CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede quaade05 Nybegynder
05. september 2007 - 02:17 Der er 6 kommentarer og
3 løsninger

hijackthis log

tror jeg har noget snavs liggende, i form af noget scvhost.
nogle som gider kigge min log igennem?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:14:46, on 05-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Frederik\Skrivebord\spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Frederik\Skrivebord\spyware\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\system32\svchost..exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188748715900
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188748682265
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Frederik\Skrivebord\spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - IVT Corporation - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7403 bytes
Avatar billede Computer Hjælp (Gratis) Mester
05. september 2007 - 07:50 #1
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\system32\svchost..exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Genstart normalt...

------------------------------------------------------------------------

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind sammen med en frisk HiJackThis Log...

NB: Inden næste kørsel med HiJackThis.exe skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!

------------------------------------------------------------------------
Avatar billede quaade05 Nybegynder
05. september 2007 - 15:05 #2
så kommer de updaterede log filer::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:10, on 05-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\Frederik\Skrivebord\spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Frederik\Skrivebord\spyware\ALTERNATIV.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188748715900
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188748682265
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Frederik\Skrivebord\spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - IVT Corporation - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7269 bytes


----------------------------------------------------------------------------------


ComboFix 07-08-30.3 - "Frederik" 2007-09-05 14:57:15.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.285 [GMT 2:00]


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Frederik\APPLIC~1\microsoft\internet explorer\quick launch\intern~1.lnk
C:\DOCUME~1\Mor\SKRIVE~1\internet.lnk
C:\WINDOWS\system32\NSIS.Library.RegTool.v2.{9A228248-CC29-48A4-942B-9B4AA05AEB77}.exe


(((((((((((((((((((((((((  Files Created from 2007-08-05 to 2007-09-05  )))))))))))))))))))))))))))))))


2007-09-05 14:56    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-09-04 19:07    409,600    --a------    C:\WINDOWS\system32\wrap_oal.dll
2007-09-04 19:05    3,072    --a------    C:\WINDOWS\CTXFIRES.DLL
2007-09-04 19:05    10,240    --a------    C:\WINDOWS\CTDCRES.DLL
2007-09-04 16:47    1,796    --a------    C:\WINDOWS\system32\tmp.reg
2007-09-04 16:46    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-09-04 16:46    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-09-04 16:46    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-09-04 16:46    <DIR>    d--------    C:\SmitfraudFix
2007-09-04 16:42    893,544    --a------    C:\SmitfraudFix.exe
2007-09-02 17:44    <DIR>    d--h-----    C:\WINDOWS\system32\GroupPolicy
2007-09-02 17:24    72,264    --a------    C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-02 17:24    64,360    --a------    C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-09-02 17:24    52,136    --a------    C:\WINDOWS\system32\drivers\mfetdik.sys
2007-09-02 17:24    34,152    --a------    C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-02 17:24    168,776    --a------    C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-02 17:24    1,495,552    --a------    C:\WINDOWS\system32\epoPGPsdk.dll
2007-09-02 17:24    <DIR>    d--------    C:\Programmer\F‘lles filer\Cisco Systems
2007-09-02 17:24    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-02 17:23    <DIR>    d--------    C:\Programmer\McAfee
2007-09-02 17:23    <DIR>    d--------    C:\Programmer\F‘lles filer\McAfee
2007-09-02 16:32    <DIR>    d--------    C:\Programmer\F‘lles filer\Network Associates
2007-09-02 16:32    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-09-01 22:34    790,528    --a------    C:\WINDOWS\system32\svchost..exe
2007-08-23 04:12    <DIR>    d--------    C:\Programmer\RegCure


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-05 14:19    ---------    d-a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-04 19:08    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-09-04 19:08    ---------    d--------    C:\Programmer\Creative
2007-09-04 19:07    86016    --a------    C:\WINDOWS\system32\OpenAL32.dll
2007-09-04 19:06    ---------    d--------    C:\DOCUME~1\Frederik\APPLIC~1\Creative
2007-09-03 01:01    ---------    d--------    C:\DOCUME~1\Frederik\APPLIC~1\BearShare
2007-09-02 17:19    ---------    d--------    C:\DOCUME~1\Frederik\APPLIC~1\Azureus
2007-08-31 19:41    ---------    d--------    C:\DOCUME~1\mathilde\APPLIC~1\Skype
2007-08-31 16:05    ---------    d--------    C:\Programmer\PeerGuardian2
2007-08-29 13:57    ---------    d--------    C:\DOCUME~1\Frederik\APPLIC~1\Image Zone Express
2007-08-18 16:47    ---------    d--------    C:\Programmer\Azureus
2007-08-16 15:26    43520    --a------    C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-31 14:43    ---------    d--------    C:\Programmer\Windows Live
2007-07-31 14:43    ---------    d--------    C:\Programmer\MSN Messenger
2007-07-31 14:43    ---------    d--------    C:\Programmer\Messenger Plus! Live
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-30 19:18    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 12:03    ---------    d--------    C:\Programmer\PartyGaming
1997-10-24 13:20    25088    --a--c---    C:\WINDOWS\inf\regl3acm.exe
    ---------        C:\Programmer\Fælles filer\Network Associates
    ---------        C:\Programmer\Fælles filer\McAfee
    ---------        C:\Programmer\Fælles filer\Cisco Systems
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 14:48]
"ShStatEXE"="C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-29 08:50]
"McAfeeUpdaterUI"="C:\Programmer\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 19:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Programmer\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^BlueSoleil.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Logitech Desktop Messenger.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Programmer\Logitech\iTouch\iTouch.exe

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
S3 ATE_PROCMON;ATE_PROCMON;\??\C:\Programmer\Anti Trojan Elite\ATEPMon.sys

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-09-05 12:20:49 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Programmer\RegCure\RegCure.exe
2007-08-23 02:12:33 C:\WINDOWS\Tasks\RegCure.job - C:\Programmer\RegCure\RegCure.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 15:01:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{AA6E313A-54EB-4F9B-8EF8-9C19821E3E35}]


Completion time: 2007-09-05 15:02:47
C:\ComboFix-quarantined-files.txt ... 2007-09-05 15:02

    --- E O F ---
Avatar billede Computer Hjælp (Gratis) Mester
05. september 2007 - 21:53 #3
... Sådan kan det let gå når man 'leger' med P2P programmer !!!

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Afinstaller

* Azereus - Fildelingsprogram
* BearShare
* PeerGuardian2
* MessengerPlus3 (Live)
* Logitech Desktop Messenger

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\system32\svchost..exe
C:\WINDOWS\system32\tmp.reg
C:\SmitfraudFix.exe

Folders to delete:
C:\SmitfraudFix
C:\Programmer\Azureus
C:\DOCUME~1\Frederik\APPLIC~1\Azureus
C:\DOCUME~1\Frederik\APPLIC~1\BearShare
C:\Programmer\BearShare
C:\Programmer\PeerGuardian2
C:\Programmer\Messenger Plus! Live
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NB: Bemærk de TO punktummer i svchost..exe i ovenstående linie!!!

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

-- Hvordan kører PC'en så nu ?
Avatar billede quaade05 Nybegynder
06. september 2007 - 00:28 #4
det skulle da gerne have hjulpet. ligger en ny log så du kan tjekke efter.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:21:29, on 06-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Frederik\Skrivebord\spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Frederik\Skrivebord\spyware\ALTERNATIV.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188748715900
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188748682265
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Frederik\Skrivebord\spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - IVT Corporation - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7081 bytes



------------------------------------------------------------------------



ComboFix 07-08-30.3 - "Frederik" 2007-09-06  0:22:14.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.280 [GMT 2:00]


(((((((((((((((((((((((((  Files Created from 2007-08-05 to 2007-09-05  )))))))))))))))))))))))))))))))


2007-09-05 14:56    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-09-04 19:07    409,600    --a------    C:\WINDOWS\system32\wrap_oal.dll
2007-09-04 19:05    3,072    --a------    C:\WINDOWS\CTXFIRES.DLL
2007-09-04 19:05    10,240    --a------    C:\WINDOWS\CTDCRES.DLL
2007-09-04 16:46    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-09-04 16:46    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-09-04 16:46    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-09-02 17:44    <DIR>    d--h-----    C:\WINDOWS\system32\GroupPolicy
2007-09-02 17:24    72,264    --a------    C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-02 17:24    64,360    --a------    C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-09-02 17:24    52,136    --a------    C:\WINDOWS\system32\drivers\mfetdik.sys
2007-09-02 17:24    34,152    --a------    C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-02 17:24    168,776    --a------    C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-02 17:24    1,495,552    --a------    C:\WINDOWS\system32\epoPGPsdk.dll
2007-09-02 17:24    <DIR>    d--------    C:\Programmer\F‘lles filer\Cisco Systems
2007-09-02 17:24    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-02 17:23    <DIR>    d--------    C:\Programmer\McAfee
2007-09-02 17:23    <DIR>    d--------    C:\Programmer\F‘lles filer\McAfee
2007-09-02 16:32    <DIR>    d--------    C:\Programmer\F‘lles filer\Network Associates
2007-09-02 16:32    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-08-23 04:12    <DIR>    d--------    C:\Programmer\RegCure


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-06 00:04    ---------    d--------    C:\Programmer\MSN Messenger
2007-09-05 14:19    ---------    d-a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-04 19:08    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-09-04 19:08    ---------    d--------    C:\Programmer\Creative
2007-09-04 19:07    86016    --a------    C:\WINDOWS\system32\OpenAL32.dll
2007-09-04 19:06    ---------    d--------    C:\DOCUME~1\Frederik\APPLIC~1\Creative
2007-08-31 19:41    ---------    d--------    C:\DOCUME~1\mathilde\APPLIC~1\Skype
2007-08-29 13:57    ---------    d--------    C:\DOCUME~1\Frederik\APPLIC~1\Image Zone Express
2007-08-16 15:26    43520    --a------    C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-30 19:18    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 12:03    ---------    d--------    C:\Programmer\PartyGaming
1997-10-24 13:20    25088    --a--c---    C:\WINDOWS\inf\regl3acm.exe
    ---------        C:\Programmer\Fælles filer\Network Associates
    ---------        C:\Programmer\Fælles filer\McAfee
    ---------        C:\Programmer\Fælles filer\Cisco Systems
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 14:48]
"ShStatEXE"="C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-29 08:50]
"McAfeeUpdaterUI"="C:\Programmer\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 19:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Programmer\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^BlueSoleil.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Logitech Desktop Messenger.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Programmer\Logitech\iTouch\iTouch.exe

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
S3 ATE_PROCMON;ATE_PROCMON;\??\C:\Programmer\Anti Trojan Elite\ATEPMon.sys


Contents of the 'Scheduled Tasks' folder
2007-09-05 22:14:55 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Programmer\RegCure\RegCure.exe
2007-08-23 02:12:33 C:\WINDOWS\Tasks\RegCure.job - C:\Programmer\RegCure\RegCure.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 00:25:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{AA6E313A-54EB-4F9B-8EF8-9C19821E3E35}]


Completion time: 2007-09-06  0:27:43
C:\ComboFix-quarantined-files.txt ... 2007-09-06 00:27
C:\ComboFix2.txt ... 2007-09-05 15:02

    --- E O F ---
Avatar billede Computer Hjælp (Gratis) Mester
06. september 2007 - 07:41 #5
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede quaade05 Nybegynder
06. september 2007 - 10:54 #6
mange tak :)
Avatar billede Computer Hjælp (Gratis) Mester
06. september 2007 - 14:24 #7
http://expfaq.1go.dk/?id=3#behandling_af_svar
Avatar billede Computer Hjælp (Gratis) Mester
11. september 2007 - 19:14 #8
Ping...
Avatar billede quaade05 Nybegynder
11. september 2007 - 23:34 #9
hov undksyld, troede jeg havde accpteret svaret :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Kan man tracke, hvis en anden har været i ens gmail? Af Bella i Andet sikkerhed 5 30/12/202422:01 17/01/202520:58
Lovlig fremsøgning af personer bag fb profiler Af Tigo i Andet sikkerhed 3 05/12/202408:57 05/12/202417:21
Bilkøb Af arnepedersen i Andet sikkerhed 7 15/11/202415:55 18/11/202412:57
ONVIF??? Af johnnylassen i Andet sikkerhed 9 22/10/202412:50 24/10/202410:00
Synology surveillance bogmærker. Af johnnylassen i Andet sikkerhed 2 30/09/202408:37 30/09/202409:48
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:34 Synology NAS Af desist i Andet hardware
I går 12:49 Finder i Mac skal bruge adgangskode ved flytning/kopiering af filer Af CHC i Andet software
I går 10:26 Adgang til BT Af Carl i Mobiltelefoner
I går 09:48 Video HI8 bånd Af Carl i Foto & video
21/0117:16 PHP-funktion til at søge i pdf-filer Af KurtG i PHP
White papers
Flere white papers »


Premium
Teaser billede
Nu sker det: Visma gennemfører kæmpe-opkøb af danske Penneo
Læs mere »
Microsoft gør klar til AI Act: Sådan vil selskabet leve op til lovgivningen
Dansk sikkerheds-ekspert: Phishing er ikke nær så farlig som vi tror - awareness-træning bør ændres radikalt
Rigspolitiets Koncern IT skal sige farvel til hver 10. medarbejder: Fyresedler på vej
Se alle »
Computerworld
Teaser billede
Anmeldes til datatilsyn: Disse kinesiske selskaber overfører data til Kina, når du anvender deres løsninger
Læs mere »
Gratis og helt lovligt: Her kan du læse magasiner og aviser fra hele verden
Test: Hurra - den billigste Mac er nu faktisk også den bedste
Disse vilde sci-fi-visioner er overraskende tæt på at blive til virkelighed: Kan være på vej
Se alle »
CIO
Teaser billede
Region Midtjylland dropper LibreOffice: Flytter 36.000 medarbejdere over på Microsoft 365
Læs mere »
Se deres løn: Så meget får it-cheferne i Danmarks 10 største kommuner i løn
Traf afgørende beslutning i 00'erne: Nu høster Salling Group frugterne af sin ERP-strategi
I dag træder ny stor sikkerhedslov fra EU i kraft: Dora-forordningen er nu gældende lov
Se alle »
Job & Karriere
Teaser billede
Merete Søby klar med nyt top-job efter pludselig exit fra Schultz: Her er hendes nye job
Læs mere »
40 år gammelt dansk it-selskab fusionerer med hollandsk firma og skifter navn
Her er deres månedsløn: Så meget tjener CIO'erne i de danske regioner - den bedst lønnede får mere end digitaliseringsministeren
Dansk headhunter: Dette spørgsmål bliver jeg næsten altid stillet, når jeg forsøger at rekruttere it-folk
Se alle »
White paper
Teaser billede
Sådan: Én løsning til compliance, sikkerhed og overblik
Læs mere »
SAP: Skab værdi og minimér omkostninger med effektiv dokumenthåndtering
Sæt professionel døgnvagt på din it-infrastruktur
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »