Avatar billede killer_r Nybegynder
21. februar 2008 - 20:42 Der er 16 kommentarer

hijackthis-log

Hej eksperter,

Jeg synes min computer er blevet mærkeligt langsom, så jeg ville høre om der var nogen der ville kigge på denne hijackthis-log for at se om der er noget skidt der er kommet ind...

På forhånd tak!
/Killer_R

##############################

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:40:14, on 21-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ad-Aware 2007\aawservice.exe
C:\Programmer\Avast Antivirus 4\aswUpdSv.exe
C:\Programmer\Avast Antivirus 4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmer\VPN Client\cvpnd.exe
C:\Programmer\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\MAXTOR~1\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Acronis True Image Home\TrueImageMonitor.exe
C:\Programmer\Acronis True Image Home\TimounterMonitor.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\AVASTA~1\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Killer_R\Lokale indstillinger\Temporary Internet Files\Content.IE5\3A22I8HV\ewido_micro[1].exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Killer_R\Skrivebord\hjt_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.handberg-net.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\MAXTOR~1\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmer\Acronis True Image Home\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmer\Acronis True Image Home\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTA~1\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\VPN Client\vpngui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.aakv.dk/viewer/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161415885168
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Avast Antivirus 4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Avast Antivirus 4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Avast Antivirus 4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Avast Antivirus 4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\VPN Client\cvpnd.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Programmer\FolderSize\FolderSizeSvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Programmer\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

--
End of file - 9518 bytes
21. februar 2008 - 21:33 #1
Umiddelbar er loggen 'ren' for snavs. Dog lidt oprydning kunne måske være nyttigt...

Oplever du andre problemer ?

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; hvis du har 'mod' på det så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
Avatar billede killer_r Nybegynder
22. februar 2008 - 09:59 #2
Ja, mit IE er begyndt ikke at ville starte op... Det er en af grundene til at jeg er urolig...
22. februar 2008 - 16:36 #3
Hent Dial-a-fix på dette link, og gem det på skrivebordet.

Direkte link
http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip

Brug kun nr. to link, hvis det første ikke virker.

Du får da lige et andet link hvis det ikke lykkedes med det første:
http://djlizard.net/Dial-a-fix-2006-09-19.exe

Sæt flueben i følgende, og klik herefter på "GO". Genstart og check om det har hjulpet:
IE
Avatar billede killer_r Nybegynder
22. februar 2008 - 21:20 #4
Det hjalp ikke...
Det er som om IE-vinduet lige kommer op, men så efter et split-sekund forsvinder igen...
22. februar 2008 - 23:44 #5
Hent denne fil og pak den ud til skrivebordet:
http://www.fbeej.ctrlaltdel.dk/Programmer/iereg.zip
Dobbeltklik på IEReg.bat - når den er færdig, genstart PC og se om det giver noget ?
Avatar billede killer_r Nybegynder
25. februar 2008 - 20:22 #6
Det hjalp heller ikke...
25. februar 2008 - 21:16 #7
Avatar billede killer_r Nybegynder
25. februar 2008 - 22:14 #8
Jeg har prøvet alle de programmer der er i den artikel, med undtagelse af SuperSpywwareSweeper, og den er jeg i gang med at køre... Ind til videre uden resultat...
Avatar billede killer_r Nybegynder
25. februar 2008 - 22:15 #9
Sorry... Jeg mente selvfølgelig SuperAntiSpyware...
25. februar 2008 - 22:25 #10
... bare kom med de Logs du kan ...
01. marts 2008 - 21:44 #12
ComboFix 08-02-22.2 - Killer_R 2008-03-01 17:31:21.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.174 [GMT 1:00]
Running from: C:\Documents and Settings\Killer_R\Skrivebord\IEFix\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-02-01 to 2008-03-01  )))))))))))))))))))))))))))))))
.

2008-03-01 13:38 . 2008-03-01 13:38    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-26 18:33 . 2008-02-27 15:55    <DIR>    d--------    C:\Documents and Settings\Killer_R\workspace
2008-02-26 18:27 . 2008-02-27 15:50    <DIR>    d--------    C:\Programmer\Photran
2008-02-26 17:12 . 2008-02-26 17:30    <DIR>    d--------    C:\Programmer\Cygwin
2008-02-25 21:33 . 2008-02-25 21:34    <DIR>    d--------    C:\Programmer\OpenOffice.org 2.3
2008-02-25 20:38 . 2008-02-25 20:38    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-25 20:36 . 2008-03-01 13:38    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-02-25 20:36 . 2008-02-25 20:36    <DIR>    d--------    C:\Documents and Settings\Killer_R\Application Data\SUPERAntiSpyware.com
2008-02-25 20:05 . 2008-02-29 18:23    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-02-25 20:05 . 2008-02-25 20:05    1,409    --a------    C:\WINDOWS\QTFont.for
2008-02-22 10:50 . 2008-02-22 10:50    <DIR>    d--------    C:\Documents and Settings\Killer_R\Application Data\Subversion
2008-02-22 10:45 . 2008-02-26 17:15    <DIR>    d--------    C:\Programmer\TortoiseSVN
2008-02-21 16:09 . 2008-02-21 16:09    1,142,784    --a------    C:\WINDOWS\TMUPDATE.DLL
2008-02-21 16:09 . 2008-02-21 16:09    208,896    --a------    C:\WINDOWS\PATCH.EXE
2008-02-21 16:09 . 2008-02-21 16:09    69,689    --a------    C:\WINDOWS\UNZIP.DLL
2008-02-21 03:07 . 2007-08-01 22:47    102,664    --a------    C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-20 22:59 . 2008-02-21 20:04    <DIR>    d--------    C:\Documents and Settings\Killer_R\.housecall6.6
2008-02-17 00:22 . 2008-02-17 00:18    691,545    --a------    C:\WINDOWS\unins000.exe
2008-02-17 00:22 . 2008-02-17 00:22    3,450    --a------    C:\WINDOWS\unins000.dat
2008-02-16 23:21 . 2008-02-25 23:25    <DIR>    d--------    C:\Programmer\LEd
2008-02-10 13:39 . 2008-02-10 13:39    <DIR>    d--------    C:\Programmer\GSView
2008-02-10 13:37 . 2008-02-10 13:38    <DIR>    d--------    C:\Programmer\GhostScript
2008-02-09 19:25 . 2008-02-09 19:25    <DIR>    d--h-----    C:\WINDOWS\PIF
2008-02-09 12:40 . 2008-02-09 12:40    <DIR>    d--------    C:\Programmer\PUndu1

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 12:25    ---------    d-----w    C:\Programmer\Mozilla Thunderbird
2008-02-29 15:24    ---------    d-----w    C:\Programmer\VPN Client
2008-02-27 19:44    ---------    d-----w    C:\Programmer\SpywareBlaster
2008-02-27 14:42    ---------    d-----w    C:\Programmer\Notepad++
2008-02-27 14:42    ---------    d-----w    C:\Documents and Settings\Killer_R\Application Data\Notepad++
2008-02-26 17:27    ---------    d-----w    C:\Programmer\PowerArchiver
2008-02-26 16:03    ---------    d-----w    C:\Programmer\Emacs
2008-02-25 20:50    ---------    d-----w    C:\Documents and Settings\Killer_R\Application Data\OpenOffice.org2
2008-02-25 20:26    ---------    d-----w    C:\Programmer\OpenOffice.org 2.2
2008-02-25 19:42    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 19:33    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-23 11:20    ---------    d-----w    C:\Programmer\TSW WebCoder 2005
2008-02-22 20:55    ---------    d-----w    C:\Documents and Settings\Killer_R\Application Data\Azureus
2008-02-21 19:53    ---------    d-----w    C:\Programmer\Avast Antivirus 4
2008-02-21 19:53    ---------    d-----w    C:\Programmer\Ad-Aware 2007
2008-02-21 19:52    ---------    d-----w    C:\Programmer\Spybot - Search & Destroy
2008-02-21 19:52    ---------    d-----w    C:\Programmer\SmartFTP
2008-02-21 19:52    ---------    d-----w    C:\Programmer\FolderSize
2008-02-21 19:51    ---------    d-----w    C:\Programmer\Acronis True Image Home
2008-02-21 19:50    ---------    d-----w    C:\Programmer\Microsoft IntelliPoint
2008-02-21 19:50    ---------    d-----w    C:\Programmer\Lexmark X1100 Series
2008-02-21 19:49    ---------    d-----w    C:\Programmer\Messenger Plus! Live
2008-02-19 21:39    ---------    d-----w    C:\Programmer\Fælles filer\ACD Systems
2008-02-16 15:10    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-02-09 12:11    ---------    d-----w    C:\Programmer\Aspell
2008-02-09 09:53    ---------    d-----w    C:\Programmer\Adobe Reader 8.0
2008-02-09 09:51    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2008-02-09 09:36    ---------    d-----w    C:\Programmer\QuickTime
2008-02-06 08:55    194    ----a-w    C:\install_lpr.bat
2008-02-02 23:21    ---------    d-----w    C:\Programmer\WinAgile
2008-01-28 21:54    ---------    d-----w    C:\Programmer\Trend Micro
2008-01-28 19:33    ---------    d-----w    C:\Documents and Settings\Killer_R\Application Data\InfraRecorder
2008-01-26 11:41    ---------    d-----w    C:\Programmer\CountDown
2008-01-24 22:11    ---------    d-----w    C:\Documents and Settings\Killer_R\Application Data\xm1
2008-01-21 19:49    299,008    ------w    C:\WINDOWS\Setup1.exe
2008-01-20 15:13    ---------    d-----w    C:\Programmer\Morgan mmswitch
2008-01-18 16:57    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-18 12:30    ---------    d-----w    C:\Programmer\WinAmp
2008-01-15 18:42    ---------    d-----w    C:\Documents and Settings\Killer_R\Application Data\.idlwave
2008-01-13 14:55    ---------    d-----w    C:\Documents and Settings\Killer_R\Application Data\ACD Systems
2008-01-13 14:50    ---------    d-----w    C:\Programmer\Slideshow XP
2008-01-13 14:41    73,216    ------w    C:\WINDOWS\ST6UNST.EXE
2008-01-12 21:39    ---------    d-----w    C:\Programmer\StarNet
2008-01-12 21:38    54    ----a-w    C:\install.bat
2008-01-10 18:29    ---------    d-----w    C:\Documents and Settings\Killer_R\Application Data\Hyperionics
2007-12-11 18:27    69,328    -c--a-w    C:\Documents and Settings\Killer_R\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-12-11 19:45 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53 15360]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MaxtorOneTouch"="C:\PROGRA~1\MAXTOR~1\Utils\OneTouch.exe" [2003-05-21 14:30 45056]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 17:09 118784]
"CARPService"="carpserv.exe" [2003-05-21 14:35 4608 C:\WINDOWS\system32\carpserv.exe]
"Display Settings"="C:\Programmer\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 05:26 45056]
"QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 18:57 98304]
"Lexmark X1100 Series"="C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:38 57344]
"IntelliPoint"="C:\Programmer\Microsoft IntelliPoint\point32.exe" [2005-06-10 10:21 217088]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe" [ ]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40 98394]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38 688218]
"TrueImageMonitor.exe"="C:\Programmer\Acronis True Image Home\TrueImageMonitor.exe" [2007-02-16 18:45 1169776]
"AcronisTimounterMonitor"="C:\Programmer\Acronis True Image Home\TimounterMonitor.exe" [2007-02-16 18:57 1945960]
"Acronis Scheduler2 Service"="C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe" [ ]
"avast!"="C:\PROGRA~1\AVASTA~1\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages    REG_MULTI_SZ      msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" -atboottime

R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2003-07-29 09:00]
R3 ALiIRDA;ALi infrarød enhedsdriver;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 21:49]
R3 CALIAUD;Conexant AMC 3D Environmental Audio;C:\WINDOWS\system32\drivers\caliaud.sys [2004-02-17 17:58]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2004-02-17 17:59]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2004-05-04 14:24]
S3 FA312;Driver til NETGEAR FA330/FA312/FA311 Fast Ethernet-netværkskort;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys [2002-01-18 11:00]
S3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b3b0b0-428a-11dc-baeb-00028a929e07}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-09 09:12:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 17:49:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Ad-Aware 2007\aawservice.exe
C:\Programmer\Avast Antivirus 4\aswUpdSv.exe
C:\Programmer\Avast Antivirus 4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\VPN Client\cvpnd.exe
C:\Programmer\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\Programmer\Avast Antivirus 4\ashMaiSv.exe
C:\Programmer\Avast Antivirus 4\ashWebSv.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
.
**************************************************************************
.
Completion time: 2008-03-01 18:02:00 - machine was rebooted
ComboFix2.txt  2008-02-22 09:33:10
.
2008-02-14 19:13:50    --- E O F --- 


********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
01-03-2008 17:27:34,71

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 17:27:37
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
01. marts 2008 - 21:51 #13
PS: Kan ikke åbne http://www.handberg-net.dk/hijackthis.log

------------------------

Jeg ka' generelt ikke li' denne
"Messenger Plus! Live"
Please afinstaler den!!!

------------------------
Du tilsyneladende har / har haft gang i P2P programmer ->
"Azureus"
Please afinstaler den!!!

------------------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

------------------------
Avatar billede killer_r Nybegynder
01. marts 2008 - 22:01 #14
02. marts 2008 - 00:15 #15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:21, on 01-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ad-Aware 2007\aawservice.exe
C:\Programmer\Avast Antivirus 4\aswUpdSv.exe
C:\Programmer\Avast Antivirus 4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\VPN Client\cvpnd.exe
C:\Programmer\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MAXTOR~1\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmer\Acronis True Image Home\TrueImageMonitor.exe
C:\Programmer\Acronis True Image Home\TimounterMonitor.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\AVASTA~1\ashDisp.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Avast Antivirus 4\ashMaiSv.exe
C:\Programmer\Avast Antivirus 4\ashWebSv.exe
C:\Documents and Settings\Killer_R\Skrivebord\hjt_202.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.handberg-net.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\MAXTOR~1\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmer\Acronis True Image Home\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmer\Acronis True Image Home\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTA~1\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\VPN Client\vpngui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.aakv.dk/viewer/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161415885168
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) -
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Avast Antivirus 4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Avast Antivirus 4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Avast Antivirus 4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Avast Antivirus 4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\VPN Client\cvpnd.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Programmer\FolderSize\FolderSizeSvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Programmer\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

--
End of file - 9242 bytes
02. marts 2008 - 00:20 #16
Din log er 'ren' - du _kan_ disable følgende ved:

Start => Kør
Skriv: msconfig
Tryk OK
Vælg fanebladet Fanebladet Startup
Disse skal du fjerne fluebenet fra:

NeroFilterCheck
SunJavaUpdateSched
Adobe Reader Speed Launcher
ctfmon.exe

Når du næste gang genstarter, du får en advarsel om, at start er lavet om. Sig ok til det, og fjern flueben i vis denne advarsel. Er du i tvivl om hvad du skal gøre, så kig her:
http://www.spywareinfo.dk/#/tip-og-tricks/msconfig.htm
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester