CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede silkk Nybegynder
01. januar 2008 - 11:47 Der er 5 kommentarer og
1 løsning

Hijackthis hjælp, Pc'en køre langsomt

Er der en venlig sjæl der vil kigge denne her igennem?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:43:23, on 01-01-2008
Platform: Windows Vista  (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Anastasia\Desktop\Tino\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vis Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS – Godkendelse af adgangskoder (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\symantec\liveupdate\LuComServer_3_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7366 bytes
Avatar billede arlet Juniormester
01. januar 2008 - 11:49 #1
Kør Ccleaner(1) SAS(2) Hijackthis(nyeste version)(5) Combofix(6)
i nævnte rækkefølge herfra www.arlet.dk/rens.htm 


Jeg skal se logs fra punkt 2, 3 og 6
Avatar billede silkk Nybegynder
01. januar 2008 - 11:57 #2
Tak for urtigt svar!

Jeg er igang med at køre SAS(2)

jeg skal lige være sikker, jeg har kørt 1 og er er igang med 2, hvad med 3 og 4, 7 og 8?
Avatar billede silkk Nybegynder
01. januar 2008 - 13:18 #3
Så er CCleaner helt clean :-)

SAS fandt intet overhoved og jeg kunne ikke finde en log

AVG AntiSpyware/Ewido, er blevet kørt og renset

Combofix Log:ComboFix 07-12-31.4 - Anastasia 2008-01-01 13:05:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.1.1030.18.211 [GMT 1:00]
Running from: C:\Users\Anastasia\Desktop\Tino\ComboFix_6.exe
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_install.exe blev ikke fundet.

.
(((((((((((((((((((((((((  Files Created from 2007-12-01 to 2008-01-01  )))))))))))))))))))))))))))))))
.

2008-01-01 12:59 . 2000-08-31 08:00    51,200    --a------    C:\Windows\NirCmd.exe
2008-01-01 12:25 . 2007-07-06 18:39    401,720    --a------    C:\Program Files\HJTrenamed.exe
2008-01-01 11:54 . 2008-01-01 11:54    <DIR>    d--------    C:\Users\Anastasia\AppData\Roaming\SUPERAntiSpyware.com
2008-01-01 11:54 . 2008-01-01 11:54    <DIR>    d--------    C:\ProgramData\SUPERAntiSpyware.com
2008-01-01 11:54 . 2008-01-01 11:55    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-01-01 11:35 . 2008-01-01 11:35    <DIR>    d--------    C:\Program Files\CCleaner
2008-01-01 11:23 . 2008-01-01 11:23    1,327,104    --a------    C:\Windows\System32\quartz.dll
2008-01-01 11:22 . 2008-01-01 11:22    223,232    --a------    C:\Windows\System32\WMASF.DLL
2008-01-01 11:22 . 2008-01-01 11:22    9,728    --a------    C:\Windows\System32\LAPRXY.DLL
2008-01-01 11:22 . 2008-01-01 11:22    2,048    --a------    C:\Windows\System32\asferror.dll
2008-01-01 11:19 . 2008-01-01 11:19    1,830,912    --a------    C:\Windows\System32\inetcpl.cpl
2008-01-01 11:19 . 2008-01-01 11:19    56,320    --a------    C:\Windows\System32\iesetup.dll
2008-01-01 11:19 . 2008-01-01 11:19    26,624    --a------    C:\Windows\System32\ieUnatt.exe
2008-01-01 11:18 . 2008-01-01 11:18    130,048    --a------    C:\Windows\System32\drivers\srv2.sys
2008-01-01 11:18 . 2008-01-01 11:18    101,888    --a------    C:\Windows\System32\drivers\mrxsmb.sys
2008-01-01 11:18 . 2008-01-01 11:18    84,992    --a------    C:\Windows\System32\drivers\srvnet.sys
2008-01-01 11:18 . 2008-01-01 11:18    58,368    --a------    C:\Windows\System32\drivers\mrxsmb20.sys
2008-01-01 11:12 . 2008-01-01 11:12    3,504,824    --a------    C:\Windows\System32\ntkrnlpa.exe
2008-01-01 11:11 . 2008-01-01 11:12    3,470,520    --a------    C:\Windows\System32\ntoskrnl.exe
2008-01-01 11:11 . 2008-01-01 11:11    2,048    --a------    C:\Windows\System32\tzres.dll
2008-01-01 10:43 . 2008-01-01 10:43    <DIR>    d--------    C:\ProgramData\Lavasoft
2008-01-01 10:43 . 2008-01-01 10:43    <DIR>    d--------    C:\Program Files\Lavasoft
2008-01-01 10:41 . 2008-01-01 11:53    <DIR>    d--------    C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 14:44 . 2007-12-08 14:44    <DIR>    d--------    C:\Program Files\Apple Software Update

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 10:20    52,736    ----a-w    C:\Windows\AppPatch\iebrshim.dll
2007-12-08 13:50    ---------    d-----w    C:\ProgramData\Apple Computer
2007-12-08 13:50    ---------    d-----w    C:\Program Files\QuickTime
2007-11-29 21:44    ---------    d-----w    C:\ProgramData\Symantec
2007-11-29 12:08    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2007-11-29 11:51    ---------    d-----w    C:\ProgramData\Rosetta Stone
2007-11-18 02:02    1,244,672    ----a-w    C:\Windows\System32\mcmde.dll
2007-11-15 16:20    704,000    ----a-w    C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 16:20    28,344    ----a-w    C:\Windows\system32\drivers\battc.sys
2007-11-15 16:20    258,232    ----a-w    C:\Windows\system32\drivers\acpi.sys
2007-11-15 16:20    24,064    ----a-w    C:\Windows\System32\wtsapi32.dll
2007-11-15 16:20    20,920    ----a-w    C:\Windows\system32\drivers\compbatt.sys
2007-11-15 16:20    2,923,520    ----a-w    C:\Windows\explorer.exe
2007-11-15 16:20    2,027,008    ----a-w    C:\Windows\System32\win32k.sys
2007-11-15 16:20    14,208    ----a-w    C:\Windows\system32\drivers\CmBatt.sys
2007-11-15 16:19    67,584    ----a-w    C:\Windows\System32\wlanhlp.dll
2007-11-15 16:19    542,720    ----a-w    C:\Windows\System32\sysmain.dll
2007-11-15 16:19    502,784    ----a-w    C:\Windows\System32\wlansvc.dll
2007-11-15 16:19    47,104    ----a-w    C:\Windows\System32\wlanapi.dll
2007-11-15 16:19    297,984    ----a-w    C:\Windows\System32\wlansec.dll
2007-11-15 16:19    290,816    ----a-w    C:\Windows\System32\wlanmsm.dll
2007-11-15 16:16    8,704    ----a-w    C:\Windows\System32\hcrstco.dll
2007-11-15 16:16    8,704    ----a-w    C:\Windows\System32\hccoin.dll
2007-11-15 16:16    73,216    ----a-w    C:\Windows\system32\drivers\usbccgp.sys
2007-11-15 16:16    5,888    ----a-w    C:\Windows\system32\drivers\usbd.sys
2007-11-15 16:16    38,400    ----a-w    C:\Windows\system32\drivers\usbehci.sys
2007-11-15 16:16    224,768    ----a-w    C:\Windows\system32\drivers\usbport.sys
2007-11-15 16:16    192,000    ----a-w    C:\Windows\system32\drivers\usbhub.sys
2007-11-15 16:16    19,456    ----a-w    C:\Windows\system32\drivers\usbohci.sys
2007-11-15 16:14    ---------    d-----w    C:\Program Files\Windows Mail
2007-11-04 13:37    ---------    d-----w    C:\Program Files\Common Files\Symantec Shared
2007-10-11 01:08    8,147,968    ----a-w    C:\Windows\System32\wmploc.DLL
2007-10-11 01:08    7,680    ----a-w    C:\Windows\System32\spwmp.dll
2007-10-11 01:08    4,096    ----a-w    C:\Windows\System32\dxmasf.dll
2007-10-11 01:08    356,864    ----a-w    C:\Windows\System32\MediaMetadataHandler.dll
2007-10-11 01:03    84,480    ----a-w    C:\Windows\System32\INETRES.dll
2007-10-11 01:03    737,792    ----a-w    C:\Windows\System32\inetcomm.dll
2007-10-11 01:02    788,992    ----a-w    C:\Windows\System32\rpcrt4.dll
2007-09-02 01:12    174    --sha-w    C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 15:49 1092152]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-09-27 21:04 2321600]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-05 17:53 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 06:27 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 06:37 4186112 C:\Windows\RtHDVCpl.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 20:08 228088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:08 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 00:18 22696]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 10:00 18944]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2007-01-18 09:19 484984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"NetFxUpdate_v1.1.4322"="C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 16:20 106496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 10:22]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 04:10]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-12-21 13:31]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 15:09]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 13:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted    REG_MULTI_SZ      hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eb00ad2-436b-11dc-8966-806e6f6e6963}]
\shell\AutoRun\command - D:\autorun.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 19:28:01 C:\Windows\Tasks\Norton Internet Security - Kør fuld systemskanning - Anastasia.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2008-01-01 12:00:06 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-01-01 12:00:05 C:\Windows\Tasks\Udvidet garanti.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 13:11:32
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 13:13:33
.
2008-01-01 10:24:07    --- E O F --- 

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:33, on 01-01-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Users\Anastasia\Desktop\Tino\ewido_micro_3.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS – Godkendelse af adgangskoder (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\symantec\liveupdate\LuComServer_3_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7241 bytes
Avatar billede arlet Juniormester
01. januar 2008 - 15:11 #4
Ved du hvad det her er:
C:\Users\Anastasia\Desktop\Tino\ewido_micro_3.exe

Ellers er der ikke noget at komme efter..
Avatar billede silkk Nybegynder
01. januar 2008 - 15:46 #5
det er når denne download gemmes :3) AVG AntiSpyware/Ewido, så kommer den til at hedde det, hvis du siger den er ren, så smid lige et svar!!
Avatar billede arlet Juniormester
01. januar 2008 - 16:01 #6
Ja, selvfølgelig*S*

Så er loggen ren..
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
34 min siden Tastatur med lommeregner Af HHA i Andet hardware
I går 23:02 Hjælp til formel. Afrund??? Af MrMYansen i Excel
I går 21:52 Filter der lister tomme felter Af per2edb i Access
I går 20:51 Kun sort hvid print Af st skad i Billedbehandling
I går 19:13 Hvem kan redigere en video for mig ? Af nu_igen i Foto & video
White papers
Flere white papers »


Premium
Teaser billede
På trods af dataaftale mellem EU og USA: Uber får kæmpe GDPR-bøde på over to milliarder kroner for at sende data til USA
Læs mere »
NNIT fortsætter fremmarchen i Danmark men taber fart i USA: ”Det er en skuffelse”
Nu falder dommen i stor Google-sag: Danske Jobindex kræver millioner i erstatning
DSB køber cloud-løsning til 420 millioner kroner af hollandsk it-selskab: Skal afløse 30 år gammelt system
Se alle »
Computerworld
Teaser billede
Verdens største bilproducent ramt af hackerangreb: Sender skylden videre til tredjepart
Læs mere »
Benægter eksistens af gigantisk firewall for 230 millioner mennesker: VPN er skyld i sløjt internet
Efter flere måneders tavshed: Erkender gigantisk datalæk af persondata
Funktionen blev kaldt ’en guldgrube for hackere’ – nu vil Microsoft lancere den igen
Se alle »
CIO
Teaser billede
Detailkæde har mistet over 65 millioner kroner efter cyberangreb – kræver erstatning fra it-leverandør
Læs mere »
Hun flyttede til Frankrig med to kufferter og startede i et af verdens største CIO-job dagen efter: "De vigtige beslutninger blev bare ikke taget"
Han er en af Danmarks bedste CIO'er - og nu søger han nyt job: "Det er mere opgaven end jobbet, som jeg går efter"
DSB køber cloud-løsning til 420 millioner kroner af hollandsk it-selskab: Skal afløse 30 år gammelt system
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
KMD-direktør forlader selskabet: Det skal hun nu
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Til åbningsfest i det nye NNIT-hovedkontor: ”Som at flytte til New York sammenlignet med der hvor vi kommer fra” - se billederne
Se alle »
White paper
Teaser billede
Nemmere overblik, styring og omkostningskontrol i dit multicloud-miljø
Læs mere »
Sådan gør du: Elektronisk dokumentudveksling i praksis
Guide: Sådan udvikler du en moderne netværksstrategi
Cyberstatus 2024: Her er truslerne – og her forbereder virksomhederne sig
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »