CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

thorkild10 Juniormester

21. november 2007 - 20:16 Der er 8 kommentarer og
1 løsning

hjælp til at fjerne orme/virus

Hejsa alle experter.

jeg har for nylig købt mig en ny bærbar computer og det er som om den bare har været et let offer for virus osv.

det resulter i at min computer nu kører virkelig skidt.. har prøvet alverdens virusprogrammer og spyware programmer men kan ikke fjerne det hele..

har nu fundet frem til via virus112's online scanner, at jeg har :

Finished: 7 viruses found

Scanned files: 77466 Warning: 7 file(s) still infected!

C:\Users\Martin Thorstein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NL5IDBE\vhersftt[1].htm Trojan-Spy.Win32.Zbot.cm

C:\Users\Martin Thorstein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OZ5YGY9\tbyzz[1].htm Trojan-Clicker.Win32.Costrat.by

C:\Users\Martin Thorstein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V950G1B1\oftcdqerb[1].htm Trojan-Downloader.Win32.Agent.ffn

C:\Users\Martin Thorstein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8D2GSS3\tbyzz[1].htm Trojan-Clicker.Win32.Costrat.by

C:\Users\Martin Thorstein\DoctorWeb\Quarantine\isfmdl.dll Trojan-Downloader.Win32.Zlob.ele

C:\Users\Martin Thorstein\install.exe Trojan-Downloader.Win32.Tuvir.q

C:\Users\Martin Thorstein\serial.exe Trojan.Win32.Dialer.qn

desuden har jeg via spyware doctor fundet ud af:

Finished: 7 viruses found

Scanned files: 77466 Warning: 7 file(s) still infected!

C:\Users\Martin Thorstein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NL5IDBE\vhersftt[1].htm Trojan-Spy.Win32.Zbot.cm

C:\Users\Martin Thorstein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OZ5YGY9\tbyzz[1].htm Trojan-Clicker.Win32.Costrat.by

C:\Users\Martin Thorstein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V950G1B1\oftcdqerb[1].htm Trojan-Downloader.Win32.Agent.ffn

C:\Users\Martin Thorstein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8D2GSS3\tbyzz[1].htm Trojan-Clicker.Win32.Costrat.by

C:\Users\Martin Thorstein\DoctorWeb\Quarantine\isfmdl.dll Trojan-Downloader.Win32.Zlob.ele

C:\Users\Martin Thorstein\install.exe Trojan-Downloader.Win32.Tuvir.q

C:\Users\Martin Thorstein\serial.exe Trojan.Win32.Dialer.qn

desuden har jeg via spyware doctor fundet ud af at jeg har barckdoor.darkmoon flere steder...

HJÆLP HJÆLP HJÆLP

skal lige siges til sidst at jeg har fået vista på den nye computer som gør jeg ikke helt er på hjemmebane..

Synes godt om

arlet Juniormester

21. november 2007 - 20:22 #1

1)Lad ccleaner lave en oprydning : www.arlet.dk/ccleaner.htm

2)Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind

3)Hent hijackthis herfra: www.arlet.dk/hijackthis.htm

4)Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

Vi skal se logs fra punkt 2 - 3 - 4

Synes godt om

thorkild10 Juniormester

21. november 2007 - 20:34 #2

RENSNING FÆRDIG - (3.191 sek)
------------------------------------------------------------------------------------------
40,62KB fjernet.
------------------------------------------------------------------------------------------

Detaljer om de slettede filer
--------------------------------------------------------------------------------------2)

----
IE midlertidige Internet filer (30 filer) 40,29KB
C:\Users\Martin Thorstein\AppData\Roaming\Microsoft\Windows\Cookies\low\martin_thorstein@www.malwarecheck[1].txt 177 bytes
C:\Users\Martin Thorstein\AppData\Roaming\Microsoft\Windows\Cookies\low\martin_thorstein@yahoo[2].txt 156 bytes
C:\Users\Martin Thorstein\AppData\Roaming\Google\Local Search History\google%2Eweb.w 0 bytes

da jeg prøvede at køre hijackthis programmet sagde den:
an error prevents this program from continuing:
could not extract the current file. Adgang nægtet

Synes godt om

arlet Juniormester

21. november 2007 - 20:36 #3

okay, så hent combofixet

Synes godt om

thorkild10 Juniormester

21. november 2007 - 20:41 #4

så fik jeg hijackthis til at virke dog den poppede op med noget virus.

Logfile of HijackThis v1.99.1
Scan saved at 20:40:13, on 21-11-2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\Martin Thorstein\Desktop\hijackthis_sfx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=2071101
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer leveret af Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe" -s wrapper.conf (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Synes godt om

arlet Juniormester

21. november 2007 - 20:42 #5

Det er ikke den hijackthis log fra mit link, for det er en gammel version du har der..

Synes godt om

thorkild10 Juniormester

21. november 2007 - 20:45 #6

ja for kunne jo ikke få din til at virke så tænkte det ville være bedre end ingenting.

er igang med combofix nu

Synes godt om

thorkild10 Juniormester

21. november 2007 - 20:53 #7

combofix loggen:

ComboFix 07-11-19.3 - Martin Thorstein 2007-11-21 20:43:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1030.18.854 [GMT 1:00]
Running from: C:\Users\Martin Thorstein\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-21 to 2007-11-21 )))))))))))))))))))))))))))))))
.

2007-11-21 20:35 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2007-11-21 20:35 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2007-11-21 20:25 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-21 20:25 <DIR> d-------- C:\Program Files\CCleaner
2007-11-20 17:37 <DIR> d-------- C:\Users\Martin Thorstein\AppData\Roaming\SUPERAntiSpyware.com
2007-11-20 17:37 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-11-20 17:37 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2007-11-20 17:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-20 17:17 <DIR> d-------- C:\Users\Martin Thorstein\DoctorWeb
2007-11-20 16:56 <DIR> d-------- C:\Program Files\SPYWAREfighter
2007-11-20 16:56 <DIR> d-------- C:\Program Files\Common Files\Application
2007-11-20 15:51 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-11-20 15:51 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-11-20 15:13 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-20 15:13 115,920 --a------ C:\Windows\System32\MSINET.OCX
2007-11-20 13:25 <DIR> d-------- C:\Users\Martin Thorstein\AppData\Roaming\PC Tools
2007-11-20 13:25 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-20 13:06 29,696 --a------ C:\Users\Martin Thorstein\serial.exe
2007-11-20 13:06 9,728 --a------ C:\Users\Martin Thorstein\install.exe
2007-11-20 13:06 48 --a------ C:\Users\Martin Thorstein\readme.bat
2007-11-20 12:42 100 --a------ C:\Windows\System32\ikhcore.cfg
2007-11-20 12:36 626,688 --a------ C:\Windows\System32\msvcr80.dll
2007-11-20 12:01 <DIR> d-------- C:\Users\All Users\Lavasoft
2007-11-20 12:01 <DIR> d-------- C:\ProgramData\Lavasoft
2007-11-20 12:01 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-20 12:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-10 10:58 <DIR> d-------- C:\Program Files\Ubisoft
2007-11-10 10:58 1 --a------ C:\Windows\System32\SI.bin
2007-11-10 10:56 <DIR> d-------- C:\Users\All Users\DAEMON Tools Pro
2007-11-10 10:56 <DIR> d-------- C:\ProgramData\DAEMON Tools Pro
2007-11-10 10:55 <DIR> d-------- C:\Users\Martin Thorstein\AppData\Roaming\DAEMON Tools Pro
2007-11-10 10:55 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2007-11-09 18:10 <DIR> d-------- C:\Users\Martin Thorstein\AppData\Roaming\Sports Interactive
2007-11-09 17:29 685,816 --a------ C:\Windows\System32\drivers\sptd.sys
2007-11-09 17:26 <DIR> d-------- C:\Users\All Users\e-Safekey
2007-11-09 17:26 <DIR> d-------- C:\ProgramData\e-Safekey
2007-11-09 15:24 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-11-08 21:14 <DIR> d-------- C:\Program Files\ScandicBookmakers.com
2007-11-08 20:57 <DIR> d--h----- C:\Windows\msdownld.tmp
2007-11-08 19:48 <DIR> d-------- C:\Program Files\TVUPlayer
2007-11-08 19:45 <DIR> d-------- C:\Users\Martin Thorstein\AppData\Roaming\SopCast
2007-11-08 19:45 <DIR> d-------- C:\Program Files\SopCast
2007-11-08 19:13 1,824,768 --a------ C:\Windows\System32\inetcpl.cpl
2007-11-08 19:13 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2007-11-08 19:13 737,792 --a------ C:\Windows\System32\inetcomm.dll
2007-11-08 19:13 84,480 --a------ C:\Windows\System32\INETRES.dll
2007-11-08 19:12 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-08 19:12 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-11-08 19:07 <DIR> d-------- C:\Users\Martin Thorstein\AppData\Roaming\Hamachi
2007-11-08 19:07 <DIR> d-------- C:\Program Files\Hamachi
2007-11-08 18:56 <DIR> d-------- C:\Windows\PCHEALTH
2007-11-08 18:53 <DIR> dr-h----- C:\Users\Martin Thorstein\AppData\Roaming\SecuROM
2007-11-08 18:53 <DIR> d-------- C:\Program Files\Windows Live
2007-11-08 18:53 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-08 18:53 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2007-11-08 18:53 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2007-11-08 18:53 53,080 --a------ C:\Windows\System32\wuauclt.exe
2007-11-08 18:53 43,352 --a------ C:\Windows\System32\wups2.dll
2007-11-08 18:52 <DIR> d-------- C:\Users\All Users\WLInstaller
2007-11-08 18:52 <DIR> d-------- C:\ProgramData\WLInstaller
2007-11-08 18:52 549,720 --a------ C:\Windows\System32\wuapi.dll
2007-11-08 18:52 80,896 --a------ C:\Windows\System32\wudriver.dll
2007-11-08 18:52 33,624 --a------ C:\Windows\System32\wups.dll
2007-11-08 18:51 163,000 --a------ C:\Windows\System32\wuwebv.dll
2007-11-08 18:51 31,232 --a------ C:\Windows\System32\wuapp.exe
2007-11-08 18:49 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-11-08 18:49 <DIR> d-------- C:\Program Files\Sports Interactive
2007-11-08 18:48 <DIR> d--h----- C:\Users\Martin Thorstein\InstallAnywhere
2007-11-08 18:45 <DIR> d-------- C:\Users\Martin Thorstein\AppData\Roaming\Roxio
2007-11-08 18:44 <DIR> dr------- C:\Users\Martin Thorstein\Searches
2007-11-08 18:43 <DIR> dr------- C:\Users\Martin Thorstein\Contacts
2007-11-08 18:42 <DIR> dr------- C:\Users\Martin Thorstein\Videos
2007-11-08 18:42 <DIR> dr------- C:\Users\Martin Thorstein\Saved Games
2007-11-08 18:42 <DIR> dr------- C:\Users\Martin Thorstein\Pictures
2007-11-08 18:42 <DIR> dr------- C:\Users\Martin Thorstein\Music
2007-11-08 18:42 <DIR> dr------- C:\Users\Martin Thorstein\Links
2007-11-08 18:42 <DIR> dr------- C:\Users\Martin Thorstein\Downloads
2007-11-08 18:42 <DIR> dr------- C:\Users\Martin Thorstein\Documents
2007-11-08 18:42 <DIR> d-------- C:\Users\Martin Thorstein\AppData\Roaming\Media Center Programs
2007-11-08 18:42 <DIR> d--h----- C:\Users\Martin Thorstein\AppData
2007-11-08 18:40 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts
2007-11-01 18:28 <DIR> d-------- C:\Program Files\DellTPad
2007-11-01 18:28 2,411,520 --a------ C:\Windows\System32\drivers\atikmdag.sys
2007-11-01 18:28 1,419,232 --a------ C:\Windows\System32\WdfCoInstaller01005.dll
2007-11-01 18:28 811,008 --a------ C:\Windows\System32\cximage.dll
2007-11-01 18:28 385,024 --a------ C:\Windows\System32\OEM02Cvw.dll
2007-11-01 18:28 331,776 --a------ C:\Windows\System32\OEM02Cvw.crl
2007-11-01 18:28 260,330 --a------ C:\Windows\System32\OEM02Cvw.bff
2007-11-01 18:28 157,184 --a------ C:\Windows\System32\drivers\Apfiltr.sys
2007-11-01 18:28 122,880 --a------ C:\Windows\System32\drivers\ahcix86s.sys
2007-11-01 18:28 100,410 --a------ C:\Windows\System32\Vxdif.dll
2007-11-01 18:28 94,208 --a------ C:\Windows\System32\mdmxsdk.dll
2007-11-01 18:28 90,112 --a------ C:\Windows\System32\snymsico.dll
2007-11-01 18:28 49,152 --a------ C:\Windows\System32\drivers\ati2erec.dll
2007-11-01 18:28 36,864 --a------ C:\Windows\System32\CtCamMgr.dll
2007-11-01 18:28 32,768 --a------ C:\Windows\System32\OEM02Hwx.dll
2007-11-01 18:27 3,503,800 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-11-01 18:27 3,469,496 --a------ C:\Windows\System32\ntoskrnl.exe
2007-11-01 18:27 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2007-11-01 18:27 566,784 --a------ C:\Windows\System32\SLCommDlg.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 18:13 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-11-08 18:13 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-11-08 18:13 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-11-08 18:11 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-11-08 18:07 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2007-11-08 17:41 --------- d-sh--w C:\ProgramData\Skrivebord
2007-11-08 17:41 --------- d-sh--w C:\ProgramData\Skabeloner
2007-11-08 17:41 --------- d-sh--w C:\ProgramData\Menuen Start
2007-11-08 17:41 --------- d-sh--w C:\ProgramData\Favoritter
2007-11-08 17:41 --------- d-sh--w C:\ProgramData\Dokumenter
2007-11-08 17:41 --------- d-sh--w C:\ProgramData\Application Data
2007-11-08 17:41 --------- d-sh--w C:\Program Files\Fælles filer
2007-11-01 17:27 540,672 ----a-w C:\Windows\System32\sysmain.dll
2007-11-01 17:27 45,240 ----a-w C:\Windows\system32\drivers\pciidex.sys
2007-11-01 17:27 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-11-01 17:27 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2007-11-01 17:27 21,688 ----a-w C:\Windows\system32\drivers\atapi.sys
2007-11-01 17:27 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2007-11-01 17:27 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2007-11-01 17:27 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2007-11-01 17:27 17,592 ------w C:\Windows\system32\drivers\intelide.sys
2007-11-01 17:27 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2007-11-01 17:27 16,056 ----a-w C:\Windows\system32\drivers\pciide.sys
2007-11-01 17:27 110,264 ----a-w C:\Windows\system32\drivers\ataport.sys
2007-11-01 17:26 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-11-01 17:26 229,888 ----a-w C:\Windows\System32\msshsq.dll
2007-11-01 17:26 --------- d-----w C:\Program Files\Windows Mail
2007-11-01 17:25 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-11-01 17:25 475,136 ----a-w C:\Windows\System32\evr.dll
2007-11-01 17:25 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-11-01 17:25 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-11-01 17:25 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-11-01 17:25 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-11-01 17:25 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-01 17:24 633,856 ----a-w C:\Windows\System32\user32.dll
2007-11-01 17:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-11-01 17:24 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-11-01 17:24 414,208 ----a-w C:\Windows\System32\msscp.dll
2007-11-01 17:24 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2007-11-01 17:24 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2007-11-01 17:24 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-11-01 17:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-11-01 17:24 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-11-01 17:23 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-01 17:23 38,912 ----a-w C:\Windows\system32\drivers\hidclass.sys
2007-11-01 17:23 25,472 ----a-w C:\Windows\system32\drivers\hidparse.sys
2007-11-01 17:23 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys
2007-11-01 17:23 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys
2007-11-01 17:23 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2007-11-01 17:23 12,288 ----a-w C:\Windows\system32\drivers\hidusb.sys
2007-11-01 17:22 --------- d-----w C:\Program Files\Windows Defender
2007-11-01 17:20 74,752 ----a-w C:\Windows\system32\drivers\rasl2tp.sys
2007-11-01 17:20 60,928 ----a-w C:\Windows\system32\drivers\raspptp.sys
2007-11-01 17:19 61,952 ----a-w C:\Windows\system32\drivers\ohci1394.sys
2007-11-01 17:19 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2007-11-01 17:19 51,896 ----a-w C:\Windows\system32\drivers\partmgr.sys
2007-11-01 17:19 160,872 ----a-w C:\Windows\System32\halmacpi.dll
2007-11-01 17:19 134,760 ----a-w C:\Windows\System32\halacpi.dll
2007-11-01 17:19 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2007-11-01 17:18 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2007-11-01 17:18 65,536 ----a-w C:\Windows\System32\propdefs.dll
2007-11-01 17:18 58,472 ------w C:\Windows\system32\drivers\ULIAGPKX.SYS
2007-11-01 17:18 54,888 ------w C:\Windows\system32\drivers\AMDAGP.SYS
2007-11-01 17:18 54,376 ------w C:\Windows\system32\drivers\VIAAGP.SYS
2007-11-01 17:18 53,864 ------w C:\Windows\system32\drivers\AGP440.sys
2007-11-01 17:18 53,352 ------w C:\Windows\system32\drivers\SISAGP.SYS
2007-11-01 17:18 52,224 ----a-w C:\Windows\System32\msstrc.dll
2007-11-01 17:18 51,200 ----a-w C:\Windows\System32\msscntrs.dll
2007-11-01 17:18 50,792 ----a-w C:\Windows\system32\drivers\termdd.sys
2007-11-01 17:18 50,280 ----a-w C:\Windows\system32\drivers\volmgr.sys
2007-11-01 17:18 47,208 ------w C:\Windows\system32\drivers\isapnp.sys
2007-11-01 17:18 331,264 ----a-w C:\Windows\System32\mssph.dll
2007-11-01 17:18 32,256 ----a-w C:\Windows\System32\mssprxy.dll
2007-11-01 17:18 28,776 ----a-w C:\Windows\system32\drivers\mssmbios.sys
2007-11-01 17:18 242,688 ------w C:\Windows\system32\drivers\rdpdr.sys
2007-11-01 17:18 23,552 ----a-w C:\Windows\System32\msscb.dll
2007-11-01 17:18 22,632 ----a-w C:\Windows\System32\streamci.dll
2007-11-01 17:18 167,424 ----a-w C:\Windows\System32\ActionQueue.dll
2007-11-01 17:18 158,720 ----a-w C:\Windows\System32\mssphtb.dll
2007-11-01 17:18 140,392 ----a-w C:\Windows\system32\drivers\pci.sys
2007-11-01 17:18 13,928 ----a-w C:\Windows\system32\drivers\msisadrv.sys
2007-11-01 17:18 12,776 ----a-w C:\Windows\system32\drivers\swenum.sys
2007-11-01 17:18 106,600 ------w C:\Windows\system32\drivers\NV_AGP.SYS
2007-11-01 17:18 1,695,232 ----a-w C:\Windows\System32\mssvp.dll
2007-11-01 17:18 1,499,648 ----a-w C:\Windows\System32\tquery.dll
2007-11-01 17:18 1,397,248 ----a-w C:\Windows\System32\mssrch.dll
2007-10-22 02:39 267,272 ----a-w C:\Windows\System32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\Windows\System32\X3DAudio1_2.dll
2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
2007-10-12 14:14 3,734,536 ----a-w C:\Windows\System32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\Windows\System32\D3DCompiler_36.dll
2007-10-02 08:56 444,776 ----a-w C:\Windows\System32\d3dx10_36.dll
2007-08-29 05:55 40,960 ----a-w C:\Windows\System32\OEM02Pin.dll
2007-08-29 05:55 24,576 ----a-w C:\Windows\System32\OEM02Srv.exe
2007-08-29 05:54 90,112 ----a-w C:\Windows\CtDrvIns.exe
2007-08-29 05:54 36,864 ----a-w C:\Windows\OEM02Mon.exe
2007-08-29 05:54 28,672 ----a-w C:\Windows\OEM02Cfg.exe
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-13 11:27]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-04-16 11:47]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-01-10 15:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-01 18:22]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 07:03]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-04-18 04:31]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-29 06:54]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-11-01 10:45]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 21:37 C:\Windows\sttray.exe]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 20:33]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-01 11:11]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-04-16 11:47]

C:\Users\Martin Thorstein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-11-08 19:07:00]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-01 10:47:03]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-11-01 10:56:41]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys
R2 ATIWebPAM;ATI WebPAM;"C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe" -s wrapper.conf
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys
S3 viaagp;VIA AGP Bus Filter;C:\Windows\system32\drivers\viaagp.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37600e32-8f72-11dc-b512-001c23a4250c}]
\shell\AutoRun\command - F:\AutoRun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 10:14:05 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-11-01 10:14:05 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-21 20:46:45
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-21 20:48:05
.
--- E O F ---

Synes godt om

arlet Juniormester

21. november 2007 - 22:04 #8

Der er ikke noget i de logs du har lagt ind..

Du mangler denne her:
2)Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind

Synes godt om

thorkild10 Juniormester

04. september 2011 - 14:13 #9

lukker denne.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
pop up black friday Af Malm i Virus	3	I går 20:49	I dag 01:12
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS