CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede uffesteenberg Novice
22. august 2008 - 13:14 Der er 3 kommentarer og
1 løsning

Hvem gider checke logs?

Min veninde havde fået snavs på hende computer, som drillede en del..

Har kørt Spywarefris pakke på computeren - den har hjulpet mig før :-)

Her er logs... er der nogen, der vil checke og fortælle mig, hvad jeg skal foretage mig?? Lige nu virker den ok (lader det til)...

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

12:31:21 22-08-2008
mbam-log-08-22-2008 (12-31-21).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 108356
Tid tilbagelagt: 23 minute(s), 38 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 4
Inficerede Registeringsdatabase Værdier: 4
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 12
Inficerede Filer: 18

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\__c0068B32.dat (Trojan.Agent) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcn47j0et35 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcn47j0et35 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0068b32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f84ea5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Programmer\rhcn47j0et35 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Application Data\rhcn47j0et35 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Application Data\rhcn47j0et35\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Application Data\rhcn47j0et35\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Application Data\rhcn47j0et35\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Application Data\rhcn47j0et35\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Application Data\rhcn47j0et35\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Application Data\rhcn47j0et35\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Application Data\rhcn47j0et35\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Application Data\rhcn47j0et35\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Application Data\rhcn47j0et35\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Application Data\rhcn47j0et35\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Programmer\rhcn47j0et35\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmer\rhcn47j0et35\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmer\rhcn47j0et35\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmer\rhcn47j0et35\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmer\rhcn47j0et35\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmer\rhcn47j0et35\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmer\rhcn47j0et35\rhcn47j0et35.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmer\rhcn47j0et35\rhcn47j0et35.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmer\rhcn47j0et35\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Lokale indstillinger\Temp\_A00F84EA5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0068B32.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcj47j0et35.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcj47j0et35.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcj47j0et35.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcj47j0et35.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Skrivebord\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\NN\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
-------------------------------------------------------------------
ComboFix 08-08-21.02 - ng 2008-08-22 12:44:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.1586 [GMT 2:00]
Running from: C:\Documents and Settings\NN\Skrivebord\Spywarefri Sikkerhedspakke\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))
.

2008-08-22 12:48 . 2007-01-17 10:45 15,408 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-08-22 12:05 . 2008-08-22 12:05 <DIR> d-------- C:\Programmer\Malwarebytes' Anti-Malware
2008-08-22 12:05 . 2008-08-22 12:05 <DIR> d-------- C:\Documents and Settings\NN\Application Data\Malwarebytes
2008-08-22 12:05 . 2008-08-22 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-22 12:05 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-22 12:05 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-22 11:58 . 2008-08-22 11:58 <DIR> d-------- C:\Programmer\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:33 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-16 07:50 68856]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="C:\Programmer\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" [2007-01-25 19:50 321072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 04:03 8495104]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 04:03 81920]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 20:17 2183168]
"PDVDDXSrv"="C:\Programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 18:23 118784]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"nwiz"="nwiz.exe" [2007-11-17 04:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-11-17 04:03 86016 C:\WINDOWS\system32\nvhotkey.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 14:00 15360]

C:\Documents and Settings\ov\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Bluetooth Manager.lnk - C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-07-30 23:54:38 2158592]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2006-07-14 14:46 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -

Notify-__c0068B32 - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.langkaer.dk/
O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
C:\WINDOWS\Downloaded Program Files\e-Safekey.inf
C:\WINDOWS\Downloaded Program Files\e-Safekey.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 12:48:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-22 12:49:15
ComboFix-quarantined-files.txt 2008-08-22 10:49:04

Pre-Run: 147,869,360,128 byte ledig
Post-Run: 148,093,546,496 byte ledig

124 --- E O F --- 2008-08-20 20:12:59
--------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:28, on 22-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Programmer\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Programmer\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Programmer\SigmaTel\C-dur-lyd\DellXPM_5515v131\WDM\StacSV.exe
C:\Programmer\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Programmer\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\programmer\panda software\panda antivirus 2007\WebProxy.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Panda Software\Panda Antivirus 2007\avciman.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Panda Software\Panda Antivirus 2007\psimreal.exe
C:\Documents and Settings\NN\Skrivebord\Spywarefri Sikkerhedspakke\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.langkaer.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\NN\LOKALE~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1208264048_75cc4424c353335d68bd05b9dad83203&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uv.acu.aaa.dk
O17 - HKLM\Software\..\Telephony: DomainName = uv.acu.aaa.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = uv.acu.aaa.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = uv.acu.aaa.dk
O20 - Winlogon Notify: __c0068B32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmer\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmer\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmer\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmer\Fælles filer\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programmer\SigmaTel\C-dur-lyd\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmer\Fælles filer\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10783 bytes
Avatar billede levich Nybegynder
22. august 2008 - 16:47 #1
Jeg ser på det, et øjeblik
Avatar billede levich Nybegynder
22. august 2008 - 16:52 #2
Det ser ud til, at det er lykkedes dig at fjerne alt "snavs".
Avatar billede uffesteenberg Novice
22. august 2008 - 17:03 #3
Cool :-)
200 point til dig.. kan veksles til en citronmåne, hvis det ønskes!!
Avatar billede levich Nybegynder
22. august 2008 - 17:41 #4
:-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Password sikkerhed Af jhjorsal i Andet sikkerhed 2 13/07/202413:12 13/07/202422:46
Automatisering af certifikat proces - Danske virksomheder Af Søren i Andet sikkerhed 1 29/05/202414:23 30/05/202409:03
VPN i forhold til facebook? Af Novice-1 i Andet sikkerhed 2 26/05/202412:09 26/05/202420:54
Fjerne adgangskode Af Geo" søster i Andet sikkerhed 4 25/04/202418:19 26/04/202422:46
Krypetring af USB -stick Af FinBalance i Andet sikkerhed 16 04/03/202412:39 08/03/202415:52
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 09:22 Opret Windows 11 som lokalkonto Af Uvanga i Windows
I går 21:02 Google my maps Af 1Dorte i Andet software
I går 20:30 Fortnite PS5 Af Sshansen i Andet hardware
I går 16:27 Musikafspiller på Samsung S10 telefon Af mort1 i Mobiltelefoner
I går 14:44 Markere et område der ikke skal med i sum Af lurup i Excel
White papers
Flere white papers »


Premium
Teaser billede
Blodbad på børserne: Tech-aktierne nedsmelter og trækker hele det amerikanske aktiemarked ned
Læs mere »
OpenAI har udviklet et særligt værktøj, der med 99,9 procents sikkerhed kan identificere tekst skabt med ChatGPT
Din Azure-konto kan blive misbrugt til kryptomining - helt uskyldige virksomheder ender med kæmpe-elregning
Danske virksomheder mister konkurrence-evne, hvis de ikke investerer i AI, advarer IT-Branchen
Se alle »
Computerworld
Teaser billede
Første test: Denne helt nye wunder-CPU vil du have i din næste laptop
Læs mere »
Guide til det perfekte trådløse netværk: Wi-fi til 'prepper'-typer
’Apple Intelligence’ slippes løs: Her kommer første mulighed for at afprøve Apples kunstige intelligens
Flere statslige it-løsninger ramt af netværksproblemer - ansatte kunne ikke få mail-adgang
Se alle »
CIO
Teaser billede
Stor aftale gør Microsofts datacentre hurtigere - investerer i netværksudstyr
Læs mere »
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
NIS2 i Danmark udskydes med flere måneder: Her er den nye dato, hvor loven træder i kraft
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
KMD-direktør forlader selskabet: Det skal hun nu
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Se alle »
White paper
Teaser billede
Optimering af Source-to-Pay: Identificér oplagte gevinster og skær omkostninger
Læs mere »
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Sådan: Sikker, hurtig og fleksibel storage til dine kritiske data
MDR: Transparent sikkerhed og overvågning i realtid
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »