Avatar billede jimjimjam Nybegynder
31. marts 2008 - 14:14 Der er 9 kommentarer og
1 løsning

HijackThis log, Tak

Tak for hjælpen på forhånd.

Jeg har scannet computeren igennem med
*Spybot
*SUPERAntiSpyware Professional

Men synes stadig den kører lidt langsomt.

Tak for hjælpen

Logfile of HijackThis v1.99.1
Scan saved at 14:14:19, on 31-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe
C:\Windows\Explorer.EXE
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Programmer\Maxtor\Sync\SyncServices.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\svchost.exe
C:\Programmer\Flles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmer\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Windows\system32\ctfmon.exe
C:\Programmer\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Windows\system32\PROMon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Windows\System32\usbtapnp.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Flles filer\Symantec Shared\ccApp.exe
C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Ahead\Nero BackItUp\NBJ.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Flles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\HPZipm12.exe
C:\Documents and Settings\Administrator\Skrivebord\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Flles filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: Vis Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmer\Flles filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmer\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [USBTA] C:\Windows\System32\usbtapnp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Flles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZCxdm409YYDK
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O15 - Trusted Zone: www.portalbank.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-5.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatisk LiveUpdate-planlgning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Programmer\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programmer\Maxtor\Sync\SyncServices.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Flles filer\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Programmer\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmer\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
31. marts 2008 - 14:31 #1
... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123

(Også pga. visse mistanker *S*)
Avatar billede johnstigers Seniormester
31. marts 2008 - 17:02 #2
Og brug nyeste hijackthis i samme procedure :)
Avatar billede jimjimjam Nybegynder
01. april 2008 - 13:11 #3
ComboFix 08-03-30.5 - Administrator 2008-04-01 12:57:49.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.427 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2008-03-01 to 2008-04-01  )))))))))))))))))))))))))))))))
.

2008-03-30 18:58 . 2006-10-04 16:06    1,197,294    ---------    C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-30 18:58 . 2006-10-04 16:06    764,868    ---------    C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-30 18:58 . 2006-10-04 16:06    217,118    ---------    C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-30 18:57 . 2008-03-30 18:57    <DIR>    d--------    C:\Programmer\Windows Media Connect 2
2008-03-30 18:52 . 2008-03-30 18:52    <DIR>    d--------    C:\WINDOWS\system32\LogFiles
2008-03-30 18:52 . 2008-03-30 18:55    <DIR>    d--------    C:\WINDOWS\system32\drivers\UMDF
2008-03-30 18:52 . 2008-03-31 22:46    1,374    --a------    C:\WINDOWS\imsins.BAK
2008-03-28 16:30 . 2008-03-28 16:30    99    --a------    C:\WINDOWS\wininit.ini
2008-03-28 14:15 . 2008-03-28 14:15    <DIR>    d--------    C:\Programmer\RealVNC
2008-03-28 14:01 . 2008-03-28 14:01    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 14:00 . 2008-03-28 14:00    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-03-28 14:00 . 2008-03-28 14:00    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-26 11:45 . 2008-03-26 11:45    <DIR>    d--------    C:\Programmer\CCleaner
2008-03-21 16:15 . 2008-03-21 16:16    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-21 16:14 . 2008-03-28 14:00    <DIR>    d--------    C:\Programmer\Flles filer\Wise Installation Wizard
2008-03-21 09:42 . 2008-03-28 14:25    <DIR>    d--------    C:\Programmer\Spybot - Search & Destroy
2008-03-21 09:42 . 2008-03-31 14:13    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 19:28 . 2008-03-20 19:28    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-19 11:43 . 2008-03-19 11:43    <DIR>    d--------    C:\Programmer\Maxtor
2008-03-19 11:43 . 2008-03-19 11:47    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Maxtor
2008-03-19 11:40 . 2008-03-19 11:40    <DIR>    d--hs----    C:\WINDOWS\ftpcache
2008-03-19 11:40 . 2008-03-19 11:40    <DIR>    d--------    C:\Programmer\MSXML 6.0

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 11:03    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-01 10:54    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-28 11:57    ---------    d-----w    C:\Programmer\Yahoo!
2008-03-26 21:30    ---------    d-----w    C:\Programmer\Flles filer\Symantec Shared
2008-03-21 14:15    ---------    d-----w    C:\Programmer\Lavasoft
2008-03-21 14:15    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-03-21 10:17    ---------    d-----w    C:\Programmer\Flles filer\LogiShrd
2008-03-21 10:07    ---------    d-----w    C:\Programmer\Logitech
2008-03-19 09:44    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-03-06 20:32    706    ----a-w    C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32    23,904    ----a-w    C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32    10,537    ----a-w    C:\Windows\system32\drivers\COH_Mon.cat
2008-01-11 05:40    44,544    ----a-w    C:\Windows\system32\dllcache\pngfilt.dll
2005-11-04 20:55    159    ---h--w    C:\Documents and Settings\Administrator\hpothb07.dat
2005-05-11 22:36    12,288    ----a-w    C:\Windows\Fonts\RandFont.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\Windows\system32\ctfmon.exe" [2004-08-27 02:53 15360]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 21:26 68856]
"NBJ"="C:\Programmer\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 17:03 1957888]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\System32\igfxtray.exe" [2003-04-07 00:19 155648]
"HotKeysCmds"="C:\Windows\System32\hkcmd.exe" [2003-04-07 00:07 114688]
"CPQEASYACC"="C:\Programmer\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 15:01 32768]
"PROMon.exe"="PROMon.exe" [2002-03-25 11:36 73728 C:\WINDOWS\system32\PROMon.exe]
"ChkAdmin"="C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [2002-01-24 18:03 81920]
"USBTA"="C:\Windows\System32\usbtapnp.exe" [2001-01-09 18:14 126976]
"HPDJ Taskbar Utility"="C:\Windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 10:08 172032]
"HP Software Update"="C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"DeviceDiscovery"="C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
"Share-to-Web Namespace Daemon"="C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"CamMonitor"="C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23 90112]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-02-21 11:41 77824]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"ccApp"="C:\Programmer\Flles filer\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
"UserFaultCheck"="C:\Windows\system32\dumprep 0 -u" [ ]
"Symantec PIF AlertEng"="C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"mxomssmenu"="C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"CPQDFWAG"="C:\Windows\Cpqdiag\CpqDfwAg.exe" [2001-10-25 17:56 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\Windows\System32\CTFMON.EXE" [2004-08-27 02:53 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Speed Launch.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
HP Image Zone Hurtig start.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
LUMIX Simple Viewer.lnk - C:\Programmer\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-08-14 10:58:03 57344]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

R1 ClntMgmt;Compaq Client Management Driver;C:\Windows\system32\Drivers\ClntMgmt.sys [2002-01-16 14:48]
R2 Automatisk LiveUpdate-planlgning;Automatisk LiveUpdate-planlgning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 12:57]
R2 CpqDfwWebAgent;Compaq Remote Diagnostics Enabling Agent;C:\Windows\Cpqdiag\Cpqdfwag.exe [2001-10-25 17:56]
R2 cpqWebDmi;Compaq DMI Web Agent;C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [2002-01-24 18:09]
R2 Maxtor Sync Service;Maxtor Service;C:\Programmer\Maxtor\Sync\SyncServices.exe [2007-09-28 13:24]
R2 NMSSvc;Intel(R) NMS;C:\Windows\System32\NMSSvc.exe [2002-03-04 10:35]
R3 DUSBTAWAN;miniVigor128 NDISWAN Driver;C:\Windows\system32\DRIVERS\musbwn2k.sys [2001-01-31 12:43]
R3 FakeWDMmdm;DWDMCOMM;C:\Windows\system32\DRIVERS\dusbcomm.sys [2001-06-22 20:40]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\Windows\system32\drivers\NMSCFG.SYS [2002-03-04 10:35]
S3 iComp;Grabster AV 400;C:\Windows\system32\DRIVERS\p2usbwdm.sys [2004-09-02 11:02]
S3 mDTA128;miniVigor USB;C:\Windows\system32\DRIVERS\musbta2k.sys [2001-09-06 18:38]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 13:03:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-01 13:04:53
ComboFix-quarantined-files.txt  2008-04-01 11:04:38
Pre-Run: 14,735,290,368 byte ledig
Post-Run: 14,726,250,496 byte ledig
.
2008-03-31 20:48:08    --- E O F ---
Avatar billede jimjimjam Nybegynder
01. april 2008 - 13:19 #4
btw , så kan jeg ikke scanne computeren i fejlsikret tilstand med programmet super anti spyware, da jeg sidder på VNC til computeren. Så håber det går uden
Avatar billede jimjimjam Nybegynder
01. april 2008 - 14:24 #5
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/01/2008 at 01:27 PM

Application Version : 4.0.1154

Core Rules Database Version : 3426
Trace Rules Database Version: 1418

Scan type      : Quick Scan
Total Scan Time : 00:14:17

Memory items scanned      : 661
Memory threats detected  : 0
Registry items scanned    : 424
Registry threats detected : 0
File items scanned        : 5871
File threats detected    : 2

Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt
Avatar billede jimjimjam Nybegynder
01. april 2008 - 14:31 #6
Her komme alle 3 logs i et post :

(HJT I NY version)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:46, on 01-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Programmer\Maxtor\Sync\SyncServices.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\svchost.exe
C:\Programmer\Flles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmer\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Programmer\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Windows\system32\PROMon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Windows\System32\usbtapnp.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programmer\Flles filer\Symantec Shared\ccApp.exe
C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Windows\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Ahead\Nero BackItUp\NBJ.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Flles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Flles filer\Symantec Shared\VAScanner\comHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\HPZipm12.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmer\Symantec\LiveUpdate\AUPDATE.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Flles filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmer\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [USBTA] C:\Windows\System32\usbtapnp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Flles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZCxdm409YYDK
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O15 - Trusted Zone: www.portalbank.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-5.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatisk LiveUpdate-planlgning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Programmer\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programmer\Maxtor\Sync\SyncServices.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Flles filer\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Programmer\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10996 bytes

_______________________________________________

ComboFix 08-03-30.5 - Administrator 2008-04-01 12:57:49.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.427 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2008-03-01 to 2008-04-01  )))))))))))))))))))))))))))))))
.

2008-03-30 18:58 . 2006-10-04 16:06    1,197,294    ---------    C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-30 18:58 . 2006-10-04 16:06    764,868    ---------    C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-30 18:58 . 2006-10-04 16:06    217,118    ---------    C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-30 18:57 . 2008-03-30 18:57    <DIR>    d--------    C:\Programmer\Windows Media Connect 2
2008-03-30 18:52 . 2008-03-30 18:52    <DIR>    d--------    C:\WINDOWS\system32\LogFiles
2008-03-30 18:52 . 2008-03-30 18:55    <DIR>    d--------    C:\WINDOWS\system32\drivers\UMDF
2008-03-30 18:52 . 2008-03-31 22:46    1,374    --a------    C:\WINDOWS\imsins.BAK
2008-03-28 16:30 . 2008-03-28 16:30    99    --a------    C:\WINDOWS\wininit.ini
2008-03-28 14:15 . 2008-03-28 14:15    <DIR>    d--------    C:\Programmer\RealVNC
2008-03-28 14:01 . 2008-03-28 14:01    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 14:00 . 2008-03-28 14:00    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-03-28 14:00 . 2008-03-28 14:00    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-26 11:45 . 2008-03-26 11:45    <DIR>    d--------    C:\Programmer\CCleaner
2008-03-21 16:15 . 2008-03-21 16:16    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-21 16:14 . 2008-03-28 14:00    <DIR>    d--------    C:\Programmer\Flles filer\Wise Installation Wizard
2008-03-21 09:42 . 2008-03-28 14:25    <DIR>    d--------    C:\Programmer\Spybot - Search & Destroy
2008-03-21 09:42 . 2008-03-31 14:13    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 19:28 . 2008-03-20 19:28    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-19 11:43 . 2008-03-19 11:43    <DIR>    d--------    C:\Programmer\Maxtor
2008-03-19 11:43 . 2008-03-19 11:47    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Maxtor
2008-03-19 11:40 . 2008-03-19 11:40    <DIR>    d--hs----    C:\WINDOWS\ftpcache
2008-03-19 11:40 . 2008-03-19 11:40    <DIR>    d--------    C:\Programmer\MSXML 6.0

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 11:03    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-01 10:54    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-28 11:57    ---------    d-----w    C:\Programmer\Yahoo!
2008-03-26 21:30    ---------    d-----w    C:\Programmer\Flles filer\Symantec Shared
2008-03-21 14:15    ---------    d-----w    C:\Programmer\Lavasoft
2008-03-21 14:15    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-03-21 10:17    ---------    d-----w    C:\Programmer\Flles filer\LogiShrd
2008-03-21 10:07    ---------    d-----w    C:\Programmer\Logitech
2008-03-19 09:44    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-03-06 20:32    706    ----a-w    C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32    23,904    ----a-w    C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32    10,537    ----a-w    C:\Windows\system32\drivers\COH_Mon.cat
2008-01-11 05:40    44,544    ----a-w    C:\Windows\system32\dllcache\pngfilt.dll
2005-11-04 20:55    159    ---h--w    C:\Documents and Settings\Administrator\hpothb07.dat
2005-05-11 22:36    12,288    ----a-w    C:\Windows\Fonts\RandFont.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\Windows\system32\ctfmon.exe" [2004-08-27 02:53 15360]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 21:26 68856]
"NBJ"="C:\Programmer\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 17:03 1957888]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\System32\igfxtray.exe" [2003-04-07 00:19 155648]
"HotKeysCmds"="C:\Windows\System32\hkcmd.exe" [2003-04-07 00:07 114688]
"CPQEASYACC"="C:\Programmer\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 15:01 32768]
"PROMon.exe"="PROMon.exe" [2002-03-25 11:36 73728 C:\WINDOWS\system32\PROMon.exe]
"ChkAdmin"="C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [2002-01-24 18:03 81920]
"USBTA"="C:\Windows\System32\usbtapnp.exe" [2001-01-09 18:14 126976]
"HPDJ Taskbar Utility"="C:\Windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 10:08 172032]
"HP Software Update"="C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"DeviceDiscovery"="C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
"Share-to-Web Namespace Daemon"="C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"CamMonitor"="C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23 90112]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-02-21 11:41 77824]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"ccApp"="C:\Programmer\Flles filer\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
"UserFaultCheck"="C:\Windows\system32\dumprep 0 -u" [ ]
"Symantec PIF AlertEng"="C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"mxomssmenu"="C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"CPQDFWAG"="C:\Windows\Cpqdiag\CpqDfwAg.exe" [2001-10-25 17:56 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\Windows\System32\CTFMON.EXE" [2004-08-27 02:53 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Speed Launch.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
HP Image Zone Hurtig start.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
LUMIX Simple Viewer.lnk - C:\Programmer\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-08-14 10:58:03 57344]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

R1 ClntMgmt;Compaq Client Management Driver;C:\Windows\system32\Drivers\ClntMgmt.sys [2002-01-16 14:48]
R2 Automatisk LiveUpdate-planlgning;Automatisk LiveUpdate-planlgning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 12:57]
R2 CpqDfwWebAgent;Compaq Remote Diagnostics Enabling Agent;C:\Windows\Cpqdiag\Cpqdfwag.exe [2001-10-25 17:56]
R2 cpqWebDmi;Compaq DMI Web Agent;C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [2002-01-24 18:09]
R2 Maxtor Sync Service;Maxtor Service;C:\Programmer\Maxtor\Sync\SyncServices.exe [2007-09-28 13:24]
R2 NMSSvc;Intel(R) NMS;C:\Windows\System32\NMSSvc.exe [2002-03-04 10:35]
R3 DUSBTAWAN;miniVigor128 NDISWAN Driver;C:\Windows\system32\DRIVERS\musbwn2k.sys [2001-01-31 12:43]
R3 FakeWDMmdm;DWDMCOMM;C:\Windows\system32\DRIVERS\dusbcomm.sys [2001-06-22 20:40]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\Windows\system32\drivers\NMSCFG.SYS [2002-03-04 10:35]
S3 iComp;Grabster AV 400;C:\Windows\system32\DRIVERS\p2usbwdm.sys [2004-09-02 11:02]
S3 mDTA128;miniVigor USB;C:\Windows\system32\DRIVERS\musbta2k.sys [2001-09-06 18:38]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 13:03:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-01 13:04:53
ComboFix-quarantined-files.txt  2008-04-01 11:04:38
Pre-Run: 14,735,290,368 byte ledig
Post-Run: 14,726,250,496 byte ledig
.
2008-03-31 20:48:08    --- E O F ---

_____________________________________________


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/01/2008 at 01:27 PM

Application Version : 4.0.1154

Core Rules Database Version : 3426
Trace Rules Database Version: 1418

Scan type      : Quick Scan
Total Scan Time : 00:14:17

Memory items scanned      : 661
Memory threats detected  : 0
Registry items scanned    : 424
Registry threats detected : 0
File items scanned        : 5871
File threats detected    : 2

Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt


_____________________________________________

CCleaner:

RENSNING FRDIG - (3.950 sek)
------------------------------------------------------------------------------------------
8,33MB fjernet.
------------------------------------------------------------------------------------------

Detaljer om de slettede filer
------------------------------------------------------------------------------------------
IE midlertidige Internet filer (446 filer) 3,60MB
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt 105 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@www.islandshunden[1].txt 122 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@rad.msn[2].txt 750 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@www.portalbank[1].txt 116 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@lavenderfleece[1].txt 92 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt 187 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@google[2].txt 136 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@google[3].txt 135 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@onlinestores.metaservices.microsoft[1].txt 147 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt 143 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@chart[1].txt 94 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt 426 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt 86 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@e2.emediate[1].txt 298 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@google[1].txt 128 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@hit.gemius[2].txt 223 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@req.connect.wunderloop[2].txt 228 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[1].txt 271 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@wunderloop[1].txt 115 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@www.krak[2].txt 251 bytes
Markeret til sletning: C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
Markeret til sletning: C:\Documents and Settings\Administrator\Cookies\index.dat
Markeret til sletning: C:\Documents and Settings\Administrator\Lokale indstillinger\Oversigt\History.IE5\index.dat
Markeret til sletning: C:\Documents and Settings\Administrator\Lokale indstillinger\Oversigt\History.IE5\MSHist012008040120080402\index.dat
C:\Windows\system32\wbem\Logs\FrameWork.log 17,29KB
C:\Windows\system32\wbem\Logs\wbemess.log 49,43KB
C:\Windows\system32\wbem\Logs\wmiprov.log 3,07KB
C:\Windows\0.log 0 bytes
C:\Windows\comsetup.log 16,09KB
C:\Windows\FaxSetup.log 48,31KB
C:\Windows\iis6.log 52,45KB
C:\Windows\imsins.log 1,34KB
C:\Windows\KB926239.log 5,51KB
C:\Windows\KB929399.log 9,12KB
C:\Windows\KB936782.log 9,09KB
C:\Windows\KB939683.log 8,85KB
C:\Windows\KB941569.log 10,21KB
C:\Windows\MedCtrOC.log 3,32KB
C:\Windows\MSCompPackV1.log 3,42KB
C:\Windows\msgsocm.log 2,41KB
C:\Windows\msmqinst.log 14,73KB
C:\Windows\netfxocm.log 8,46KB
C:\Windows\ntdtcsetup.log 9,77KB
C:\Windows\ocgen.log 22,78KB
C:\Windows\ocmsn.log 3,02KB
C:\Windows\setupact.log 0 bytes
C:\Windows\setupapi.log 0,12MB
C:\Windows\setuperr.log 0 bytes
C:\Windows\spupdsvc.log 1,79KB
C:\Windows\tabletoc.log 2,43KB
C:\Windows\tsoc.log 22,04KB
C:\Windows\updspapi.log 748 bytes
C:\Windows\WMFDist11.log 30,06KB
C:\Windows\wmp11.log 18,62KB
C:\Windows\wmsetup.log 8,52KB
C:\Windows\wmsetup10.log 515 bytes
C:\Windows\Wudf01000Inst.log 11,54KB
C:\Windows\imsins.BAK 1,34KB
C:\Windows\Debug\UserMode\userenv.log 0,19MB
C:\Documents and Settings\Administrator\Application Data\Google\Local Search History\google%2Eweb.w 14 bytes
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\LS99A7LJ\skype.com\#ui\preferences.sol 233 bytes
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes
C:\Documents and Settings\Administrator\Lokale indstillinger\Application Data\Microsoft\Terminal Server Client\Cache\bcache22.bmc 4,02MB
------------------------------------------------------------------------------------------
02. april 2008 - 07:31 #7
Mest oprydnings øjemed ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Genstart normalt...

------------------------------------------------------------------------

Ta' en tur med CCleaner http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Avatar billede jimjimjam Nybegynder
02. april 2008 - 09:55 #8
Så har jeg fixet dem med HJT. Og kørt CC Cleaner. (Register)

Ser det fint ud nu ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:53:53, on 02-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Programmer\Maxtor\Sync\SyncServices.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\system32\HPZipm12.exe
C:\Windows\System32\svchost.exe
C:\Programmer\Flles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmer\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Programmer\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Windows\system32\PROMon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Windows\System32\usbtapnp.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Flles filer\Symantec Shared\ccApp.exe
C:\Windows\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Ahead\Nero BackItUp\NBJ.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Windows\system32\wuauclt.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\Symantec\LiveUpdate\AUPDATE.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Flles filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmer\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [USBTA] C:\Windows\System32\usbtapnp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Flles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZCxdm409YYDK
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O15 - Trusted Zone: www.portalbank.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-5.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatisk LiveUpdate-planlgning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Programmer\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programmer\Maxtor\Sync\SyncServices.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Flles filer\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Programmer\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe

--
End of file - 11138 bytes
02. april 2008 - 14:51 #9
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede jimjimjam Nybegynder
02. april 2008 - 15:03 #10
Tak for hjælpen
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester