Avatar billede janto Juniormester
17. januar 2008 - 12:10 Der er 6 kommentarer og
1 løsning

Låser en gang i mellem

Kan i se denne hijackthis.log og hjælpe hvis der er noget usædvanligt.
janto

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:41, on 17-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Automatic Update\AutoUpdate.exe
C:\Programmer\Amadeus\Pro Printer\Mainsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FLLESF~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmer\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Automatic Update\AutoUpdateGUI.exe
C:\Programmer\SiteAdvisor\6253\SAService.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmer\Analog Devices\SoundMAX\Smax4.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\SiteAdvisor\6253\SiteAdv.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\SummaSummarum\SummaAlarm.exe
C:\Programmer\CoolSystems\ordbogen.com\ordbogen.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\wspan\swgw\FilterAgent.exe
C:\WINDOWS\system32\DllHost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Programmer\Amadeus\Pro Printer\AmaPrt.exe
C:\Programmer\Amadeus\Pro Printer\ComAdapt.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\elsebeth\Lokale indstillinger\Temporary Internet Files\Content.IE5\NEFHDDF7\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nemdirect.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmer\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmer\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmer\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [mcagent_exe] C:\Programmer\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SummaAlarm] "C:\Programmer\SummaSummarum\SummaAlarm.exe"
O4 - HKCU\..\Run: [Ordbogen.com] C:\Programmer\CoolSystems\ordbogen.com\ordbogen.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [Ordbogen.com] C:\Programmer\CoolSystems\ordbogen.com\ordbogen.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.nemdirect.dk
O15 - Trusted Zone: http://*.sca.amadeus.com
O15 - Trusted Zone: http://diagnostic.amadeus.com
O15 - Trusted Zone: http://*.amadeus.com
O15 - Trusted Zone: http://diagnostic.1a.amadeus.net
O15 - Trusted Zone: http://*.amadeuscruise.com
O15 - Trusted Zone: http://*.amadeusferry.com
O15 - Trusted Zone: http://*.amadeusproprinter.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: www.farewise.dk
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O15 - Trusted Zone: http://*.amadeuscruise.com (HKLM)
O15 - Trusted Zone: http://*.amadeusferry.com (HKLM)
O15 - Trusted Zone: http://*.amadeusproprinter.com (HKLM)
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - http://certificates.amadeusvista.com/sgwadmin/common/AutoUpdateATL25P231.CAB
O16 - DPF: {06765091-DF2F-462F-96AB-B779C2A9EA8B} (cabPTA_INC_CT.Class1) - http://externt.script.sca.amadeus.com/cabPTA_INC_CT.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://amadeusvista.com/VWP/common/cabs/VistaPWComms.CAB
O16 - DPF: {2E5C2AF3-84BC-46C4-AE86-85FB713F74AB} (cabSCAToolkitDLLs.cabSCAToolkit) - http://externt.script.sca.amadeus.com/cabSCAToolkitDLLs.CAB
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - http://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {3D518D7D-422F-4787-AC71-10BB552E897B} (Amadeus_SP2_Patcher Class) - http://amadeusvista.com/common/cabs/SP2Patch.CAB
O16 - DPF: {469C92F9-CA8E-4C3E-9AD4-F74EEF097BCA} (Amadeus DS Diagnostic Class) - http://diagnostic.amadeus.com/travelagencies/Cabs/DS_Diagnostic.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {6784DEB6-533F-4306-9CC1-E9DE525E9617} (Project1.cabPTA) - http://externt.script.sca.amadeus.com/cabPTA.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129357824031
O16 - DPF: {74690F1B-4B3A-4A50-987F-E3680A43451D} (cabPricingUpdate.Class1) - http://externt.script.sca.amadeus.com/cabPricingUpdate.CAB
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - https://gopublic.wspan.com/Secure/Dlls/WSFileIO3.cab
O16 - DPF: {853E81B1-9377-4685-8D93-376BD3EDF881} (Project1.cabPNRSearch) - http://externt.script.sca.amadeus.com/cabPNRSearch.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\EI40_\msxml4.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://gopublic.wspan.com/Secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {CFEC0ABB-68AA-4AAC-B926-E85A1D5AEA9B} (cabPNRCheckConfig.dummyPNRCC) - http://externt.script.sca.amadeus.com/cabPNRCheckConfig.CAB
O16 - DPF: {D7C51CB6-56F4-42A2-93B8-14DB47C0C0C4} (UpdateControl.FWUpdate) - http://www.farewise.dk/flight_update/UpdateControl.CAB
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E4389398-8E29-404E-86D6-27ADF2ECE396} (cabPNRCheck.dummyPNRCheck) - http://externt.script.sca.amadeus.com/cabPNRCheck.CAB
O16 - DPF: {E5511576-63F7-4447-A0BF-E08669B1A38F} (cabFQP.dummyFQP) - http://externt.script.sca.amadeus.com/cabFQP.CAB
O16 - DPF: {E90EF4C9-1476-4C49-B926-97C7D9D30A06} (Certificates_Info Class) - http://certificates.amadeusvista.com/certificateinfo/CCCert_Info.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Amadeus Automatic Update - Amadeus - C:\Programmer\Automatic Update\AutoUpdate.exe
O23 - Service: AmadeusProPrinter - Amadeus - C:\Programmer\Amadeus\Pro Printer\Mainsrv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FLLESF~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmer\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programmer\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 14721 bytes
17. januar 2008 - 22:52 #1
... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; hvis du har 'mod' på det så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...
Avatar billede janto Juniormester
18. januar 2008 - 07:37 #2
Så er de 4 logfiler klar:  ;-)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/08/2008 at 09:05 AM

Application Version : 3.9.1008

Core Rules Database Version : 3137
Trace Rules Database Version: 1154

Scan type      : Complete Scan
Total Scan Time : 01:03:27

Memory items scanned      : 236
Memory threats detected  : 0
Registry items scanned    : 7074
Registry threats detected : 0
File items scanned        : 34230
File threats detected    : 8

Adware.Tracking Cookie
    C:\Documents and Settings\orki\Cookies\orki@eas.apm.emediate[1].txt
    C:\Documents and Settings\orki\Cookies\orki@advertising[2].txt
    C:\Documents and Settings\orki\Cookies\orki@cgi-bin[3].txt
    C:\Documents and Settings\orki\Cookies\orki@e2.emediate[1].txt
    C:\Documents and Settings\orki\Cookies\orki@track.adform[1].txt
    C:\Documents and Settings\orki\Cookies\orki@tradedoubler[2].txt
    C:\Documents and Settings\orki\Cookies\orki@2o7[2].txt
    C:\Documents and Settings\orki\Cookies\orki@doubleclick[1].txt


Logfile of HijackThis v1.99.1
Scan saved at 06:37:03, on 18-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Automatic Update\AutoUpdate.exe
C:\Programmer\Amadeus\Pro Printer\Mainsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FLLESF~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmer\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SiteAdvisor\6253\SAService.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Amadeus\Pro Printer\AmaPrt.exe
C:\Programmer\Amadeus\Pro Printer\ComAdapt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Programmer\Automatic Update\AutoUpdateGUI.exe
C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmer\Analog Devices\SoundMAX\Smax4.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\SiteAdvisor\6253\SiteAdv.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\SummaSummarum\SummaAlarm.exe
C:\Programmer\CoolSystems\ordbogen.com\ordbogen.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\wspan\swgw\FilterAgent.exe
C:\WINDOWS\system32\DllHost.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Ork\Skrivebord\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nemdirect.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmer\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmer\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmer\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [mcagent_exe] C:\Programmer\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SummaAlarm] "C:\Programmer\SummaSummarum\SummaAlarm.exe"
O4 - HKCU\..\Run: [Ordbogen.com] C:\Programmer\CoolSystems\ordbogen.com\ordbogen.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.nemdirect.dk
O15 - Trusted Zone: http://*.sca.amadeus.com
O15 - Trusted Zone: http://diagnostic.amadeus.com
O15 - Trusted Zone: http://*.amadeus.com
O15 - Trusted Zone: http://diagnostic.1a.amadeus.net
O15 - Trusted Zone: http://*.amadeuscruise.com
O15 - Trusted Zone: http://*.amadeusferry.com
O15 - Trusted Zone: http://*.amadeusproprinter.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: www.farewise.dk
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O15 - Trusted Zone: http://*.amadeuscruise.com (HKLM)
O15 - Trusted Zone: http://*.amadeusferry.com (HKLM)
O15 - Trusted Zone: http://*.amadeusproprinter.com (HKLM)
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - http://certificates.amadeusvista.com/sgwadmin/common/AutoUpdateATL25P231.CAB
O16 - DPF: {06765091-DF2F-462F-96AB-B779C2A9EA8B} (cabPTA_INC_CT.Class1) - http://externt.script.sca.amadeus.com/cabPTA_INC_CT.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://amadeusvista.com/VWP/common/cabs/VistaPWComms.CAB
O16 - DPF: {2E5C2AF3-84BC-46C4-AE86-85FB713F74AB} (cabSCAToolkitDLLs.cabSCAToolkit) - http://externt.script.sca.amadeus.com/cabSCAToolkitDLLs.CAB
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - http://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {3D518D7D-422F-4787-AC71-10BB552E897B} (Amadeus_SP2_Patcher Class) - http://amadeusvista.com/common/cabs/SP2Patch.CAB
O16 - DPF: {469C92F9-CA8E-4C3E-9AD4-F74EEF097BCA} (Amadeus DS Diagnostic Class) - http://diagnostic.amadeus.com/travelagencies/Cabs/DS_Diagnostic.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {6784DEB6-533F-4306-9CC1-E9DE525E9617} (Project1.cabPTA) - http://externt.script.sca.amadeus.com/cabPTA.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129357824031
O16 - DPF: {74690F1B-4B3A-4A50-987F-E3680A43451D} (cabPricingUpdate.Class1) - http://externt.script.sca.amadeus.com/cabPricingUpdate.CAB
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - https://gopublic.wspan.com/Secure/Dlls/WSFileIO3.cab
O16 - DPF: {853E81B1-9377-4685-8D93-376BD3EDF881} (Project1.cabPNRSearch) - http://externt.script.sca.amadeus.com/cabPNRSearch.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\EI40_\msxml4.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://gopublic.wspan.com/Secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {CFEC0ABB-68AA-4AAC-B926-E85A1D5AEA9B} (cabPNRCheckConfig.dummyPNRCC) - http://externt.script.sca.amadeus.com/cabPNRCheckConfig.CAB
O16 - DPF: {D7C51CB6-56F4-42A2-93B8-14DB47C0C0C4} (UpdateControl.FWUpdate) - http://www.farewise.dk/flight_update/UpdateControl.CAB
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E4389398-8E29-404E-86D6-27ADF2ECE396} (cabPNRCheck.dummyPNRCheck) - http://externt.script.sca.amadeus.com/cabPNRCheck.CAB
O16 - DPF: {E5511576-63F7-4447-A0BF-E08669B1A38F} (cabFQP.dummyFQP) - http://externt.script.sca.amadeus.com/cabFQP.CAB
O16 - DPF: {E90EF4C9-1476-4C49-B926-97C7D9D30A06} (Certificates_Info Class) - http://certificates.amadeusvista.com/certificateinfo/CCCert_Info.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmer\SiteAdvisor\6253\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Amadeus Automatic Update - Amadeus - C:\Programmer\Automatic Update\AutoUpdate.exe
O23 - Service: AmadeusProPrinter - Amadeus - C:\Programmer\Amadeus\Pro Printer\Mainsrv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FLLESF~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmer\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programmer\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe


********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
18-01-2008  6:42:11,93

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 06:42:14
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

ComboFix 08-01-18.3 - orki 2008-01-18  6:56:57.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1708 [GMT 1:00]
Running from: C:\Documents and Settings\orki\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\Cache

.
(((((((((((((((((((((((((  Files Created from 2007-12-18 to 2008-01-18  )))))))))))))))))))))))))))))))
.

2008-01-18 06:55 . 2000-08-31 08:00    51,200    --a------    C:\WINDOWS\NirCmd.exe
2008-01-17 23:47 . 2008-01-17 23:47    <DIR>    d--------    C:\Programmer\CCleaner
2008-01-09 19:35 . 2008-01-09 19:35    <DIR>    d--------    C:\Programmer\CoolSystems
2008-01-04 11:28 . 2008-01-04 11:28    <DIR>    d--------    C:\Documents and Settings\LocalService\Application Data\Xerox
2008-01-04 11:04 . 2008-01-04 11:05    <DIR>    d--------    C:\Documents and Settings\orki\Application Data\Xerox
2007-12-31 08:54 . 2007-12-31 08:54    <DIR>    d--------    C:\Documents and Settings\LocalService\Dokumenter
2007-12-31 08:53 . 2007-12-31 08:53    <DIR>    d--------    C:\Documents and Settings\orki\Application Data\HP
2007-12-31 08:48 . 2007-11-27 19:09    164,325    ---------    C:\WINDOWS\hpoins21.dat.temp
2007-12-31 08:48 . 2007-05-15 11:10    8,138    ---------    C:\WINDOWS\hpomdl21.dat.temp
2007-12-28 18:20 . 2007-12-28 18:20    <DIR>    d--------    C:\Programmer\Lavalys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 05:34    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-17 23:04    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2008-01-17 17:49    ---------    d-----w    C:\Documents and Settings\orki\Application Data\Amadeus
2008-01-17 17:31    ---------    d-----w    C:\Programmer\DesignPro
2008-01-14 11:28    ---------    d-----w    C:\Programmer\Automatic Update
2007-12-31 13:55    ---------    d-----w    C:\Programmer\SummaSummarum
2007-12-20 12:16    20,480    ----a-w    C:\WINDOWS\system32\cabSCAToolkitDLLs.dll
2007-12-20 11:57    81,920    ----a-w    C:\WINDOWS\system32\SMACarUtils.dll
2007-12-19 07:50    ---------    d-----w    C:\Programmer\McAfee
2007-12-17 15:21    ---------    d-----w    C:\Programmer\SiteAdvisor
2007-12-12 09:18    ---------    d-----w    C:\Documents and Settings\orki\Application Data\SiteAdvisor
2007-12-10 08:07    ---------    d-----w    C:\Documents and Settings\orki\Application Data\HPAppData
2007-11-27 18:08    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WEBREG
2007-11-27 17:25    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-11-27 17:17    ---------    d-----w    C:\Programmer\HP
2007-11-27 17:17    ---------    d-----w    C:\Programmer\Hewlett-Packard
2007-11-27 17:17    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-11-27 17:14    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\HP
2007-11-27 17:13    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2007-11-27 17:11    ---------    d-----w    C:\Programmer\Fælles filer\HP
2007-11-19 13:55    151,552    ----a-w    C:\WINDOWS\system32\SMAFaresUtils.dll
2007-11-07 09:28    723,456    ----a-w    C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44    1,291,776    ----a-w    C:\WINDOWS\system32\quartz.dll
2007-10-29 12:13    352,256    ----a-w    C:\WINDOWS\system32\SMATempoUtils23.dll
2007-10-25 09:00    230,912    ----a-w    C:\WINDOWS\system32\wmasf.dll
2007-05-15 08:11    557,056    ----a-w    C:\Documents and Settings\orki\GoToAssist_phone__317_en.exe
2004-11-20 13:36    15,298    ----a-w    C:\Programmer\Furnish Lite uninstal.log
2003-09-26 11:23    168,267,776    ----a-w    C:\Programmer\Adobe Photoshop 7.0, with serial.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52    1298024    -ra------    C:\Programmer\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52    177768    -ra------    C:\Programmer\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 13:16 49152]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Spyware Doctor"="C:\Programmer\Spyware Doctor\swdoctor.exe" [2005-05-26 08:52 1506544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 14:19 68856]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-28 08:41 1318912]
"SummaAlarm"="C:\Programmer\SummaSummarum\SummaAlarm.exe" [2007-04-09 21:00 530048]
"Ordbogen.com"="C:\Programmer\CoolSystems\ordbogen.com\ordbogen.exe" [2007-10-19 15:58 274432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-03-11 18:45 774144]
"SoundMAX"="C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" [2003-03-11 18:58 593920]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 19:24 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 19:11 114688]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 13:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 13:16 741376 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SiteAdvisor"="C:\Programmer\SiteAdvisor\6253\SiteAdv.exe" [2007-01-17 20:24 36904]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"mcagent_exe"="C:\Programmer\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"HP Software Update"="C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 01:53 15360]
"Ordbogen.com"="C:\Programmer\CoolSystems\ordbogen.com\ordbogen.exe" [2007-10-19 15:58 274432]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24]
hpoddt01.exe.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 17:11:12]
officejet 6100.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-04-09 16:42:06]
Worldspan Filter Agent.lnk - C:\wspan\swgw\FilterAgent.exe [2004-11-28 11:20:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableWindowsUpdateAccess"= 0 (0x0)
"NoWindowsUpdate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"= 0 (0x0)
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2007-01-27 13:24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL 2007-05-14 15:05 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

R2 AmadeusProPrinter;AmadeusProPrinter;C:\Programmer\Amadeus\Pro Printer\Mainsrv.exe [2005-10-18 13:20]
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2004-08-27 01:53]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-27 01:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc
HPService    REG_MULTI_SZ      HPSLPSVC

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2006-01-15 00:21:21 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1129318845.job"
- C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2007-05-14 23:14:53 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programmer\mcafee\mqc\QcConsol.exe'
"2008-01-01 00:02:42 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programmer\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 07:01:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18  7:02:38
ComboFix-quarantined-files.txt  2008-01-18 06:02:14
.
2008-01-09 21:03:00    --- E O F ---
Avatar billede janto Juniormester
19. januar 2008 - 18:28 #3
Er jeg blevet glemt? ;-)

Elsebeth
20. januar 2008 - 08:57 #4
Lidt glemt *S* Sorry..

Hvorfor har jeg mon lige mistanke til at dette program's oprindelse ikke har helt 'ren mel' i posen ? ->
C:\Programmer\Adobe Photoshop 7.0, with serial.exe

Ikke noget ANDET underligt at se ifølge loggen - kune lidt efterfølgende oprydning ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Genstart normalt...

Ta' også en tur med CCleaner - specielt punktet [Problemer/register] ...

------------------------------------------------------------------------
Avatar billede janto Juniormester
20. januar 2008 - 10:07 #5
Mange tusinde tak for hjælpen. ;-)

Jeg skulle ikke have photoshop her?
Jeg kan heller ikke finde den hverken i programmer under start eller C:\Programmer ?

Elsebeth
Avatar billede janto Juniormester
20. januar 2008 - 10:29 #6
Jeg har nu fundet et pakket program i c:\programmer ??
Det er nu slettet!
??  Photoshop bruger jeg overhovedet ikke  ??
20. januar 2008 - 19:41 #7
Takker...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester