Fjernelse iexplore.exe virus / hijack log

**xalice15x** · #1 10 November 2008, 18:14

Hey gutter,
Um. Hver gang jeg starter min computer, den iexplore.exe (I Jobliste) kommer op af sig selv. Jeg behøver ikke engang bruge Internet Explorer, jeg bruger Firefox. men det kommer op på egen hånd. Det er også bruger det meste af min hukommelse. Jeg er også at få en milliard popups, som jeg er villig til at satse er fra denne. når jeg afslutter den proces, det kommer tilbage med 3 eller 4 gange, så er det som regel går væk efter den 5. gang jeg afslutte det. men dette er kun for ca 5min derefter sin tilbage igen. er der nogen kender whats going on? Jeg har kørt scanninger med Ad-Aware, Norton, osv., men de har ikke fundet noget.
Yderligere info:
Jeg har Window's XP
& & Også der er røster fcoming fra annoncerne. Jeg prøvede alt. Tak på forhånd ^ __ ^

Jeg er lidt ny på dette. Så ERM. Kan nogen fortælle mig, hvordan man fjerner det? På en enkel-ish måde? = P

Logfile af HijackThis v1.99.1
Scan gemt på 6:14:25, den 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ Windows \ System \ hpsysdrv.exe
C: \ Programmer \ HP \ Digital Imaging \ losse \ hpqcmon.exe
C: \ WINDOWS \ System32 \ hphmon05.exe
C: \ HP \ KBD \ KBD.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ Programmer \ Multimedia Card Reader \ shwicon2k.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ Programmer \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Programmer \ Opdateringer fra HP \ 137903 \ Programmer \ BackWeb-137903.exe
C: \ Programmer \ Symantec AntiVirus \ DefWatch.exe
C: \ Programmer \ Photodex \ ProShowGold \ ScsiAccess.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Symantec AntiVirus \ Rtvscan.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ 0LFlxR4x.exe
C: \ Programmer \ Lavasoft \ Ad-Aware SE Professional \ Ad-Aware.exe
C: \ PROGRA ~ 1 \ WinZip \ winzip32.exe
C: \ DOCUME ~ 1 \ admini ~ 1 \ LOCALS ~ 1 \ Temp \ Run

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (3615EE58-6F38-47BA-9DD9-C99BD611C6A6) - C: \ WINDOWS \ system32 \ efcdbxx.dll (file missing)
O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (filen mangler)
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (filen mangler)
O2 - BHO: (684a8728-DD11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (filen mangler)
O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - c: \ Programmer \ HP \ Digital Imaging \ bin \ hpdtlk02.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] c: \ Programmer \ HP \ Digital Imaging \ losse \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [HPHUPD05] c: \ Programmer \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ System32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AutoTKit] C: \ hp \ bin \ AUTOTKIT.EXE
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe
O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Programmer \ Multimedia Card Reader \ shwicon2k.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Programmer \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programmer \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Programmer \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ Run: [Index Washer] C: \ Programmer \ Webroot \ Washer \ WashIdx.exe "Administrator"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Programmer \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [Window Washer] C: \ Programmer \ Webroot \ Washer \ wwDisp.exe
O4 - HKCU \ .. \ Run: [Index Washer] C: \ Programmer \ Webroot \ Washer \ WashIdx.exe "Administrator"
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Programmer \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: Quicken Anslået Updates.lnk = C: \ Programmer \ Quicken \ bagent.exe
O4 - Global Startup: Opdateringer fra HP.lnk = C: \ Programmer \ Opdateringer fra HP \ 137903 \ Programmer \ BackWeb-137903.exe
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
O9 - Ekstra knap: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & ende til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Ekstra knap: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (filen mangler)
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mangler)
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mangler)
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O11 - Valg gruppe: [INTERNATIONAL] International *
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.DLL
O18 - Protocol: ms-help - (314111C7-A502-11D2-BBCA-00C04F8EC294) - C: \ Programmer \ Common Files \ Microsoft Shared \ Help \ hxds.dll
O18 - Filter hijack: text / xml - (807563E5-5146-11D5-A672-00B0D022E945) - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ mikroer ~ 1 \ Office12 \ MSOXMLMF.DL L
O20 - Winlogon Notify: dimsntfy -% SystemRoot% \ System32 \ dimsntfy.dll (filen mangler)
O20 - Winlogon Notify: efcdbxx - efcdbxx.dll (file missing)
O20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll
O23 - Service: Adobe LM Service - Unknown ejer - C: \ Programmer \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Ati Genvejstast Poller - Unknown ejer - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Programmer \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Programmer \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: ScsiAccess - Ukendt ejer - C: \ Programmer \ Photodex \ ProShowGold \ ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Programmer \ Symantec AntiVirus \ Rtvscan.exe

**evilfantasy** · #2 10 November 2008, 20:23

Velkommen til CJ.

Please udskrive disse instruktioner, som de vil blive behov for senere, når Internet adgang er ikke tilgængelig.

Downloade SDFix ved AndyManchesta og gemme den på dit skrivebord.

Når du bruger dette værktøj, skal du bruge Administrator's konto eller en konto med Administrative rettigheder

Dobbeltklik SDFix.exe og det vil udpakke filerne til% systemdrive%
(dette er det drev, der indeholder Windows-mappen, typisk C: \ SDFix).
Brug det ikke blot endnu.

Genstart computeren i Fejlsikret tilstand ved hjælp af F8 metode. For at gøre dette, skal du genstarte computeren og efter at have hørt din computer Enkelt bip under start (men før Windows-ikonet vises) tryk på F8 flere gange. En menu vil komme frem med flere muligheder. Brug piletasterne til at navigere og vælge den mulighed for at køre Windows i "Fejlsikret tilstand".

Åbn SDFix mappe og dobbeltklik på RunThis.bat for at starte scriptet.

Type Y for at begynde Tilfældig proces.
Det vil fjerne enhver Trojan Services eller registreringsdatabaseposter findes derefter bede dig om at trykke på en tast for at genstarte.
Tryk på en tast og det vil genstarte pc'en.
Når pc'en genstartes, er Fixtool vil løbe igen og færdiggøre processen til fjernelse derefter vise FinishedTryk på en vilkårlig tast for at afslutte scriptet og belastning skrivebordet ikoner.
Når skrivebordet ikoner indlæse SDFix rapport vil åbne på skærmen og også gemme i SDFix mappe som Report.txt.
Kopier og indsæt indholdet af resultaterne fil Report.txt i dit næste svar.

----------

Også installere den nye version af HijackThis og skriv en ny log fra det i Normal boot tilstand efter SDFix har afsluttet.

Downloade TrendMicro HijackThis.exe (HJT) til skrivebordet.

Dobbeltklik på HJTInstall.
Klik på Installer knappen.
Det vil automatisk placere HJT i C: \ Programmer \ TrendMicro \ HijackThis \ HijackThis.exe.
Efter installere, HijackThis bør åbne for dig.
Klik på Må en systemscanning og gemme en logfil knappen
HijackThis scanner og derefter en log åbnes i Notesblok.
Kopier og derefter indsætte hele indholdet i loggen i dit indlæg.
Må ikke har HijackThis fastsætte noget endnu. Det meste af det, det finder er ufarlige eller ligefrem nødvendig.

**xalice15x** · #3 11 November 2008, 08:55

SDFix Report

SDFix: Version 1.240
Run by Administrator on Tue 11/11/2008 kl 08:39

Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ SDFix

Kontrol Services :

Retablering Default Security Values
Retablering Default Hosts File

Genstart

Checking Files :

Trojan Files Found:

C: \ Programmer \ nvcoi \ mst.stt - udgår

Mappen C: \ Programmer \ nvcoi - Removed
Mappen C: \ Programmer \ Temporary - Removed
Mappen C: \ Temp \ sanR24 - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 08:47:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning skjulte processer ...

scanning skjulte tjenesteydelser & system hive ...

scanning skjulte registreringsdatabaseposter ...

scanning skjulte filer ...

scanning afsluttet med succes
skjulte processer: 0
skjulte tjenester: 0
skjulte filer: 0

Resterende Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Programmer \ \ Opdateringer fra HP \ \ 137.903 \ \ Programmer \ \ BackWeb-137903.exe" = "C: \ \ Programmer \ \ Opdateringer fra HP \ \ 137.903 \ \ Programmer \ \ BackWeb-137903 . exe: *: Disabled: BackWeb-137903 "
"C: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ outlook.exe" = "C: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ outlook.exe: *: Enabled: Microsoft Office Outlook"
"C: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE: *: Enabled: Microsoft Office Groove"
"C: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ Onenote.exe" = "C: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ Onenote.exe: *: Enabled: Microsoft Office OneNote"
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Programmer \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe: *: Enabled : AOL Loader "
"C: \ \ Programmer \ \ AIM6 \ \ aim6.exe" = "C: \ \ Programmer \ \ AIM6 \ \ aim6.exe: *: Enabled: AIM"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"

Resterende Files :

File sikkerhedskopieringer: - C: \ SDFix \ backups \ backups.zip

Filer med Skjult Attributter :

Ons 14 November 2007 204 A. SHR --- "C: \ BOOT.BAK"
Fri 22 August 2008 635.848 A.SH. --- "C: \ Programmer \ Internet Explorer \ iexplore.exe"
Tor 15 juli 2004 0 A.SH. --- "C: \ WINDOWS \ SMINST \ HPCD.SYS"
Tor 10 Januar 2008 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Thu 10 januar 2008 401 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv19.bak"
Wed 29 Oct 2008 3.442 A.SH. --- "C: \ Documents and Settings \ All Users \ Dokumenter \ Optaget tv \ TempRec \ TempSBE \ SBE3.tmp"

Færdig!

------------------------------------------

HijackThis Log

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt på 8:55:16, den 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Symantec AntiVirus \ DefWatch.exe
C: \ Programmer \ Photodex \ ProShowGold \ ScsiAccess.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Symantec AntiVirus \ Rtvscan.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ Windows \ System \ hpsysdrv.exe
C: \ Programmer \ HP \ Digital Imaging \ losse \ hpqcmon.exe
C: \ WINDOWS \ System32 \ hphmon05.exe
C: \ HP \ KBD \ KBD.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ Programmer \ Multimedia Card Reader \ shwicon2k.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ Programmer \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Webroot \ Washer \ wwDisp.exe
C: \ Programmer \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Programmer \ Opdateringer fra HP \ 137903 \ Programmer \ BackWeb-137903.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ Notepad.exe
C: \ Programmer \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = ca: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (filen mangler)
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (filen mangler)
O2 - BHO: (684a8728-DD11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (filen mangler)
O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - c: \ Programmer \ HP \ Digital Imaging \ bin \ hpdtlk02.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] c: \ Programmer \ HP \ Digital Imaging \ losse \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [HPHUPD05] c: \ Programmer \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ System32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AutoTKit] C: \ hp \ bin \ AUTOTKIT.EXE
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe
O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Programmer \ Multimedia Card Reader \ shwicon2k.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Programmer \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programmer \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Programmer \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Programmer \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [Window Washer] C: \ Programmer \ Webroot \ Washer \ wwDisp.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AdobeUpdater] C: \ Programmer \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AdobeUpdater] C: \ Programmer \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Programmer \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: Quicken Anslået Updates.lnk = C: \ Programmer \ Quicken \ bagent.exe
O4 - Global Startup: Opdateringer fra HP.lnk = C: \ Programmer \ Opdateringer fra HP \ 137903 \ Programmer \ BackWeb-137903.exe
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
O9 - Ekstra knap: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & ende til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Ekstra knap: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (filen mangler)
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ Programmer \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ Programmer \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: Adobe LM Service - Unknown ejer - C: \ Programmer \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Ati Genvejstast Poller - Unknown ejer - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Programmer \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Programmer \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: ScsiAccess - Ukendt ejer - C: \ Programmer \ Photodex \ ProShowGold \ ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Programmer \ Symantec AntiVirus \ Rtvscan.exe

--
End of file - 9268 bytes

**evilfantasy** · #4 11 November 2008, 11:07

Downloade Deaktiver / Fjern Windows Messenger til skrivebordet for at fjerne Windows Messenger.

Må ikke forveksle Windows Messenger med MSN Messenger fordi de ikke er de samme. Windows Messenger er en hyppig årsag til popups.

Unzip filen på skrivebordet. Åbn MessengerDisable.exe og vælg den nederste boks -- Afinstaller Windows Messenger og klik Ansøge.

Afslut ud af MessengerDisable derefter slette de to filer, der blev lagt på skrivebordet.

----------

Åbn HijackThis og vælg Må en systemscanning kun.

Anbringe en markering ved siden af følgende poster: (hvis der)

- O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
- O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file missing)
- O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file missing)
- O2 - BHO: (684a8728-DD11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file missing)
- O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE

Vigtigt: Luk alle vinduer undtagen HijackThis og klik derefter på Fix kontrolleres.

Afslut HijackThis.

----------

Bemærk: nedenstående instruktioner var skabt specielt til denne bruger. Hvis du ikke er denne bruger, MÅ IKKE Følg disse anvisninger, som de kunne skade funktionen af dit system

Gå til Start> Kør og type Notepad.exe klik derefter på OK

Kopier og indsæt nedenfor i Notesblok, og gem som fixme.reg til din Desktop

Code:

REGEDIT4 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run] "AlcxMonitor" =-

Find fixme.reg på dit skrivebord og dobbeltklik på den. Svar Ja når du bliver bedt om at fusionere med topdomæneadministratoren.

Sørg for, at du fortælle mig, hvis du modtager en succes besked om at lægge den over i registreringsdatabasen. Hvis du ikke får en succes besked, det ikke virkede.

Slet fixme.reg fra skrivebordet.

----------

Download ComboFix ved Subs fra et af nedenstående links. Vær sikker på toppen gemme den til Desktop.

Link # 1
Link # 2

** Note: Det er vigtigt, at den er gemt direkte til dit skrivebord

Luk alle åbne Internet-browsere. (Firefox, Internet Explorer, osv.), før du begynder ComboFix.

Midlertidigt deaktivere din antivirus, Og enhver antispyware realtid beskyttelse før udførelse af en scanning. Klik på dette link at se en liste over sikkerhedsprogrammer, der skal være slået fra, og hvordan du deaktivere dem.

Dobbeltklik combofix.exe & følg instruktionerne.

For Windows XP Systems installere genoprettelseskonsollen:

- Hvis du bruger Windows XP og ikke allerede har Genoprettelseskonsol installeret, skal du sikre, at din internetforbindelse er aktiv (hvis muligt) og klik Ja.
- Hvis der af en eller anden grund din internetudbyder ikke fungerer klik Nej.
-- Hvis du ikke bruger Windows XP, vil du ikke blive bedt.
- Når du bliver bedt om at acceptere slutbrugerlicensaftalen klik OK.
- Accepter Microsofts EULA (Klik Ja).
- Når du får at vide, at de RC er installeret korrekt klik JA at fortsætte med at scanne for malware.

Når du er færdig ComboFix vil udarbejde en log for dig.
Post den ComboFix log i dit næste svar.

Vigtigt: Må ikke mouseclick ComboFix vindue mens den kører. Det kan få det til at stå.

Husk at genaktivere dine antivirus-og antispyware beskyttelse, når ComboFix er færdig.

Også lade mig vide, hvordan computeren kører nu.

**xalice15x** · #5 11 November 2008, 11:55

ComboFix log

ComboFix 08-11-10.01 - Administrator 2008-11-11 11:39:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.176 [GMT -7:00]
Kører fra: c: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Skabt et nyt gendannelsespunkt
.

((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ Documents and Settings \ Administrator \ Dokumenter \ TSKS ~ 1
c: \ program files \ Common Files \ racle ~ 1
c: \ program files \ stem32 ~ 1
c: \ program files \ wnsxs ~ 1
c: \ windows \ BMf3ec611b.txt
C: \ Windows \ system32 \0LFlxR4x.exe.a_a
c: \ windows \ system32 \ epljwqgq.ini
c: \ windows \ system32 \ fj8wNOvc.exe.a_a
c: \ windows \ system32 \ icidbcft.ini
c: \ windows \ system32 \ iDlo01
c: \ windows \ system32 \ jrjvfibu.ini
c: \ windows \ system32 \ jryeuaqx.ini
c: \ windows \ system32 \ mcrh.tmp
c: \ windows \ system32 \ MSINET.oca
c: \ windows \ system32 \ mvmqocpc.ini
c: \ windows \ system32 \ oqstv.ini
c: \ windows \ system32 \ oqstv.ini2
D: \ Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008/10/11 til 2008/11/11 ))))))))))) ))))))))))))))))))))
.

2008-11-11 08:54. 2008-11-11 08:54 <DIR> d -------- C: \ program files \ Trend Micro
2008-11-11 08:38. 2008-11-11 08:38 578.560 - a - c --- C: \ Windows \ system32 \ dllcache \ user32.dll
2008-11-11 08:29. 2008-11-11 08:29 <DIR> d -------- C: \ Windows \ ERUNT
2008-11-11 08:23. 2008-11-11 08:51 <DIR> d -------- C: \ SDFix
2008-11-02 09:12. 2008-11-10 14:10 41.474 - a ------ C: \ Windows \ system32 \0LFlxR4x.exe_
2008-11-02 09:12. 2008-11-11 09:12 40.450 - a ------ C: \ Windows \ system32 \0LFlxR4x.exe
2008-10-31 18:00. 2008-10-31 18:00 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Application Data \ Yahoo!
2008-10-31 16:40. 2008-10-31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Yahoo!
2008-10-31 16:39. 2008-11-10 17:27 <DIR> d -------- C: \ Programmer \ Yahoo!
2008-10-29 17:23. 2008-10-29 17:23 <DIR> d -------- C: \ Windows \ system32 \ CatRoot_bak
2008-10-29 17:23. 2008-09-08 03:41 333.824 ----- c --- C: \ Windows \ system32 \ dllcache \ Srv.sys
2008-10-29 17:23. 2008-06-13 04:05 272.128 ----- c --- C: \ Windows \ system32 \ dllcache \ bthport.sys
2008-10-29 17:23. 2008-08-14 03:04 138.496 ----- c --- C: \ Windows \ system32 \ dllcache \ afd.sys
2008-10-29 17:22. 2008-08-14 03:11 2.189.184 ----- c --- C: \ Windows \ system32 \ dllcache \ ntoskrnl.exe
2008-10-29 17:22. 2008-08-14 03:09 2.145.280 ----- c --- C: \ Windows \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-29 17:22. 2008-08-14 02:33 2.066.048 ----- c --- C: \ Windows \ system32 \ dllcache \ Ntkrnlpa.exe
2008-10-29 17:22. 2008-08-14 02:33 2.023.936 ----- c --- C: \ Windows \ system32 \ dllcache \ Ntkrpamp.exe
2008-10-29 17:22. 2008-09-15 05:12 1.846.400 ----- c --- C: \ Windows \ system32 \ dllcache \ Win32k.sys
2008-10-29 17:22. 2008-04-11 12:04 691.712 ----- c --- C: \ Windows \ system32 \ dllcache \ Inetcomm.dll
2008-10-29 17:22. 2008-05-08 07:02 203.136 ----- c --- C: \ Windows \ system32 \ dllcache \ rmcast.sys
2008-10-28 18:39. 2008-10-28 18:39 10 - a ------ C: \ Windows \ Wininit.ini
2008-10-23 14:45. 2008-10-15 09:34 337.408 ----- c --- C: \ Windows \ system32 \ dllcache \ Netapi32.dll
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ scripting
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ DA
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ bits
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ l2schemas
2008-10-15 18:23. 2007-06-13 03:23 1.033.216 - a ------ C: \ Windows \ SET25A.tmp
2008-10-15 18:22. 2008-08-14 03:09 2.145.280 - a ------ C: \ Windows \ system32 \ ntoskrnl.exe
2008-10-15 16:09. 2008-10-15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Motive
2008-10-12 17:26. 2008-10-12 17:25 30.272 - a ------ C: \ Windows \ system32 \ fj8wNOvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 18:38 --------- d ----- wc: \ program files \ Symantec AntiVirus
2008-11-10 22:05 --------- d ----- wc: \ program files \ DivX
2008-11-10 22:03 --------- d ----- wc: \ program files \ Java
2008-11-10 01:37 --------- d ----- wc: \ program files \ Microsoft Plus! Digital Media Edition
2008-11-10 01:35 --------- d ----- wc: \ program files \ Microsoft Works
2008-11-08 02:37 90.112 ---- aw C: \ Windows \ DUMP3a98.tmp
2008-11-08 01:26 30 ---- aw C: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. Dat
2008-10-29 22:21 77.824 ---- aw C: \ Windows \ PCHealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ FDIWrapper.dll
2008-10-29 22:21 69.632 ---- aw C: \ Windows \ PCHealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ msxmlwrapper.dll
2008-10-29 22:21 5.632 ---- aw C: \ Windows \ PCHealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ GUI.dll
2008-10-29 22:21 49.152 ---- aw C: \ Windows \ PCHealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ PCHI18N.dll
2008-10-29 22:21 32.768 ---- aw C: \ Windows \ PCHealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ pchapi.dll
2008-10-29 22:21 26.572 ---- aw C: \ Windows \ PCHealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ INV16.dll
2008-10-29 22:21 213.089 ---- aw C: \ Windows \ PCHealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ motive.zip
2008-10-29 22:21 139.264 ---- aw C: \ Windows \ PCHealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ ContentUpdater.exe
2008-10-29 22:21 114.688 ---- aw C: \ Windows \ PCHealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ ZipLib.dll
2008-10-29 22:21 114.688 ---- aw C: \ Windows \ PCHealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ asst_ui.dll
2008-10-29 22:11 --------- d - h - wc: \ program files \ InstallShield Installation Information
2008-10-29 22:11 --------- d ----- wc: \ program files \ ATI Technologies
2008-10-25 01:16 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Flyt Networks
2008-10-16 22:05 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Viewpoint
2008-10-16 01:06 --------- d ----- wc: \ program files \ Google
2008-09-28 22:59 --------- d ----- wc: \ program files \ Common Files \ AOL
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL OCP
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ acccore
2008-09-22 21:27 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-09-17 01:24 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Vso
2008-09-15 12:12 1.846.400 ---- aw C: \ Windows \ system32 \ Win32k.sys
2008-08-26 07:24 826.368 ---- aw C: \ Windows \ system32 \ Wininet.dll
2008-08-14 09:33 2.023.936 ---- aw C: \ Windows \ system32 \ Ntkrnlpa.exe
2007-12-28 00:53 79.738 ---- aw C: \ Documents and Settings \ Fonts \ broken_ghost.zip
2007-11-23 01:25 81.920 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ ezpinst.exe
2007-11-23 01:25 47.360 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-13 15360]
"Window Washer" = "c: \ program files \ Webroot \ Washer \ wwDisp.exe" [2005-03-08 910336]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ehTray" = "c: \ windows \ ehome \ ehtray.exe" [2004-08-04 50176]
"SunJavaUpdateSched" = "c: \ windows \ system \ hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon" = "c: \ windows \ system32 \ NeroCheck.exe" [2003-10-02 118784]
"CamMonitor" = "c: \ program files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe" [2002-10-07 90112]
"HPHmon05" = "c: \ Windows \ System32 \ hphmon05.exe" [2003-05-23 483328]
"KBD" = "c: \ hp \ KBD \ KBD.EXE" [2003-02-11 61440]
"MSMSGS" = "c: \ program files \ Common Files \ Real \ iTunes \ iTunesHelper.exe" [2003-12-17 151597]
"Recguard" = "c: \ Windows \ SMINST \ RECGUARD.EXE" [2002-09-13 212992]
"PS2" = "c: \ windows \ system32 \ ps2.exe" [2002-10-16 81920]
"Sunkist2k" = "c: \ program files \ Multimedia Card Reader \ shwicon2k.exe" [2003-08-14 139264]
"NvCplDaemon" = "c: \ program files \ Common Files \ Symantec Shared \ ccApp.exe" [2005-06-02 48752]
"vptray" = "c: \ progra ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2005-06-23 85696]
"NvCplDaemon" = "c: \ program files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck" = "C: \ Windows \ system32 \ NeroCheck.e XE" [2001-07-09 155648]
"GrooveMonitor" = "c: \ Programmer \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "c: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 39792]
"ATIModeChange" = "Ati2mdxx.exe" [2001/09/05 c: \ windows \ system32 \ Ati2mdxx.exe]
"LTMSG" = "LTMSG.exe" [2003/07/14 C: \ Windows \ ltmsg.exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AdobeUpdater" = "c: \ Programmer \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007-03-01 2321600]

c: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \
Adobe Gamma Loader.lnk - C: \ program files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2007-11-22 113664]
HP Digital Imaging Monitor.lnk - C: \ program files \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Programmer \ \ Opdateringer fra HP \ \ 137.903 \ \ Programmer \ \ BackWeb-137903.exe" =
"c: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"c: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"c: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R2 CX88XBAR; Conexant 2388x Crossbar Dual Input c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003-12-10 7040]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ D]
\ Shell \ AutoRun \ command - D: \ Info.exe Folder.htt 480 480

* Nyoprettede Service * - PROCEXP90
.
Indhold af "Planlagte opgaver" mappe

2008/10/30 C: \ Windows \ Tasks \ At1.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/11 C: \ Windows \ Tasks \ At10.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/02 C: \ Windows \ Tasks \ At100.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ Windows \ Tasks \ At101.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ Windows \ Tasks \ At102.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ Windows \ Tasks \ At103.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ Windows \ Tasks \ At104.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ Windows \ Tasks \ At105.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 C: \ Windows \ Tasks \ At106.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 C: \ Windows \ Tasks \ At107.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 C: \ Windows \ Tasks \ At108.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 C: \ Windows \ Tasks \ At109.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 C: \ Windows \ Tasks \ At11.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/09 C: \ Windows \ Tasks \ At110.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/10 C: \ Windows \ Tasks \ At111.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/10 C: \ Windows \ Tasks \ At112.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/06 C: \ Windows \ Tasks \ At113.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 C: \ Windows \ Tasks \ At114.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 C: \ Windows \ Tasks \ At115.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 C: \ Windows \ Tasks \ At116.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 C: \ Windows \ Tasks \ At117.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ Windows \ Tasks \ At118.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ Windows \ Tasks \ At119.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 C: \ Windows \ Tasks \ At12.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/02 C: \ Windows \ Tasks \ At120.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 C: \ Windows \ Tasks \ At13.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/09 C: \ Windows \ Tasks \ At14.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/10 C: \ Windows \ Tasks \ At15.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/10 C: \ Windows \ Tasks \ At16.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/06 C: \ Windows \ Tasks \ At17.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/09 C: \ Windows \ Tasks \ At18.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/11 C: \ Windows \ Tasks \ At19.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ Windows \ Tasks \ At2.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/11 C: \ Windows \ Tasks \ At20.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/09 C: \ Windows \ Tasks \ At21.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ Windows \ Tasks \ At22.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ Windows \ Tasks \ At23.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ Windows \ Tasks \ At24.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ Windows \ Tasks \ At3.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ Windows \ Tasks \ At4.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ Windows \ Tasks \ At5.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ Windows \ Tasks \ At6.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/31 C: \ Windows \ Tasks \ At7.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 C: \ Windows \ Tasks \ At8.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/01 C: \ Windows \ Tasks \ At9.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/02 C: \ Windows \ Tasks \ At97.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ Windows \ Tasks \ At98.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 C: \ Windows \ Tasks \ At99.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]
.
- - - - Forældreløse FJERNES - - - --

HKCU-Run-SWG - c: \ program files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
HKCU-Run-RecordNow! - (No file)
HKLM-Run-HPHUPD05 - c: \ program files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
HKLM-Run-AutoTKit - c: \ hp \ bin \ AUTOTKIT.EXE
HKLM-Run-UpdateManager - C: \ program files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
HKLM-Run-iTunesHelper - c: \ program files \ ATI Technologies \ ATI Control Panel \ iTunes \ iTunesHelper.exe

.
------- Supplerende Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \0rews22y.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - ca: blank
FF -: plugin - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \0rews22y.default \ extensions \ moveplayer @ movenetworks. com \ platform \ WINNT_x86-msvc \ plugins \ npmnqmp07076007.dll
FF -: plugin - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ plugins \ npPxPlay.dll
FF -: plugin - c: \ program files \ Mozilla Firefox \ plugins \ npmozax.dll
FF -: plugin - c: \ program files \ Mozilla Firefox \ plugins \ npsnapfish.dll
FF -: plugin - c: \ program files \ Real \ RealOne Player \ Netscape6 \ nppl3260.dll
FF -: plugin - c: \ program files \ Real \ RealOne Player \ Netscape6 \ nprjplug.dll
FF -: plugin - c: \ program files \ Real \ RealOne Player \ Netscape6 \ nprpjplug.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 11:44:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning skjulte processer ...

scanning skjulte autostart entries ...

scanning skjulte filer ...

************************************************** ************************
.
Completion time: 2008-11-11 11:47:43
ComboFix-quarantined-files.txt 2008-11-11 18:46:39

Pre-Run: 89004101632 bytes fri
Post-Run: 89081098240 bytes fri

272 --- EOF --- 2008-10-30 03:01:59

~ ~
Hidtil iexplore.exe hasn't dukkede op ^ _ ^
Er der alligevel for at sikre, at er det gået?
& & Er det okay, hvis jeg sletter de ting, som jeg downloade?

**evilfantasy** · #6 11 November 2008, 12:04

Vi vil rense alt op, før vi er færdig. Der er stadig mere at gøre, men jeg er nødt til at køre i et stykke tid. Være tilbage senere.

**xalice15x** · #7 11 November 2008, 12:19

Flere trin? Jeg troede vi var færdige D:
Hurtigt spørgsmål; Er noget af dette vil få indflydelse på de programmer der er installeret i min computer?
Alrightie, jeg er nødt til at gå en smule samt xP

**xalice15x** · #8 11 November 2008, 13:07

iexplore.exe 's stadig er her; -;

**evilfantasy** · #9 11 November 2008, 16:28

Nej vi er ikke gjort. Jeg vil give det alle klart, når det er overstået

Bemærk: nedenstående instruktioner var skabt specielt til denne bruger. Hvis du ikke er denne bruger, MÅ IKKE Følg disse anvisninger, som de kunne skade funktionen af dit system

Slet disse filer / mapper, som følger:

1. Gå til Start > Løbe > Type Notepad.exe og klik OK at åbne Notesblok.
Det skal være Notesblok ikke WordPad.
2. Kopier teksten i nedenstående kode boksen ved at markere al teksten og trykke på Ctrl + C

Code:

3. Gå til Notesblok-vinduet, og klik Redigér > Paste
4. Klik derefter på Fil > Gemme
5. Navngiv filen CFScript.txt - Gem filen på dit skrivebord
6. Derefter trække CFScript (hold venstre museknap nede, samtidig med at trække filen) og slippe det (release venstre museknap) i ComboFix.exe som du kan se i skærmbilledet nedenunder. Vigtigt: Udfør denne instruktion omhyggeligt!

ComboFix vil begynde at udføre, skal du blot følge instruktionerne.
Efter genstart (når den beder om at genstarte), den vil udarbejde en log for dig.
Post, at log (Combofix.txt) i dit næste svar.

Bemærk: Må ikke mouseclick ComboFix vindue mens den kører. Det kan forårsage dit system til at fryse

**xalice15x** · #10 11 November 2008, 17:36

Okay ^ __ ^

Combofix Log

ComboFix 08-11-10.01 - Administrator 2008-11-11 17:21:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.153 [GMT -7:00]
Kører fra: c: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
Command switches anvendes:: C: \ Documents and Settings \ Administrator \ Desktop \ CFScript.txt
* Skabt et nyt gendannelsespunkt

FILE::
c: \ windows \ SET25A.tmp
C: \ Windows \ system32 \0LFlxR4x.exe
C: \ Windows \ system32 \0LFlxR4x.exe_
c: \ windows \ system32 \ fj8wNOvc.exe
C: \ Windows \ Tasks \ At1.job
c: \ Windows \ Tasks \ At10.job
c: \ Windows \ Tasks \ At100.job
c: \ Windows \ Tasks \ At101.job
c: \ Windows \ Tasks \ At102.job
c: \ Windows \ Tasks \ At103.job
c: \ Windows \ Tasks \ At104.job
c: \ Windows \ Tasks \ At105.job
c: \ Windows \ Tasks \ At106.job
c: \ Windows \ Tasks \ At107.job
c: \ Windows \ Tasks \ At108.job
c: \ Windows \ Tasks \ At109.job
c: \ Windows \ Tasks \ At11.job
c: \ Windows \ Tasks \ At110.job
c: \ Windows \ Tasks \ At111.job
c: \ Windows \ Tasks \ At112.job
c: \ Windows \ Tasks \ At113.job
c: \ Windows \ Tasks \ At114.job
c: \ Windows \ Tasks \ At115.job
c: \ Windows \ Tasks \ At116.job
c: \ Windows \ Tasks \ At117.job
c: \ Windows \ Tasks \ At118.job
c: \ Windows \ Tasks \ At119.job
c: \ Windows \ Tasks \ At12.job
c: \ Windows \ Tasks \ At120.job
c: \ Windows \ Tasks \ At13.job
c: \ Windows \ Tasks \ At14.job
c: \ Windows \ Tasks \ At15.job
c: \ Windows \ Tasks \ At16.job
c: \ Windows \ Tasks \ At17.job
c: \ Windows \ Tasks \ At18.job
c: \ Windows \ Tasks \ At19.job
c: \ Windows \ Tasks \ At2.job
c: \ Windows \ Tasks \ At20.job
c: \ Windows \ Tasks \ At21.job
c: \ Windows \ Tasks \ At22.job
c: \ Windows \ Tasks \ At23.job
c: \ Windows \ Tasks \ At24.job
c: \ Windows \ Tasks \ At3.job
c: \ Windows \ Tasks \ At4.job
c: \ Windows \ Tasks \ At5.job
c: \ Windows \ Tasks \ At6.job
c: \ Windows \ Tasks \ At7.job
c: \ Windows \ Tasks \ At8.job
c: \ Windows \ Tasks \ At9.job
c: \ Windows \ Tasks \ At97.job
c: \ Windows \ Tasks \ At98.job
c: \ Windows \ Tasks \ At99.job
.

((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ windows \ SET25A.tmp
C: \ Windows \ system32 \0LFlxR4x.exe
C: \ Windows \ system32 \0LFlxR4x.exe.a_a
c: \ windows \ system32 \ fj8wNOvc.exe
C: \ Windows \ Tasks \ At1.job
c: \ Windows \ Tasks \ At10.job
c: \ Windows \ Tasks \ At100.job
c: \ Windows \ Tasks \ At101.job
c: \ Windows \ Tasks \ At102.job
c: \ Windows \ Tasks \ At103.job
c: \ Windows \ Tasks \ At104.job
c: \ Windows \ Tasks \ At105.job
c: \ Windows \ Tasks \ At106.job
c: \ Windows \ Tasks \ At107.job
c: \ Windows \ Tasks \ At108.job
c: \ Windows \ Tasks \ At109.job
c: \ Windows \ Tasks \ At11.job
c: \ Windows \ Tasks \ At110.job
c: \ Windows \ Tasks \ At111.job
c: \ Windows \ Tasks \ At112.job
c: \ Windows \ Tasks \ At113.job
c: \ Windows \ Tasks \ At114.job
c: \ Windows \ Tasks \ At115.job
c: \ Windows \ Tasks \ At116.job
c: \ Windows \ Tasks \ At117.job
c: \ Windows \ Tasks \ At118.job
c: \ Windows \ Tasks \ At119.job
c: \ Windows \ Tasks \ At12.job
c: \ Windows \ Tasks \ At120.job
c: \ Windows \ Tasks \ At13.job
c: \ Windows \ Tasks \ At14.job
c: \ Windows \ Tasks \ At15.job
c: \ Windows \ Tasks \ At16.job
c: \ Windows \ Tasks \ At17.job
c: \ Windows \ Tasks \ At18.job
c: \ Windows \ Tasks \ At19.job
c: \ Windows \ Tasks \ At2.job
c: \ Windows \ Tasks \ At20.job
c: \ Windows \ Tasks \ At21.job
c: \ Windows \ Tasks \ At22.job
c: \ Windows \ Tasks \ At23.job
c: \ Windows \ Tasks \ At24.job
c: \ Windows \ Tasks \ At3.job
c: \ Windows \ Tasks \ At4.job
c: \ Windows \ Tasks \ At5.job
c: \ Windows \ Tasks \ At6.job
c: \ Windows \ Tasks \ At7.job
c: \ Windows \ Tasks \ At8.job
c: \ Windows \ Tasks \ At9.job
c: \ Windows \ Tasks \ At97.job
c: \ Windows \ Tasks \ At98.job
c: \ Windows \ Tasks \ At99.job

.
((((((((((((((((((((((((( Files Created from 2008/10/12 til 2008/11/12 ))))))))))) ))))))))))))))))))))
.

2008-11-11 08:54. 2008-11-11 08:54 <DIR> d -------- C: \ program files \ Trend Micro
2008-11-11 08:38. 2008-11-11 08:38 578.560 - a - c --- C: \ Windows \ system32 \ dllcache \ user32.dll
2008-11-11 08:29. 2008-11-11 08:29 <DIR> d -------- C: \ Windows \ ERUNT
2008-11-11 08:23. 2008-11-11 08:51 <DIR> d -------- C: \ SDFix
2008-10-31 18:00. 2008-10-31 18:00 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Application Data \ Yahoo!
2008-10-31 16:40. 2008-10-31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Yahoo!
2008-10-31 16:39. 2008-11-10 17:27 <DIR> d -------- C: \ Programmer \ Yahoo!
2008-10-29 17:23. 2008-10-29 17:23 <DIR> d -------- C: \ Windows \ system32 \ CatRoot_bak
2008-10-29 17:23. 2008-09-08 03:41 333.824 ----- c --- C: \ Windows \ system32 \ dllcache \ Srv.sys
2008-10-29 17:23. 2008-06-13 04:05 272.128 ----- c --- C: \ Windows \ system32 \ dllcache \ bthport.sys
2008-10-29 17:23. 2008-08-14 03:04 138.496 ----- c --- C: \ Windows \ system32 \ dllcache \ afd.sys
2008-10-29 17:22. 2008-08-14 03:11 2.189.184 ----- c --- C: \ Windows \ system32 \ dllcache \ ntoskrnl.exe
2008-10-29 17:22. 2008-08-14 03:09 2.145.280 ----- c --- C: \ Windows \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-29 17:22. 2008-08-14 02:33 2.066.048 ----- c --- C: \ Windows \ system32 \ dllcache \ Ntkrnlpa.exe
2008-10-29 17:22. 2008-08-14 02:33 2.023.936 ----- c --- C: \ Windows \ system32 \ dllcache \ Ntkrpamp.exe
2008-10-29 17:22. 2008-09-15 05:12 1.846.400 ----- c --- C: \ Windows \ system32 \ dllcache \ Win32k.sys
2008-10-29 17:22. 2008-04-11 12:04 691.712 ----- c --- C: \ Windows \ system32 \ dllcache \ Inetcomm.dll
2008-10-29 17:22. 2008-05-08 07:02 203.136 ----- c --- C: \ Windows \ system32 \ dllcache \ rmcast.sys
2008-10-28 18:39. 2008-10-28 18:39 10 - a ------ C: \ Windows \ Wininit.ini
2008-10-23 14:45. 2008-10-15 09:34 337.408 ----- c --- C: \ Windows \ system32 \ dllcache \ Netapi32.dll
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ scripting
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ DA
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ bits
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ l2schemas
2008-10-15 18:23. 2006-09-23 14:12 1.022.976 - a ------ C: \ Windows \ system32 \ SETA0B.tmp
2008-10-15 18:22. 2008-08-14 03:09 2.145.280 - a ------ C: \ Windows \ system32 \ ntoskrnl.exe
2008-10-15 16:09. 2008-10-15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 00:29 --------- d ----- wc: \ program files \ Symantec AntiVirus
2008-11-10 22:05 --------- d ----- wc: \ program files \ DivX
2008-11-10 22:03 --------- d ----- wc: \ program files \ Java
2008-11-10 01:37 --------- d ----- wc: \ program files \ Microsoft Plus! Digital Media Edition
2008-11-10 01:35 --------- d ----- wc: \ program files \ Microsoft Works
2008-11-08 02:37 90.112 ---- aw C: \ Windows \ DUMP3a98.tmp
2008-11-08 01:26 30 ---- aw C: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. Dat
2008-10-29 22:11 --------- d - h - wc: \ program files \ InstallShield Installation Information
2008-10-29 22:11 --------- d ----- wc: \ program files \ ATI Technologies
2008-10-25 01:16 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Flyt Networks
2008-10-16 22:05 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Viewpoint
2008-10-16 01:06 --------- d ----- wc: \ program files \ Google
2008-09-28 22:59 --------- d ----- wc: \ program files \ Common Files \ AOL
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL OCP
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ acccore
2008-09-22 21:27 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-09-17 01:24 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Vso
2007-12-28 00:53 79.738 ---- aw C: \ Documents and Settings \ Fonts \ broken_ghost.zip
2007-11-23 01:25 81.920 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ ezpinst.exe
2007-11-23 01:25 47.360 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-13 15360]
"Window Washer" = "c: \ program files \ Webroot \ Washer \ wwDisp.exe" [2005-03-08 910336]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ehTray" = "c: \ windows \ ehome \ ehtray.exe" [2004-08-04 50176]
"SunJavaUpdateSched" = "c: \ windows \ system \ hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon" = "c: \ windows \ system32 \ NeroCheck.exe" [2003-10-02 118784]
"CamMonitor" = "c: \ program files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe" [2002-10-07 90112]
"HPHmon05" = "c: \ Windows \ System32 \ hphmon05.exe" [2003-05-23 483328]
"KBD" = "c: \ hp \ KBD \ KBD.EXE" [2003-02-11 61440]
"MSMSGS" = "c: \ program files \ Common Files \ Real \ iTunes \ iTunesHelper.exe" [2003-12-17 151597]
"Recguard" = "c: \ Windows \ SMINST \ RECGUARD.EXE" [2002-09-13 212992]
"PS2" = "c: \ windows \ system32 \ ps2.exe" [2002-10-16 81920]
"Sunkist2k" = "c: \ program files \ Multimedia Card Reader \ shwicon2k.exe" [2003-08-14 139264]
"NvCplDaemon" = "c: \ program files \ Common Files \ Symantec Shared \ ccApp.exe" [2005-06-02 48752]
"vptray" = "c: \ progra ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2005-06-23 85696]
"NvCplDaemon" = "c: \ program files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck" = "C: \ Windows \ system32 \ NeroCheck.e XE" [2001-07-09 155648]
"GrooveMonitor" = "c: \ Programmer \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "c: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 39792]
"ATIModeChange" = "Ati2mdxx.exe" [2001/09/05 c: \ windows \ system32 \ Ati2mdxx.exe]
"LTMSG" = "LTMSG.exe" [2003/07/14 C: \ Windows \ ltmsg.exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AdobeUpdater" = "c: \ Programmer \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007-03-01 2321600]

c: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \
Adobe Gamma Loader.lnk - C: \ program files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2007-11-22 113664]
HP Digital Imaging Monitor.lnk - C: \ program files \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Programmer \ \ Opdateringer fra HP \ \ 137.903 \ \ Programmer \ \ BackWeb-137903.exe" =
"c: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"c: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"c: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R2 CX88XBAR; Conexant 2388x Crossbar Dual Input c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003-12-10 7040]
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 17:26:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning skjulte processer ...

scanning skjulte autostart entries ...

scanning skjulte filer ...

scanning afsluttet med succes
skjulte filer: 0

************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
C: \ Windows \ system32 \ ati2evxx.exe
c: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
c: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
c: \ Programmer \ Symantec AntiVirus \ DefWatch.exe
c: \ program files \ Photodex \ ProShowGold \ scsiaccess.exe
c: \ Programmer \ Symantec AntiVirus \ Rtvscan.exe
c: \ program files \ Opdateringer fra HP \ 137.903 \ Programmer \ BackWeb-137903.exe
c: \ windows \ system32 \ hpzipm12.exe
.
************************************************** ************************
.
Completion time: 2008-11-11 17:34:29 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2008-11-12 00:34:22
ComboFix2.txt 2008-11-11 18:47:44

Pre-Run: 89064681472 bytes fri
Post-Run: 89055629312 bytes fri

239 --- EOF --- 2008-10-30 03:01:59

Lignende Tråde
Tråd	Thread Starter	Forum	Svar	Last Post
Re: iexplore.exe virus	mpenney	Virus, Spyware & Sikkerhed	6	3 november 2008 14:11
Iexplore virus og nogle mere?	rreiss	Virus, Spyware & Sikkerhed	1	19 oktober 2008 18:46
Iexplore.exe virus igen!	davejess00	Virus, Spyware & Sikkerhed	18	13 oktober 2008 10:16
IEXPLORER.EXE virus pls gennemgang Hijack log	nitingaur	Virus, Spyware & Sikkerhed	15	22. sep 2008 16:40
Iexplore.exe virus	kfarns00	Virus, Spyware & Sikkerhed	9	4 december 2007 14:26