mindre egenkapital

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Sikkerhed
Reload this Page

Uanset hvad jeg gør jeg ikke kan slippe af TROJAN.VUNDO.H

Registrer Site Spy Medlem List Donate Søgning Dagens Stillinger Mark Forums Read Forum Regler

Register


 Default 

Uanset hvad jeg gør jeg ikke kan slippe af TROJAN.VUNDO.H




Reply
Side 1 af 3 1 23
 
Thread Tools
  #1  
Old 16. oktober 2008, 09:51
Medlem Gruppen
  
Jeg har prøvet mange gange med Malwarebytes at slette VUNDO.H virus. Det giver anledning til at genstarte og jeg køre Malwarebytes igen kun for at finde det stadig er på systemet. Jeg har også slukket systemer genoprette før start disse.

Tak for din hjælp!
Vedhæftede filer
File Type: txt mbam-log-2008-10-16 (12-33-23). txt (1,2 KB, 109 visninger)
File Type: txt hijackthis.txt (7,3 KB, 100 visninger)
  #2  
Old 16. oktober 2008, 11:27
Redaktør Gruppen
  
Åbn HijackThis og vælg Må en systemscanning kun.

Anbringe en markering ved siden af følgende poster: (hvis der)
  • O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - C: \ Windows \ system32 \ digestp.dll
  • O20 - Winlogon Notify: paubftzz - C: \ WINDOWS \ SYSTEM32 \ digestp.dll
Vigtigt: Luk alle vinduer undtagen HijackThis og klik derefter på Fix kontrolleres.

Afslut HijackThis.

----------

Downloade OTMoveIt2 ved Oldtimer og gemme den på din Desktop.

Bemærk: Hvis du kører på Vista, skal du højreklikke på OTMoveIt2.exe og vælge Kør som administrator.

1. Dobbeltklik på OTMoveIt2.exe at køre den.
2. Kopier linier i codebox nedenfor.

Code:
[dræbe Explorer] C: \ WINDOWS \ SYSTEM32 \ digestp.dll EmptyTemp [Start Explorer]
3. Retur til OTMoveIt2, højreklik på Indsæt liste over de filer / mapper til Flyt vinduet (under den gule bar), og vælg Paste
4. Klik på den røde Moveit! knappen.
5. Kopier alt i Resultater vinduet (under den grønne bar), og indsætte det i dit næste svar.
6. Luk OTMoveIt2

Note: Hvis en fil eller mappe, som ikke kan flyttes straks kan du blive bedt om at genstarte computeren for at afslutte flytningen proces. Hvis du bliver bedt om at genstarte, skal du vælge Ja. Hvis ikke, reboot alligevel.
__________________
  #3  
Old 16. oktober 2008, 12:39
Medlem Gruppen
  
Nå Jeg løb alt, hvad du har indsendt. Den Hijack gik fint og de 2 filer slettes.

Den OTMOVEIT2 program - jeg har kopieret de 4 linjer
[dræbe Explorer]
C: \ WINDOWS \ SYSTEM32 \ digestp.dll
EmptyTemp
[Start Explorer

under den gule bjælke og udvalgte MOVEIT.

Under det grønne felt programmerne sagde udforske dræbt held dog fik jeg en fejl dialogboksen.

Said OTMOVEIT2 OTMOVEIT2.EXE - Bad image

Anvendelsen eller DLL'en C: \ Windows \ rakxhfy.dll er ikke et gyldigt Windows Image. Kontroller dette mod din installtion disk.

Jeg var nødt til at genstarte og OTMOVEIT kom op igen, og jeg kom op med den samme fejl dialogboksen som ovenfor. Hvordan kan jeg slippe af med denne OTMOVEIT2 når den genstarter. Er der noget andet, som der skal gøres?
  #4  
Old 16. oktober 2008, 12:45
Redaktør Gruppen
  
Ja der er mere at gøre. Må ikke bekymre dig om fejlmeddelelsen ...

Downloade random's system informationsværktøj (RSIT) ved tilfældig / tilfældigt fra og gemme den til dit skrivebord.
  • Dobbeltklik på RSIT.exe til at køre.
  • Klik på Fortsæt på ansvarsfraskrivelse skærmen.
  • Når det er færdigt, to logfiler vil åbne.
  • Log.txt <vil blive maksimeret og info.txt <vil blive minimeret
  • Please post indholdet af begge logfiler i næste svar.
__________________
  #5  
Old 16. oktober 2008, 13:26
Medlem Gruppen
  
Log.txt:
Din fil af 28.7 KB bytes overstiger forum's grænse på 19,5 KB for denne filtype. Jeg var nødt til at WinZip logfilen for at få det til at du behøver at cdonstraints af COMPUTER saft udlæg i filer.
Vedhæftede filer
File Type: txt info.txt (12.5 KB, 24 visninger)
File Type: zip ziplog file.zip (7,5 KB, 9 visninger)
  #6  
Old 16. oktober 2008, 13:34
Medlem Gruppen
  
LOG FILE

Logfile stikprøvekontrolaktioner system informationsværktøj 1,04 (skrevet af tilfældige / tilfældige)
Drives af ejeren på 2008-10-16 15:56:08
Microsoft Windows XP Home Edition Service Pack 3
System drev C: er 136 GB (92%) fri for 149 GB
Total RAM: 382 MB (30% gratis)
Logfile af Trend Micro HijackThis v2.0.2
Scan gemt på 3:56:33 PM, den 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe
C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Programmer \ Ahead \ InCD \ InCDsrv.exe
C: \ Programmer \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Programmer \ Fælles filer \ New Boundary \ PrismXL \ PRISMXL.SYS
C: \ Programmer \ QuickTime \ qttask.exe
C: \ Programmer \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
C: \ Programmer \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programmer \ Olympus \ DeviceDetector \ DevDtct2.exe
C: \ Programmer \ Google \ Google Updater \ GoogleUpdater.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Documents and Settings \ Ejer \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 6QBVSP54 \ RSIT [1]. Exe
C: \ Programmer \ Common Files \ Symantec Shared \ COH \ coh32.exe
C: \ Programmer \ Trend Micro \ HijackThis \ Owner.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.emachines.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Programmer \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \ Programmer \ Common Files \ Symantec Shared \ coShared \ Browser \ 2.6 \ coIEPlg.dll
O2 - BHO: Symantec Tyverisikrings Forebyggelse - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - C: \ Windows \ system32 \ digestp.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll
O3 - Toolbar: Vis Norton Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \ Programmer \ Common Files \ Symantec Shared \ coShared \ Browser \ 2.6 \ CoIEPlg.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programmer \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [osCheck] "C: \ Programmer \ Norton 360 \ osCheck.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programmer \ Messenger \ msmsgs.exe" / baggrund
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - Global Startup: Device Detector 3.lnk = C: \ Programmer \ Olympus \ DeviceDetector \ DevDtct2.exe
O4 - Global Startup: Google Updater.lnk = C: \ Programmer \ Google \ Google Updater \ GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Programmer \ Microsoft Office \ Office \ OSA9.EXE
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Ekstra knap: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (2D8ED06D-3C30-438B-96AE-4D110FDC1FB8) (ActiveScan 2.0 Installer Class) -- http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1211623928390
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1211630845500
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: paubftzz - C: \ WINDOWS \ SYSTEM32 \ digestp.dll
O23 - Service: Ati Genvejstast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Programmer \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - FREMAD Software - C: \ Programmer \ Ahead \ InCD \ InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ Programmer \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C: \ Programmer \ Fælles filer \ New Boundary \ PrismXL \ PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown ejer - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe
--
End of file - 7993 bytes
====== Scheduled opgaver mappe ======
C: \ WINDOWS \ opgaver \ Automatisk Fuld Backup.job
C: \ WINDOWS \ opgaver \ Daglig Changed Files.job
C: \ WINDOWS \ opgaver \ PEACTREE UGENTLIG BACK UP.job
====== Registry dump ======
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3)]
Adobe PDF Reader Link Helper - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (3049C3E9-B461-4BC5-8870-4C09146192CA)]
RealPlayer Hent og Record Plugin for Internet Explorer - C: \ Programmer \ Real \ RealPlayer \ rpbrowserrecordplugin.dll [2008-04-19 308856]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408)]
C: \ Programmer \ Common Files \ Symantec Shared \ coShared \ Browser \ 2.6 \ coIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (6D53EC84-6AAE-4787-AEEE-F4628F01010C)]
Symantec Tyverisikrings Forebyggelse - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll [2008-10-16 116088]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AA58ED58-01DD-4d91-8333-CF10577473F7)]
Google Toolbar Helper - c: \ program files \ google \ googletoolbar1.dll [2007-06-04 2554944]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AF69DE43-7D58-4638-B6FA-CE66B5AD205D)]
Google Toolbar Notifier BHO - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll [2008-09-26 737776]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
C: \ Windows \ system32 \ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll [2005-08-04 343112]
(2318C2B1-4965-11D4-9B18-009027A5CD4F) - & Google - c: \ program files \ google \ googletoolbar1.dll [2007-06-04 2554944]
ID
(7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - Vis Norton Toolbar - C: \ Programmer \ Common Files \ Symantec Shared \ coShared \ Browser \ 2.6 \ CoIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = C: \ Programmer \ QuickTime \ qttask.exe [2005-01-28 98304]
"Adobe Photo Downloader" = C: \ Programmer \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe [2005-06-06 57344]
"Adobe Reader Speed Launcher" = C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe [2008-01-11 39792]
"TkBellExe" = C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe [2008-04-19 185896]
"ccApp" = C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe [2008-02-18 51048]
"osCheck" = C: \ Programmer \ Norton 360 \ osCheck.exe [2008-02-26 988512]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"MSMSGS" = C: \ Programmer \ Messenger \ msmsgs.exe [2008-04-13 1695232]
"Ctfmon.exe" = C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware" = C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ATIPTA]
C: \ Programmer \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [2004-11-12 344064]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ccApp]
C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe [2008-02-18 51048]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CHotkey]
C: \ WINDOWS \ zHotkey.exe [2004-05-17 543232]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe]
C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ InCD]
C: \ Programmer \ Ahead \ InCD \ InCD.exe [2003-09-01 1200178]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ MSMSGS]
C: \ Programmer \ Messenger \ msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroCheck]
C: \ WINDOWS \ system32 \ \ NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroFilterCheck]
C: \ WINDOWS \ system32 \ NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Recguard]
C: \ WINDOWS \ SMINST \ RECGUARD.EXE [2002-09-13 212992]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl]
C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe [2003-10-31 32768]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ShowWnd]
C: \ WINDOWS \ ShowWnd.exe [2003-09-19 36864]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SoundMan]
C: \ WINDOWS \ SOUNDMAN.EXE [2004-11-15 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunKistEM]
C: \ Programmer \ Digital Media Reader \ shwiconem.exe [2004-11-15 135168]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ UpdateManager]
C: \ Programmer \ Common Files \ Sonic \ Update Manager \ sgtray.exe [2003-08-19 110592]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ BigFix.lnk]
C: \ PROGRA ~ 1 \ BigFix \ BigFix.exe [2002-07-31 1742384]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk]
C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office \ OSA9.EXE [2000-01-21 65588]
C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Startup
Device Detector 3.lnk - C: \ Programmer \ Olympus \ DeviceDetector \ DevDtct2.exe
Google Updater.lnk - C: \ Programmer \ Google \ Google Updater \ GoogleUpdater.exe
Microsoft Office.lnk - C: \ Programmer \ Microsoft Office \ Office \ OSA9.EXE
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ AtiExtEvent]
C: \ WINDOWS \ system32 \ Ati2evxx.dll [2006-02-21 61440]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz]
C: \ WINDOWS \ system32 \ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad]
UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \ WINDOWS \ system32 \ upnpui.dll [2008-04-13 239616]
WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Policies \ System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Policies \ Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ list]
"% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe" = "C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL"
"C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLacsd.exe" = "C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL"
"C: \ Programmer \ America Online 9.0 \ waol.exe" = "C: \ Programmer \ America Online 9.0 \ waol.exe: *: Enabled: America Online 9.0"
"% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
"C: \ Programmer \ Internet Explorer \ iexplore.exe" = "C: \ Programmer \ Internet Explorer \ iexplore.exe: *: Disabled: Internet Explorer"
"C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe" = "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe: *: Enabled: LogMeIn Rescue"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe" = "C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL"
"C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLacsd.exe" = "C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL"
"C: \ Programmer \ America Online 9.0 \ waol.exe" = "C: \ Programmer \ America Online 9.0 \ waol.exe: *: Enabled: America Online 9.0"
"% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)]
shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe Shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-B301-806d6172696f)]
shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe Shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480

====== Liste over de filer / mapper oprettet i de sidste 1 måneder ======
2008-10-16 15:56:08 ---- D ---- C: \ rsit
2008-10-16 15:19:05 ---- D ---- C: \ _OTMoveIt
2008-10-16 14:07:16 ---- D ---- C: \ Programmer \ Panda Security
2008-10-16 13:48:04 ---- A ---- C: \ WINDOWS \ system32 \ CF23987.exe
2008-10-16 13:47:57 ---- A ---- C: \ Bug.txt
2008-10-16 13:20:06 ---- D ---- C: \ VundoFix sikkerhedskopieringer
2008-10-16 13:20:06 ---- A ---- C: \ VundoFix.txt
2008-10-16 12:26:25 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-10-16 12:25:40 ---- D ---- C: \ Programmer \ SUPERAntiSpyware
2008-10-16 12:25:39 ---- D ---- C: \ Documents and Settings \ Ejer \ Application Data \ SUPERAntiSpyware.com
2008-10-16 12:25:12 ---- D ---- C: \ Programmer \ Common Files \ Wise Installation Wizard
2008-10-16 11:20:45 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956803 $
2008-10-16 11:20:36 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956391 $
2008-10-16 11:20:27 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB957095 $
2008-10-16 11:17:11 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB954211 $
2008-10-16 11:16:54 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956841 $
2008-10-16 11:08:22 ---- D ---- C: \ WINDOWS \ system32 \ N360_BACKUP
2008-10-16 10:48:03 ---- DC ---- C: \ WINDOWS \ system32 \ DRVSTORE
2008-10-16 10:47:42 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-16 10:24:37 ---- D ---- C: \ Programmer \ Windows Sidebar
2008-10-16 10:24:06 ---- D ---- C: \ Programmer \ Norton 360
2008-10-16 10:22:49 ---- A ---- C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-10-15 17:26:20 ---- D ---- C: \ Programmer \ NoNAV
2008-10-15 16:41:28 ---- D ---- C: \ SymNoNav
2008-10-15 16:22:38 ---- D ---- C: \ WINDOWS \ LMI42.tmp
2008-10-15 15:10:33 ---- D ---- C: \ Programmer \ Trend Micro
2008-10-11 12:25:41 ---- D ---- C: \ WINDOWS \ søndag
2008-10-11 12:25:41 ---- D ---- C: \ Documents and Settings \ Ejer \ Application Data \ søndag
2008-10-11 12:00:57 ---- D ---- C: \ Programmer \ CCleaner
2008-10-11 11:38:42 ---- D ---- C: \ Documents and Settings \ Ejer \ Application Data \ Malwarebytes
2008-10-11 11:38:37 ---- D ---- C: \ Programmer \ Malwarebytes' Anti-Malware
2008-10-11 11:38:37 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
====== Liste over de filer / mapper ændret i den sidste 1 måneder ======
2008-10-16 15:44:12 ---- D ---- C: \ Programmer \ Common Files \ Symantec Shared
2008-10-16 15:43:38 ---- D ---- C: \ Windows \ Temp
2008-10-16 15:27:24 ---- D ---- C: \ WINDOWS \ system32 \ Catroot2
2008-10-16 15:25:42 ---- A ---- C: \ WINDOWS \ SchedLgU.Txt
2008-10-16 15:12:27 ---- A ---- C: \ WINDOWS \ hpbafd.ini
2008-10-16 15:12:19 ---- A ---- C: \ WINDOWS \ system32 \ NTS5CSET.INI
2008-10-16 15:05:13 ---- D ---- C: \ WINDOWS
2008-10-16 14:13:35 ---- D ---- C: \ Windows \ System32 \ Drivers
2008-10-16 14:07:16 ---- RD ---- C: \ Program Files
2008-10-16 14:07:16 ---- HD ---- C: \ Windows \ Inf
2008-10-16 14:06:35 ---- SD ---- C: \ WINDOWS \ Downloaded Program Files
2008-10-16 13:49:56 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008-10-16 13:48:11 ---- D ---- C: \ WINDOWS \ system32
2008-10-16 12:26:10 ---- SHD ---- C: \ Windows \ Installer
2008-10-16 12:25:12 ---- D ---- C: \ Programmer \ Fælles filer
2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Minidump
2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Debug
2008-10-16 11:20:47 ---- RSHDC ---- C: \ WINDOWS \ system32 \ dllcache
2008-10-16 11:20:43 ---- HD ---- C: \ WINDOWS \ $ hf_mig $
2008-10-16 11:20:07 ---- D ---- C: \ Programmer \ Internet Explorer
2008-10-16 11:19:54 ---- D ---- C: \ WINDOWS \ ie7updates
2008-10-16 11:19:07 ---- A ---- C: \ WINDOWS \ win.ini
2008-10-16 11:08:11 ---- D ---- C: \ Documents and Settings \ Ejer \ Application Data \ Symantec
2008-10-16 11:04:17 ---- D ---- C: \ Programmer \ Symantec
2008-10-16 11:01:12 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-10-16 10:46:55 ---- D ---- C: \ WINDOWS \ Prefetch
2008-10-15 17:42:01 ---- D ---- C: \ Documents and Settings
2008-10-15 15:38:45 ---- D ---- C: \ WINDOWS \ WinSxS
2008-10-15 15:38:45 ---- D ---- C: \ Programmer \ Common Files \ Microsoft Shared
2008-10-15 14:55:27 ---- D ---- C: \ WINDOWS \ system32 \ Restore
2008-10-15 13:23:32 ---- A ---- C: \ WINDOWS \ PCW120.ini
2008-10-15 13:23:22 ---- D ---- C: \ SHAREDAT
2008-10-14 14:58:10 ---- D ---- C: \ Shardata
2008-10-11 11:30:23 ---- SHD ---- C: \ System Volume Information
2008-10-07 15:19:40 ---- A ---- C: \ WINDOWS \ system32 \ Mrt.exe
2008-10-03 13:41:15 ---- A ---- C: \ WINDOWS \ system32 \ ieframe.dll
2008-09-24 08:36:56 ---- D ---- C: \ Programmer \ Common Files \ Peach
====== List af bilister (R = Running, S = Stoppet, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Deaktiveret )======
R1 AmdPPM; AMD HwPState Processor Driver; C: \ Windows \ System32 \ Drivers \ AmdPPM.sys [2007-04-16 33792]
R1 eeCtrl; Symantec Eraser Control føreren; \? \ C: \ Programmer \ Common Files \ Symantec Shared \ EENGINE \ eeCtrl.sys []
R1 InCDPass; InCDPass; C: \ Windows \ System32 \ Drivers \ InCDPass.sys [2003-09-01 28528]
R1 incdrm; InCD EasyWrite Reader; C: \ Windows \ System32 \ Drivers \ incdrm.sys [2003-08-21 25520]
R1 SASDIFSV; SASDIFSV; \? \ C: \ Programmer \ SUPERAntiSpyware \ SASDIFSV.SYS []
R1 SASKUTIL; SASKUTIL; \? \ C: \ Programmer \ SUPERAntiSpyware \ SASKUTIL.sys []
R1 SPBBCDrv; SPBBCDrv; \? \ C: \ Programmer \ Common Files \ Symantec Shared \ SPBBC \ SPBBCDrv.sys []
R1 SRTSPX; SRTSPX; C: \ Windows \ System32 \ Drivers \ SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI; SYMTDI; C: \ Windows \ System32 \ Drivers \ SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon; CO_Mon; \? \ C: \ Windows \ System32 \ Drivers \ CO_Mon.sys []
R2 mdmxsdk; mdmxsdk; C: \ Windows \ System32 \ Drivers \ mdmxsdk.sys [2004-03-17 13059]
R2 tmcomm; tmcomm; \? \ C: \ Windows \ System32 \ Drivers \ tmcomm.sys []
R3 ALCXWDM; Service for Realtek AC97 Audio (WDM); C: \ Windows \ System32 \ Drivers \ ALCXWDM.SYS [2004-11-18 2297664]
R3 Arp1394; 1394 ARP Client protokol; C: \ Windows \ System32 \ Drivers \ arp1394.sys [2008-04-13 60800]
R3 ati2mtag; ati2mtag; C: \ Windows \ System32 \ Drivers \ ati2mtag.sys [2006-02-21 1505792]
R3 COH_Mon; COH_Mon; \? \ C: \ Windows \ System32 \ Drivers \ COH_Mon.sys []
R3 EraserUtilRebootDrv; EraserUtilRebootDrv; \? \ C: \ Programmer \ Common Files \ Symantec Shared \ EENGINE \ EraserUtilRebootDrv.sys []
R3 GEARAspiWDM; GEAR ASPI Filter Driver; C: \ Windows \ System32 \ Drivers \ GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP; HSF_DP; C: \ Windows \ System32 \ Drivers \ HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2; HSFHWBS2; C: \ Windows \ System32 \ Drivers \ HSFHWBS2.sys [2004-06-17 220032]
R3 NAVENG; NAVENG; \? \ C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVENG.SYS []
R3 NAVEX15; NAVEX15; \? \ C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVEX15.SYS []
R3 NIC1394; 1394 Net Driver; C: \ Windows \ System32 \ Drivers \ Nic1394.sys [2008-04-13 61824]
R3 rtl8139; Realtek RTL8139 (A / B / C)-baseret PCI Fast Ethernet Adapter NT Driver; C: \ Windows \ System32 \ Drivers \ RTL8139.SYS [2004-08-04 20992]
R3 SASENUM; SASENUM; \? \ C: \ Programmer \ SUPERAntiSpyware \ SASENUM.SYS []
R3 SRTSP; SRTSP; C: \ Windows \ System32 \ Drivers \ SRTSP.SYS [2008-01-31 279088]
R3 SunkFilt; Alcor Micro Corp Reader; \? \ C: \ Windows \ System32 \ Drivers \ sunkfilt.sys []
R3 SYMDNS; SYMDNS; C: \ Windows \ System32 \ Drivers \ SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent; SymEvent; \? \ C: \ Windows \ System32 \ Drivers \ SYMEVENT.SYS []
R3 SYMFW; SYMFW; C: \ Windows \ System32 \ Drivers \ SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS; SYMIDS; C: \ Windows \ System32 \ Drivers \ SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO; SYMIDSCO; \? \ C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ SYMANT ~ 1 \ SymcData \ ipsdefs \ 20081014.001 \ SymIDSCo.sys []
R3 SymIMMP; SymIMMP; C: \ Windows \ System32 \ Drivers \ SymIM.sys [2008-06-13 31280]
R3 SYMNDIS; SYMNDIS; C: \ Windows \ System32 \ Drivers \ SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV; SYMREDRV; C: \ Windows \ System32 \ Drivers \ SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci; Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C: \ Windows \ System32 \ Drivers \ usbehci.sys [2008-04-13 30208]
R3 usbhub; USB2 Enabled Hub; C: \ Windows \ System32 \ Drivers \ usbhub.sys [2008-04-13 59520]
R3 usbohci; Microsoft USB Open Host Controller Miniport Driver; C: \ Windows \ System32 \ Drivers \ usbohci.sys [2008-04-13 17152]
R3 USBSTOR; USB Mass Storage Driver; C: \ Windows \ System32 \ Drivers \ USBSTOR.SYS [2008-04-13 26368]
R3 winachsf; winachsf; C: \ Windows \ System32 \ Drivers \ HSF_CNXT.sys [2004-06-17 685056]
R4 InCDfs; InCD File System; C: \ Windows \ System32 \ Drivers \ InCDfs.sys [2003-09-01 88800]
S1 P3; Intel PentiumIII Processor Driver; C: \ Windows \ System32 \ Drivers \ p3.sys [2008-04-13 42752]
S3 Bridge; MAC Bridge; C: \ Windows \ System32 \ Drivers \ bridge.sys [2008-04-13 71552]
S3 BridgeMP; MAC Bridge Miniport; C: \ Windows \ System32 \ Drivers \ bridge.sys [2008-04-13 71552]
S3 mxnic; Macronix MX987xx Familie Fast Ethernet NT Driver; C: \ Windows \ System32 \ Drivers \ mxnic.sys [2001-08-17 19968]
S3 nv; nv; C: \ Windows \ System32 \ Drivers \ nv4_mini.sys [2004-08-04 1897408]
S3 SRTSPL; SRTSPL; C: \ Windows \ System32 \ Drivers \ SRTSPL.SYS [2008-01-31 317616]
S3 SymIM; Symantec Network Security Intermediate Filter Service; C: \ Windows \ System32 \ Drivers \ SymIM.sys [2008-06-13 31280]
S3 usbuhci; Microsoft USB Universal Host Controller Miniport Driver; C: \ Windows \ System32 \ Drivers \ usbuhci.sys [2008-04-13 20608]
S3 VNUSB; VN Series Device; C: \ Windows \ System32 \ Drivers \ VNUSB.sys [2003-12-15 38448]
S3 wanatw; WAN Miniport (ATW); C: \ Windows \ System32 \ Drivers \ wanatw4.sys []
S3 WudfPf; Windows Driver Foundation - User-mode Driver Framework Platform Driver; C: \ Windows \ System32 \ Drivers \ WudfPf.sys [2006-09-28 77568]
S3 WudfRd; Windows Driver Foundation - User-mode Driver Framework Reflector; C: \ Windows \ System32 \ Drivers \ wudfrd.sys [2006-09-28 82944]
S4 sr; System Restore Filter Driver; C: \ Windows \ System32 \ Drivers \ sr.sys [2008-04-13 73472]
====== List af tjenesteydelser (R = Running, S = Stoppet, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Deaktiveret )======
R2 Ati Genvejstast Poller; Ati Genvejstast Poller; C: \ WINDOWS \ system32 \ Ati2evxx.exe [2006-02-21 405504]
R2 Automatisk LiveUpdate Scheduler; Automatisk LiveUpdate Scheduler; C: \ Programmer \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe [2008-02-21 238968]
R2 ccEvtMgr; Symantec Event Manager; C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 ccSetMgr; Symantec Settings Manager; C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 CLTNetCnService; Symantec Lic NetConnect service; C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 gusvc; Google Updater Service; C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe [2007-06-04 138680]
R2 InCDsrv; InCD File System Service; C: \ Programmer \ Ahead \ InCD \ InCDsrv.exe [2003-09-01 798772]
R2 LiveUpdate Notice; LiveUpdate Notice; C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 MDM; Machine Debug Manager; C: \ Programmer \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE [2003-06-19 322120]
R2 PrismXL; PrismXL; C: \ Programmer \ Fælles filer \ New Boundary \ PrismXL \ PRISMXL.SYS [2005-01-28 172032]
S3 aspnet_state; ASP.NET stat Service; C: \ WINDOWS \ Microsoft.NET \ Framework \ v1.1.4322 \ aspne t_state.exe [2004-07-15 32768]
S3 comHost, KOM Host; C: \ Programmer \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe [2007-08-22 55640]
S3 LiveUpdate; LiveUpdate; C: \ Programmer \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE [2008-09-05 3220856]
S3 OSE; Office Source Engine; C: \ Programmer \ Common Files \ Microsoft Shared \ Source Engine \ Ose.exe [2003-07-28 89136]
S3 Symantec Core LC; Symantec Core LC; C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe [2008-10-16 1245064]
S3 WMPNetworkSvc; Windows Media Player Network Sharing Service; C: \ Programmer \ Windows Media Player \ WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc; Windows Driver Foundation - User-mode Driver Framework, C: \ WINDOWS \ system32 \ Svchost.exe [2008-04-13 14336]
----------------- EOF -----------------
  #7  
Old 16. oktober 2008, 13:50
Redaktør Gruppen
  
Den digestp.dll er stadig ikke gået.

Først:

Downloade Deaktiver / Fjern Windows Messenger til skrivebordet for at fjerne Windows Messenger.

Må ikke forveksle Windows Messenger med MSN Messenger fordi de ikke er de samme. Windows Messenger er en hyppig årsag til popups.

Unzip filen på skrivebordet. Åbn MessengerDisable.exe og vælg den nederste boks -- Afinstaller Windows Messenger og klik Ansøge.

Afslut ud af MessengerDisable derefter slette de to filer, der blev lagt på skrivebordet.

----------

Bemærk: nedenstående instruktioner var skabt specielt til denne bruger. Hvis du ikke er denne bruger, MÅ IKKE Følg disse anvisninger, som de kunne skade funktionen af dit system

Gå til Start> Kør og type Notepad.exe klik derefter på OK

Kopier og indsæt nedenfor i Notesblok, og gem som fixme.reg til din Desktop

Code:
REGEDIT4 [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] [-HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ MSMSGS] [-- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz]
Find fixme.reg på dit skrivebord og dobbeltklik på den. Svar Ja når du bliver bedt om at fusionere med topdomæneadministratoren.

Sørg for, at du fortælle mig, hvis du modtager en succes besked om at lægge den over i registreringsdatabasen. Hvis du ikke får en succes besked, det ikke virkede.

Slet fixme.reg fra skrivebordet.

----------

Din Java er forældet.

Ældre versioner har sårbarheder at ondsindede websteder kan bruge til at inficere dit system.

Først installere de nye Søndag Java Runtime Environment

Sørg for at lukke alle browservinduer, før du begynder installationen.

Fjern den gamle version (s)

Downloade JavaRa
  • Unzip filen, og åbne JavaRa.exe
  • Klik på Fjern ældre versioner
  • JavaRa vil søge efter og fjerne forældet version af Java og fjerne enhver, der findes.
  • Klik på Supplerende opgaver
  • Anbring en markeringen ud for Fjern Useless JRE Files og klik Start
  • Afslut JavaRa
  • Slet JavaRa filer fra Desktop
----------

Mistænkelige filer for at scanne

Gå til VirSCAN.org gratis online scanning service
(Hvis mere end én fil behov scannet de skal ske særskilt og logfiler indsendt for hver en)

1. Kopier og indsæt følgende filstien i Mistænkelige filer for at scanne rubrik på toppen af siden.
Code:
C: \ WINDOWS \ system32 \ CF23987.exe
2. Ved upload site, klik en gang inde i vinduet ved siden af Browse.
3. Tryk Ctrl + V på tastaturet (begge dele på samme tid) for at indsætte filstien i vinduet.
4. Klik på Upload knappen.
Dette vil foretage en scanning på tværs af flere forskellige virusscanningen motorer.
Din fil vil muligvis være trådt i en kø, der normalt tager mindre end et minut til at klare.
Vigtigt: Vent, til alle de scanning motorer til at fuldføre.
5. Når scanningen er fuldført skal du rulle ned og klikke på Kopier til Udklipsholder knappen. Dette vil kopiere linket af rapporten i Udklipsholder.
6. Indsæt indholdet af Udklipsholder i dit næste svar.

----------

Efter udstationering af VirSCAN.org resultater.

Downloade ATF Cleaner ved Atribune til dit skrivebord.

Alternativ download link

Bemærk: Vista-brugere skal bruge Kør som administrator
  • Under Main: Vælg filer til Slet vælge: Vælg Alle.
  • Klik på Tomme Udvalgte knappen.
  • Hvis du bruger Firefox-browser Klik Firefox øverst og vælge: Vælg Alle
  • Klik på Tomme Udvalgte knappen.
    Hvis du gerne vil holde dine gemte adgangskoder klik Nej ved prompten.
  • Hvis du bruger Opera-browser Klik Opera øverst og vælge: Vælg Alle
  • Klik på Tomme Udvalgte knappen.
    Hvis du gerne vil holde dine gemte adgangskoder klik Nej ved prompten.
  • Klik på Afslut på hovedmenuen for at lukke programmet.
Bemærk, at dit system vil køre langsommere for en genstart eller to efter at have brugt dette værktøj så ikke panik.

Vigtigt: Genstart computeren, inden du fortsætter.
__________________
  #8  
Old 16. oktober 2008, 14:39
Medlem Gruppen
  
1. Succes i Fixme.reg

2. Så her er de 2 log filer, du ville have mig til at sende

A. JavaRa 1.11 Fjernelse Log.
Beretning følger efter linje.
------------------------------------
Den JavaRa fjernelsesprocessen blev startet på Tor okt 16 17:23:09 2008
Fundet og fjernet: C: \ Windows \ System32 \ jpicpl32.cpl
Fundet og fjernet: C: \ Windows \ Installer \ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Fundet og fjernet: SOFTWARE \ Javasofts \ Java Runtime Environment \ 1.4
Fundet og fjernet: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstal l \ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Fundet og fjernet: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA)
Fundet og fjernet: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB)
Fundet og fjernet: SOFTWARE \ Classes \ Installer \ Products \ 8A0F841731866D 117AB7000B0D410200
Fundet og fjernet: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installe r \ UserData \ S-1-5-18 \ Products \ 8A0F841731866D117AB7000B0D410200
Fundet og fjernet: SOFTWARE \ Classes \ JavaPlugin.142
Fundet og fjernet: SOFTWARE \ Javasofts \ Java Plug-in \ 1.4.2
Fundet og fjernet: SOFTWARE \ Javasofts \ Java Runtime Environment \ 1.4.2
Fundet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.4.2
Fundet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.0.1
Fundet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.0.1_02
Fundet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.0.1_03
Fundet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.0.1_04
Fundet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.2
Fundet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.2.0_01
------------------------------------
Finished rapportering.

JavaRa 1.11 Fjernelse Log.
Beretning følger efter linje.
------------------------------------
Den JavaRa fjernelsesprocessen blev startet på Tor okt 16 17:23:18 2008
------------------------------------
Finished rapportering.



B. VirSCAN. Org Scannet Rapport:
Scannet tid: 2008/10/16 17:27:59 (EDT)
Scanner resultater: Alle Scannere rapporteret ikke finde malware!
Filnavn: CF23987.exe
Filstørrelse: 389120 byte
File Type: PE32 eksekverbare for MS Windows (konsol) Intel 80386 32-bit
MD5: b65faf059812f22a1058ecfcb520e47b
SHA1: 8148c039b0f0a166bc1a1801fe6d14716bdcec1f
Online rapport: http://virscan.org/report/36cd3be0f2...66947033e.html
Scanner Engine Ver Sig Ver Sig Dato Klokkeslæt Scan resultat
a-squared 4.0.0.16 2008.10.15 2008-10-15 1,54 --
AhnLab V3 ... .. - 0,18 --
AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0,08 --
Antiy 2.0.18 20081016,1488960 2008-10-16 0,12 --
Arcavir 1.0.5 200810161244 2008-10-16 1,23 --
Authentium 5.1.1 200810150216 2008-10-15 1,17 --
Avast! 3.0.1 081015-0 2008-10-15 0,72 --
AVG 7.5.52.442 270.8.1/1728 2008-10-16 1,68 --
BitDefender 7.60825.1875439 7,21294 2008-10-17 3,13 --
CA (EUD) 9.0.0.143 31.6.6151 2008-10-16 5,37 --
ClamAV 0,94 8435 2008 -10-17 0,13 --
Comodo 2,11 2.0.0.678 2008-10-16 0,44 --
CP Secure 1.1.0.715 2008.10.17 2008-10-17 6,26 --
Dr.Web 4.44.0.9170 2008.10.16 2008-10-16 3,41 --
ewido 4.0.0.2 2008.10.16 2008-10-16 2,90 --
F-Prot 4.4.4.56 20081016 2008-10-16 1,19 --
F-Secure 5.51.6100 2008 .10.16.09 2008-10-16 3,55 --
Fortinet 2.81-3.113 9,647 2008-10-15 0,23 --
GData 19.1058/19.65 20081016 2008-10-16 2,65 --
ViRobot 20081016 2008.10.16 2008-10-16 0,40 --
Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3,99 --
JiangMin 11.0.706 2008.10.16 2008-10-16 1,26 --
Kaspersky 5.5.10 2008.10.16 2008-10-16 0,04 --
KingSoft 2008.9.8.18 2008.10.16.17 2008-10-16 0,66 --
McAfee 5.3.00 5406 2008-10-15 2,13 --
Microsoft 1,4005 2008.10.16 2008-10-16 3,93 --
mks_vir 2,01 2008.10.16 2008-10-16 2,75 --
Norman 5.93.01 5.93.00 2008-10-16 5,21 --
Panda 9.05.01 2008.10.16 2008-10-16 2,28 --
Trend Micro 8.700-1004 5.604.11 2008-10-16 0,03 --
Quick hæl 9,50 2008.10.16 2008-10-16 1,99 --
Stigende 20,0 20.66.32.00 2008-10-16 0,77 --
Sophos 2.79.0 4,34 2008-10-17 1,86 --
Sunbelt 3.1.1728.1 2317 2008-10-16 0,48 --
Symantec 1.3.0.24 20081016,004 2008-10-16 0,05 --
nProtect 2008-10-16.00 2247055 2008-10-16 4,22 --
Den Hacker 6.3.1.0 v00116 2008-10-16 0,45 --
VBA32 3.12.8.7 20081016,1009 2008-10-16 1,43 --
VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0,99 --
  #9  
Old 16. oktober 2008, 14:41
Redaktør Gruppen
  
Download ComboFix ved Subs fra et af nedenstående links. Vær sikker på toppen gemme den til Desktop.

Link # 1
Link # 2

** Note: Det er vigtigt, at den er gemt direkte til dit skrivebord

Luk alle åbne Internet-browsere. (Firefox, Internet Explorer, osv.), før du begynder ComboFix.

Midlertidigt deaktivere din antivirus, Og enhver antispyware realtid beskyttelse før udførelse af en scanning. Klik på dette link at se en liste over sikkerhedsprogrammer, der skal være slået fra, og hvordan du deaktivere dem.

Dobbeltklik combofix.exe & følg instruktionerne.
Når du er færdig ComboFix vil udarbejde en log for dig.
Post den ComboFix log i dit næste svar.

Vigtigt: Må ikke mouseclick ComboFix vindue mens den kører. Det kan få det til at stå.

Husk at genaktivere dine antivirus-og antispyware beskyttelse, når ComboFix er færdig.
__________________
  #10  
Old 16. oktober 2008, 15:11
Medlem Gruppen
  
ComboFix 08-10-16.01 - Ejer 2008-10-16 17:52:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00]
Kører fra: C: \ Documents and Settings \ Ejer \ Desktop \ ComboFix.exe
* Skabt et nyt gendannelsespunkt
.
((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ jestertb.dll
D: \ Autorun.inf
.
((((((((((((((((((((((((( Files Created fra 2008-09-16 til 2008-10-16 ))))))))))) ))))))))))))))))))))
.
2008-10-16 16:16. 2008-10-16 16:17 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ WinZip
2008-10-16 15:56. 2008-10-16 16:23 <DIR> d -------- C: \ rsit
2008-10-16 15:19. 2008-10-16 15:19 <DIR> d -------- C: \ _OTMoveIt
2008-10-16 14:07. 2008-10-16 14:07 <DIR> d -------- C: \ Programmer \ Panda Security
2008-10-16 14:07. 2008-06-19 17:24 28.544 - a ------ C: \ Windows \ System32 \ Drivers \ pavboot.sys
2008-10-16 13:20. 2008-10-16 13:20 <DIR> d -------- C: \ VundoFix sikkerhedskopieringer
2008-10-16 12:26. 2008-10-16 12:26 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-10-16 12:25. 2008-10-16 13:40 <DIR> d -------- C: \ Programmer \ SUPERAntiSpyware
2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Programmer \ Common Files \ Wise Installation Wizard
2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Documents and Settings \ Ejer \ Application Data \ SUPERAntiSpyware.com
2008-10-16 11:08. 2008-10-16 11:08 <DIR> d -------- C: \ WINDOWS \ system32 \ N360_BACKUP
2008-10-16 10:48. 2008-10-16 10:48 <DIR> d ---- c --- C: \ WINDOWS \ system32 \ DRVSTORE
2008-10-16 10:47. 2008-10-16 10:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-16 10:24. 2008-10-16 10:24 <DIR> d -------- C: \ Programmer \ Windows Sidebar
2008-10-16 10:24. 2008-10-16 11:44 <DIR> d -------- C: \ Programmer \ Norton 360
2008-10-16 10:22. 2008-10-16 11:04 123.952 - a ------ C: \ Windows \ System32 \ Drivers \ SYMEVENT.SYS
2008-10-16 10:22. 2008-10-16 11:04 60.800 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-10-16 10:22. 2008-10-16 11:04 10.671 - a ------ C: \ Windows \ System32 \ Drivers \ SYMEVENT.CAT
2008-10-16 10:22. 2008-10-16 11:04 805 - a ------ C: \ Windows \ System32 \ Drivers \ SYMEVENT.INF
2008-10-16 10:16. 2008-09-08 06:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ srv.sys
2008-10-16 10:15. 2008-08-14 06:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe
2008-10-16 10:15. 2008-08-14 06:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-16 10:15. 2008-08-14 05:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlpa.exe
2008-10-16 10:15. 2008-08-14 05:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrpamp.exe
2008-10-16 10:15. 2008-09-15 08:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys
2008-10-16 10:09. 2008-10-16 10:10 <DIR> d -------- C: \ Documents and Settings \ Administrator \. Housecall6.6
2008-10-15 17:42. 2004-08-27 05:54 <DIR> d -------- C: \ Documents and Settings \ Administrator \ WINDOWS
2008-10-15 17:42. 2005-01-28 05:22 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SampleView
2008-10-15 17:42. 2005-01-28 05:26 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ McAfee
2008-10-15 17:42. 2008-10-15 17:42 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-10-15 17:42. 2008-10-16 10:09 <DIR> d -------- C: \ Documents and Settings \ Administrator
2008-10-15 17:26. 2008-10-15 17:26 <DIR> d -------- C: \ Programmer \ NoNAV
2008-10-15 16:41. 2008-10-15 17:26 <DIR> d -------- C: \ SymNoNav
2008-10-15 16:22. 2008-10-15 17:27 <DIR> d -------- C: \ WINDOWS \ LMI42.tmp
2008-10-15 15:10. 2008-10-15 15:10 <DIR> d -------- C: \ Programmer \ Trend Micro
2008-10-11 13:05. 2008-10-11 12:33 102.664 - a ------ C: \ Windows \ System32 \ Drivers \ tmcomm.sys
2008-10-11 12:33. 2008-10-15 15:21 <DIR> d -------- C: \ Documents and Settings \ Ejer \. Housecall6.6
2008-10-11 12:25. 2008-10-11 12:25 <DIR> d -------- C: \ WINDOWS \ søndag
2008-10-11 12:00. 2008-10-11 12:01 <DIR> d -------- C: \ Programmer \ CCleaner
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Programmer \ Malwarebytes' Anti-Malware
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ Ejer \ Application Data \ Malwarebytes
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-10-11 11:38. 2008-09-10 00:04 38.528 - a ------ C: \ Windows \ System32 \ Drivers \ mbamswissarmy.sys
2008-10-11 11:38. 2008-09-10 00:03 17.200 - a ------ C: \ Windows \ System32 \ Drivers \ mbam.sys
2008-09-23 13:17. 2008-09-23 13:17 133 - a ------ C: \ Documents and Settings \ All Users \ Application Data \ ustore.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 21:53 --------- d ----- w C: \ Programmer \ Common Files \ Symantec Shared
2008-10-16 17:49 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008-10-16 15:08 --------- d ----- w C: \ Documents and Settings \ Ejer \ Application Data \ Symantec
2008-10-16 15:04 --------- d ----- w C: \ Programmer \ Symantec
2008-10-16 15:01 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-09-24 12:36 --------- d ----- w C: \ Programmer \ Common Files \ Peach
2008-09-08 10:41 333.824 ---- aw C: \ Windows \ System32 \ Drivers \ srv.sys
2008-08-19 10:32 --------- d ----- w C: \ Programmer \ Microsoft Silverlight
2005-10-20 18:06 76-c ---- w C: \ Documents and Settings \ Ejer \ Application Data \ wklnhst.dat
2005-05-27 00:43 0-csha-w C: \ WINDOWS \ SMINST \ HPCD.sys
2008-05-24 13:39 32.768-csha-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Local Settings \ History \ History.IE5 \ MSHist012008052420080 525 \ index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
2004-08-04 15:00 105984 - a ------ C: \ Windows \ system32 \ digestp.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ explorer \ shelliconoverlayidentifiers \ Ov erlayExcluded]
@ = "(4433A54A-1AC8-432F-90FC-85F045CF383C)"
[HKEY_CLASSES_ROOT \ CLSID \ (4433A54A-1AC8-432F-90FC-85F045CF383C)]
2008-02-26 04:34 576352 - a ------ C: \ Programmer \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ explorer \ shelliconoverlayidentifiers \ Ov erlayPending]
@ = "(F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)"
[HKEY_CLASSES_ROOT \ CLSID \ (F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)]
2008-02-26 04:34 576352 - a ------ C: \ Programmer \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ explorer \ shelliconoverlayidentifiers \ Ov erlayProtected]
@ = "(476D0EA3-80F9-48B5-B70B-05E677C9C148)"
[HKEY_CLASSES_ROOT \ CLSID \ (476D0EA3-80F9-48B5-B70B-05E677C9C148)]
2008-02-26 04:34 576352 - a ------ C: \ Programmer \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware" = "C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = "C: \ Programmer \ QuickTime \ qttask.exe" [2005-01-28 98304]
"Adobe Photo Downloader" = "C: \ Programmer \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe" [2005-06-06 57344]
"Adobe Reader Speed Launcher" = "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"TkBellExe" = "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-04-19 185896]
"ccApp" = "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe" [2008-02-18 51048]
"osCheck" = "C: \ Programmer \ Norton 360 \ osCheck.exe" [2008-02-26 988512]
C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \
Device Detector 3.lnk - C: \ Programmer \ Olympus \ DeviceDetector \ DevDtct2.exe [2007-06-27 114688]
Google Updater.lnk - C: \ Programmer \ Google \ Google Updater \ GoogleUpdater.exe [2007-06-04 125624]
Microsoft Office.lnk - C: \ Programmer \ Microsoft Office \ Office \ OSA9.EXE [2000-01-21 65588]
WinZip Quick Pick.lnk - C: \ Programmer \ WinZip \ WZQKPICK.EXE [2008-09-11 525664]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB, 48E0-853A-EBB7F4A000DA)" = "C: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \! SASWinLogon]
2007-04-19 13:41 294912 C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \ paubftzz]
2004-08-04 15:00 105984 C: \ WINDOWS \ system32 \ digestp.dll
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ BigFix.lnk]
path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ BigFix.lnk
backup = C: \ WINDOWS \ PSS \ BigFix.lnkCommon Startup
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk]
path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ Microsoft Office.lnk
backup = C: \ WINDOWS \ PSS \ Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ATIPTA]
- a - c --- 2004-11-12 01:10 344064 C: \ Programmer \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ccApp]
- a ------ 2008-02-18 15:37 51048 C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe]
- a ------ 2008-04-13 20:12 15360 C: \ WINDOWS \ system32 \ Ctfmon.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ InCD]
- a ------ 2003-09-01 09:32 1200178 C: \ Programmer \ Ahead \ InCD \ InCD.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroCheck]
- a ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroFilterCheck]
- a ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Recguard]
- a - c --- 2002-09-13 16:42 212992 C: \ WINDOWS \ SMINST \ Recguard.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl]
- a - c --- 2003-10-31 23:42 32768 C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunKistEM]
- a - c --- 2004-11-15 19:04 135168 C: \ Programmer \ Digital Media Reader \ shwiconEM.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ UpdateManager]
- a - c --- 2003-08-19 01:01 110592 C: \ Programmer \ Common Files \ Sonic \ Update Manager \ sgtray.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CHotkey]
- a - c --- 2004-05-17 22:30 543232 C: \ WINDOWS \ zHotkey.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ShowWnd]
- a - c --- 2003-09-19 13:09 36864 C: \ WINDOWS \ ShowWnd.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SoundMan]
- a - c --- 2004-11-15 23:20 77824 C: \ WINDOWS \ SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
R0 pavboot; pavboot; C: \ Windows \ System32 \ Drivers \ pavboo t.sys [2008-06-19 28544]
R0 shsizubv; shsizubv; C: \ Windows \ System32 \ Drivers \ shsi zubv.sys [2004-08-04 23424]
S3 COH_Mon; COH_Mon; C: \ Windows \ System32 \ Drivers \ COH_Mo n.sys [2008-07-30 23888]
S3 VNUSB; VN Series Device; C: \ Windows \ System32 \ Drivers \ VNUSB.sys [2003-12-15 38448]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs
qfbydciq
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)]
\ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe Shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-B301-806d6172696f)]
\ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe Shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
* Nyoprettede Service * - COMHOST
* Nyoprettede Service * - PROCEXP90
.
Indhold af "Planlagte opgaver" mappe
2008-10-12 C: \ WINDOWS \ Tasks \ Automatisk Fuld Backup.job
- C: \ Programmer \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10]
2008-10-15 C: \ WINDOWS \ Tasks \ Daglig Changed Files.job
- C: \ Programmer \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10]
2008-10-11 C: \ WINDOWS \ Tasks \ PEACTREE UGENTLIG BACK UP.job
- C: \ Programmer \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10]
.
- - - - Forældreløse FJERNES - - - --
Toolbar-id - (no file)

.
------- Supplerende Scan -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.emachines.com/
R0 -: HKCU-Main, SearchMigratedDefaultURL = hxxp: / / www.google.com/search?q = (searchTerms) & sourceid = ie7 & RLS = com.micros OFT: da-DK & ie = utf8 & oe = utf8
R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & ksporter til Microsoft Excel - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 17:54:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning skjulte processer ...
scanning skjulte autostart entries ...
scanning skjulte filer ...
scanning afsluttet med succes
skjulte filer: 0
************************************************** ************************
.
Afslutning tid: 2008-10-16 17:56:31
ComboFix-karantæne-files.txt 2008-10-16 21:56:27
Pre-Run: 142914838528 bytes fri
Post-Run: 142911078400 bytes fri
WindowsXP-KB310994-SP2-Home-bootdisk-DAN.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[operating systems]
C: \ Cmdcons \ BOOTSECT.DAT = "Microsoft Windows Genoprettelseskonsol" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Home Edition" / noexecute = OptIn / fastdetect
208 --- EOF --- 2008-10-16 15:20:49
Reply
Side 1 af 3 1 23

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Kontakt -- Privacy -- Sitemap -- Top

Annoncenetværk baseret på bytteøkonomi ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO ved vBSEO © 2009, websteds egnethed til webcrawling, Inc.