Hvis du klikker, bip og skjulte iexplore.exe processen

adhoc · #1 6 oktober 2008, 23:30

Hej,

Nogen hjælpe med dette problem meget apprecated. SAS, SSD og anti-malware kan ikke synes at finde det, jeg nogensinde har. Her er, hvad der foregår:

1) Hvis der ikke er forbundet til mit modem, konstant at klikke kommer fra min computer (jeg går ud fra, fordi der er noget jeg forsøger at åbne iexplorer.exe
2) lejlighedsvis en beebing (en der ikke ligner noget, jeg nogensinde har hørt) bipper tre eller fire gange
3) Hvis tilsluttet til modem, er iexplorer.exe kører (selvom jeg aldrig bruge Internet Explorer), og når jeg lukker den proces, det åbne højre back up.

Mange tak for alle og enhver hjælp, her er den HJT log:

Logfile af HijackThis v1.99.1
Scan gemt kl 11:15:50, om 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ lmgrd.exe
C: \ Programmer \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
C: \ Programmer \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Programmer \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
C: \ Programmer \ Executive Software \ Diskeeper \ DkService.exe
C: \ WINDOWS \ System32 \ DVDRAMSV.exe
C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ ARCGIS.exe
C: \ Programmer \ Hotspot Skærme \ bin \ openvpnas.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
C: \ Programmer \ Common Files \ SafeNet Sentinel \ Sentinel Protection Server \ WinNT \ spnsrvnt.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programmer \ Apoint2K \ Apoint.exe
C: \ Programmer \ TOSHIBA \ Power Management \ CePMTray.exe
C: \ Programmer \ TOSHIBA \ touch pad \ TPTray.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ Programmer \ Samsung \ PanelMgr \ ssmmgr.exe
C: \ Programmer \ HCWemMON.exe
C: \ Programmer \ Apoint2K \ Apntex.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ SpyNoMore \ SNM.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Windows Media Player \ WMPNSCFG.exe
C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Programmer \ initio \ Button Manager v1.836 \ inihid.exe
C: \ Programmer \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ QH8jvpp4.exe
C: \ Programmer \ Real \ RealPlayer \ RealPlay.exe
C: \ Programmer \ HijackThis \ HijackThis.exe

R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.ca
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = 64.34.113.100:80
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Programmer \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [Apoint] C: \ Programmer \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [CeEPOWER] C: \ Programmer \ TOSHIBA \ Power Management \ CePMTray.exe
O4 - HKLM \ .. \ Run: [TPNF] C: \ Programmer \ TOSHIBA \ touch pad \ TPTray.exe
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ Programmer \ Samsung \ PanelMgr \ ssmmgr.exe / autorun
O4 - HKLM \ .. \ Run: [emMON] HCWemMON.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AtiPTA] atiptaxx.exe
O4 - HKLM \ .. \ Run: [SNM] C: \ Programmer \ SpyNoMore \ SNM.exe / start
O4 - HKCU \ .. \ Run: [Free Download Manager] C: \ Programmer \ Free Download Manager \ fdm.exe-autorun
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programmer \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_9-reboot 1
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Startup: Adobe Media Player.lnk =?
O4 - Global Startup: Button Manager v1.836.lnk =?
O4 - Global Startup: instiki.bat
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ Linksys EasyLink Advisor.exe
O4 - Global Startup: Sig Time.lnk = C: \ Programmer \ Sig Time \ SayTime.exe
O4 - Global Startup: TotalMedia Backup = C: \ Programmer \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Programmer \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Programmer \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol er i zonen Denne computer, bør Internet Zone (HKLM)
O16 - DPF: ppctlcab -- http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: (04E214E5-63AF-4236-83C6-A7ADCBF9BD02) (HouseCall Control) -- http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: (22E5D91F-89E6-4405-AD9C-0AF27BA6F06B) (HidInputMonitorX Control) - file: / / D: \ components \ hidinputmonitorx.ocx
O16 - DPF: (4F63D44B-6274-4D60-8AB1-CAA7116B8AF3) (A9Helper.A9) - file: / / D: \ components \ A9.ocx
O16 - DPF: (74D05D43-3236-11D4-BDCD-00C04F9A3B61) (HouseCall Control) -- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: (BAC01377-73DD-4796-854D-2A8997E3D68A) (Yahoo! Photos Easy Upload Tool Class) -- http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O16 - DPF: (E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD) -- http://download.abacast.com/download...basetup145.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C: \ WINDOWS \ System32 \ NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown ejer - C: \ Programmer \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ lmgrd.exe
O23 - Service: Ati Genvejstast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown ejer - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: CeEPwrSvc - Compal ELECTRONIC INC. - C: \ Programmer \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Programmer \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C: \ Programmer \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C: \ Programmer \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co, Ltd - C: \ WINDOWS \ System32 \ DVDRAMSV.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Ukendt ejer - C: \ Programmer \ Hotspot Shield \ bin \ openvpnas.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C: \ Programmer \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C: \ Programmer \ Common Files \ SafeNet Sentinel \ Sentinel Protection Server \ WinNT \ spnsrvnt.exe

**evilfantasy** · #2 7 oktober 2008, 00:28

Du bruger en forældet version af HijackThis. Du skal installere den nye version af HijackThis men ikke køre det først efter SDFix har fuldført den proces.

Downloade TrendMicro HijackThis.exe (HJT) til skrivebordet.

Dobbeltklik på HJTInstall.
Klik på Installer knappen.
Det vil automatisk placere HJT i C: \ Programmer \ TrendMicro \ HijackThis \ HijackThis.exe.
Efter installere, HijackThis bør åbne for dig.
Klik på Må en systemscanning og gemme en logfil knappen
HijackThis scanner og derefter en log åbnes i Notesblok.
Kopier og derefter indsætte hele indholdet i loggen i dit indlæg.
Må ikke har HijackThis fastsætte noget endnu. Det meste af det, det finder er ufarlige eller ligefrem nødvendig.

----------

Please udskrive disse instruktioner, som de vil blive behov for senere, når Internet adgang er ikke tilgængelig.

Downloade SDFix ved AndyManchesta og gemme den på dit skrivebord.

Når du bruger dette værktøj, skal du bruge Administrator's konto eller en konto med Administrative rettigheder

Dobbeltklik SDFix.exe og det vil udpakke filerne til% systemdrive%
(dette er det drev, der indeholder Windows-mappen, typisk C: \ SDFix).
Brug det ikke blot endnu.

Genstart computeren i Fejlsikret tilstand ved hjælp af F8 metode. For at gøre dette, skal du genstarte computeren og efter at have hørt din computer Enkelt bip under start (men før Windows-ikonet vises) tryk på F8 flere gange. En menu vil komme frem med flere muligheder. Brug piletasterne til at navigere og vælge den mulighed for at køre Windows i "Fejlsikret tilstand".

Åbn SDFix mappe og dobbeltklik på RunThis.bat for at starte scriptet.

Type Y for at begynde Tilfældig proces.
Det vil fjerne enhver Trojan Services eller registreringsdatabaseposter findes derefter bede dig om at trykke på en tast for at genstarte.
Tryk på en tast og det vil genstarte pc'en.
Når pc'en genstartes, er Fixtool vil løbe igen og færdiggøre processen til fjernelse derefter vise FinishedTryk på en vilkårlig tast for at afslutte scriptet og belastning skrivebordet ikoner.
Når skrivebordet ikoner indlæse SDFix rapport vil åbne på skærmen og også gemme i SDFix mappe som Report.txt.
Kopier og indsæt indholdet af resultaterne fil Report.txt i dit næste svar, sammen med en ny HijackThis log.

adhoc · #3 7 oktober 2008, 02:15

Tak for din hjælp,

Dette er en grim en! Problemet er stadig i gang, selvom min computer fik ca 20 minutter af pusterum efter løb SDFix.

SDFix og HiJackThis logs følger:

Og igen mange, mange tak

SD Fix:

SDFix: Version 1.230
Drives af Ejer on Mon 10/06/2008 kl 11:59

Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ SDFix

Kontrol Services :

Navn :
tdssserv

Sti :
\ systemroot \ system32 \ drivers \ TDSSserv.sys

tdssserv - udgår

Retablering Default Security Values
Retablering Default Hosts File

Genstart

Checking Files :

Trojan Files Found:

C: \ WINDOWS \ SYSTEM32 \ CQVJNG.EXE - udgår
C: \ WINDOWS \ SYSTEM32 \ FTPUPD.EXE - udgår
C: \ WINDOWS \ SYSTEM32 \ NTBLTF.EXE - udgår
C: \ WINDOWS \ SYSTEM32 \ PUOGNR.EXE - udgår

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 00:20:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning skjulte processer ...

scanning skjulte tjenesteydelser & system hive ...

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ d346prt \ cfg \ 0Jf40]

scanning skjulte registreringsdatabaseposter ...

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ (56CA5D3B-3002-4E7B-90FE-071D8FDF3814)]
"DisplayName" = "DAEMON Tools"

scanning skjulte filer ...

scanning afsluttet med succes
skjulte processer: 0
skjulte tjenester: 0
skjulte filer: 0

Resterende Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Programmer \ \ Internet Explorer \ \ iexplore.exe" = "C: \ \ Programmer \ \ Internet Explorer \ \ iexplore.exe: *: Disabled: Internet Explorer"
"C: \ \ Programmer \ \ BitTornado \ \ btdownloadgui.exe" = "C: \ \ Programmer \ \ BitTornado \ \ btdownloadgui.exe: *: Enabled: Btd ownloadgui"
"C: \ \ Programmer \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Programmer \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 6.2"
"C: \ \ Programmer \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Programmer \ \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ \ Programmer \ \ GameHouse \ \ TextTwist \ \ TextTwist.exe" = "C: \ \ P rogram Files \ \ GameHouse \ \ TextTwist \ \ TextTwist.exe: *: Enabl ed: Super TextTwist"
"C: \ \ Programmer \ \ Hexacto Games \ \ Lemonade Tycoon \ \ Lemonade.exe" = "C: \ \ Programmer \ \ Hexacto Games \ \ Lemonade Tycoon \ \ Lemonade.exe: *: Disabled: Lemonade"
"C: \ \ Programmer \ \ Mozilla Firefox \ \ firefox.exe" = "C: \ \ Programmer \ \ Mozilla Firefox \ \ firefox.exe: *: Enabled: Firefox"
"C: \ \ Programmer \ \ Global Star \ \ Age of Sail II \ \ privateer.exe" = "C: \ \ Programmer \ \ Global Star \ \ Age of Sail II \ \ privateer.exe: *: Enabled : pirat "
"C: \ \ Programmer \ \ Windows Media Player \ \ wmplayer.exe" = "C: \ \ Programmer \ \ Windows Media Player \ \ wmplayer.exe: *: Disabled: Windows Media Player"
"C: \ \ Programmer \ \ Real \ \ RealPlayer \ \ realplay.exe" = "C: \ \ Progra m Files \ \ Real \ \ RealPlayer \ \ realplay.exe: *: Enabled: Re alPlayer"
"C: \ \ Programmer \ \ Atari-Infogrames \ \ Civilization III: Gold Edition \ \ Civ3PTW \ \ Civilization3x.exe" = "C: \ \ Programmer \ \ Atari-Infogrames \ \ Civilization III: Gold Edition \ \ Civ3PTW \ \ Civilization3x.exe: *: Enabled: Civ ilization3X "
"C: \ \ Programmer \ \ BitTorrent \ \ bittorrent.exe" = "C: \ \ Programmer \ \ BitTorrent \ \ bittorrent.exe: *: Enabled: BitTor leje"
"C: \ \ Programmer \ \ Kerio \ \ Personal Firewall \ \ PERSFW.exe" = "C: \ \ Programmer \ \ Kerio \ \ Personal Firewall \ \ PERSFW.exe: *: Enabled: Kerio Personal Firewall Engine"
"C: \ \ Programmer \ \ tvuplayer \ \ TVUPlayer.exe" = "C: \ \ Programmer \ \ tvuplayer \ \ TVUPlayer.exe: *: Enabled: TVU Player Component"
"C: \ \ Programmer \ \ SopCast \ \ SopCast.exe" = "C: \ \ Programmer \ \ SopCast \ \ SopCast.exe: *: Enabled: SopCast"
"C: \ \ Documents and Settings \ \ Ejer \ \ Application Data \ \ SopCast \ \ adv \ \ SopAdver.exe" = "C: \ \ Documents and Settings \ \ Ejer \ \ Application Data \ \ SopCast \ \ adv \ \ SopAdver.exe: *: Enabled: SopAdve r "
"C: \ \ Programmer \ \ QuickTime \ \ QuickTimePlayer.exe" = "C: \ \ Programmer m Files \ \ QuickTime \ \ QuickTimePlayer.exe: *: Enabled: Qu ickTime Player"
"C: \ \ Programmer \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "C: \ \ Programmer \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe: *: Enabled: Veoh Client"
"C: \ \ Documents and Settings \ \ Ejer \ \ Lokale indstillinger \ \ Temp \ \ Charon.exe" = "C: \ \ Documents and Settings \ \ Ejer \ \ Lokale indstillinger \ \ Temp \ \ Charon.exe: * : Enabled: Charon - En proxy-kontrol / scanning program. "
"C: \ \ ruby \ \ bin \ \ ruby.exe" = "C: \ \ ruby \ \ bin \ \ ruby.exe: *: Enabled: Ruby tolk"
"C: \ \ Programmer \ \ Azureus \ \ Azureus.exe" = "C: \ \ Programmer \ \ Azureus \ \ Azureus.exe: *: Enabled: Azureus (2)"
"C: \ \ Programmer \ \ VideoLAN \ \ VLC \ \ vlc.exe" = "C: \ \ Programmer \ \ VideoLAN \ \ VLC \ \ vlc.exe: *: Enabled: VLC media player"
"C: \ \ Programmer \ \ Google \ \ Google Talk \ \ googletalk.exe" = "C: \ \ Programmer \ \ Google \ \ Google Talk \ \ googletalk.exe: *: Enabled: Google Talk"
"C: \ \ Programmer \ \ SopCast \ \ adv \ \ SopAdver.exe" = "C: \ \ Programmer \ \ SopCast \ \ adv \ \ SopAdver.exe: *: Enabled: SopCas t adver"
"C: \ \ Documents and Settings \ \ Ejer \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe" = "C: \ \ Documents and Settings \ \ Ejer \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe: *: Enabled: PowerSoccer "
"C: \ \ Documents and Settings \ \ jen \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe" = "C: \ \ Documents and Settings \ \ jen \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe: *: Enabled: PowerSoccer "
"C: \ \ Program Files \ \ Common Files \ \ SafeNet Sentinel \ \ Sentinel Protection Server \ \ WinNT \ \ spnsrvnt.exe" = "C: \ \ Program Files \ \ Common Files \ \ SafeNet Sentinel \ \ Sentinel Protection Server \ \ WinNT \ \ spnsrvnt.exe: *: Disabled: Sentinel Protection Server "
"C: \ \ Programmer \ \ NHL 2008 \ \ nhl2008.exe" = "C: \ \ Programmer \ \ NHL 2008 \ \ nhl2008.exe: *: Enabled: nhl2008"
"C: \ \ Programmer \ \ iTunes \ \ iTunes.exe" = "C: \ \ Programmer \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ \ Programmer \ \ KONAMI \ \ Pro Evolution Soccer 2008 USA \ \ PES2008.exe" = "C: \ \ Programmer \ \ KONAMI \ \ Pro Evolution Soccer 2008 USA \ \ PES2008.exe: *: Enabled : Pro Evolution Soccer 2008 "
"C: \ \ WINDOWS \ \ system32 \ \ drivers \ \ svchost.exe" = "C: \ \ WINDOWS \ \ system32 \ \ drivers \ \ svchost.exe: *: Forhindre d: svchost"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Programmer \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 6.2"

Resterende Files :

File sikkerhedskopieringer: - C: \ SDFix \ backups \ backups.zip

Filer med Skjult Attributter :

Onsdag 13 oktober 2004 1.694.208 .. SH. --- "C: \ Programmer \ Messenger \ msmsgs.exe"
Mon 15 September 2008 1.562.960 A. SHR --- "C: \ Programmer \ Spybot - Search & Destroy \ SDHelper.dll"
Mon 7 juli 2008 1.429.840 A. SHR --- "C: \ Programmer \ Spybot - Search & Destroy \ SDUpdate.exe"
Mon 7 juli 2008 4.891.472 A. SHR --- "C: \ Programmer \ Spybot - Search & Destroy \ SpybotSD.exe"
Tir 16 September 2008 1.833.296 A. SHR --- "C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe"
Fre 27 Januar 2006 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Lør 14 juni 2008 50.688 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ ~ WRL0001.tmp"
Lør 14 juni 2008 50.176 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ ~ WRL1778.tmp"
Mon 3 marts 2008 176.128 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ Interop.NetworkCore.dll"
Mon 3 marts 2008 36.864 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ LelaAccount.dll"
Mon 3 marts 2008 200.704 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ LelaNetwork.dll"
Mon 3 marts 2008 143.360 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ LelaNetworkLib.dll"
Mon 3 marts 2008 20.480 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ LelaPrint.dll"
Mon 3 marts 2008 176.128 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ LelaResource.dll"
Mon 3 marts 2008 151.552 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ LelaServices.dll"
Mon 3 marts 2008 110.592 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ Linksys EasyLink Advisor.exe"
Mon 3 marts 2008 18.879.808 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ LinksysUpdaterSetup.exe"
Mon 3 marts 2008 270.336 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ log4net.dll"
Mon 3 marts 2008 8.353.080 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ PlatformSetup.exe"
Mon 23 April 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Tor 16 August, 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv02.tmp"
Tor 16 August, 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv03.tmp"
Lør 20 oktober 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv04.tmp"
Søn 21 oktober 2007 87.552 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analytiker oct2007 \ ~ WRL0029.tmp"
Søn 21 oktober 2007 85.504 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analytiker oct2007 \ ~ WRL0207.tmp"
Søn 21 oktober 2007 88.576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analytiker oct2007 \ ~ WRL0362.tmp"
Søn 21 oktober 2007 88.576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analytiker oct2007 \ ~ WRL1369.tmp"
Søn 21 oktober 2007 81.920 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analytiker oct2007 \ ~ WRL1945.tmp"
Søn 21 oktober 2007 84.992 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analytiker oct2007 \ ~ WRL2108.tmp"
Søn 21 oktober 2007 88.576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analytiker oct2007 \ ~ WRL2659.tmp"
Søn 21 oktober 2007 87.552 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analytiker oct2007 \ ~ WRL2779.tmp"
Søn 21 oktober 2007 86.016 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analytiker oct2007 \ ~ WRL2918.tmp"
Lør 9 juni 2007 33.280 ... H. --- "C: \ Documents and Settings \ jen \ Local Settings \ Temp \ ~ WRL1284.tmp"
Tir 27 December 2005 33.280 ... H. --- "C: \ Documents and Settings \ jen \ Dokumenter \ seasmoke \ ~ WRL0003.tmp"
Tir 27 December 2005 33.792 ... H. --- "C: \ Documents and Settings \ jen \ Dokumenter \ seasmoke \ ~ WRL0774.tmp"
Tir 27 December 2005 34.816 ... H. --- "C: \ Documents and Settings \ jen \ Dokumenter \ seasmoke \ ~ WRL0804.tmp"
Tir 27 December 2005 33.792 ... H. --- "C: \ Documents and Settings \ jen \ Dokumenter \ seasmoke \ ~ WRL1393.tmp"
Tir 27 December 2005 36.864 ... H. --- "C: \ Documents and Settings \ jen \ Dokumenter \ seasmoke \ ~ WRL1707.tmp"
Tir 27 December 2005 33.280 ... H. --- "C: \ Documents and Settings \ jen \ Dokumenter \ seasmoke \ ~ WRL2134.tmp"
Tir 27 December 2005 35.840 ... H. --- "C: \ Documents and Settings \ jen \ Dokumenter \ seasmoke \ ~ WRL2768.tmp"
Tir 27 December 2005 33.280 ... H. --- "C: \ Documents and Settings \ jen \ Dokumenter \ seasmoke \ ~ WRL3330.tmp"
Tir 27 December 2005 36.352 ... H. --- "C: \ Documents and Settings \ jen \ Dokumenter \ seasmoke \ ~ WRL3500.tmp"
Mon 3 januar 2005 25.088 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ My Scanner \ ~ WRL2003.tmp"
Mon 3 januar 2005 25.088 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ My Scanner \ ~ WRL3264.tmp"
Mon 17 April 2006 40.960 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ~ WRL2617.tmp"
Mon 25 September 2006 38.400 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ~ WRL2726.tmp"
Sun 24 september 2006 30.720 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ~ WRL3228.tmp"
Sun 16 april 2006 38.912 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ~ WRL3396.tmp"
Mon 3 marts 2008 81.920 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ ar \ LelaResource.resources.dll"
Mon 3 marts 2008 69.632 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ da \ LelaResource.resources.dll"
Mon 3 marts 2008 73.728 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ de \ LelaResource.resources.dll"
Mon 3 marts 2008 94.208 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ el \ LelaResource.resources.dll"
Mon 3 marts 2008 77.824 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ da-DK \ LelaAccount.resources.dll"
Mon 3 marts 2008 446.464 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ da-DK \ LelaNetwork.resources.dll"
Mon 3 marts 2008 11.407.360 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ da-DK \ LelaResource.resources.dll"
Mon 3 marts 2008 1.916.928 A. SHR --- "C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ da-DK \ Linksys EasyLink Advisor.resources.dll"
Tue 25 marts 2008 26.112 ... H. --- "C: \ Documents and Settings \ All Users \ Dokumenter \ Happy House Info \ 2008 \ ~ WRL0454.tmp"
Tor 27 marts 2008 22.016 ... H. --- "C: \ Documents and Settings \ All Users \ Dokumenter \ Happy House Info \ 2008 \ ~ WRL1118.tmp"
Fre 7 april 2006 3.595.264 ... H. --- "C: \ Documents and Settings \ Ejer \ Application Data \ Microsoft \ Word \ ~ WRL2168.tmp"
Fre 7 april 2006 3.593.728 ... H. --- "C: \ Documents and Settings \ Ejer \ Application Data \ Microsoft \ Word \ ~ WRL2962.tmp"
Ons 5 april 2006 4.252.160 ... H. --- "C: \ Documents and Settings \ Ejer \ Application Data \ Microsoft \ Word \ ~ WRL3217.tmp"
Fre 27 Januar 2006 4.348 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Musik \ License Backup \ drmv1key.bak"
Lør 30 september 2006 20 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Musik \ License Backup \ drmv1lic.bak"
Fre 27 januar 2006 400 A.SH. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Musik \ License Backup \ drmv2key.bak"
Mon 18 September 2006 32.256 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Biotech 206B \ ~ WRL0004.tmp"
Tir 31 Oktober 2006 114.688 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Biotech 206B \ ~ WRL1340.tmp"
Sun 17 september 2006 30.720 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Biotech 206B \ ~ WRL2439.tmp"
Mon 18 September 2006 32.256 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Biotech 206B \ ~ WRL3767.tmp"
Ons 21 september 2005 26.624 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ chem 120 Labs \ ~ WRL0005.tmp"
Sat 26 November 2005 27.136 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ chem 120 Labs \ ~ WRL3662.tmp"
Mon 13 juni 2005 30.208 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Eng 150 \ ~ WRL0386.tmp"
Sun 5 juni 2005 25.088 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Eng 150 \ ~ WRL0788.tmp"
Sun 5 juni 2005 25.600 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Eng 150 \ ~ WRL0794.tmp"
Mon 13 juni 2005 30.208 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Eng 150 \ ~ WRL1533.tmp"
Ons 1 juni 2005 24.064 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Eng 150 \ ~ WRL1817.tmp"
Mon 13 juni 2005 31.232 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Eng 150 \ ~ WRL2720.tmp"
Tir 14 juni 2005 35.840 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Eng 150 \ ~ WRL2966.tmp"
Tir 14 juni 2005 36.864 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Eng 150 \ ~ WRL3073.tmp"
Tor 9 juni 2005 28.160 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Eng 150 \ ~ WRL3453.tmp"
Tor 2 februar 2006 382.464 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL0003.tmp"
Fre 7 april 2006 3.594.240 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL0004.tmp"
Ons 5 april 2006 4.243.968 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL0010.tmp"
Ons 5 april 2006 4.254.720 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL0303.tmp"
Lør 4 februar 2006 928.256 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL0501.tmp"
Sun 5 februar 2006 591.360 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL0928.tmp"
Ons 5 april 2006 4.254.720 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL1029.tmp"
Ons 5 april 2006 24.064 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL1104.tmp"
Lør 4 februar 2006 384,000 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL1259.tmp"
Ons 5 april 2006 4.243.456 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL1375.tmp"
Ons 5 april 2006 4.244.992 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL1969.tmp"
Tor 6 april 2006 710.656 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL2066.tmp"
Fre 31 marts 2006 35.840 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL2175.tmp"
Tue 28 marts 2006 185.856 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL2368.tmp"
Fre 31 marts 2006 65.024 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL2573.tmp"
Tir 4 april 2006 4.242.944 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL2686.tmp"
Sun 5 februar 2006 891.904 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL2700.tmp"
Lør 4 februar 2006 507.392 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL2881.tmp"
Ons 5 april 2006 4.244.480 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL2992.tmp"
Ons 5 april 2006 24.576 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL3160.tmp"
Ons 5 april 2006 4.242.432 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL3277.tmp"
Lør 4 februar 2006 928.768 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL3387.tmp"
Ons 5 april 2006 4.251.648 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL3591.tmp"
Lør 4 februar 2006 383.488 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL3770.tmp"
Ons 5 april 2006 4.243.456 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL3900.tmp"
Ons 5 april 2006 4.243.456 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL3905.tmp"
Lør 4 februar 2006 382.976 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ ENVR 253 \ ~ WRL4065.tmp"
Tor 23 marts 2006 27.648 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Envrionmental \ ~ WRL3569.tmp"
Lør 25 november 2006 20.480 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Geog 220 \ ~ WRL1016.tmp"
Mon 4 december 2006 27.648 ... H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ Geog 220 \ ~ WRL2705.tmp"
Sun 6 marts 2005 56.832 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ fysik 11 \ ~ WRL3235.tmp"
Sun 20 februar 2005 36.864 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ fysik 11 \ ~ WRL3307.tmp"
Sun 13 November 2005 27.648 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL0952.tmp"
Sun 13 November 2005 27.648 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL1162.tmp"
Sun 13 November 2005 26.112 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL1539.tmp"
Sun 13 November 2005 24.576 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL1964.tmp"
Sun 13 November 2005 27.136 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL2068.tmp"
Sun 13 November 2005 28.672 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL3230.tmp"
Sun 13 November 2005 27.648 A.. H. --- "C: \ Documents and Settings \ Ejer \ Dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL3512.tmp"

Færdig!

Hijack This:

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt på 2:12:20, om 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ lmgrd.exe
C: \ Programmer \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
C: \ Programmer \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Programmer \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
C: \ Programmer \ Executive Software \ Diskeeper \ DkService.exe
C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ ARCGIS.exe
C: \ WINDOWS \ System32 \ DVDRAMSV.exe
C: \ Programmer \ Hotspot Skærme \ bin \ openvpnas.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
C: \ Programmer \ Common Files \ SafeNet Sentinel \ Sentinel Protection Server \ WinNT \ spnsrvnt.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programmer \ Apoint2K \ Apoint.exe
C: \ Programmer \ TOSHIBA \ Power Management \ CePMTray.exe
C: \ Programmer \ TOSHIBA \ touch pad \ TPTray.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ Programmer \ Apoint2K \ Apntex.exe
C: \ Programmer \ Samsung \ PanelMgr \ ssmmgr.exe
C: \ Programmer \ HCWemMON.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ SpyNoMore \ SNM.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ Programmer \ Windows Media Player \ WMPNSCFG.exe
C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Programmer \ initio \ Button Manager v1.836 \ inihid.exe
C: \ Programmer \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ QH8jvpp4.exe
C: \ PROGRA ~ 1 \ WinZip \ winzip32.exe
C: \ Documents and Settings \ Ejer \ Lokale indstillinger \ Temp \ Run
C: \ Programmer \ Windows NT \ Tilbehør \ WORDPAD.EXE

R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.ca
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = 64.34.113.100:80
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Programmer \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [Apoint] C: \ Programmer \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [CeEPOWER] C: \ Programmer \ TOSHIBA \ Power Management \ CePMTray.exe
O4 - HKLM \ .. \ Run: [TPNF] C: \ Programmer \ TOSHIBA \ touch pad \ TPTray.exe
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ Programmer \ Samsung \ PanelMgr \ ssmmgr.exe / autorun
O4 - HKLM \ .. \ Run: [emMON] HCWemMON.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AtiPTA] atiptaxx.exe
O4 - HKLM \ .. \ Run: [SNM] C: \ Programmer \ SpyNoMore \ SNM.exe / start
O4 - HKCU \ .. \ Run: [Free Download Manager] C: \ Programmer \ Free Download Manager \ fdm.exe-autorun
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programmer \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_9-reboot 1
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [SUPERAntiSpyware] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [SUPERAntiSpyware] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk =?
O4 - Global Startup: Button Manager v1.836.lnk =?
O4 - Global Startup: instiki.bat
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C: \ Programmer \ Linksys \ Linksys EasyLink Advisor \ Linksys EasyLink Advisor.exe
O4 - Global Startup: Sig Time.lnk = C: \ Programmer \ Sig Time \ SayTime.exe
O4 - Global Startup: TotalMedia Backup = C: \ Programmer \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Programmer \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Programmer \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O10 - Ukendt fil i Winsock LSP: c: \ Windows \ system32 \ nwprovau.dll
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol er i zonen Denne computer, bør Internet Zone (HKLM)
O16 - DPF: ppctlcab -- http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: (04E214E5-63AF-4236-83C6-A7ADCBF9BD02) (HouseCall Control) -- http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: (22E5D91F-89E6-4405-AD9C-0AF27BA6F06B) (HidInputMonitorX Control) - file: / / D: \ components \ hidinputmonitorx.ocx
O16 - DPF: (4F63D44B-6274-4D60-8AB1-CAA7116B8AF3) (A9Helper.A9) - file: / / D: \ components \ A9.ocx
O16 - DPF: (74D05D43-3236-11D4-BDCD-00C04F9A3B61) (HouseCall Control) -- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: (BAC01377-73DD-4796-854D-2A8997E3D68A) (Yahoo! Photos Easy Upload Tool Class) -- http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O16 - DPF: (E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD) -- http://download.abacast.com/download...basetup145.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown ejer - C: \ Programmer \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ lmgrd.exe
O23 - Service: Ati Genvejstast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown ejer - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: CeEPwrSvc - Compal ELECTRONIC INC. - C: \ Programmer \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Programmer \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C: \ Programmer \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C: \ Programmer \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co, Ltd - C: \ WINDOWS \ System32 \ DVDRAMSV.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Ukendt ejer - C: \ Programmer \ Hotspot Shield \ bin \ openvpnas.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C: \ Programmer \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C: \ Programmer \ Common Files \ SafeNet Sentinel \ Sentinel Protection Server \ WinNT \ spnsrvnt.exe

--
End of file - 9148 bytes

**evilfantasy** · #4 7. oktober 2008, 09:48

Deaktiver Spybot's TeaTimer

Mens TeaTimer er et fremragende værktøj til forebyggelse af spyware, kan det også forstyrre HijackThis fixes. Deaktiver TeaTimer for nu, indtil du er rene.

1. Højreklik Spybot i Systembakke (ligner en kalender med en hængelåssymbolet). Vælge Afslut Spybot S & D Resident
2. Løbe Spybot S & D
3. Gå til Mode-menuen, Og sørg Advanced Mode er valgt.
4. På venstre side, skal du vælge Værktøj > Resident
fjern Resident TeaTimer og OK en hurtig og Genstart din computer.

Bemærk: Hvis TeaTimer giver dig en advarsel, efter at nogle ændringer blev foretaget, tillade, at dette i stedet for at blokere den.

Hvis TeaTimer vil ikke slukke derefter afinstallere Spybot, indtil vi er færdig med rengøring.

----------

Åbn HijackThis og vælg Må en systemscanning kun.

Anbringe en markering ved siden af følgende poster: (hvis der)

O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol er i zonen Denne computer, bør Internet Zone (HKLM)

Vigtigt: Luk alle åbne vinduer undtagen HijackThis og klik derefter på Fix kontrolleres.

Når afsluttet, exit HijackThis.

----------

Download ComboFix ved Subs fra et af nedenstående links. Vær sikker på toppen gemme den til Desktop.

Link # 1
Link # 2

** Note: Det er vigtigt, at den er gemt direkte til dit skrivebord

Luk alle åbne Internet-browsere. (Firefox, Internet Explorer, osv.), før du begynder ComboFix.

Midlertidigt deaktivere din antivirus, Og enhver antispyware realtid beskyttelse før udførelse af en scanning. Klik på dette link at se en liste over sikkerhedsprogrammer, der skal være slået fra, og hvordan du deaktivere dem.

Dobbeltklik combofix.exe & følg instruktionerne.
Når du er færdig ComboFix vil udarbejde en log for dig.
Post den ComboFix log i dit næste svar.

Vigtigt: Må ikke mouseclick ComboFix vindue mens den kører. Det kan få det til at stå.

Husk at genaktivere dine antivirus-og antispyware beskyttelse, når ComboFix er færdig.

adhoc · #5 7 oktober 2008, 18:34

Tak EF du rock,

Den combofix log er enorm, så det er vedhæftet som en zip-fil:
combofixlog.zip

**evilfantasy** · #6 7 oktober 2008, 18:44

[*] Klik på START så RUN[*] Nu type Combofix / u i runbox [*] Sørg for, at der er et mellemrum mellem Combofix og / u [*] Så hit Indtast.

----------

Downloade OTMoveIt2 ved Oldtimer og gemme den på din Desktop.

Bemærk: Hvis du kører på Vista, skal du højreklikke på OTMoveIt2.exe og vælge Kør som administrator.

1. Dobbeltklik på OTMoveIt2.exe at køre den.
2. Kopier linier i codebox nedenfor.

Code:

[dræbe Explorer] C: \ WINDOWS \ system32 \ xVB47F7a.exe C: \ DOCUME ~ 1 \ Ejer \ LOCALS ~ 1 \ Temp \ RGI5.tmp EmptyTemp [Start Explorer]

3. Retur til OTMoveIt2, højreklik på Indsæt liste over de filer / mapper til Flyt vinduet (under den gule bar), og vælg Paste
4. Klik på den røde Moveit! knappen.
5. Kopier alt i Resultater vinduet (under den grønne bar), og indsætte det i dit næste svar.
6. Luk OTMoveIt2

Note: Hvis en fil eller mappe, som ikke kan flyttes straks kan du blive bedt om at genstarte computeren for at afslutte flytningen proces. Hvis du bliver bedt om at genstarte, skal du vælge Ja. Hvis ikke, reboot alligevel.

----------

Efter udstationering af OTMoveIt2 log.

1. Dobbeltklik OTMoveIt2.exe at iværksætte den.
Vista-brugere højreklikke og vælge Kør som administrator
2. Klik på Ryd op! knappen.
3. OTMoveIt2 vil hente en liste fra internettet, hvis din firewall eller andre defensive programmer advarer dig, give den adgang.
4. Klik på JA på det næste prompt (liste downloades Vil du begynde Tilfældig proces?)

Når du er færdig exit ud af OTMoveIt2

----------

Kør CCleaner.

----------

Kør dette online scanning.

Denne scanner kræver Internet Explorer

Brug ESET Nod32 Online Scanner

1. Marker afkrydsningsfeltet ved siden af JA, jeg accepterer Terms of Use.
2. Klik på Start
3. Adspurgt, tillade ActiveX-objekt til at installere
4. Klik på Start
5. Sørg for, at optionen Fjern fundet trusler og muligheden Scan uønskede programmer er tjekke mærket.
6. Klik på Scan
7. Vent til scanningen for at afslutte
8. Brug Notesblok til at åbne logfile placeret på C: \ Programmer \ EsetOnlineScanner \ Log.txt
9. Tilføj den C: \ Programmer \ EsetOnlineScanner \ Log.txt Log ind på din næste svar.

Lignende Tråde
Tråd	Thread Starter	Forum	Svar	Last Post
Virus: iexplore.exe som system proces	mkjuan	Virus, Spyware & Sikkerhed	14	7 november 2008 00:14
Computer ikke fungerer, er det bip!	PyroTails	General Hardware Chat	8	15. sep 2008 13:08
Strange bippende støj	sam182666	General Hardware Chat	6	26 april 2008 12:23
Problemer med popup-og iexplore kører processen	1carly1	Virus, Spyware & Sikkerhed	3	15 februar 2008 10:36
Bippende om Boot Up	nuteck	CPU, bundkort og RAM	11	21. jan 2008 05:55