Uanset hvad jeg gør jeg kan ikke slippe af TROJAN.VUNDO.H

**redsowwer** · #1 16 oktober 2008, 09:51

Jeg har prøvet mange gange med Malwarebytes at slette VUNDO.H virus. Det giver anledning til at genstarte og jeg køre Malwarebytes igen blot for at finde det stadig er på systemet. Jeg har også slået systemer genoprette før disse.

Tak for din hjælp!

**evilfantasy** · #2 16 oktober 2008, 11:27

Åbn HijackThis og vælg Lave en ordning skanne kun.

Placer et flueben ud for følgende poster: (hvis der)

O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - c: \\ windows \\ system32 \\ digestp.dll
O20 - Winlogon Notify: paubftzz - C: \\ WINDOWS \\ SYSTEM32 \\ digestp.dll

Vigtigt: Luk alle vinduer undtagen HijackThis og klik derefter på Fix checked.

Afslut HijackThis.

----------

Downloade OTMoveIt2 ved Oldtimer og gemme den på din Desktop.

Bemærk: Hvis du kører på Vista, skal du højreklikke på OTMoveIt2.exe og vælge Kør som Administrator.

1. Dobbeltklik på OTMoveIt2.exe at køre den.
2. Kopier linjer i codebox nedenfor.

Kode:

[dræbe Explorer] C: \\ WINDOWS \\ SYSTEM32 \\ digestp.dll EmptyTemp [Start Explorer]

3. Retur til OTMoveIt2, højreklik på Paste liste af filer / mapper til Flyt vinduet (under den gule bjælke) og vælg Paste
4. Klik på den røde Moveit! knappen.
5. Kopier alt i Resultater vinduet (under den grønne bar), og indsætte det i dit næste svar.
6. Luk OTMoveIt2

Bemærk!: Hvis en fil eller mappe, der ikke kan flyttes straks kan du blive bedt om at genstarte din computer for at afslutte flytningen processen. Hvis bedt om at genstarte, skal du vælge Ja. Hvis ikke, genstarte alligevel.

**redsowwer** · #3 16 oktober 2008, 12:39

Nå jeg løb alt, hvad du udstationeret. Den Hijack gik fint og de 2 filer slettes.

Den OTMOVEIT2 program - jeg har kopieret de 4 linier
[dræbe explorer]
C: \\ WINDOWS \\ SYSTEM32 \\ digestp.dll
EmptyTemp
[start explorer

under den gule bjælke og udvalgte MOVEIT.

Under den grønne boks de programmer, sagde udforske dræbt lykkedes dog fik jeg en fejl dialogboksen.

Said OTMOVEIT2 OTMOVEIT2.EXE - Bad billede

Ansøgningen eller DLL'en C: \\ Windows \\ rakxhfy.dll er ikke et gyldigt windows billede. Tjek venligst dette mod din installtion disk.

Jeg var nødt til at genstarte og OTMOVEIT kom op igen, og jeg kom op med den samme fejl dialog som ovenfor. Hvordan kan jeg slippe af med denne OTMOVEIT2 når den genstarter. Er der noget andet, der skal gøres?

**evilfantasy** · #4 16 oktober 2008, 12:45

Ja der er mere at gøre. Må ikke bekymre dig om den fejlmeddelelse ...

Downloade random's system information tool (RSIT) af tilfældige / tilfældigt og gemme den på dit skrivebord.

Dobbelt klik på RSIT.exe at køre.
Klik Fortsæt på ansvarsfraskrivelsen skærmen.
Når det er færdigt, vil to logfiler åbne.
Log.txt <vil blive maksimeret og info.txt <vil blive minimeret
Please post indholdet af begge kævler i næste svar.

**redsowwer** · #5 16 oktober 2008, 13:26

Log.txt:
Din fil på 28,7 KB bytes overstiger forum's grænse på 19,5 KB for denne filtype. Jeg var nødt til at winzip logfilen for at få det til at du gøre for at cdonstraints af EDB JUICE vedhæftede filer.

**redsowwer** · #6 16 oktober 2008, 13:34

LOG

Logfil af tilfældige's system information tool 1.04 (skrevet af tilfældige / random)
Drives af Ejer på 2008-10-16 15:56:08
Microsoft Windows XP Home Edition Service Pack 3
System drev C: er 136 GB (92%) fri på 149 GB
Total RAM: 382 MB (30% gratis)
Logfil af Trend Micro HijackThis v2.0.2
Scan gemt på 3:56:33, den 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Kørende processer:
C: \\ WINDOWS \\ System32 \\ smss.exe
C: \\ WINDOWS \\ system32 \\ Winlogon.exe
C: \\ WINDOWS \\ system32 \\ Services.exe
C: \\ WINDOWS \\ system32 \\ lsass.exe
C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ WINDOWS \\ System32 \\ svchost.exe
C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
C: \\ WINDOWS \\ Explorer.EXE
C: \\ WINDOWS \\ system32 \\ spoolsv.exe
C: \\ Programmer \\ Symantec \\ LiveUpdate \\ AluSchedulerSvc.exe
C: \\ Programmer \\ Google \\ Common \\ Google Updater \\ GoogleUpdaterService.exe
C: \\ Programmer \\ Ahead \\ InCD \\ InCDsrv.exe
C: \\ Programmer \\ Common Files \\ Microsoft Shared \\ VS7DEBUG \\ MDM.EXE
C: \\ Programmer \\ Common Files \\ New Boundary \\ PrismXL \\ PRISMXL.SYS
C: \\ Programmer \\ QuickTime \\ QTTask.exe
C: \\ Programmer \\ Adobe \\ Photoshop Album Starter Edition \\ 3,0 \\ Apps \\ apdproxy.exe
C: \\ Programmer \\ Common Files \\ Real \\ iTunes \\ iTunesHelper.exe
C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
C: \\ Programmer \\ Messenger \\ MsnMsgr.Exe
C: \\ WINDOWS \\ system32 \\ CTFMON.EXE
C: \\ Programmer \\ SUPERAntiSpyware \\ SUPERAntiSpyware.exe
C: \\ Programmer \\ Olympus \\ DeviceDetector \\ DevDtct2.exe
C: \\ Programmer \\ Google \\ Google Updater \\ GoogleUpdater.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ Programmer \\ Internet Explorer \\ iexplore.exe
C: \\ Documents and Settings \\ Ejer \\ Lokale indstillinger \\ Temporary Internet Files \\ Content.IE5 \\ 6QBVSP54 \\ RSIT [1]. Exe
C: \\ Programmer \\ Common Files \\ Symantec Shared \\ COH \\ coh32.exe
C: \\ Programmer \\ Trend Micro \\ HijackThis \\ Owner.exe
R0 - HKCU \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Start Page = http://www.emachines.com/
R1 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \\ Programmer \\ Common Files \\ Adobe \\ Acrobat \\ ActiveX \\ AcroIEHelper.dll
O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \\ Programmer \\ Real \\ RealPlayer \\ rpbrowserrecordplugin.dll
O2 - BHO: NCO 2,0 IE BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \\ Programmer \\ Common Files \\ Symantec Shared \\ coShared \\ Browser \\ 2,6 \\ coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - (6D53EC84-6AAE-4787-aeee-F4628F01010C) - C: \\ PROGRA ~ 1 \\ FÆLLES ~ 1 \\ SYMANT ~ 1 \\ IDS \\ IPSBHO.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \\ program files \\ google \\ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \\ Programmer \\ Google \\ GoogleToolbarNotifier \\ 3.1.807.1746 \\ swg.dll
O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - c: \\ windows \\ system32 \\ digestp.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \\ Programmer \\ Yahoo! \\ Companion \\ Installs \\ cpn \\ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c: \\ program files \\ google \\ googletoolbar1.dll
O3 - Toolbar: Vis Norton Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \\ Programmer \\ Common Files \\ Symantec Shared \\ coShared \\ Browser \\ 2,6 \\ CoIEPlg.dll
O4 - HKLM \\ .. \\ Run: [QuickTime Task] "C: \\ Programmer \\ QuickTime \\ QTTask.exe"-atboottime
O4 - HKLM \\ .. \\ Run: [Adobe Photo Downloader] "C: \\ Programmer \\ Adobe \\ Photoshop Album Starter Edition \\ 3,0 \\ Apps \\ apdproxy.exe"
O4 - HKLM \\ .. \\ Run: [Adobe Reader Speed Launcher] "C: \\ Programmer \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe"
O4 - HKLM \\ .. \\ Run: [iTunesHelper] "C: \\ Programmer \\ Common Files \\ Real \\ Programmer \\ MsnMsgr.Exe" / background
O4 - HKLM \\ .. \\ Run: [NvCplDaemon] "C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccApp.exe"
O4 - HKLM \\ .. \\ Run: [SunJavaUpdateSched] "C: \\ Programmer \\ Norton 360 \\ osCheck.exe"
O4 - HKCU \\ .. \\ Run: [MsnMsgr] "C: \\ Programmer \\ Messenger \\ MsnMsgr.Exe" / background
O4 - HKCU \\ .. \\ Run: [SUPERAntiSpyware] C: \\ WINDOWS \\ system32 \\ CTFMON.EXE
O4 - HKCU \\ .. \\ Run: [CTFMON.EXE] C: \\ Programmer \\ SUPERAntiSpyware \\ SUPERAntiSpyware.exe
O4 - Global Startup: Device Detector 3.lnk = C: \\ Programmer \\ Olympus \\ DeviceDetector \\ DevDtct2.exe
O4 - Global Startup: Google Updater.lnk = C: \\ Programmer \\ Google \\ Google Updater \\ GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C: \\ Programmer \\ Microsoft Office \\ Office \\ OSA9.EXE
O8 - Extra context menu item: E & ksporter til Microsoft Excel - res: / / C: \\ PROGRA ~ 1 \\ MICROS ~ 2 \\ OFFICE11 \\ EXCEL.EXE/3000
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \\ PROGRA ~ 1 \\ MICROS ~ 2 \\ OFFICE11 \\ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \\ WINDOWS \\ system32 \\ Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ Programmer \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ Programmer \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Programmer \\ Messenger \\ MsnMsgr.Exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Programmer \\ Messenger \\ MsnMsgr.Exe
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (2D8ED06D-3C30-438B-96AE-4D110FDC1FB8) (ActiveScan 2,0 Installer Class) -- http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1211623928390
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1211630845500
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \\ Programmer \\ SUPERAntiSpyware \\ SASWINLO.dll
O20 - Winlogon Notify: paubftzz - C: \\ WINDOWS \\ SYSTEM32 \\ digestp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \\ Programmer \\ Symantec \\ LiveUpdate \\ AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C: \\ Programmer \\ Common Files \\ Symantec Shared \\ VAScanner \\ comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \\ Programmer \\ Google \\ Common \\ Google Updater \\ GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C: \\ Programmer \\ Ahead \\ InCD \\ InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \\ Programmer \\ Symantec \\ LiveUpdate \\ LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C: \\ Programmer \\ Common Files \\ New Boundary \\ PrismXL \\ PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C: \\ PROGRA ~ 1 \\ FÆLLES ~ 1 \\ SYMANT ~ 1 \\ CCPD-LC \\ symlcsvc.exe
--
End of file - 7993 bytes
====== Scheduled opgaver folder ======
C: \\ Programmer \\ opgaver \\ Automatisk Fuld Backup.job
C: \\ Programmer \\ opgaver \\ Daily Changed Files.job
C: \\ Programmer \\ opgaver \\ PEACTREE WEEKLY TILBAGE UP.job
====== Registry dump ======
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3)]
Adobe PDF Reader Link Helper - C: \\ Programmer \\ Common Files \\ Adobe \\ Acrobat \\ ActiveX \\ AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (3049C3E9-B461-4BC5-8870-4C09146192CA)]
RealPlayer Hent og Record Plugin for Internet Explorer - C: \\ Programmer \\ Real \\ RealPlayer \\ rpbrowserrecordplugin.dll [2008-04-19 308856]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408)]
C: \\ Programmer \\ Common Files \\ Symantec Shared \\ coShared \\ Browser \\ 2,6 \\ coIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (6D53EC84-6AAE-4787-aeee-F4628F01010C)]
Symantec Intrusion Prevention - C: \\ PROGRA ~ 1 \\ FÆLLES ~ 1 \\ SYMANT ~ 1 \\ IDS \\ IPSBHO.dll [2008-10-16 116088]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (AA58ED58-01DD-4d91-8333-CF10577473F7)]
Google Toolbar Helper - c: \\ program files \\ google \\ googletoolbar1.dll [2007-06-04 2554944]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (AF69DE43-7D58-4638-B6FA-CE66B5AD205D)]
Google Toolbar Notifier BHO - C: \\ Programmer \\ Google \\ GoogleToolbarNotifier \\ 3.1.807.1746 \\ swg.dll [2008-09-26 737776]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
c: \\ windows \\ system32 \\ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Internet Explorer \\ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \\ Programmer \\ Yahoo! \\ Companion \\ Installs \\ cpn \\ yt.dll [2005-08-04 343112]
(2318C2B1-4965-11d4-9B18-009027A5CD4F) - & Google - C: \\ program files \\ google \\ googletoolbar1.dll [2007-06-04 2554944]
ID
(7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - Vis Norton Toolbar - C: \\ Programmer \\ Common Files \\ Symantec Shared \\ coShared \\ Browser \\ 2,6 \\ CoIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"QuickTime Task" = C: \\ Programmer \\ QuickTime \\ QTTask.exe [2005-01-28 98304]
"Adobe Photo Downloader" = C: \\ Programmer \\ Adobe \\ Photoshop Album Starter Edition \\ 3,0 \\ Apps \\ apdproxy.exe [2005-06-06 57344]
"Adobe Reader Speed Launcher" = C: \\ Programmer \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe [2008-01-11 39792]
"MSMSGS" = C: \\ Programmer \\ Common Files \\ Real \\ iTunes \\ iTunesHelper.exe [2008-04-19 185896]
"NvCplDaemon" = C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccApp.exe [2008-02-18 51048]
"SunJavaUpdateSched" = C: \\ Programmer \\ Norton 360 \\ osCheck.exe [2008-02-26 988512]
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"MsnMsgr" = C: \\ Programmer \\ Messenger \\ MsnMsgr.Exe [2008-04-13 1695232]
"ctfmon.exe" = C: \\ WINDOWS \\ system32 \\ CTFMON.EXE [2008-04-13 15360]
"SUPERAntiSpyware" = C: \\ Programmer \\ SUPERAntiSpyware \\ SUPERAntiSpyware.exe [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ iTunesHelper]
C: \\ Programmer \\ ATI Technologies \\ ATI Control Panel \\ iTunes \\ iTunesHelper.exe [2004-11-12 344064]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ NvCplDaemon]
C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccApp.exe [2008-02-18 51048]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ CHotkey]
C: \\ Programmer \\ zHotkey.exe [2004-05-17 543232]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ CTFMON.EXE]
C: \\ WINDOWS \\ system32 \\ CTFMON.EXE [2008-04-13 15360]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ InCD]
C: \\ Programmer \\ Ahead \\ InCD \\ InCD.exe [2003-09-01 1200178]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ MsnMsgr]
C: \\ Programmer \\ Messenger \\ MsnMsgr.Exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ QuickTime Task]
C: \\ WINDOWS \\ system32 \\ \\ ctfmon.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ LaunchApp]
C: \\ WINDOWS \\ system32 \\ ctfmon.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ Recguard]
C: \\ WINDOWS \\ SMINST \\ RECGUARD.EXE [2002-09-13 212992]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ NvCplDaemon]
C: \\ Programmer \\ CyberLink \\ PowerDVD \\ PDVDServ.exe [2003-10-31 32768]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ ShowWnd]
C: \\ Programmer \\ ShowWnd.exe [2003-09-19 36864]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ SoundMan]
C: \\ WINDOWS \\ SOUNDMAN.EXE [2004-11-15 77824]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ SunKistEM]
C: \\ Programmer \\ Digital Media Reader \\ shwiconem.exe [2004-11-15 135168]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ UpdateManager]
C: \\ Programmer \\ Common Files \\ Sonic \\ Update Manager \\ sgtray.exe [2003-08-19 110592]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupfolder \\ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ BigFix.lnk]
C: \\ PROGRA ~ 1 \\ BigFix \\ BigFix.exe [2002-07-31 1742384]
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupfolder \\ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk]
C: \\ PROGRA ~ 1 \\ MICROS ~ 2 \\ Office \\ OSA9.EXE [2000-01-21 65588]
C: \\ Documents and Settings \\ All Users \\ Menuen Start \\ Programmer \\ Start
Device Detector 3.lnk - C: \\ Programmer \\ Olympus \\ DeviceDetector \\ DevDtct2.exe
Google Updater.lnk - C: \\ Programmer \\ Google \\ Google Updater \\ GoogleUpdater.exe
Microsoft Office.lnk - C: \\ Programmer \\ Microsoft Office \\ Office \\ OSA9.EXE
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\! SASWinLogon]
C: \\ Programmer \\ SUPERAntiSpyware \\ SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\ AtiExtEvent]
C: \\ WINDOWS \\ system32 \\ Ati2evxx.dll [2006-02-21 61440]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\ paubftzz]
C: \\ WINDOWS \\ system32 \\ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ ShellServiceObjectDelayLoad]
UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \\ WINDOWS \\ system32 \\ upnpui.dll [2008-04-13 239616]
WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \\ WINDOWS \\ system32 \\ WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \\ Programmer \\ SUPERAntiSpyware \\ SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Policies \\ System]
"dontdisplaylastusername" = 0
"LegalNoticeCaption" =
"LegalNoticeText" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Policies \\ Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sharedaccess \\ Parameters \\ firewallpolicy \\ standardprofile \\ authorizedapplications \\ list]
"% windir% \\ system32 \\ sessmgr.exe" = "% windir% \\ system32 \\ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22.019"
"C: \\ Programmer \\ Common Files \\ AOL \\ ACS \\ AOLDial.exe" = "C: \\ Programmer \\ Common Files \\ AOL \\ ACS \\ AOLDial.exe: *: Enabled: AOL"
"C: \\ Programmer \\ Common Files \\ AOL \\ ACS \\ AOLacsd.exe" = "C: \\ Programmer \\ Common Files \\ AOL \\ ACS \\ AOLacsd.exe: *: Enabled: AOL"
"C: \\ Programmer \\ America Online 9.0 \\ waol.exe" = "C: \\ Programmer \\ America Online 9.0 \\ waol.exe: *: Enabled: America Online 9.0"
"% windir% \\ Network Diagnostic \\ xpnetdiag.exe" = "% windir% \\ Network Diagnostic \\ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
"C: \\ Programmer \\ Internet Explorer \\ iexplore.exe" = "C: \\ Programmer \\ Internet Explorer \\ iexplore.exe: *: Disabled: Internet Explorer"
"C: \\ Programmer \\ LMI42.tmp \\ lmi_rescue.exe" = "C: \\ Programmer \\ LMI42.tmp \\ lmi_rescue.exe: *: Enabled: LogMeIn Rescue"
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sharedaccess \\ Parameters \\ firewallpolicy \\ domainprofile \\ authorizedapplications \\ list]
"% windir% \\ system32 \\ sessmgr.exe" = "% windir% \\ system32 \\ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22.019"
"C: \\ Programmer \\ Common Files \\ AOL \\ ACS \\ AOLDial.exe" = "C: \\ Programmer \\ Common Files \\ AOL \\ ACS \\ AOLDial.exe: *: Enabled: AOL"
"C: \\ Programmer \\ Common Files \\ AOL \\ ACS \\ AOLacsd.exe" = "C: \\ Programmer \\ Common Files \\ AOL \\ ACS \\ AOLacsd.exe: *: Enabled: AOL"
"C: \\ Programmer \\ America Online 9.0 \\ waol.exe" = "C: \\ Programmer \\ America Online 9.0 \\ waol.exe: *: Enabled: America Online 9.0"
"% windir% \\ Network Diagnostic \\ xpnetdiag.exe" = "% windir% \\ Network Diagnostic \\ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ explorer \\ mountpoints2 \\ (4f63278d-8557-11D9-be24-806d6172696f)]
shell \\ AutoRun \\ command - C: \\ WINDOWS \\ system32 \\ rundll32.exe shell32.dll, Folder.htt ShellExec_RunDLL Info.exe 480 480
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ explorer \\ mountpoints2 \\ (e1ec6b61-710a-11D9-B301-806d6172696f)]
shell \\ AutoRun \\ command - C: \\ WINDOWS \\ system32 \\ rundll32.exe shell32.dll, Folder.htt ShellExec_RunDLL Info.exe 480 480

====== Liste over filer / mapper er oprettet i de sidste 1 måned ======
2008-10-16 15:56:08 ---- D ---- C: \\ rsit
2008-10-16 15:19:05 ---- D ---- C: \\ _OTMoveIt
2008-10-16 14:07:16 ---- D ---- C: \\ Programmer \\ Panda Security
2008-10-16 13:48:04 ---- A ---- C: \\ WINDOWS \\ system32 \\ CF23987.exe
2008-10-16 13:47:57 ---- A ---- C: \\ Bug.txt
2008-10-16 13:20:06 ---- D ---- C: \\ VundoFix Backups
2008-10-16 13:20:06 ---- A ---- C: \\ VundoFix.txt
2008-10-16 12:26:25 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ SUPERAntiSpyware.com
2008-10-16 12:25:40 ---- D ---- C: \\ Programmer \\ SUPERAntiSpyware
2008-10-16 12:25:39 ---- D ---- C: \\ Documents and Settings \\ Ejer \\ Application Data \\ SUPERAntiSpyware.com
2008-10-16 12:25:12 ---- D ---- C: \\ Programmer \\ Common Files \\ Wise Installation Wizard
2008-10-16 11:20:45 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB956803 $
2008-10-16 11:20:36 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB956391 $
2008-10-16 11:20:27 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB957095 $
2008-10-16 11:17:11 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB954211 $
2008-10-16 11:16:54 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB956841 $
2008-10-16 11:08:22 ---- D ---- C: \\ WINDOWS \\ system32 \\ N360_BACKUP
2008-10-16 10:48:03 ---- DC ---- C: \\ WINDOWS \\ system32 \\ DRVSTORE
2008-10-16 10:47:42 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-16 10:24:37 ---- D ---- C: \\ Programmer \\ Windows Sidebar
2008-10-16 10:24:06 ---- D ---- C: \\ Programmer \\ Norton 360
2008-10-16 10:22:49 ---- A ---- C: \\ WINDOWS \\ system32 \\ S32EVNT1.DLL
2008-10-15 17:26:20 ---- D ---- C: \\ Programmer \\ NoNAV
2008-10-15 16:41:28 ---- D ---- C: \\ SymNoNav
2008-10-15 16:22:38 ---- D ---- C: \\ Programmer \\ LMI42.tmp
2008-10-15 15:10:33 ---- D ---- C: \\ Programmer \\ Trend Micro
2008-10-11 12:25:41 ---- D ---- C: \\ Programmer \\ Sun
2008-10-11 12:25:41 ---- D ---- C: \\ Documents and Settings \\ Ejer \\ Application Data \\ Sun
2008-10-11 12:00:57 ---- D ---- C: \\ Programmer \\ CCleaner
2008-10-11 11:38:42 ---- D ---- C: \\ Documents and Settings \\ Ejer \\ Application Data \\ Malwarebytes
2008-10-11 11:38:37 ---- D ---- C: \\ Programmer \\ Malwarebytes 'Anti-Malware
2008-10-11 11:38:37 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Malwarebytes
====== Liste over filer / mapper ændret i de sidste 1 måned ======
2008-10-16 15:44:12 ---- D ---- C: \\ Programmer \\ Common Files \\ Symantec Shared
2008-10-16 15:43:38 ---- D ---- C: \\ Windows \\ Temp
2008-10-16 15:27:24 ---- D ---- C: \\ WINDOWS \\ system32 \\ CatRoot2
2008-10-16 15:25:42 ---- A ---- C: \\ Programmer \\ SchedLgU.Txt
2008-10-16 15:12:27 ---- A ---- C: \\ Programmer \\ hpbafd.ini
2008-10-16 15:12:19 ---- A ---- C: \\ WINDOWS \\ system32 \\ NTS5CSET.INI
2008-10-16 15:05:13 ---- D ---- C: \\ WINDOWS
2008-10-16 14:13:35 ---- D ---- C: \\ WINDOWS \\ system32 \\ drivers
2008-10-16 14:07:16 ---- RD ---- C: \\ Program Files
2008-10-16 14:07:16 ---- HD ---- C: \\ Windows \\ inf
2008-10-16 14:06:35 ---- SD ---- C: \\ Windows \\ Downloaded Program Files
2008-10-16 13:49:56 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Google Updater
2008-10-16 13:48:11 ---- D ---- C: \\ WINDOWS \\ system32
2008-10-16 12:26:10 ---- SHD ---- C: \\ Windows \\ Installer
2008-10-16 12:25:12 ---- D ---- C: \\ Programmer \\ Common Files
2008-10-16 11:50:16 ---- D ---- C: \\ Programmer \\ Minidump
2008-10-16 11:50:16 ---- D ---- C: \\ Programmer \\ Debug
2008-10-16 11:20:47 ---- RSHDC ---- C: \\ WINDOWS \\ system32 \\ dllcache
2008-10-16 11:20:43 ---- HD ---- C: \\ WINDOWS \\ $ hf_mig $
2008-10-16 11:20:07 ---- D ---- C: \\ Programmer \\ Internet Explorer
2008-10-16 11:19:54 ---- D ---- C: \\ WINDOWS \\ ie7updates
2008-10-16 11:19:07 ---- A ---- C: \\ Programmer \\ win.ini
2008-10-16 11:08:11 ---- D ---- C: \\ Documents and Settings \\ Ejer \\ Application Data \\ Symantec
2008-10-16 11:04:17 ---- D ---- C: \\ Programmer \\ Symantec
2008-10-16 11:01:12 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Symantec
2008-10-16 10:46:55 ---- D ---- C: \\ WINDOWS \\ Prefetch
2008-10-15 17:42:01 ---- D ---- C: \\ Documents and Settings
2008-10-15 15:38:45 ---- D ---- C: \\ Programmer \\ winSxS
2008-10-15 15:38:45 ---- D ---- C: \\ Programmer \\ Common Files \\ Microsoft Shared
2008-10-15 14:55:27 ---- D ---- C: \\ WINDOWS \\ system32 \\ Restore
2008-10-15 13:23:32 ---- A ---- C: \\ Programmer \\ PCW120.ini
2008-10-15 13:23:22 ---- D ---- C: \\ SHAREDAT
2008-10-14 14:58:10 ---- D ---- C: \\ Shardata
2008-10-11 11:30:23 ---- SHD ---- C: \\ System Volume Information
2008-10-07 15:19:40 ---- A ---- C: \\ WINDOWS \\ system32 \\ Mrt.exe
2008-10-03 13:41:15 ---- A ---- C: \\ WINDOWS \\ system32 \\ ieframe.dll
2008-09-24 08:36:56 ---- D ---- C: \\ Programmer \\ Common Files \\ Peach
====== List of drivers (R = Running, S = Stopped, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )======
R1 AmdPPM; AMD HwPState Processor Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ AmdPPM.sys [2007-04-16 33792]
R1 eeCtrl; Symantec Eraser Control føreren; \\? \\ C: \\ Programmer \\ Common Files \\ Symantec Shared \\ EENGINE \\ eeCtrl.sys []
R1 InCDPass; InCDPass C: \\ WINDOWS \\ System32 \\ DRIVERS \\ InCDPass.sys [2003-09-01 28528]
R1 incdrm; InCD EasyWrite Reader C: \\ WINDOWS \\ system32 \\ drivers \\ incdrm.sys [2003-08-21 25520]
R1 SASDIFSV; SASDIFSV; \\? \\ C: \\ Programmer \\ SUPERAntiSpyware \\ SASDIFSV.SYS []
R1 SASKUTIL; SASKUTIL; \\? \\ C: \\ Programmer \\ SUPERAntiSpyware \\ SASKUTIL.sys []
R1 SPBBCDrv; SPBBCDrv; \\? \\ C: \\ Programmer \\ Common Files \\ Symantec Shared \\ SPBBC \\ SPBBCDrv.sys []
R1 SRTSPX; SRTSPX C: \\ WINDOWS \\ System32 \\ Drivers \\ SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI; SYMTDI C: \\ WINDOWS \\ System32 \\ Drivers \\ SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon; CO_Mon; \\? \\ C: \\ WINDOWS \\ system32 \\ drivers \\ CO_Mon.sys []
R2 mdmxsdk; mdmxsdk C: \\ WINDOWS \\ system32 \\ DRIVERS \\ mdmxsdk.sys [2004-03-17 13059]
R2 tmcomm; tmcomm; \\? \\ C: \\ WINDOWS \\ system32 \\ drivers \\ tmcomm.sys []
R3 ALCXWDM; Service for Realtek AC97 Audio (WDM); C: \\ WINDOWS \\ system32 \\ drivers \\ Alcxwdm.sys [2004-11-18 2297664]
R3 Arp1394; 1394 ARP Client protokol; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ Arp1394.sys [2008-04-13 60800]
R3 ati2mtag; ati2mtag C: \\ WINDOWS \\ system32 \\ DRIVERS \\ ati2mtag.sys [2006-02-21 1505792]
R3 COH_Mon; COH_Mon; \\? \\ C: \\ WINDOWS \\ system32 \\ Drivers \\ COH_Mon.sys []
R3 EraserUtilRebootDrv; EraserUtilRebootDrv; \\? \\ C: \\ Programmer \\ Common Files \\ Symantec Shared \\ EENGINE \\ EraserUtilRebootDrv.sys []
R3 GEARAspiWDM; GEAR ASPI Filter Driver; C: \\ WINDOWS \\ System32 \\ Drivers \\ GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP; HSF_DP C: \\ WINDOWS \\ system32 \\ DRIVERS \\ HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2; HSFHWBS2 C: \\ WINDOWS \\ system32 \\ DRIVERS \\ HSFHWBS2.sys [2004-06-17 220032]
R3 NAVENG; NAVENG; \\? \\ C: \\ PROGRA ~ 1 \\ FÆLLES ~ 1 \\ SYMANT ~ 1 \\ VIRUSD ~ 1 \\ 20081016,004 \\ NAVENG.SYS []
R3 NAVEX15; NAVEX15; \\? \\ C: \\ PROGRA ~ 1 \\ FÆLLES ~ 1 \\ SYMANT ~ 1 \\ VIRUSD ~ 1 \\ 20081016,004 \\ NAVEX15.SYS []
R3 NIC1394; 1394 Net Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ Nic1394.sys [2008-04-13 61824]
R3 rtl8139; Realtek RTL8139 (A / B / C)-baseret PCI Fast Ethernet Adapter NT Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ RTL8139.SYS [2004-08-04 20992]
R3 SASENUM; SASENUM; \\? \\ C: \\ Programmer \\ SUPERAntiSpyware \\ SASENUM.SYS []
R3 SRTSP; SRTSP C: \\ WINDOWS \\ System32 \\ Drivers \\ SRTSP.SYS [2008-01-31 279088]
R3 SunkFilt; Alcor Micro Corp Reader; \\? \\ C: \\ WINDOWS \\ System32 \\ Drivers \\ sunkfilt.sys []
R3 SYMDNS; SYMDNS C: \\ WINDOWS \\ System32 \\ Drivers \\ SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent; SymEvent; \\? \\ C: \\ WINDOWS \\ system32 \\ Drivers \\ SYMEVENT.SYS []
R3 SYMFW; SYMFW C: \\ WINDOWS \\ System32 \\ Drivers \\ SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS; SYMIDS C: \\ WINDOWS \\ System32 \\ Drivers \\ SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO; SYMIDSCO; \\? \\ C: \\ PROGRA ~ 1 \\ FÆLLES ~ 1 \\ SYMANT ~ 1 \\ SymcData \\ ipsdefs \\ 20081014,001 \\ SymIDSCo.sys []
R3 SymIMMP; SymIMMP C: \\ WINDOWS \\ system32 \\ DRIVERS \\ SymIM.sys [2008-06-13 31280]
R3 SYMNDIS; SYMNDIS C: \\ WINDOWS \\ System32 \\ Drivers \\ SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV; SYMREDRV C: \\ WINDOWS \\ System32 \\ Drivers \\ SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci; Microsoft USB 2.0 Enhanced Host Controller miniport Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ Usbehci.sys [2008-04-13 30208]
R3 usbhub; USB2 Enabled Hub C: \\ WINDOWS \\ system32 \\ DRIVERS \\ usbhub.sys [2008-04-13 59520]
R3 usbohci; Microsoft USB Open Host Controller miniport Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ usbohci.sys [2008-04-13 17152]
R3 USBSTOR; USB Mass Storage Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ USBSTOR.SYS [2008-04-13 26368]
R3 winachsf; winachsf C: \\ WINDOWS \\ system32 \\ DRIVERS \\ HSF_CNXT.sys [2004-06-17 685056]
R4 InCDfs; InCD File System; C: \\ WINDOWS \\ system32 \\ drivers \\ InCDfs.sys [2003-09-01 88800]
S1 P3 Intel PentiumIII Processor Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ p3.sys [2008-04-13 42752]
S3 Bridge; MAC Bridge; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ bridge.sys [2008-04-13 71552]
S3 BridgeMP; MAC Bridge miniport; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ bridge.sys [2008-04-13 71552]
S3 mxnic; Macronix MX987xx Familie Fast Ethernet NT Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ mxnic.sys [2001-08-17 19968]
S3 NV, NV; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ nv4_mini.sys [2004-08-04 1897408]
S3 SRTSPL; SRTSPL C: \\ WINDOWS \\ System32 \\ Drivers \\ SRTSPL.SYS [2008-01-31 317616]
S3 SymIM; Symantec Network Security Intermediate Filter Service; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ SymIM.sys [2008-06-13 31280]
S3 usbuhci; Microsoft USB Universal Host Controller miniport Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ usbuhci.sys [2008-04-13 20608]
S3 VNUSB; VN Series Device; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ VNUSB.sys [2003-12-15 38448]
S3 wanatw; WAN-miniport (ATW) C: \\ WINDOWS \\ system32 \\ DRIVERS \\ wanatw4.sys []
S3 WudfPf; Windows Driver Foundation - User-mode Driver Framework Platform Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ WudfPf.sys [2006-09-28 77568]
S3 WudfRd; Windows Driver Foundation - User-mode Driver Framework Reflector C: \\ WINDOWS \\ system32 \\ DRIVERS \\ wudfrd.sys [2006-09-28 82944]
S4 sr; Systemgendannelse Filter Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ sr.sys [2008-04-13 73472]
====== Liste over tjenesteydelser (R = Running, S = Stopped, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )======
R2 Ati HotKey Poller, Ati HotKey Poller C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe [2006-02-21 405504]
R2 Automatisk LiveUpdate Scheduler; Automatisk LiveUpdate Scheduler; C: \\ Programmer \\ Symantec \\ LiveUpdate \\ AluSchedulerSvc.exe [2008-02-21 238968]
R2 ccEvtMgr; Symantec Event Manager C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe [2008-02-18 149352]
R2 ccSetMgr; Symantec Settings Manager C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe [2008-02-18 149352]
R2 CLTNetCnService; Symantec Lic NetConnect service; C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe [2008-02-18 149352]
R2 gusvc; Google Updater Service; C: \\ Programmer \\ Google \\ Common \\ Google Updater \\ GoogleUpdaterService.exe [2007-06-04 138680]
R2 InCDsrv; InCD File System Service; C: \\ Programmer \\ Ahead \\ InCD \\ InCDsrv.exe [2003-09-01 798772]
R2 LiveUpdate Notice; LiveUpdate Notice C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe [2008-02-18 149352]
R2 MDM; Machine Debug Manager; C: \\ Programmer \\ Common Files \\ Microsoft Shared \\ VS7DEBUG \\ MDM.EXE [2003-06-19 322120]
R2 PrismXL; PrismXL C: \\ Programmer \\ Common Files \\ New Boundary \\ PrismXL \\ PRISMXL.SYS [2005-01-28 172032]
S3 aspnet_state; ASP.NET State Service; C: \\ Programmer \\ Microsoft.NET \\ Framework \\ V1.1.4322 \\ aspnet_state.exe [2004-07-15 32768]
S3 comHost, KOM Host C: \\ Programmer \\ Common Files \\ Symantec Shared \\ VAScanner \\ comHost.exe [2007-08-22 55640]
S3 LiveUpdate; LiveUpdate C: \\ Programmer \\ Symantec \\ LiveUpdate \\ LuComServer_3_4.EXE [2008-09-05 3220856]
S3 ose; Office Source Engine C: \\ Programmer \\ Common Files \\ Microsoft Shared \\ Source Engine \\ Ose.exe [2003-07-28 89136]
S3 Symantec Core LC; Symantec Core LC; C: \\ PROGRA ~ 1 \\ FÆLLES ~ 1 \\ SYMANT ~ 1 \\ CCPD-LC \\ symlcsvc.exe [2008-10-16 1245064]
S3 WMPNetworkSvc; Windows Media Player Network Sharing Service; C: \\ Programmer \\ Windows Media Player \\ WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc; Windows Driver Foundation - User-mode Driver Framework, C: \\ WINDOWS \\ system32 \\ svchost.exe [2008-04-13 14336]
----------------- EOF -----------------

**evilfantasy** · #7 16 oktober 2008, 13:50

Den digestp.dll er stadig ikke gået.

Først:

Downloade Forhindre / Fjern Windows Messenger til skrivebordet for at fjerne Windows Messenger.

Man må ikke forveksle Windows Messenger med MSN Messenger fordi de ikke er de samme. Windows Messenger er en hyppig årsag til popups.

Pak filen på skrivebordet. Åbn MessengerDisable.exe og vælge det nederste felt -- Afinstallere Windows Messenger og klik Ansøge.

Afslut ud af MessengerDisable derefter slette de to filer, der blev lagt på skrivebordet.

----------

Bemærk: nedenstående instruktioner blev skabt specielt til denne bruger. Hvis du ikke er denne bruger, MÅ IKKE Følg disse anvisninger, da de kan skade funktionen af dit system

Gå til Start> Kør og type notepad.exe klik derefter på OK

Kopier og indsæt nedenstående i Notesblok, og gem som fixme.reg til din Desktop

Kode:

REGEDIT4 [-HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] [-HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ MsnMsgr] [-- HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\ paubftzz]

Find fixme.reg på skrivebordet og dobbeltklik på det. Svar Ja når du bliver bedt om at fusionere med registreringsdatabasen.

Sørg for, at du fortæller mig, hvis du modtager en succes besked om at tilføje ovenstående til registreringsdatabasen. Hvis du ikke får en succes besked, gjorde det ikke arbejde.

Slet fixme.reg fra skrivebordet.

----------

Din Java er forældet.

Ældre versioner har svagheder, at ondsindede websteder kan bruge til at inficere dit system.

Først installere de nye Sun Java Runtime Environment

Sørg for at lukke alle browservinduer, før du begynder installationen.

Fjern den gamle version (s)

Downloade JavaRa

Unzip filen og åbne JavaRa.exe
Klik Fjern ældre versioner
JavaRa vil søge efter og fjerne forældet version af Java og fjerne enhver, der findes.
Klik Ekstra Opgaver
Placer et flueben ud for Fjern Useless JRE Filer og klik Start
Afslut JavaRa
Slet JavaRa filer fra skrivebordet

----------

Mistænkelige filer for at scanne

Please go to VirSCAN.org gratis on-line scanning service
(Hvis mere end én fil skal scannes skal de gøres separat og logfiler indsendt til hver en)

1. Kopier og indsæt følgende fil sti i Mistænkelige filer for at scanne boxen øverst på siden.

Kode:

C: \\ WINDOWS \\ system32 \\ CF23987.exe

2. Ved upload site, klik en gang inde i vinduet ved siden af Browse.
3. Tryk Ctrl + V på tastaturet (begge dele på samme tid) for at indsætte filen vej ind i vinduet.
4. Klik på Upload knappen.
Dette vil foretage en scanning på tværs af flere forskellige virus scanning motorer.
Din fil vil muligvis blive indgået en kø, der normalt tager mindre end et minut til at klare.
Vigtigt: Vent til alle de scanningsprogrammer at fuldføre.
5. Når scanningen er fuldført skal du rulle ned og klikke på Kopier til Udklipsholder knappen. Dette vil kopiere linket til rapporten til Udklipsholder.
6. Indsæt indholdet af Udklipsholder i dit næste svar.

----------

Efter udstationering i VirSCAN.org resultater.

Downloade ATF Cleaner ved Atribune til dit skrivebord.

Suppleant download-link

Bemærk: Vista-brugere skal bruge Kør som Administrator

Under Main: Vælg filer til Slet vælge: Vælg alle.
Klik på Empty Selected knappen.
Hvis du bruger Firefox browser klik Firefox øverst og vælge: Vælg alle
Klik på Empty Selected knappen.
Hvis du ønsker at holde dine gemte adgangskoder klik Nej ved prompten.
Hvis du bruger Opera-browser klik Opera øverst og vælge: Vælg alle
Klik på Empty Selected knappen.
Hvis du ønsker at holde dine gemte adgangskoder klik Nej ved prompten.
Klik Afslut i hovedmenuen for at lukke programmet.

Bemærk, at dit system vil køre langsommere for en genstart eller to efter at have brugt dette værktøj, så gå ikke i panik.

Vigtigt: Genstart computeren, før du fortsætter.

**redsowwer** · #8 16 oktober 2008, 14:39

1. Succes i Fixme.reg

2. Så her er de 2 log filer, du ville have mig til at sende

A. JavaRa 1.11 Fjernelse Log.
Beretning følger efter linje.
------------------------------------
Den JavaRa fjernelse processen blev indledt den Fri Oct 16 17:23:09 2008
Fundet og fjernet: C: \\ Windows \\ System32 \\ jpicpl32.cpl
Fundet og fjernet: C: \\ Windows \\ Installer \\ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Fundet og fjernet: SOFTWARE \\ Javasofts \\ Java Runtime Environment \\ 1,4
Fundet og fjernet: SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Uninstall \\ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Fundet og fjernet: SOFTWARE \\ Classes \\ CLSID \\ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA)
Fundet og fjernet: SOFTWARE \\ Classes \\ CLSID \\ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB)
Fundet og fjernet: SOFTWARE \\ Classes \\ Installer \\ Products \\ 8A0F841731866D117AB7000B0D410200
Fundet og fjernet: SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Installer \\ UserData \\ S-1-5-18 \\ Products \\ 8A0F841731866D117AB7000B0D410200
Fundet og fjernet: SOFTWARE \\ Classes \\ JavaPlugin.142
Fundet og fjernet: SOFTWARE \\ Javasofts \\ Java Plug-in \\ 1.4.2
Fundet og fjernet: SOFTWARE \\ Javasofts \\ Java Runtime Environment \\ 1.4.2
Fundet og fjernet: SOFTWARE \\ Javasofts \\ Java Web Start \\ 1.4.2
Fundet og fjernet: SOFTWARE \\ Javasofts \\ Java Web Start \\ 1.0.1
Fundet og fjernet: SOFTWARE \\ Javasofts \\ Java Web Start \\ 1.0.1_02
Fundet og fjernet: SOFTWARE \\ Javasofts \\ Java Web Start \\ 1.0.1_03
Fundet og fjernet: SOFTWARE \\ Javasofts \\ Java Web Start \\ 1.0.1_04
Fundet og fjernet: SOFTWARE \\ Javasofts \\ Java Web Start \\ 1,2
Fundet og fjernet: SOFTWARE \\ Javasofts \\ Java Web Start \\ 1.2.0_01
------------------------------------
Færdig rapportering.

JavaRa 1.11 Fjernelse Log.
Beretning følger efter linje.
------------------------------------
Den JavaRa fjernelse processen blev indledt den Fri Oct 16 17:23:18 2008
------------------------------------
Færdig rapportering.

B. VirSCAN. Org Scannet Rapport:
Scannet tid: 2008/10/16 17:27:59 (EDT)
Scanner resultater: Alle Scannere rapporterede ikke finde malware!
Filnavn: CF23987.exe
Filstørrelse: 389.120 byte
File Type: PE32 eksekverbare til MS Windows (konsol) Intel 80386 32-bit
MD5: b65faf059812f22a1058ecfcb520e47b
SHA1: 8148c039b0f0a166bc1a1801fe6d14716bdcec1f
Online rapport: http://virscan.org/report/36cd3be0f2...66947033e.html
Scanningsmotor Ver Sig Ver Sig Dato Klokkeslæt Scan result
a-squared 4.0.0.16 2008.10.15 2008-10-15 1,54 --
AhnLab V3 ... .. - 0,18 --
AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0,08 --
Antiy 2.0.18 20081016,1488960 2008-10-16 0,12 --
Arcavir 1.0.5 200810161244 2008-10-16 1,23 --
Authentium 5.1.1 200810150216 2008-10-15 1,17 --
Avast! 3.0.1 081015-0 2008-10-15 0,72 --
AVG 7.5.52.442 270.8.1/1728 2008-10-16 1,68 --
BitDefender 7.60825.1875439 7,21294 2008-10-17 3,13 --
CA (EUD) 9.0.0.143 31.6.6151 2008-10-16 5,37 --
ClamAV 0,94 8435 2008 -10-17 0,13 --
Comodo 2,11 2.0.0.678 2008-10-16 0,44 --
CP Secure 1.1.0.715 2008.10.17 2008-10-17 6,26 --
Dr.Web 4.44.0.9170 2008.10.16 2008-10-16 3,41 --
Ewido 4.0.0.2 2008.10.16 2008-10-16 2,90 --
F-Prot 4.4.4.56 20081016 2008-10-16 1,19 --
F-Secure 5.51.6100 2008 .10.16.09 2008-10-16 3,55 --
Fortinet 2.81-3.113 9,647 2008-10-15 0,23 --
GData 19.1058/19.65 20081016 2008-10-16 2,65 --
ViRobot 20081016 2008.10.16 2008-10-16 0,40 --
Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3,99 --
Jiangmin 11.0.706 2008.10.16 2008-10-16 1,26 --
Kaspersky 5.5.10 2008.10.16 2008-10-16 0,04 --
Kingsoft 2008.9.8.18 2008.10.16.17 2008-10-16 0,66 --
McAfee 5.3.00 5406 2008-10-15 2,13 --
Microsoft 1,4005 2008.10.16 2008-10-16 3,93 --
mks_vir 2,01 2008.10.16 2008-10-16 2,75 --
Norman 5.93.01 5.93.00 2008-10-16 5,21 --
Panda 9.05.01 2008.10.16 2008-10-16 2,28 --
Trend Micro 8.700-1004 5.604.11 2008-10-16 0,03 --
Quick Heal 9,50 2008.10.16 2008-10-16 1,99 --
Stigende 20,0 20.66.32.00 2008-10-16 0,77 --
Sophos 2.79.0 4,34 2008-10-17 1,86 --
Sunbelt 3.1.1728.1 2317 2008-10-16 0,48 --
Symantec 1.3.0.24 20081016,004 2008-10-16 0,05 --
nProtect 2008-10-16.00 2247055 2008-10-16 4,22 --
Den Hacker 6.3.1.0 v00116 2008-10-16 0,45 --
VBA32 3.12.8.7 20081016,1009 2008-10-16 1,43 --
VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0,99 --

**evilfantasy** · #9 16 oktober 2008, 14:41

Download ComboFix ved sUBs fra en af de nedenstående links. Vær sikker på top gemme den til Desktop.

Link # 1
Link # 2

** Bemærk: Det er vigtigt, at det er gemt direkte til dit skrivebord

Luk alle åbne web-browsere. (Firefox, Internet Explorer, osv.), før du starter ComboFix.

Midlertidigt deaktivere din antivirus, Og enhver antispyware real-time beskyttelse før udfører en scanning. Klik dette link at se en liste over sikkerhed, programmer, der skal deaktiveres, og hvordan du deaktivere dem.

Dobbeltklik på combofix.exe og følg anvisningerne.
Når du er færdig ComboFix vil udarbejde en log for dig.
Post ComboFix log i dit næste svar.

Vigtigt: Må ikke museklik ComboFix's vindue, mens den kører. Der kan få det til at stå.

Husk at genaktivere dit antivirus-og antispyware beskyttelse, når ComboFix er færdig.

**redsowwer** · #10 16 oktober 2008, 15:11

ComboFix 08-10-16.01 - Ejer 2008-10-16 17:52:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00]
Running from: C: \\ Documents and Settings \\ Ejer \\ Desktop \\ ComboFix.exe
* Oprettet et nyt gendannelsespunkt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \\ Programmer \\ jestertb.dll
D: \\ Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008/09/16 til 2008/10/16 ))))))))))) ))))))))))))))))))))
.
2008-10-16 16:16. 2008-10-16 16:17 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ WinZip
2008-10-16 15:56. 2008-10-16 16:23 <DIR> d -------- C: \\ rsit
2008-10-16 15:19. 2008-10-16 15:19 <DIR> d -------- C: \\ _OTMoveIt
2008-10-16 14:07. 2008-10-16 14:07 <DIR> d -------- C: \\ Programmer \\ Panda Security
2008-10-16 14:07. 2008-06-19 17:24 28.544 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ pavboot.sys
2008-10-16 13:20. 2008-10-16 13:20 <DIR> d -------- C: \\ VundoFix Backups
2008-10-16 12:26. 2008-10-16 12:26 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ SUPERAntiSpyware.com
2008-10-16 12:25. 2008-10-16 13:40 <DIR> d -------- C: \\ Programmer \\ SUPERAntiSpyware
2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \\ Programmer \\ Common Files \\ Wise Installation Wizard
2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \\ Documents and Settings \\ Ejer \\ Application Data \\ SUPERAntiSpyware.com
2008-10-16 11:08. 2008-10-16 11:08 <DIR> d -------- C: \\ WINDOWS \\ system32 \\ N360_BACKUP
2008-10-16 10:48. 2008-10-16 10:48 <DIR> d ---- c --- C: \\ WINDOWS \\ system32 \\ DRVSTORE
2008-10-16 10:47. 2008-10-16 10:47 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-16 10:24. 2008-10-16 10:24 <DIR> d -------- C: \\ Programmer \\ Windows Sidebar
2008-10-16 10:24. 2008-10-16 11:44 <DIR> d -------- C: \\ Programmer \\ Norton 360
2008-10-16 10:22. 2008-10-16 11:04 123.952 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ SYMEVENT.SYS
2008-10-16 10:22. 2008-10-16 11:04 60.800 - a ------ C: \\ WINDOWS \\ system32 \\ S32EVNT1.DLL
2008-10-16 10:22. 2008-10-16 11:04 10.671 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ SYMEVENT.CAT
2008-10-16 10:22. 2008-10-16 11:04 805 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ SYMEVENT.INF
2008-10-16 10:16. 2008-09-08 06:41 333.824 ----- c --- C: \\ WINDOWS \\ system32 \\ dllcache \\ Srv.sys
2008-10-16 10:15. 2008-08-14 06:11 2.189.184 ----- c --- C: \\ WINDOWS \\ system32 \\ dllcache \\ ntoskrnl.exe
2008-10-16 10:15. 2008-08-14 06:09 2.145.280 ----- c --- C: \\ WINDOWS \\ system32 \\ dllcache \\ Ntkrnlmp.exe
2008-10-16 10:15. 2008-08-14 05:33 2.066.048 ----- c --- C: \\ WINDOWS \\ system32 \\ dllcache \\ Ntkrnlpa.exe
2008-10-16 10:15. 2008-08-14 05:33 2.023.936 ----- c --- C: \\ WINDOWS \\ system32 \\ dllcache \\ Ntkrpamp.exe
2008-10-16 10:15. 2008-09-15 08:12 1.846.400 ----- c --- C: \\ WINDOWS \\ system32 \\ dllcache \\ Win32k.sys
2008-10-16 10:09. 2008-10-16 10:10 <DIR> d -------- C: \\ Documents and Settings \\ Administrator \\. Housecall6.6
2008-10-15 17:42. 2004-08-27 05:54 <DIR> d -------- C: \\ Documents and Settings \\ Administrator \\ WINDOWS
2008-10-15 17:42. 2005-01-28 05:22 <DIR> d -------- C: \\ Documents and Settings \\ Administrator \\ Application Data \\ SampleView
2008-10-15 17:42. 2005-01-28 05:26 <DIR> d -------- C: \\ Documents and Settings \\ Administrator \\ Application Data \\ McAfee
2008-10-15 17:42. 2008-10-15 17:42 <DIR> d -------- C: \\ Documents and Settings \\ Administrator \\ Application Data \\ Malwarebytes
2008-10-15 17:42. 2008-10-16 10:09 <DIR> d -------- C: \\ Documents and Settings \\ Administrator
2008-10-15 17:26. 2008-10-15 17:26 <DIR> d -------- C: \\ Programmer \\ NoNAV
2008-10-15 16:41. 2008-10-15 17:26 <DIR> d -------- C: \\ SymNoNav
2008-10-15 16:22. 2008-10-15 17:27 <DIR> d -------- C: \\ Programmer \\ LMI42.tmp
2008-10-15 15:10. 2008-10-15 15:10 <DIR> d -------- C: \\ Programmer \\ Trend Micro
2008-10-11 13:05. 2008-10-11 12:33 102.664 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ tmcomm.sys
2008-10-11 12:33. 2008-10-15 15:21 <DIR> d -------- C: \\ Documents and Settings \\ Ejer \\. Housecall6.6
2008-10-11 12:25. 2008-10-11 12:25 <DIR> d -------- C: \\ Programmer \\ Sun
2008-10-11 12:00. 2008-10-11 12:01 <DIR> d -------- C: \\ Programmer \\ CCleaner
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \\ Programmer \\ Malwarebytes 'Anti-Malware
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \\ Documents and Settings \\ Ejer \\ Application Data \\ Malwarebytes
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Malwarebytes
2008-10-11 11:38. 2008-09-10 00:04 38.528 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ mbamswissarmy.sys
2008-10-11 11:38. 2008-09-10 00:03 17.200 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ mbam.sys
2008-09-23 13:17. 2008-09-23 13:17 133 - a ------ C: \\ Documents and Settings \\ All Users \\ Application Data \\ ustore.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 21:53 --------- d ----- w C: \\ Programmer \\ Common Files \\ Symantec Shared
2008-10-16 17:49 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Google Updater
2008-10-16 15:08 --------- d ----- w C: \\ Documents and Settings \\ Ejer \\ Application Data \\ Symantec
2008-10-16 15:04 --------- d ----- w C: \\ Programmer \\ Symantec
2008-10-16 15:01 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Symantec
2008-09-24 12:36 --------- d ----- w C: \\ Programmer \\ Common Files \\ Peach
2008-09-08 10:41 333.824 ---- aw C: \\ WINDOWS \\ system32 \\ drivers \\ Srv.sys
2008-08-19 10:32 --------- d ----- w C: \\ Programmer \\ Microsoft Silverlight
2005-10-20 18:06 76-c ---- w C: \\ Documents and Settings \\ Ejer \\ Application Data \\ wklnhst.dat
2005-05-27 00:43 0-csha-w C: \\ WINDOWS \\ SMINST \\ HPCD.sys
2008-05-24 13:39 32.768-csha-w C: \\ WINDOWS \\ system32 \\ config \\ systemprofile \\ Local Settings \\ History \\ History.IE5 \\ MSHist012008052420080525 \\ index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries, vises ikke
REGEDIT4
[HKEY_LOCAL_MACHINE \\ ~ \\ Browser Helper Objects \\ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
2004-08-04 15:00 105984 - a ------ C: \\ Windows \\ system32 \\ digestp.dll
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ shelliconoverlayidentifiers \\ OverlayExcluded]
@ = "(4433A54A-1AC8-432F-90FC-85F045CF383C)"
[HKEY_CLASSES_ROOT \\ CLSID \\ (4433A54A-1AC8-432F-90FC-85F045CF383C)]
2008-02-26 04:34 576352 - a ------ C: \\ Programmer \\ Common Files \\ Symantec Shared \\ Backup \\ buShell.dll
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ shelliconoverlayidentifiers \\ OverlayPending]
@ = "(F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)"
[HKEY_CLASSES_ROOT \\ CLSID \\ (F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)]
2008-02-26 04:34 576352 - a ------ C: \\ Programmer \\ Common Files \\ Symantec Shared \\ Backup \\ buShell.dll
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ shelliconoverlayidentifiers \\ OverlayProtected]
@ = "(476D0EA3-80F9-48B5-B70B-05E677C9C148)"
[HKEY_CLASSES_ROOT \\ CLSID \\ (476D0EA3-80F9-48B5-B70B-05E677C9C148)]
2008-02-26 04:34 576352 - a ------ C: \\ Programmer \\ Common Files \\ Symantec Shared \\ Backup \\ buShell.dll
[HKEY_CURRENT_USER \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"ctfmon.exe" = "C: \\ WINDOWS \\ system32 \\ CTFMON.EXE" [2008-04-13 15360]
"SUPERAntiSpyware" = "C: \\ Programmer \\ SUPERAntiSpyware \\ SUPERAntiSpyware.exe" [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"QuickTime Task" = "C: \\ Programmer \\ QuickTime \\ QTTask.exe" [2005-01-28 98304]
"Adobe Photo Downloader" = "C: \\ Programmer \\ Adobe \\ Photoshop Album Starter Edition \\ 3,0 \\ Apps \\ apdproxy.exe" [2005-06-06 57344]
"Adobe Reader Speed Launcher" = "C: \\ Programmer \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe" [2008-01-11 39792]
"MSMSGS" = "C: \\ Programmer \\ Common Files \\ Real \\ iTunes \\ iTunesHelper.exe" [2008-04-19 185896]
"NvCplDaemon" = "C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccApp.exe" [2008-02-18 51048]
"SunJavaUpdateSched" = "C: \\ Programmer \\ Norton 360 \\ osCheck.exe" [2008-02-26 988512]
C: \\ Documents and Settings \\ All Users \\ Menuen Start \\ Programmer \\ Start \\
Device Detector 3.lnk - C: \\ Programmer \\ Olympus \\ DeviceDetector \\ DevDtct2.exe [2007-06-27 114688]
Google Updater.lnk - C: \\ Programmer \\ Google \\ Google Updater \\ GoogleUpdater.exe [2007-06-04 125624]
Microsoft Office.lnk - C: \\ Programmer \\ Microsoft Office \\ Office \\ OSA9.EXE [2000-01-21 65588]
WinZip Quick Pick.lnk - C: \\ Programmer \\ WinZip \\ WZQKPICK.EXE [2008-09-11 525664]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \\ Programmer \\ SUPERAntiSpyware \\ SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\! SASWinLogon]
2007-04-19 13:41 294912 C: \\ Programmer \\ SUPERAntiSpyware \\ SASWINLO.dll
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\ paubftzz]
2004-08-04 15:00 105984 C: \\ WINDOWS \\ system32 \\ digestp.dll
[HKLM \\ ~ \\ startupfolder \\ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ BigFix.lnk]
path = C: \\ Documents and Settings \\ All Users \\ Menuen Start \\ Programmer \\ Start \\ BigFix.lnk
backup = C: \\ WINDOWS \\ pss \\ BigFix.lnkCommon Startup
[HKLM \\ ~ \\ startupfolder \\ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk]
path = C: \\ Documents and Settings \\ All Users \\ Menuen Start \\ Programmer \\ Start \\ Microsoft Office.lnk
backup = C: \\ WINDOWS \\ pss \\ Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ iTunesHelper]
- a - c --- 2004-11-12 01:10 344064 C: \\ Programmer \\ ATI Technologies \\ ATI Control Panel \\ iTunes \\ iTunesHelper.exe
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ NvCplDaemon]
- a ------ 2008-02-18 15:37 51048 C: \\ Programmer \\ Common Files \\ Symantec Shared \\ ccApp.exe
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ CTFMON.EXE]
- a ------ 2008-04-13 20:12 15360 C: \\ WINDOWS \\ system32 \\ CTFMON.EXE
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ InCD]
- a ------ 2003-09-01 09:32 1200178 C: \\ Programmer \\ Ahead \\ InCD \\ InCD.exe
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ QuickTime Task]
- a ------ 2001-07-09 15:50 155648 C: \\ WINDOWS \\ system32 \\ igfxtray.exe
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ LaunchApp]
- a ------ 2001-07-09 15:50 155648 C: \\ WINDOWS \\ system32 \\ igfxtray.exe
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ Recguard]
- a - c --- 2002-09-13 16:42 212992 C: \\ WINDOWS \\ SMINST \\ Recguard.exe
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ NvCplDaemon]
- a - c --- 2003-10-31 23:42 32768 C: \\ Programmer \\ CyberLink \\ PowerDVD \\ PDVDServ.exe
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ SunKistEM]
- a - c --- 2004-11-15 19:04 135168 C: \\ Programmer \\ Digital Media Reader \\ shwiconEM.exe
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ UpdateManager]
- a - c --- 2003-08-19 01:01 110592 C: \\ Programmer \\ Common Files \\ Sonic \\ Update Manager \\ sgtray.exe
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ CHotkey]
- a - c --- 2004-05-17 22:30 543232 C: \\ Programmer \\ zHotkey.exe
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ ShowWnd]
- a - c --- 2003-09-19 13:09 36864 C: \\ Programmer \\ ShowWnd.exe
[HKEY_LOCAL_MACHINE \\ software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ SoundMan]
- a - c --- 2004-11-15 23:20 77824 C: \\ WINDOWS \\ SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE \\ software \\ microsoft \\ Security Center \\ Monitoring]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \\ software \\ microsoft \\ Security Center \\ Monitoring \\ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \\ software \\ microsoft \\ Security Center \\ Monitoring \\ SymantecFirewall]
"DisableMonitoring" = dword: 00000001
[HKLM \\ ~ \\ Services \\ sharedaccess \\ Parameters \\ firewallpolicy \\ standardprofile]
"EnableFirewall" = 0 (0x0)
[HKLM \\ ~ \\ Services \\ sharedaccess \\ Parameters \\ firewallpolicy \\ standardprofile \\ AuthorizedApplications \\ List]
"% windir% \\ \\ system32 \\ \\ sessmgr.exe" =
"% windir% \\ \\ Network Diagnostic \\ \\ xpnetdiag.exe" =
R0 pavboot; pavboot C: \\ WINDOWS \\ system32 \\ drivers \\ pavboot.sys [2008-06-19 28544]
R0 shsizubv; shsizubv C: \\ WINDOWS \\ system32 \\ drivers \\ shsizubv.sys [2004-08-04 23424]
S3 COH_Mon; COH_Mon C: \\ WINDOWS \\ system32 \\ Drivers \\ COH_Mon.sys [2008-07-30 23888]
S3 VNUSB; VN Series Device; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ VNUSB.sys [2003-12-15 38448]
HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Svchost - NetSvcs
qfbydciq
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ explorer \\ mountpoints2 \\ (4f63278d-8557-11D9-be24-806d6172696f)]
\\ Shell \\ AutoRun \\ command - C: \\ WINDOWS \\ system32 \\ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ explorer \\ mountpoints2 \\ (e1ec6b61-710a-11D9-B301-806d6172696f)]
\\ Shell \\ AutoRun \\ command - C: \\ WINDOWS \\ system32 \\ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
* Newly Created Service * - COMHOST
* Newly Created Service * - PROCEXP90
.
Indholdet af "Planlagte opgaver" mappe
2008/10/12 C: \\ WINDOWS \\ Tasks \\ Automatisk Fuld Backup.job
- C: \\ Programmer \\ Stomp \\ Backup MyPC \\ System \\ bestart.exe [2003-10-30 04:10]
2008/10/15 C: \\ WINDOWS \\ Tasks \\ Daily Changed Files.job
- C: \\ Programmer \\ Stomp \\ Backup MyPC \\ System \\ bestart.exe [2003-10-30 04:10]
2008/10/11 C: \\ WINDOWS \\ Tasks \\ PEACTREE WEEKLY TILBAGE UP.job
- C: \\ Programmer \\ Stomp \\ Backup MyPC \\ System \\ bestart.exe [2003-10-30 04:10]
.
- - - - Børn REMOVED - - - --
Toolbar-ID - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.emachines.com/
R0 -: HKCU-Main, SearchMigratedDefaultURL = hxxp: / / www.google.com/search?q = (searchTerms) & sourceid = ie7 & rls = com.microsoft: en-US & ie = utf8 & oe = utf8
R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & ksporter til Microsoft Excel - C: \\ PROGRA ~ 1 \\ MICROS ~ 2 \\ OFFICE11 \\ EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 17:54:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processer ...
scanning hidden autostart entries ...
scanning hidden files ...
scanning afsluttet med succes
skjulte filer: 0
************************************************** ************************
.
Completion time: 2008-10-16 17:56:31
ComboFix-quarantined-files.txt 2008-10-16 21:56:27
Pre-Run: 142.914.838.528 byte fri
Post-Run: 142.911.078.400 byte fri
WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \\ WINDOWS
[operating systems]
C: \\ Cmdcons \\ BOOTSECT.DAT = "Microsoft Windows Genoprettelseskonsol" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \\ WINDOWS = "Microsoft Windows XP Home Edition" / noexecute = OptIn / fastdetect
208 --- EOF --- 2008-10-16 15:20:49

Lignende Tråde
Tråd	Thread Starter	Forum	Svar	Last Post
Trojan Vundo.H vil ikke forsvinde.	jbrac25	Virus, Spyware & Sikkerhed	6	15 Maj 2009 13:12
Brug for hjælp ... Kan ikke slippe af TROJAN.VUNDO.H.	sukun	Virus, Spyware & Sikkerhed	1	2 maj 2009 16:27
Jeg kan ikke slippe af TROJAN.VUNDO.H fra min PC	theprodigycmb	Virus, Spyware & Sikkerhed	13	16 marts 2009 16:40
Need Help w / Trojan.Vundo H!	Nicholas02	Virus, Spyware & Sikkerhed	22	22 December 2008 17:59
Trojan.vundo.h, Trojan.Agent, adware.mirar + MORE! : (	sillyarfer	Virus, Spyware & Sikkerhed	1	14 December 2008 09:59