Avatar billede silkk Nybegynder
01. januar 2008 - 11:47 Der er 5 kommentarer og
1 løsning

Hijackthis hjælp, Pc'en køre langsomt

Er der en venlig sjæl der vil kigge denne her igennem?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:43:23, on 01-01-2008
Platform: Windows Vista  (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Anastasia\Desktop\Tino\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vis Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS – Godkendelse af adgangskoder (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\symantec\liveupdate\LuComServer_3_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7366 bytes
Avatar billede arlet Juniormester
01. januar 2008 - 11:49 #1
Kør Ccleaner(1) SAS(2) Hijackthis(nyeste version)(5) Combofix(6)
i nævnte rækkefølge herfra www.arlet.dk/rens.htm 


Jeg skal se logs fra punkt 2, 3 og 6
Avatar billede silkk Nybegynder
01. januar 2008 - 11:57 #2
Tak for urtigt svar!

Jeg er igang med at køre SAS(2)

jeg skal lige være sikker, jeg har kørt 1 og er er igang med 2, hvad med 3 og 4, 7 og 8?
Avatar billede silkk Nybegynder
01. januar 2008 - 13:18 #3
Så er CCleaner helt clean :-)

SAS fandt intet overhoved og jeg kunne ikke finde en log

AVG AntiSpyware/Ewido, er blevet kørt og renset

Combofix Log:ComboFix 07-12-31.4 - Anastasia 2008-01-01 13:05:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.1.1030.18.211 [GMT 1:00]
Running from: C:\Users\Anastasia\Desktop\Tino\ComboFix_6.exe
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_install.exe blev ikke fundet.

.
(((((((((((((((((((((((((  Files Created from 2007-12-01 to 2008-01-01  )))))))))))))))))))))))))))))))
.

2008-01-01 12:59 . 2000-08-31 08:00    51,200    --a------    C:\Windows\NirCmd.exe
2008-01-01 12:25 . 2007-07-06 18:39    401,720    --a------    C:\Program Files\HJTrenamed.exe
2008-01-01 11:54 . 2008-01-01 11:54    <DIR>    d--------    C:\Users\Anastasia\AppData\Roaming\SUPERAntiSpyware.com
2008-01-01 11:54 . 2008-01-01 11:54    <DIR>    d--------    C:\ProgramData\SUPERAntiSpyware.com
2008-01-01 11:54 . 2008-01-01 11:55    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-01-01 11:35 . 2008-01-01 11:35    <DIR>    d--------    C:\Program Files\CCleaner
2008-01-01 11:23 . 2008-01-01 11:23    1,327,104    --a------    C:\Windows\System32\quartz.dll
2008-01-01 11:22 . 2008-01-01 11:22    223,232    --a------    C:\Windows\System32\WMASF.DLL
2008-01-01 11:22 . 2008-01-01 11:22    9,728    --a------    C:\Windows\System32\LAPRXY.DLL
2008-01-01 11:22 . 2008-01-01 11:22    2,048    --a------    C:\Windows\System32\asferror.dll
2008-01-01 11:19 . 2008-01-01 11:19    1,830,912    --a------    C:\Windows\System32\inetcpl.cpl
2008-01-01 11:19 . 2008-01-01 11:19    56,320    --a------    C:\Windows\System32\iesetup.dll
2008-01-01 11:19 . 2008-01-01 11:19    26,624    --a------    C:\Windows\System32\ieUnatt.exe
2008-01-01 11:18 . 2008-01-01 11:18    130,048    --a------    C:\Windows\System32\drivers\srv2.sys
2008-01-01 11:18 . 2008-01-01 11:18    101,888    --a------    C:\Windows\System32\drivers\mrxsmb.sys
2008-01-01 11:18 . 2008-01-01 11:18    84,992    --a------    C:\Windows\System32\drivers\srvnet.sys
2008-01-01 11:18 . 2008-01-01 11:18    58,368    --a------    C:\Windows\System32\drivers\mrxsmb20.sys
2008-01-01 11:12 . 2008-01-01 11:12    3,504,824    --a------    C:\Windows\System32\ntkrnlpa.exe
2008-01-01 11:11 . 2008-01-01 11:12    3,470,520    --a------    C:\Windows\System32\ntoskrnl.exe
2008-01-01 11:11 . 2008-01-01 11:11    2,048    --a------    C:\Windows\System32\tzres.dll
2008-01-01 10:43 . 2008-01-01 10:43    <DIR>    d--------    C:\ProgramData\Lavasoft
2008-01-01 10:43 . 2008-01-01 10:43    <DIR>    d--------    C:\Program Files\Lavasoft
2008-01-01 10:41 . 2008-01-01 11:53    <DIR>    d--------    C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 14:44 . 2007-12-08 14:44    <DIR>    d--------    C:\Program Files\Apple Software Update

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 10:20    52,736    ----a-w    C:\Windows\AppPatch\iebrshim.dll
2007-12-08 13:50    ---------    d-----w    C:\ProgramData\Apple Computer
2007-12-08 13:50    ---------    d-----w    C:\Program Files\QuickTime
2007-11-29 21:44    ---------    d-----w    C:\ProgramData\Symantec
2007-11-29 12:08    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2007-11-29 11:51    ---------    d-----w    C:\ProgramData\Rosetta Stone
2007-11-18 02:02    1,244,672    ----a-w    C:\Windows\System32\mcmde.dll
2007-11-15 16:20    704,000    ----a-w    C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 16:20    28,344    ----a-w    C:\Windows\system32\drivers\battc.sys
2007-11-15 16:20    258,232    ----a-w    C:\Windows\system32\drivers\acpi.sys
2007-11-15 16:20    24,064    ----a-w    C:\Windows\System32\wtsapi32.dll
2007-11-15 16:20    20,920    ----a-w    C:\Windows\system32\drivers\compbatt.sys
2007-11-15 16:20    2,923,520    ----a-w    C:\Windows\explorer.exe
2007-11-15 16:20    2,027,008    ----a-w    C:\Windows\System32\win32k.sys
2007-11-15 16:20    14,208    ----a-w    C:\Windows\system32\drivers\CmBatt.sys
2007-11-15 16:19    67,584    ----a-w    C:\Windows\System32\wlanhlp.dll
2007-11-15 16:19    542,720    ----a-w    C:\Windows\System32\sysmain.dll
2007-11-15 16:19    502,784    ----a-w    C:\Windows\System32\wlansvc.dll
2007-11-15 16:19    47,104    ----a-w    C:\Windows\System32\wlanapi.dll
2007-11-15 16:19    297,984    ----a-w    C:\Windows\System32\wlansec.dll
2007-11-15 16:19    290,816    ----a-w    C:\Windows\System32\wlanmsm.dll
2007-11-15 16:16    8,704    ----a-w    C:\Windows\System32\hcrstco.dll
2007-11-15 16:16    8,704    ----a-w    C:\Windows\System32\hccoin.dll
2007-11-15 16:16    73,216    ----a-w    C:\Windows\system32\drivers\usbccgp.sys
2007-11-15 16:16    5,888    ----a-w    C:\Windows\system32\drivers\usbd.sys
2007-11-15 16:16    38,400    ----a-w    C:\Windows\system32\drivers\usbehci.sys
2007-11-15 16:16    224,768    ----a-w    C:\Windows\system32\drivers\usbport.sys
2007-11-15 16:16    192,000    ----a-w    C:\Windows\system32\drivers\usbhub.sys
2007-11-15 16:16    19,456    ----a-w    C:\Windows\system32\drivers\usbohci.sys
2007-11-15 16:14    ---------    d-----w    C:\Program Files\Windows Mail
2007-11-04 13:37    ---------    d-----w    C:\Program Files\Common Files\Symantec Shared
2007-10-11 01:08    8,147,968    ----a-w    C:\Windows\System32\wmploc.DLL
2007-10-11 01:08    7,680    ----a-w    C:\Windows\System32\spwmp.dll
2007-10-11 01:08    4,096    ----a-w    C:\Windows\System32\dxmasf.dll
2007-10-11 01:08    356,864    ----a-w    C:\Windows\System32\MediaMetadataHandler.dll
2007-10-11 01:03    84,480    ----a-w    C:\Windows\System32\INETRES.dll
2007-10-11 01:03    737,792    ----a-w    C:\Windows\System32\inetcomm.dll
2007-10-11 01:02    788,992    ----a-w    C:\Windows\System32\rpcrt4.dll
2007-09-02 01:12    174    --sha-w    C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 15:49 1092152]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-09-27 21:04 2321600]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-05 17:53 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 06:27 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 06:37 4186112 C:\Windows\RtHDVCpl.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 20:08 228088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:08 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 00:18 22696]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 10:00 18944]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2007-01-18 09:19 484984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"NetFxUpdate_v1.1.4322"="C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 16:20 106496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 10:22]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 04:10]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-12-21 13:31]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 15:09]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 13:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted    REG_MULTI_SZ      hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eb00ad2-436b-11dc-8966-806e6f6e6963}]
\shell\AutoRun\command - D:\autorun.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 19:28:01 C:\Windows\Tasks\Norton Internet Security - Kør fuld systemskanning - Anastasia.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2008-01-01 12:00:06 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-01-01 12:00:05 C:\Windows\Tasks\Udvidet garanti.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 13:11:32
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 13:13:33
.
2008-01-01 10:24:07    --- E O F --- 

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:33, on 01-01-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Users\Anastasia\Desktop\Tino\ewido_micro_3.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS – Godkendelse af adgangskoder (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\symantec\liveupdate\LuComServer_3_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7241 bytes
Avatar billede arlet Juniormester
01. januar 2008 - 15:11 #4
Ved du hvad det her er:
C:\Users\Anastasia\Desktop\Tino\ewido_micro_3.exe

Ellers er der ikke noget at komme efter..
Avatar billede silkk Nybegynder
01. januar 2008 - 15:46 #5
det er når denne download gemmes :3) AVG AntiSpyware/Ewido, så kommer den til at hedde det, hvis du siger den er ren, så smid lige et svar!!
Avatar billede arlet Juniormester
01. januar 2008 - 16:01 #6
Ja, selvfølgelig*S*

Så er loggen ren..
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester