,10,bd,6b,66,dc,13,9c,52,7e,..
"khjeh"=hex:c6,3d,4b,ee,d0,78,fb,f2,94,65,86,71,0e,db,e8,37,67,ea,f1,95,42,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:73,a6,04,3b,75,ee,c6,d2,63,a9,63,9f,1d,9f,e1,f2,1c,a8,1c,35,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:70,28,70,8f,de,c0,7e,ed,70,4f,92,aa,97,9f,d5,3c,f4,ab,12,81,81,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:80,ca,48,88,bb,1a,f8,1b,bf,d4,1f,82,9f,c2,58,c3,eb,46,c0,3e,4d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,58,f6,43,43,d9,ff,63,f2,10,bd,6b,66,dc,13,9c,52,7e,..
"khjeh"=hex:c6,3d,4b,ee,d0,78,fb,f2,94,65,86,71,0e,db,e8,37,67,ea,f1,95,42,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:54,e8,81,d5,92,a1,89,1e,d1,29,41,48,ea,89,ae,fa,e6,45,17,bf,3c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:70,28,70,8f,de,c0,7e,ed,70,4f,92,aa,97,9f,d5,3c,f4,ab,12,81,81,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/07/2007 at 02:29 AM

Application Version : 3.7.1018

Core Rules Database Version : 3279
Trace Rules Database Version: 1290

Scan type      : Complete Scan
Total Scan Time : 00:37:51

Memory items scanned      : 527
Memory threats detected  : 0
Registry items scanned    : 5203
Registry threats detected : 0
File items scanned        : 34622
File threats detected    : 2

Adware.Tracking Cookie
    C:\Documents and Settings\Edyson\Cookies\edyson@adtech[2].txt

Adware.WhenU
    C:\PROGRAMMER\DAEMON TOOLS\SETUPDTSB.EXE
Avatar billede Computer Hjælp (Gratis) Mester
07. august 2007 - 10:06 #7
Alt OK - efterfølgende oprydning ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O21 - SSODL: system32 - {388FA7E9-94D7-4A02-87EE-8A831850C39F} - sysprinters.dll (file missing)

Genstart normalt

------------------------------------------------------------------------

Jeg kan se at du - måske mere eller mindre mod din vilje - har installeret [Yahoo Toolbar] ?
Den er dog ikke 'farlig', men bare et irriterende program/toolbar som bare fylder op .
Hvis du vil slippe af med den kan du følge guiden herfra ->
http://support.microsoft.com/kb/303047

------------------------------------------------------------------------

Kør en tur med CCleaner (som du tilsyneladende har instaleret) - specielt punktet [Problemer] ...

------------------------------------------------------------------------

Fortæl hvordan PC'en kører nu ?
Avatar billede soljiah84 Nybegynder
07. august 2007 - 10:51 #8
hey

Pcen starter hurtigere op nu, og lukker også relativt hurtigt ned. Internet explorer er også blevet hurtigere, og det er pcen generelt. :)

Tak for hjælpen.
Avatar billede Computer Hjælp (Gratis) Mester
07. august 2007 - 11:04 #9
Du er velkommen en anden gang...

Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt prik i "Vis ikke skjulte filer og mapper".

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede soljiah84 Nybegynder
07. august 2007 - 11:28 #10
takker igen for hjælpen.

Skal jeg slette nogle af de programmer jeg har installeret i denne procedure?
Avatar billede Computer Hjælp (Gratis) Mester
08. august 2007 - 08:47 #11
ComboFix + tilhørende Log
Rootchk + tilhørende Log

Kan du godt slette...

HiJackThis/alternativ.exe kan være meget nyttig en anden gang *S*
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 21:08 Hvor kan man se Alan Turings mekaniske apparat til at løse Enignas koder Af KurtG i Andet hardware
I går 18:46 Kan det passe ;-) Af fjorbak i Routere & Switches
I går 15:27 Billeder kan ikke åbnes Jpeg.modd Af KristinaS i Billedbehandling
I går 13:44 eM Client Af valby i E-mail programmer
I går 13:33 Facebook gruppe Af Btimmer i Sociale medier
White papers
Flere white papers »


Premium
Teaser billede
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Læs mere »
Det er blevet kaldt ”det største it-nedbrud i historien” og omkostningerne kan nemt løbe op i syv milliarder kroner: Men hvem skal betale for Crowdstrikes fejl?
Europas største software-leverandør stryger frem på cloud-fronten – men 97 procent af overskuddet er forduftet
Frustrerede synshaller og billister: Motorstyrelsens it-system plages af store driftsforstyrrelser
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Peter Lüth udlever CTO-drømmen: Bygger et system fra bunden og tjener kassen på det
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Guide: Sådan udvikler du en moderne netværksstrategi
Læs mere »
SASE: Træf det rette valg – første gang
Vejen væk fra WAN: Sådan skifter du til en moderne infrastruktur
Det behøver ikke at gøre ondt: Sådan gør du livet lettere for kunder med multicloud
Se alle »

IT-JOB
Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »