CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede quaade05 Nybegynder
05. september 2007 - 02:17 Der er 6 kommentarer og
3 løsninger

hijackthis log

tror jeg har noget snavs liggende, i form af noget scvhost.
nogle som gider kigge min log igennem?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:14:46, on 05-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Frederik\Skrivebord\spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Frederik\Skrivebord\spyware\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\system32\svchost..exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188748715900
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188748682265
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Frederik\Skrivebord\spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - IVT Corporation - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7403 bytes
Avatar billede Computer Hjælp (Gratis) Mester
05. september 2007 - 07:50 #1
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\system32\svchost..exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Genstart normalt...

------------------------------------------------------------------------

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind sammen med en frisk HiJackThis Log...

NB: Inden næste kørsel med HiJackThis.exe skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!

------------------------------------------------------------------------
Avatar billede quaade05 Nybegynder
05. september 2007 - 15:05 #2
så kommer de updaterede log filer::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:10, on 05-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\Frederik\Skrivebord\spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Frederik\Skrivebord\spyware\ALTERNATIV.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188748715900
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188748682265
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Frederik\Skrivebord\spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - IVT Corporation - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7269 bytes


----------------------------------------------------------------------------------


ComboFix 07-08-30.3 - "Frederik" 2007-09-05 14:57:15.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.285 [GMT 2:00]


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Frederik\APPLIC~1\microsoft\internet explorer\quick launch\intern~1.lnk
C:\DOCUME~1\Mor\SKRIVE~1\internet.lnk
C:\WINDOWS\system32\NSIS.Library.RegTool.v2.{9A228248-CC29-48A4-942B-9B4AA05AEB77}.exe


(((((((((((((((((((((((((  Files Created from 2007-08-05 to 2007-09-05  )))))))))))))))))))))))))))))))


2007-09-05 14:56    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-09-04 19:07    409,600    --a------    C:\WINDOWS\system32\wrap_oal.dll
2007-09-04 19:05    3,072    --a------    C:\WINDOWS\CTXFIRES.DLL
2007-09-04 19:05    10,240    --a------    C:\WINDOWS\CTDCRES.DLL
2007-09-04 16:47    1,796    --a------    C:\WINDOWS\system32\tmp.reg
2007-09-04 16:46    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-09-04 16:46    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-09-04 16:46    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-09-04 16:46    <DIR>    d--------    C:\SmitfraudFix
2007-09-04 16:42    893,544    --a------    C:\SmitfraudFix.exe
2007-09-02 17:44    <DIR>    d--h-----    C:\WINDOWS\system32\GroupPolicy
2007-09-02 17:24    72,264    --a------    C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-02 17:24    64,360    --a------    C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-09-02 17:24    52,136    --a------    C:\WINDOWS\system32\drivers\mfetdik.sys
2007-09-02 17:24    34,152    --a------    C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-02 17:24    168,776    --a------    C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-02 17:24    1,495,552    --a------    C:\WINDOWS\system32\epoPGPsdk.dll
2007-09-02 17:24    <DIR>    d--------    C:\Programmer\F‘lles filer\Cisco Systems
2007-09-02 17:24    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-02 17:23    <DIR>    d--------    C:\Programmer\McAfee
2007-09-02 17:23    <DIR>    d--------    C:\Programmer\F‘lles filer\McAfee
2007-09-02 16:32    <DIR>    d--------    C:\Programmer\F‘lles filer\Network Associates
2007-09-02 16:32    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-09-01 22:34    790,528    --a------    C:\WINDOWS\system32\svchost..exe
2007-08-23 04:12    <DIR>    d--------    C:\Programmer\RegCure


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-05 14:19    ---------    d-a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-04 19:08    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-09-04 19:08    ---------    d--------    C:\Programmer\Creative
2007-09-04 19:07    86016    --a------    C:\WINDOWS\system32\OpenAL32.dll
2007-09-04 19:06    ---------    d--------    C:\DOCUME~1\Frederik\APPLIC~1\Creative
2007-09-03 01:01    ---------    d--------    C:\DOCUME~1\Frederik\APPLIC~1\BearShare
2007-09-02 17:19    ---------    d--------    C:\DOCUME~1\Frederik\APPLIC~1\Azureus
2007-08-31 19:41    ---------    d--------    C:\DOCUME~1\mathilde\APPLIC~1\Skype
2007-08-31 16:05    ---------    d--------    C:\Programmer\PeerGuardian2
2007-08-29 13:57    ---------    d--------    C:\DOCUME~1\Frederik\APPLIC~1\Image Zone Express
2007-08-18 16:47    ---------    d--------    C:\Programmer\Azureus
2007-08-16 15:26    43520    --a------    C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-31 14:43    ---------    d--------    C:\Programmer\Windows Live
2007-07-31 14:43    ---------    d--------    C:\Programmer\MSN Messenger
2007-07-31 14:43    ---------    d--------    C:\Programmer\Messenger Plus! Live
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-30 19:18    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 12:03    ---------    d--------    C:\Programmer\PartyGaming
1997-10-24 13:20    25088    --a--c---    C:\WINDOWS\inf\regl3acm.exe
    ---------        C:\Programmer\Fælles filer\Network Associates
    ---------        C:\Programmer\Fælles filer\McAfee
    ---------        C:\Programmer\Fælles filer\Cisco Systems
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 14:48]
"ShStatEXE"="C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-29 08:50]
"McAfeeUpdaterUI"="C:\Programmer\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 19:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Programmer\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^BlueSoleil.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Logitech Desktop Messenger.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Programmer\Logitech\iTouch\iTouch.exe

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
S3 ATE_PROCMON;ATE_PROCMON;\??\C:\Programmer\Anti Trojan Elite\ATEPMon.sys

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-09-05 12:20:49 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Programmer\RegCure\RegCure.exe
2007-08-23 02:12:33 C:\WINDOWS\Tasks\RegCure.job - C:\Programmer\RegCure\RegCure.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 15:01:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{AA6E313A-54EB-4F9B-8EF8-9C19821E3E35}]


Completion time: 2007-09-05 15:02:47
C:\ComboFix-quarantined-files.txt ... 2007-09-05 15:02

    --- E O F ---
Avatar billede Computer Hjælp (Gratis) Mester
05. september 2007 - 21:53 #3
... Sådan kan det let gå når man 'leger' med P2P programmer !!!

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Afinstaller

* Azereus - Fildelingsprogram
* BearShare
* PeerGuardian2
* MessengerPlus3 (Live)
* Logitech Desktop Messenger

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\system32\svchost..exe
C:\WINDOWS\system32\tmp.reg
C:\SmitfraudFix.exe

Folders to delete:
C:\SmitfraudFix
C:\Programmer\Azureus
C:\DOCUME~1\Frederik\APPLIC~1\Azureus
C:\DOCUME~1\Frederik\APPLIC~1\BearShare
C:\Programmer\BearShare
C:\Programmer\PeerGuardian2
C:\Programmer\Messenger Plus! Live
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NB: Bemærk de TO punktummer i svchost..exe i ovenstående linie!!!

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

-- Hvordan kører PC'en så nu ?
Avatar billede quaade05 Nybegynder
06. september 2007 - 00:28 #4
det skulle da gerne have hjulpet. ligger en ny log så du kan tjekke efter.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:21:29, on 06-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Frederik\Skrivebord\spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Frederik\Skrivebord\spyware\ALTERNATIV.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188748715900
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188748682265
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Frederik\Skrivebord\spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - IVT Corporation - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7081 bytes



------------------------------------------------------------------------



ComboFix 07-08-30.3 - "Frederik" 2007-09-06  0:22:14.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.280 [GMT 2:00]


(((((((((((((((((((((((((  Files Created from 2007-08-05 to 2007-09-05  )))))))))))))))))))))))))))))))


2007-09-05 14:56    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-09-04 19:07    409,600    --a------    C:\WINDOWS\system32\wrap_oal.dll
2007-09-04 19:05    3,072    --a------    C:\WINDOWS\CTXFIRES.DLL
2007-09-04 19:05    10,240    --a------    C:\WINDOWS\CTDCRES.DLL
2007-09-04 16:46    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-09-04 16:46    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-09-04 16:46    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-09-02 17:44    <DIR>    d--h-----    C:\WINDOWS\system32\GroupPolicy
2007-09-02 17:24    72,264    --a------    C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-02 17:24    64,360    --a------    C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-09-02 17:24    52,136    --a------    C:\WINDOWS\system32\drivers\mfetdik.sys
2007-09-02 17:24    34,152    --a------    C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-02 17:24    168,776    --a------    C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-02 17:24    1,495,552    --a------    C:\WINDOWS\system32\epoPGPsdk.dll
2007-09-02 17:24    <DIR>    d--------    C:\Programmer\F‘lles filer\Cisco Systems
2007-09-02 17:24    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-02 17:23    <DIR>    d--------    C:\Programmer\McAfee
2007-09-02 17:23    <DIR>    d--------    C:\Programmer\F‘lles filer\McAfee
2007-09-02 16:32    <DIR>    d--------    C:\Programmer\F‘lles filer\Network Associates
2007-09-02 16:32    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-08-23 04:12    <DIR>    d--------    C:\Programmer\RegCure


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-06 00:04    ---------    d--------    C:\Programmer\MSN Messenger
2007-09-05 14:19    ---------    d-a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-04 19:08    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-09-04 19:08    ---------    d--------    C:\Programmer\Creative
2007-09-04 19:07    86016    --a------    C:\WINDOWS\system32\OpenAL32.dll
2007-09-04 19:06    ---------    d--------    C:\DOCUME~1\Frederik\APPLIC~1\Creative
2007-08-31 19:41    ---------    d--------    C:\DOCUME~1\mathilde\APPLIC~1\Skype
2007-08-29 13:57    ---------    d--------    C:\DOCUME~1\Frederik\APPLIC~1\Image Zone Express
2007-08-16 15:26    43520    --a------    C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-30 19:18    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 12:03    ---------    d--------    C:\Programmer\PartyGaming
1997-10-24 13:20    25088    --a--c---    C:\WINDOWS\inf\regl3acm.exe
    ---------        C:\Programmer\Fælles filer\Network Associates
    ---------        C:\Programmer\Fælles filer\McAfee
    ---------        C:\Programmer\Fælles filer\Cisco Systems
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programmer\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 14:48]
"ShStatEXE"="C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-29 08:50]
"McAfeeUpdaterUI"="C:\Programmer\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 19:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Programmer\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^BlueSoleil.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Logitech Desktop Messenger.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Programmer\Logitech\iTouch\iTouch.exe

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
S3 ATE_PROCMON;ATE_PROCMON;\??\C:\Programmer\Anti Trojan Elite\ATEPMon.sys


Contents of the 'Scheduled Tasks' folder
2007-09-05 22:14:55 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Programmer\RegCure\RegCure.exe
2007-08-23 02:12:33 C:\WINDOWS\Tasks\RegCure.job - C:\Programmer\RegCure\RegCure.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 00:25:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{AA6E313A-54EB-4F9B-8EF8-9C19821E3E35}]


Completion time: 2007-09-06  0:27:43
C:\ComboFix-quarantined-files.txt ... 2007-09-06 00:27
C:\ComboFix2.txt ... 2007-09-05 15:02

    --- E O F ---
Avatar billede Computer Hjælp (Gratis) Mester
06. september 2007 - 07:41 #5
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede quaade05 Nybegynder
06. september 2007 - 10:54 #6
mange tak :)
Avatar billede Computer Hjælp (Gratis) Mester
06. september 2007 - 14:24 #7
http://expfaq.1go.dk/?id=3#behandling_af_svar
Avatar billede Computer Hjælp (Gratis) Mester
11. september 2007 - 19:14 #8
Ping...
Avatar billede quaade05 Nybegynder
11. september 2007 - 23:34 #9
hov undksyld, troede jeg havde accpteret svaret :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Password sikkerhed Af jhjorsal i Andet sikkerhed 2 13/07/202413:12 13/07/202422:46
Automatisering af certifikat proces - Danske virksomheder Af Søren i Andet sikkerhed 1 29/05/202414:23 30/05/202409:03
VPN i forhold til facebook? Af Novice-1 i Andet sikkerhed 2 26/05/202412:09 26/05/202420:54
Fjerne adgangskode Af Geo" søster i Andet sikkerhed 4 25/04/202418:19 26/04/202422:46
Krypetring af USB -stick Af FinBalance i Andet sikkerhed 16 04/03/202412:39 08/03/202415:52
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 21:08 Hvor kan man se Alan Turings mekaniske apparat til at løse Enignas koder Af KurtG i Andet hardware
I går 18:46 Kan det passe ;-) Af fjorbak i Routere & Switches
I går 15:27 Billeder kan ikke åbnes Jpeg.modd Af KristinaS i Billedbehandling
I går 13:44 eM Client Af valby i E-mail programmer
I går 13:33 Facebook gruppe Af Btimmer i Sociale medier
White papers
Flere white papers »


Premium
Teaser billede
Det er blevet kaldt ”det største it-nedbrud i historien” og omkostningerne kan nemt løbe op i syv milliarder kroner: Men hvem skal betale for Crowdstrikes fejl?
Læs mere »
Europas største software-leverandør stryger frem på cloud-fronten – men 97 procent af overskuddet er forduftet
Frustrerede synshaller og billister: Motorstyrelsens it-system plages af store driftsforstyrrelser
Fire år gamle Wiz takker nej til Alphabets historiske opkøbstilbud på 160 milliarder kroner: Satser i stedet på børsnotering
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Peter Lüth udlever CTO-drømmen: Bygger et system fra bunden og tjener kassen på det
Sådan forbereder energiselskabet OK sig på cyberangreb: "Prisen for ikke at gøre noget kan være forfærdeligt høj"
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Unbreakable - sådan sikrer du dig vedvarende og uafbrudt adgang til dine data
Læs mere »
SASE: Træf det rette valg – første gang
Sådan gør du: Elektronisk dokumentudveksling i praksis
Sådan: Sikker, hurtig og fleksibel storage til dine kritiske data
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »