CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede kurtr Nybegynder
22. juli 2008 - 18:09 Der er 4 kommentarer og
1 løsning

HiJack log

Mit Antivirusprogram fangede 2 tojanere i dag men pc opfører sig mærkeligt efter det.
Er der en der kan tjække for mig
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:06, on 22-07-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Gem\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: HP0015608BCE7C HP0015608BCE7C
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tilføj til Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus-statistik - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.aakv.dk/viewer/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184265303312
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185273534093
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8165 bytes
Avatar billede levich Nybegynder
22. juli 2008 - 19:29 #1
Følg vejledningen her: http://www.eksperten.dk/artikler/1123
Dog brug din nuværende version af hijackthis.
Bagefter send loggen fra SuperAntiSpyware, Combofix herind.
Avatar billede kurtr Nybegynder
22. juli 2008 - 21:01 #2
Kommer her
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:27, on 22-07-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Gem\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus-statistik - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.aakv.dk/viewer/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184265303312
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185273534093
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7720 bytes
ComboFix 08-07-21.2 - Kurt Rasmussen 2008-07-22 20:32:14.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.1450 [GMT 2:00]
Running from: C:\Gem\Antivirus\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
(((((((((((((((((((((((((  Files Created from 2008-06-22 to 2008-07-22  )))))))))))))))))))))))))))))))
.

2008-07-22 19:59 . 2008-07-22 19:59    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-07-22 19:59 . 2008-07-22 19:59    <DIR>    d--------    C:\Documents and Settings\Kurt Rasmussen\Application Data\SUPERAntiSpyware.com
2008-07-22 19:43 . 2008-07-22 19:43    <DIR>    d--------    C:\Programmer\CCleaner
2008-07-15 16:27 . 2008-07-15 16:27    268    --ah-----    C:\sqmdata05.sqm
2008-07-15 16:27 . 2008-07-15 16:27    244    --ah-----    C:\sqmnoopt05.sqm
2008-07-10 14:25 . 2008-07-10 14:25    <DIR>    d--------    C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-10 14:23 . 2008-07-10 14:23    <DIR>    d--------    C:\WINDOWS\SQL9_KB948109_ENU
2008-07-02 14:37 . 2008-07-02 14:37    <DIR>    d--------    C:\Documents and Settings\Kurt Rasmussen\Application Data\Uniblue
2008-07-02 08:36 .     <DIR>        C:\Programmer\Fælles filer\Sagekey Software
2008-07-02 08:36 . 2008-07-02 08:52    <DIR>    d--------    C:\Programmer\Access 97 Runtime

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 18:52    837,920    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-22 18:52    20,405,536    --sha-w    C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-22 18:49    80,576    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-22 18:49    275,024    --sha-w    C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-22 18:02    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-22 17:59    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-21 10:23    ---------    d-----w    C:\Programmer\Java
2008-07-10 12:25    ---------    d-----w    C:\Programmer\Microsoft SQL Server
2008-07-02 12:54    ---------    d-----w    C:\Programmer\RegSupreme Pro
2008-06-20 17:48    246,784    ----a-w    C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51    361,600    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40    138,496    ----a-w    C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08    225,856    ----a-w    C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 12:07    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-14 17:35    272,256    ------w    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 12:40    ---------    d-----w    C:\Programmer\Microsoft Visual Studio 8
2008-06-10 12:40    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 14:24    88,774    ----a-w    C:\WINDOWS\system32\drivers\klick.dat
2008-05-29 10:10    96,966    ----a-w    C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 13:13    112,144    ----a-w    C:\WINDOWS\system32\drivers\kl1.sys
2008-05-23 18:00    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\HP
2008-05-23 17:56    ---------    d-----w    C:\Programmer\Fælles filer\Sonic Shared
2008-05-23 17:55    ---------    d-----w    C:\Programmer\Fælles filer\HP
2008-05-23 17:52    ---------    d-----w    C:\Programmer\Hewlett-Packard
2008-05-23 14:03    ---------    d-----w    C:\Programmer\HP
2008-05-23 12:21    ---------    d-----w    C:\Programmer\Family Tree Maker 2006
2008-05-09 10:55    90,112    ----a-w    C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55    430,080    ----a-w    C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55    180,224    ----a-w    C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55    172,032    ----a-w    C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24    155,648    ----a-w    C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07    135,168    ----a-w    C:\WINDOWS\system32\cscript.exe
2008-05-07 05:11    1,292,288    ----a-w    C:\WINDOWS\system32\quartz.dll
2008-04-23 07:20    826,368    ------w    C:\WINDOWS\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:05 15360]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 10:50 8425472]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-22 10:50 81920]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AVP"="C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 10:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-03-22 10:50 1622016 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 18:06 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 18:05 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
HP Photosmart Premier Hurtig start.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2008-03-02 13:17:28 784912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Bluetooth Connection Assistant - LBTWIZ.EXE
Notify-LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.dk/
O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O16 -: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab
C:\WINDOWS\Downloaded Program Files\Email.inf
C:\WINDOWS\Downloaded Program Files\ffvim.dll
C:\WINDOWS\Downloaded Program Files\ffsmtp.dll
C:\WINDOWS\Downloaded Program Files\ffsmapi.dll
C:\WINDOWS\Downloaded Program Files\ffmapi.dll
C:\WINDOWS\Downloaded Program Files\ffmail.dll

O16 -: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.danskebank.dk/html/activex/DB/Menu.cab
C:\WINDOWS\Downloaded Program Files\Menu.inf
C:\WINDOWS\Downloaded Program Files\menu.dll

O16 -: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab
C:\WINDOWS\Downloaded Program Files\Signature.inf
C:\WINDOWS\Downloaded Program Files\jfsignature.dll

O16 -: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfcrypto.cab
C:\WINDOWS\Downloaded Program Files\Crypto.inf
C:\WINDOWS\Downloaded Program Files\jfCryptoSrvr.dll

O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
C:\WINDOWS\Downloaded Program Files\e-Safekey.inf
C:\WINDOWS\Downloaded Program Files\e-Safekey.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 20:51:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2008-07-22 20:54:51 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-22 18:54:44

Pre-Run: 115,785,453,568 byte ledig
Post-Run: 115,670,884,352 byte ledig

175    --- E O F ---    2008-07-10 12:32:48
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/22/2008 at 08:25 PM

Application Version : 4.15.1000

Core Rules Database Version : 3511
Trace Rules Database Version: 1502

Scan type      : Complete Scan
Total Scan Time : 00:22:02

Memory items scanned      : 464
Memory threats detected  : 0
Registry items scanned    : 6838
Registry threats detected : 0
File items scanned        : 21758
File threats detected    : 0
Her skulle de være alle 3
Avatar billede levich Nybegynder
22. juli 2008 - 23:40 #3
Umiddelbart kan jeg ikke at, at du skulle have virus eller spyware.
Hvordan opfører din computer sig underligt?
Avatar billede kurtr Nybegynder
23. juli 2008 - 11:13 #4
den lukkede hurtigt ned hvis jeg var inde i en meny, det var UPS mailen jeg havde modtaget. Kaspersky sagde godt nok den havde slettett dem men ville bare være helt sikker.
Læg et svat så får du dine point
Tak for hjælpen og god sommer
Avatar billede levich Nybegynder
23. juli 2008 - 19:45 #5
Det var så lidt - god sommer til dig også
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
pop up black friday Af Malm i Virus 10 I går 20:49 I dag 10:46
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 15:56 Navigation i Peugeot 3-2008 fra 2017 Af arnepedersen i Andet software
I dag 14:10 Outlook henter ikke mails Af TTA i Office & Kontorpakker
I dag 13:58 vise billeder i kartotek med store ikoner inklusive optagelsesdato Af Malm i Billedbehandling
I dag 13:35 Adobe Elements 2019, Organizer Crasher Af mort1 i Billedbehandling
I går 20:49 pop up black friday Af Malm i Virus
White papers
Flere white papers »


Premium
Teaser billede
Vil købe tele-løsninger til det offentlige for 370 millioner kroner
Læs mere »
Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"
Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen
Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet
Se alle »
Computerworld
Teaser billede
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Læs mere »
Test: Prøv kun disse B&O-hovedtelefoner, hvis du har råd
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Telegigant klar med AI-baseret mormor: Holder telefon-svindlere fast i røret med sniksnak og dumme spørgsmål
Se alle »
CIO
Teaser billede
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Læs mere »
Kæmpe-opgave for Danske Bank har banet vej for fuldautomatiseret migrering til cloud: Nu udbredes metoden i hele AWS
Microsofts store årlige event: De tre vigtigste nøglebudskaber fra Satya Nadella om Microsofts fremtid
Tre vigtige erkendelser, som Computerworld tog med hjem fra Gartners store topmøde i Barcelona
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Topchef Sara Green mener, at der er brug for et radikalt nyt syn på it-ledelse - særligt én ny trend hader hun som pesten
Se alle »
White paper
Teaser billede
Governance, Risk & Compliance: Knyt stærke bånd mellem forretning og sikkerhed
Læs mere »
Cyberstatus 2024: Her er truslerne – og her forbereder virksomhederne sig
Styrk compliance, sikkerhed og overblik med ét hug
Er din cybersikkerhed klar til AI-revolutionen?
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »