Avatar billede anders4u Nybegynder
20. januar 2008 - 19:57 Der er 7 kommentarer og
2 løsninger

HijackThis logfil

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:57:22, on 20-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\DeltaIITray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\And\Skrivebord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\drivers\spool.exe C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Programmer\Helper\superfindout.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\And\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spool.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [auto] C:\WINDOWS\system32\drivers\win32.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spool.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\And\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Opgavestyring (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spool.exe

--
End of file - 4649 bytes
Avatar billede arlet Juniormester
20. januar 2008 - 20:43 #1
Kør Ccleaner(1) SAS(2) Hijackthis(5) Combofix(6)
i nævnte rækkefølge herfra www.arlet.dk/rens.htm
Hijackthis, da det er en gammel version du har


Jeg skal se logs fra punkt 2, 5 og 6
Avatar billede anders4u Nybegynder
20. januar 2008 - 21:17 #2
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2008 at 09:13 PM

Application Version : 3.9.1008

Core Rules Database Version : 3384
Trace Rules Database Version: 1378

Scan type      : Complete Scan
Total Scan Time : 00:10:21

Memory items scanned      : 387
Memory threats detected  : 1
Registry items scanned    : 3470
Registry threats detected : 27
File items scanned        : 18440
File threats detected    : 19

Adware.E404 Helper/Variant
    C:\PROGRAMMER\HELPER\SUPERFINDOUT.DLL
    C:\PROGRAMMER\HELPER\SUPERFINDOUT.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}
    HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}
    HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}
    HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}\InprocServer32
    HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}\ProgID
    HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}\Programmable
    HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}\TypeLib
    HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}\VersionIndependentProgID
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6392B7B8-60B6-415F-9DC4-8B74430F27EB}\RP1\A0000011.DLL

Adware.Tracking Cookie
    C:\Documents and Settings\And\Cookies\and@ad.yieldmanager[1].txt
    C:\Documents and Settings\And\Cookies\and@zedo[1].txt
    C:\Documents and Settings\And\Cookies\and@mediaplex[1].txt
    C:\Documents and Settings\And\Cookies\and@track.adform[1].txt
    C:\Documents and Settings\And\Cookies\and@1070847646[1].txt
    C:\Documents and Settings\And\Cookies\and@cassava[1].txt
    C:\Documents and Settings\And\Cookies\and@doubleclick[1].txt
    C:\Documents and Settings\And\Cookies\and@adtech[1].txt
    C:\Documents and Settings\And\Cookies\and@new-pcp[1].txt
    C:\Documents and Settings\And\Cookies\and@pacificpoker[2].txt
    C:\Documents and Settings\And\Cookies\and@888[2].txt
    C:\Documents and Settings\And\Cookies\and@partypoker[1].txt
    C:\Documents and Settings\And\Cookies\and@partygaming.122.2o7[1].txt

Trojan.DNSChanger-Codec
    HKCR\CLSID\E404.e404mgr
    HKCR\CLSID\E404.e404mgr#UserId

Adware.E404 Helper/Hij
    HKCR\E404.e404mgr
    HKCR\E404.e404mgr\CLSID
    HKCR\E404.e404mgr\CurVer
    HKCR\E404.e404mgr.1
    HKCR\E404.e404mgr.1\CLSID
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

RootKit.TnCore/Trace
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\core.sys

Rootkit.RunTime3/FutureGen
    C:\DOCUMENTS AND SETTINGS\AND\LOKALE INDSTILLINGER\TEMP\83875.EXE

Trojan.Unclassifed/Loader-Suspicious
    C:\DOCUMENTS AND SETTINGS\AND\LOKALE INDSTILLINGER\TEMP\LOADER.EXE
Avatar billede anders4u Nybegynder
20. januar 2008 - 21:18 #3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:31, on 20-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\spool.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\DeltaIITray.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\drivers\spool.exe C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spool.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\And\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spool.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\And\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Opgavestyring (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spool.exe

--
End of file - 4546 bytes
Avatar billede anders4u Nybegynder
20. januar 2008 - 21:30 #4
ComboFix 08-01-20.1 - And 2008-01-20 21:23:38.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1667 [GMT 1:00]
Running from: C:\Documents and Settings\And\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Programmer\Helper
C:\WINDOWS\system32\drivers\spool.exe

----- Unknown downloads made by BITS: ----
http://hq-pharma.org
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\core


(((((((((((((((((((((((((  Files Created from 2007-12-20 to 2008-01-20  )))))))))))))))))))))))))))))))
.

2008-01-20 21:23 . 2000-08-31 08:00    51,200    --a------    C:\WINDOWS\NirCmd.exe
2008-01-20 21:18 . 2007-07-06 18:39    401,720    --a------    C:\Programmer\HJTrenamed.exe
2008-01-20 21:01 . 2008-01-20 21:01    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-20 21:00 . 2008-01-20 21:16    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-01-20 21:00 .     <DIR>        C:\Programmer\Fælles filer\Wise Installation Wizard
2008-01-20 21:00 . 2008-01-20 21:00    <DIR>    d--------    C:\Documents and Settings\And\Application Data\SUPERAntiSpyware.com
2008-01-20 20:50 . 2008-01-20 20:50    <DIR>    d--------    C:\Programmer\CCleaner
2008-01-20 15:53 . 2001-10-09 15:00    13,463,552    --a--c---    C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-20 15:52 . 2004-08-26 18:53    2,134,528    --a--c---    C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-01-20 15:51 . 2008-01-20 15:51    749    -rah-----    C:\WINDOWS\WindowsShell.Manifest
2008-01-20 15:51 . 2008-01-20 15:51    749    -rah-----    C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-20 15:51 . 2008-01-20 15:51    749    -rah-----    C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-20 15:51 . 2008-01-20 15:51    749    -rah-----    C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-20 15:51 . 2008-01-20 15:51    749    -rah-----    C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-20 15:51 . 2008-01-20 15:51    488    -rah-----    C:\WINDOWS\system32\logonui.exe.manifest
2008-01-20 15:40 . 2004-08-26 19:26    1,086,058    -ra------    C:\WINDOWS\SET32.tmp
2008-01-20 15:40 . 2004-08-26 19:30    1,013,849    -ra------    C:\WINDOWS\SET2F.tmp
2008-01-20 15:40 . 2004-08-26 19:26    14,043    -ra------    C:\WINDOWS\SET3E.tmp
2008-01-20 15:08 . 2008-01-20 21:21    2,145,386,496    --a------    C:\WINDOWS\MEMORY.DMP
2008-01-20 14:33 . 2008-01-20 14:33    <DIR>    d--------    C:\WINDOWS\NV1028388.TMP
2008-01-20 14:33 . 2007-10-04 17:14    136,260    --a------    C:\WINDOWS\system32\nvapps.nvb
2008-01-20 13:49 . 2008-01-20 13:49    <DIR>    d--------    C:\WINDOWS\LastGood.Tmp
2008-01-20 13:48 . 2008-01-20 13:48    <DIR>    d--------    C:\Documents and Settings\And\Application Data\dvdcss
2008-01-20 13:23 . 2008-01-20 13:23    164    --a------    C:\install.dat
2008-01-20 12:34 . 2008-01-20 13:47    <DIR>    d--------    C:\Programmer\eMule
2008-01-20 12:27 . 2008-01-20 13:10    281    --a------    C:\WINDOWS\wininit.ini
2008-01-20 12:02 . 2008-01-20 13:49    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-19 23:40 . 2008-01-20 13:47    <DIR>    d--------    C:\Documents and Settings\And\Contacts
2008-01-19 23:36 . 2008-01-19 23:36    <DIR>    d--------    C:\Documents and Settings\And\Application Data\vlc
2008-01-19 22:35 . 2008-01-19 22:37    <DIR>    d--------    C:\Programmer\Windows Live
2008-01-19 22:35 .     <DIR>        C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-01-19 22:35 . 2008-01-19 22:35    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-19 22:22 . 2008-01-19 22:22    <DIR>    d--------    C:\Programmer\VideoLAN
2008-01-19 21:29 . 2008-01-20 13:47    <DIR>    d--------    C:\Programmer\Winamp
2008-01-19 21:29 . 2008-01-20 13:47    <DIR>    d--------    C:\Documents and Settings\And\Application Data\Winamp
2008-01-16 22:03 . 2008-01-16 22:03    <DIR>    d--------    C:\Programmer\SlySoft
2008-01-16 21:56 . 2008-01-16 21:56    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-01-16 21:53 . 2008-01-16 21:53    25,984    --a------    C:\WINDOWS\system32\drivers\Fcv11.sys
2008-01-16 21:53 . 2008-01-16 21:53    10,240    --ahs----    C:\WINDOWS\system32\drivers\spool.exe~
2008-01-16 21:51 . 2008-01-16 21:51    <DIR>    d--------    C:\Programmer\Elaborate Bytes
2008-01-16 21:51 . 2008-01-16 21:51    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SlySoft
2008-01-16 21:50 . 2008-01-16 22:01    58,880    --a------    C:\oipiy.exe
2008-01-16 21:50 . 2008-01-16 21:50    54,764    --a------    C:\WINDOWS\system32\dxdss.sys
2008-01-16 21:50 . 2008-01-16 22:01    41,472    --a------    C:\osfj.exe
2008-01-16 21:50 . 2008-01-16 21:50    14,848    --a------    C:\WINDOWS\system32\drivers\win32.exe~
2008-01-16 21:50 . 2008-01-16 21:50    14,848    --a------    C:\Documents and Settings\And\ntuser.exe
2008-01-16 21:50 . 2008-01-16 21:52    6,144    --a------    C:\WINDOWS\system32\msftp.dll
2008-01-16 21:50 . 2008-01-16 21:52    6,144    --a------    C:\Documents and Settings\And\msftp.dll
2008-01-16 21:50 . 2008-01-16 21:56    72    ---hs----    C:\WINDOWS\S926572FD.tmp
2008-01-16 21:50 . 2008-01-16 22:01    2    --a------    C:\412363067
2008-01-15 00:46 . 2007-12-03 11:21    2,513,432    --a------    C:\WINDOWS\system32\pcifmdio.dll
2008-01-15 00:46 . 2007-12-03 11:21    727,560    --a------    C:\WINDOWS\system32\DeltaIICpl.exe
2008-01-15 00:46 . 2007-12-03 11:21    297,992    --a------    C:\WINDOWS\system32\drivers\deltaII.sys
2008-01-15 00:46 . 2007-12-03 11:21    236,040    --a------    C:\WINDOWS\system32\DeltaIITray.exe
2008-01-15 00:46 . 2007-12-03 11:21    26,632    --a------    C:\WINDOWS\system32\DeltaII.cpl
2008-01-15 00:46 . 2007-12-03 11:21    25,096    --a------    C:\WINDOWS\system32\deltaIIasio.dll
2008-01-15 00:46 . 2007-12-03 11:21    21,000    --a------    C:\WINDOWS\system32\DeltaIIpnl.dll
2008-01-15 00:46 . 2007-12-03 11:21    12,296    --a------    C:\WINDOWS\system32\deltaIICoIn.dll
2008-01-15 00:11 . 2008-01-15 00:11    <DIR>    d--------    C:\Programmer\Lavalys
2008-01-14 23:54 . 2003-07-31 20:28    147,425    --a------    C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-01-14 23:54 . 2003-05-26 15:29    120,468    --a------    C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-01-14 23:54 . 2003-05-26 15:29    114,279    --a------    C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-01-14 19:06 . 2008-01-15 00:13    <DIR>    d--------    C:\Programmer\Waves
2008-01-14 19:05 . 2008-01-14 19:05    <DIR>    d--------    C:\Documents and Settings\And\Application Data\Steinberg
2008-01-14 19:01 . 2008-01-15 00:14    <DIR>    d--------    C:\Programmer\Steinberg
2008-01-14 19:00 . 2008-01-15 00:14    <DIR>    d--------    C:\Programmer\Syncrosoft
2008-01-14 18:01 . 2008-01-14 18:01    <DIR>    d--------    C:\Programmer\M-Audio
2008-01-14 18:01 . 2008-01-14 18:01    <DIR>    d--------    C:\Documents and Settings\And\Application Data\InstallShield
2008-01-14 18:01 . 2007-12-03 11:21    236,040    --a------    C:\WINDOWS\system32\DeltaIITray(2).exe
2008-01-12 10:15 . 2008-01-12 10:15    <DIR>    d--------    C:\pnp
2008-01-12 00:41 . 2008-01-12 00:41    23,600    --a------    C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-12 00:32 . 2008-01-12 00:32    <DIR>    d--------    C:\Programmer\ASUS
2008-01-11 23:56 . 2008-01-11 23:56    <DIR>    d--------    C:\Programmer\WinTV
2008-01-11 23:54 . 2001-07-19 09:44    393,216    --a------    C:\WINDOWS\system32\hcwsnbd9.dll
2008-01-11 23:54 . 1999-10-29 14:21    157,612    --a------    C:\WINDOWS\system32\Hcwpsip.dll
2008-01-11 23:39 . 2008-01-11 23:39    <DIR>    d--------    C:\Programmer\Alwil Software
2008-01-11 23:31 . 2008-01-11 23:31    <DIR>    d--------    C:\WINDOWS\system32\Lang
2008-01-11 23:30 . 2007-04-13 15:36    1,822,720    --a------    C:\WINDOWS\SkyTel.exe
2008-01-11 23:30 . 2004-08-03 23:07    52,864    --a------    C:\WINDOWS\system32\drivers\DMusic.sys
2008-01-11 23:30 . 2006-08-01 15:02    49,152    --a------    C:\WINDOWS\system32\ChCfg.exe
2008-01-11 23:30 . 2004-08-03 23:07    6,400    --a------    C:\WINDOWS\system32\drivers\splitter.sys
2008-01-11 23:29 . 2008-01-11 23:33    <DIR>    d--------    C:\Programmer\Realtek
2008-01-11 23:29 . 2008-01-14 18:01    <DIR>    d--h-----    C:\Programmer\InstallShield Installation Information
2008-01-11 22:38 . 2008-01-11 22:38    <DIR>    d--------    C:\SWSetup
2008-01-11 22:34 . 2008-01-20 15:55    <DIR>    d--------    C:\WINDOWS\nview
2008-01-11 22:34 .     <DIR>        C:\Programmer\Fælles filer\InstallShield
2008-01-11 22:34 . 2007-10-04 18:16    356,352    --a------    C:\WINDOWS\system32\NVUNINST.EXE
2008-01-11 22:34 . 2007-10-04 17:14    356,352    --a------    C:\WINDOWS\system32\nvudisp.exe
2008-01-11 22:34 . 2008-01-11 22:35    140,158    --a------    C:\WINDOWS\system32\nvapps.xml
2008-01-11 22:34 . 2007-10-04 17:14    17,525    --a------    C:\WINDOWS\system32\nvdisp.nvu
2008-01-11 22:33 . 2008-01-11 22:33    <DIR>    d--------    C:\NVIDIA
2008-01-11 22:29 . 2008-01-12 00:13    <DIR>    d--h-----    C:\WINDOWS\$hf_mig$
2008-01-11 22:29 . 2005-06-28 10:21    22,752    --a------    C:\WINDOWS\system32\spupdsvc.exe
2008-01-11 22:18 . 2006-01-12 14:52    1,904    --a------    C:\WINDOWS\system32\SetupBD.din
2008-01-11 22:17 . 2008-01-11 22:17    <DIR>    d----c---    C:\WINDOWS\system32\DRVSTORE
2008-01-11 22:17 . 2008-01-11 22:18    <DIR>    d--------    C:\Programmer\Intel
2008-01-11 22:17 . 2008-01-11 22:17    <DIR>    d--------    C:\Intel
2008-01-11 22:17 . 2007-07-26 16:15    53,248    --a------    C:\WINDOWS\system32\CSVer.dll
2008-01-11 21:00 . 2004-08-26 18:48    57,856    --a------    C:\WINDOWS\system32\drivers\redbook.sys
2008-01-11 21:00 . 2001-08-17 22:46    6,400    --a------    C:\WINDOWS\system32\drivers\enum1394.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 20:26    ---------    d-----w    C:\Programmer\Helper
2008-01-20 20:18    4,547    ----a-w    C:\Programmer\hijackthis.log
2008-01-20 20:00    ---------    d-----w    C:\Programmer\Fælles filer
2008-01-20 14:51    ---------    d-----w    C:\Programmer\Fælles filer\System
2008-01-19 21:37    ---------    d-----w    C:\Programmer\Fælles filer\Microsoft Shared
2008-01-11 22:29    315,392    ----a-w    C:\WINDOWS\HideWin.exe
2008-01-11 19:58    ---------    d-----w    C:\Programmer\Fælles filer\SpeechEngines
2008-01-11 19:58    ---------    d-----w    C:\Programmer\Fælles filer\ODBC
2008-01-11 19:22    ---------    d--h--w    C:\Programmer\Uninstall Information
2008-01-11 19:18    ---------    d-----w    C:\Programmer\microsoft frontpage
2008-01-11 19:17    ---------    d-----w    C:\Programmer\Onlinetjenester
2008-01-11 19:17    ---------    d-----w    C:\Programmer\Fælles filer\Tjenester
2008-01-11 19:17    ---------    d-----w    C:\Programmer\Fælles filer\MSSoap
2007-12-19 20:05    97,216    ----a-w    C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-04 14:56    93,264    ----a-w    C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55    94,544    ----a-w    C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53    23,152    ----a-w    C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51    42,912    ----a-w    C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49    26,624    ----a-w    C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04    837,496    ----a-w    C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54    95,608    ----a-w    C:\WINDOWS\system32\AvastSS.scr
2007-10-25 09:01    2,109,440    ----a-w    C:\WINDOWS\system32\wmvcore(3).dll
2007-10-25 09:00    230,912    ----a-w    C:\WINDOWS\system32\wmasf(3).dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 18:53 15360]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 17:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\DeltaIITray.exe" [2007-12-03 11:21 236040]
"DeltaIITaskbarApp"="C:\WINDOWS\system32\DeltaIITray.exe" [2007-12-03 11:21 236040]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-26 18:53 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fcv11.sys]
@="Driver"

R3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\WINDOWS\system32\DRIVERS\deltaII.sys [2007-12-03 11:21]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Programmer\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 Fcv11;Fcv11;C:\WINDOWS\System32\drivers\Fcv11.sys [2008-01-16 21:53]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2007-09-10 12:34]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 21:26:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 21:27:57 - machine was rebooted
ComboFix-quarantined-files.txt  2008-01-20 20:27:55
.
2008-01-16 16:16:51    --- E O F ---
Avatar billede anders4u Nybegynder
21. januar 2008 - 12:45 #5
Det er sgu lidt et problem, for jeg kan se at min pc sender omkring 50 - 60 mails på 3 minutter(Ifølge min "postscanner")... Til folk jeg ihvertfald ikke kender...

Er der mulighed for at bremse det midlertidigt, indtil loggen er blevet set igennem...?
21. januar 2008 - 13:36 #6
... ta' netværksstikket ud ...
21. januar 2008 - 13:41 #7
... og en frisk HiJackThis Log - efter ovenstående procedurer ... og <arlet> fortsætter herfra ..

PS: C:\Programmer\eMule -> *SUK*
Avatar billede anders4u Nybegynder
21. januar 2008 - 14:42 #8
HAR lavet en format c: - og har nu en frisk maskine, men Arlet smid lige et svar, så får du lidt point for ulejligheden :-) - og ja, har børn der synes det er "sjovt" at installere emule på min maskine, desværre...
Avatar billede arlet Juniormester
21. januar 2008 - 16:46 #9
Okay, det gik stærkt, så hjælpen var meget begrænset herfra..

Så jeg synes da bare vi skulle dele pointene, hvis du vil af med nogle..
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester