CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

rafan Nybegynder

17. februar 2010 - 20:21 Der er 7 kommentarer og
1 løsning

tjek af log

Hej,

Jeg er i ryde op i mine computere. Har lavet log med Malwarebytes' Anti-Malware, SUPERAntiSpyware og Hijackthis. Er der en der gider tjekke disse log?
**********************************************
Malwarebytes' Anti-Malware 1.44
Database version: 3742
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

15-02-2010 23:48:44
mbam-log-2010-02-15 (23-48-44).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 247380
Tid tilbagelagt: 1 hour(s), 12 minute(s), 53 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)
*********************************************
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/17/2010 at 06:46 PM

Application Version : 4.0.1154

Core Rules Database Version : 4596
Trace Rules Database Version: 2408

Scan type : Complete Scan
Total Scan Time : 00:47:04

Memory items scanned : 832
Memory threats detected : 0
Registry items scanned : 6139
Registry threats detected : 0
File items scanned : 21268
File threats detected : 27

Adware.Tracking Cookie

C:\Documents and Settings\manwar\Cookies\manwar@atdmt[2].txt
C:\Documents and Settings\manwar\Cookies\manwar@doubleclick[2].txt
C:\Documents and Settings\manwar\Cookies\manwar@cdn5.specificclick[1].txt
C:\Documents and Settings\manwar\Cookies\manwar@tradedoubler[1].txt
C:\Documents and Settings\manwar\Cookies\manwar@ad1.emediate[2].txt
C:\Documents and Settings\manwar\Cookies\manwar@specificclick[2].txt
C:\Documents and Settings\manwar\Cookies\manwar@bluestreak[3].txt
C:\Documents and Settings\manwar\Cookies\manwar@track.adform[3].txt
C:\Documents and Settings\manwar\Cookies\manwar@adtech[1].txt

C:\Documents and Settings\manwar\Cookies\manwar@adviva[1].txt
C:\Documents and Settings\manwar\Cookies\manwar@2o7[2].txt
C:\Documents and Settings\manwar\Cookies\manwar@adserver3.openadex[1].txt
C:\Documents and Settings\manwar\Cookies\manwar@apmebf[1].txt

C:\Documents and Settings\manwar\Cookies\manwar@mediaplex[1].txt
C:\Documents and Settings\Anwar\Cookies\anwar@mediaplex[1].txt
C:\Documents and Settings\Anwar\Cookies\anwar@imrworldwide[2].txt
C:\Documents and Settings\Anwar\Cookies\anwar@adtech[2].txt
C:\Documents and Settings\Anwar\Cookies\anwar@doubleclick[1].txt
C:\Documents and Settings\Anwar\Cookies\anwar@track.adform[1].txt
C:\Documents and Settings\manwar\Cookies\manwar@atdmt[1].txt
C:\Documents and Settings\manwar\Cookies\manwar@2o7[1].txt
C:\Documents and Settings\manwar\Cookies\manwar@bluestreak[1].txt
C:\Documents and Settings\manwar\Cookies\manwar@track.adform[2].txt
C:\Documents and Settings\manwar\Cookies\manwar@doubleclick[1].txt
**************************************************

Tak for hjælpen:)

Synes godt om

f-arn Guru

17. februar 2010 - 20:44 #1

Hvorfor er der ikke SP 3 på den maskine?

------

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

--------------

Killall::
Snapshot::

-------------

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

rafan Nybegynder

18. februar 2010 - 21:37 #2

jeg vil installere sp3 snart...min computer har bare været meget langsom!! men vil gøre det efter jeg har ryddet op.

Min combofix log:
ComboFix 10-02-18.03 - xxxx 18-02-2010 21:13:17.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.26xxxxxxxxxx [GMT 1:00]
Running from: c:\documents and settings\xxxx\Desktop\scanner\combofix\ComboFix.exe
Command switches used :: c:\documents and settings\xxxx\Desktop\scanner\combofix\CFScript.txt.txt
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

.
((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-03-30 17:36 . 2010-03-30 17:36 -------- d-----w- C:\C_DILLA
2010-03-30 17:36 . 2001-09-10 17:09 57392 ----a-w- c:\windows\system32\drivers\CDANT.SYS
2010-03-30 17:36 . 2001-09-10 17:09 45056 ----a-w- c:\windows\CDILLA13.DLL
2010-03-30 17:36 . 2001-09-10 17:09 260096 ----a-w- c:\windows\CDILLA32.DLL
2010-03-30 17:36 . 2001-09-10 17:08 32256 ----a-w- c:\windows\system32\drivers\CDANTSRV.EXE
2010-03-30 17:36 . 2001-09-10 17:08 60416 ----a-w- c:\windows\CDILLA64.EXE
2010-03-30 17:36 . 2001-09-10 17:04 7056 ----a-w- c:\windows\CDILLA16.EXE
2010-03-30 17:36 . 2001-09-10 17:04 23856 ----a-w- c:\windows\CDILLA10.EXE
2010-03-30 17:36 . 2001-09-10 17:04 63344 ----a-w- c:\windows\CDILLA05.DLL
2010-03-30 17:36 . 2001-09-10 15:38 55376 ----a-w- c:\windows\CDILLA40.DLL
2010-02-15 21:46 . 2010-02-15 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-15 21:45 . 2010-02-15 21:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-15 21:45 . 2010-02-15 21:45 -------- d-----w- c:\documents and settings\xxxx\Application Data\SUPERAntiSpyware.com
2010-02-15 21:30 . 2010-02-15 21:30 -------- d-----w- c:\documents and settings\xxxx\Application Data\Malwarebytes
2010-02-15 21:30 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 21:30 . 2010-02-15 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-15 21:30 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-15 21:30 . 2010-02-15 21:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 21:24 . 2010-02-15 21:24 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 21:45 . 2006-07-26 05:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-11 21:20 . 2009-12-11 21:20 71253 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2009-11-21 23:29 . 2009-11-21 23:29 552 ----a-w- c:\windows\system32\d3d8caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperAdBlocker"="c:\program files\Super Ad Blocker\SAdBlock.exe" [2007-12-26 1564672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-09 94208]
"TpShocks"="TpShocks.exe" [2005-11-07 106496]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-06 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-06 208896]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 512000]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
"TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-08 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-25 31232]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-08-22 1029632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\xxxx\Start Menu\Programs\Startup\
Palm Registration.lnk - c:\program files\Palm\register.exe [2005-8-8 2494464]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-31 110592]
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-6-11 245760]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-7-25 1425424]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-26 24576]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Update Agent.lnk - c:\program files\Connect it\AutoUpdateSrv.exe [2009-12-11 667648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= "c:\program files\Super Ad Blocker\SABSEHB.DLL" [2007-12-26 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
2007-12-26 11:41 176128 ----a-w- c:\program files\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 17:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 21:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 18:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-562591055-725345543-4224\Scripts\Logon\0\0]
"Script"=svf.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-562591055-725345543-7464\Scripts\Logon\0\0]
"Script"=svf.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [25-07-2006 11:37 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [25-07-2006 11:38 38528]
R2 NightWatchman40;NightWatchman40;c:\program files\1E\NightWatchman40\NightWatchman.exe [08-07-2006 08:57 550616]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [05-10-2009 13:22 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [21-08-2008 14:04 98304]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25-04-2006 18:00 3456]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
S1 SABDIFSV;SABDIFSV;c:\program files\Super Ad Blocker\sabdifsv.sys [21-09-2005 10:17 5632]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [29-07-2009 12:18 39424]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11-07-2009 11:05 14976]
.
Contents of the 'Scheduled Tasks' folder

2010-02-12 c:\windows\Tasks\Fredag 12 [0].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [10].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [11].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [12].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [13].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [14].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [15].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [16].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [1].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [2].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [3].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [4].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [5].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [6].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [7].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [8].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12 [9].job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-12 c:\windows\Tasks\Fredag 12.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-01-22 15:45]

2010-02-18 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-07-26 23:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://bestilling.photocare.dk/ImageUploader6.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp03.photoprintit.de/microsite/4066/defaults/activex/ImageUploader3.cab
.
- - - - ORPHANS REMOVED - - - -

Notify-ACNotify - ACNotify.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 21:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-562591055-725345543-4224\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CA6CEE41-42F2-8942-BA82-DD7D1786DC96}*]
"dakahcaf"=hex:64,62,66,6f,69,69,6b,63,68,6a,69,6a,68,6f,69,68,64,6a,62,6f,61,
69,6d,6f,64,66,6e,6b,6f,63,64,6a,67,66,6e,6e,6b,6a,6f,66,00,00
"iabngmhappfieflolm"=hex:6a,61,6e,64,6c,6b,6a,69,67,6e,6b,68,68,65,67,6b,62,6e,
6d,64,00,00
"halomhbbcbleebkh"=hex:6a,61,6e,64,6c,6b,6a,69,67,6e,6b,68,68,65,67,6b,62,6e,
6d,64,00,f0

[HKEY_USERS\S-1-5-21-2052111302-562591055-725345543-4224\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E157A971-32A9-A8CC-0684-8C812999A41B}*]
"eadcjkcngb"=hex:66,61,6e,64,69,69,64,6b,64,68,63,64,00,fc
"daocdpeh"=hex:64,62,66,61,63,6f,68,61,70,66,67,6d,6b,64,65,6e,6c,67,65,6f,64,
70,65,67,6f,68,61,66,6a,66,6c,6c,66,62,6d,63,63,62,67,6b,00,00
"ialamkgjbbebeoimfp"=hex:6a,61,68,67,6b,61,61,6f,6e,6c,61,69,70,65,70,65,63,6a,
6e,6a,00,5a
"hafacigfdgpedjko"=hex:6a,61,68,67,6b,61,61,6f,6e,6c,61,69,70,65,70,65,63,6a,
6e,6a,00,f0

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1496)
c:\windows\system32\vrlogon.dll
c:\windows\system32\CSGina.dll
c:\windows\system32\VPNAPI.DLL
c:\program files\Super Ad Blocker\SABWINLO.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\windows\system32\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\windows\system32\NWMgina.dll

- - - - - - - > 'lsass.exe'(1552)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

- - - - - - - > 'explorer.exe'(4824)
c:\program files\Super Ad Blocker\sabmsghk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Super Ad Blocker\SABSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Sophos\Remote Management System\RouterNT.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-18 21:30:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-18 20:30

Pre-Run: 13.598.814.208 bytes free
Post-Run: 12.466.573.312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 280067041C425B43E806FEDEAD68FAA6

Synes godt om

f-arn Guru

19. februar 2010 - 11:41 #3

Find og upload nedenstående hos Jotti eller Virustotal:

c:\program files\Connect it\AutoUpdateSrv.exe

http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Kopier resultatet herind.

------

Hvorfor har du alle de sophos opgaver liggende i planlagte opgaver i dit kontrolpanel?

------

Hvor meget ram er der i maskinen?

Synes godt om

rafan Nybegynder

19. februar 2010 - 21:40 #4

resultat fra Jotti

Filename: AutoUpdateSrv.exe
Status: Scan finished. 0 out of 20 scanners reported malware.

Der er 1GB ram på maskinen...jeg mangler dog af lave nogle opdateringer af sophos som kun kan ske ved at opkoble direkte på uni's netværk.

Synes godt om

rafan Nybegynder

22. februar 2010 - 19:30 #5

Hey,

Alt min computer ren nu?

Tak for hjælpen:)

Synes godt om

f-arn Guru

22. februar 2010 - 21:23 #6

Der er ikke tegn på Malware - med mindre det gemmer sig her.
"Script"=svf.bat
Men det går jeg ud fra du har styr på?

Synes godt om

rafan Nybegynder

28. februar 2010 - 14:17 #7

hey,

tak for det. Glemte helt at dele point ud. Hvis du kan ligge et svar kan vi ordne det hurtigt :) ?

Synes godt om

f-arn Guru

28. februar 2010 - 14:58 #8

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59
virusscanning Af JetteD i Virus	2	10/11/202312:55	10/11/202316:36

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS