Søg
Avatar billede lillekiller Nybegynder
22. november 2007 - 22:17 Der er 12 kommentarer og
1 løsning

hijack log

jeg har fået noget skidt på pcen, nettet kører langsomt og popups kommer ind i mellem. hat kørt hijack, har selv ryddet lidt op i pcen først, men den er ikk helt ren endnu :-(
Logfile of HijackThis v1.99.1
Scan saved at 22:13:18, on 22-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\svcbost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
E:\sikkerhed\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/
O2 - BHO: (no name) - {35544C58-275F-496D-93C5-6BDA4E91857D} - C:\WINDOWS\system32\ddaya.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [amd_dc_opt] C:\Programmer\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmer\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001A5F4.dat
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: svcbost.exe - Unknown owner - C:\WINDOWS\svcbost.exe
Avatar billede ejvindh Ekspert
22. november 2007 - 22:40 #1
-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Hent denne fil, og pak den ud til en mappe på skrivebordet:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Gå så ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.

--  Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.
Avatar billede lillekiller Nybegynder
23. november 2007 - 06:55 #2
har er combofix loggen har kørt sdf først
Avatar billede lillekiller Nybegynder
23. november 2007 - 06:55 #3
ComboFix 07-11-19.3 - lillekiller 2007-11-23  6:39:52.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.799 [GMT 1:00]
Running from: C:\Documents and Settings\lillekiller\Skrivebord\ComboFix.exe
.

    Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\__c001A5F4.dat
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\deusnjfs.dllbox
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini2
C:\WINDOWS\system32\skdnzwvc.dllbox
C:\WINDOWS\system32\yyadd.ini
C:\WINDOWS\system32\yyadd.ini2

.
(((((((((((((((((((((((((  Files Created from 2007-10-23 to 2007-11-23  )))))))))))))))))))))))))))))))
.

2007-11-23 06:35    <DIR>    d--------    C:\WINDOWS\ERUNT
2007-11-22 16:02    <DIR>    d--------    C:\Programmer\X-Cleaner
2007-11-22 15:57    737,018    ---hs----    C:\WINDOWS\system32\dbyblqxw.ini
2007-11-22 15:57    85,056    --a------    C:\WINDOWS\system32\wxqlbybd.dll
2007-11-22 15:57    79,936    --a------    C:\WINDOWS\system32\iupjvfdq.dll
2007-11-22 15:47    <DIR>    d--------    C:\VundoFix Backups
2007-11-22 15:47    71,232    ---------    C:\WINDOWS\system32\dxrdxbmc.exe
2007-11-22 15:43    145,984    --a------    C:\WINDOWS\system32\xckmewta.dll
2007-11-21 15:46    80,960    --a------    C:\WINDOWS\system32\pxajeeys.dll
2007-11-21 15:40    714,281    ---hs----    C:\WINDOWS\system32\numjdojy.ini
2007-11-21 15:40    85,056    --a------    C:\WINDOWS\system32\yjodjmun.dll
2007-11-21 15:34    145,984    --a------    C:\WINDOWS\system32\jxiufuho.dll
2007-11-20 20:49    <DIR>    d--------    C:\tarzan
2007-11-20 15:41    <DIR>    d--------    C:\Programmer\Ubisoft
2007-11-20 15:06    <DIR>    d--------    C:\Programmer\MansionPoker
2007-11-20 01:06    <DIR>    d--------    C:\Programmer\Winamp
2007-11-17 10:25    <DIR>    d--------    C:\Programmer\DAEMON Tools
2007-11-17 09:27    <DIR>    d--------    C:\Programmer\DAEMON Tools Pro
2007-11-10 21:42    <DIR>    d--------    C:\BMW M3 Challenge

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 20:38    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2007-11-22 20:38    ---------    d-----w    C:\Documents and Settings\lillekiller\Application Data\SUPERAntiSpyware.com
2007-11-22 17:22    ---------    d-----w    C:\Documents and Settings\lillekiller\Application Data\uTorrent
2007-11-20 14:41    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-11-19 14:51    ---------    d-----w    C:\Programmer\THQ
2007-11-10 07:51    ---------    d-----w    C:\Documents and Settings\lillekiller\Application Data\Microgaming
2007-11-09 09:02    ---------    d-----w    C:\Programmer\PKR
2007-11-09 07:10    ---------    d-----w    C:\Programmer\UnibetpokerMPP
2007-10-21 15:50    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-02 19:11    685,816    ----a-w    C:\WINDOWS\system32\drivers\sptd.sys
2007-09-28 22:38    ---------    d-----w    C:\Programmer\Google
2007-09-25 04:42    380,416    --sh--r    C:\WINDOWS\svcbost.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00]
"ccleaner"="C:\Programmer\CCleaner\ccleaner.exe" []
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2007-08-29 16:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-28 17:59]
"amd_dc_opt"="C:\Programmer\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe" []
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SDFix"="C:\SDFix\RunThis.bat /second" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SDFix"="C:\SDFix\RunThis.cmd /second" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 13:00]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)

R0 SI3114;SiI-3114 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3114.sys
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
S2 svcbost.exe;svcbost.exe;"C:\WINDOWS\svcbost.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8fe011-cea2-11db-9baa-806d6172696f}]
\Shell\AutoRun\command - D:\SETUP.EXE /UPDATE

.
Contents of the 'Scheduled Tasks' folder
"2007-11-20 11:41:11 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmer\RegistrySmart\RegistrySmart.ex
- C:\Programmer\RegistrySmart
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 06:53:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-23  6:53:40 - machine was rebooted
.
    --- E O F ---
Avatar billede lillekiller Nybegynder
23. november 2007 - 17:01 #4
og her er SDF loggen :-) Go Week
Avatar billede lillekiller Nybegynder
23. november 2007 - 17:01 #5
SDFix: Version 1.115

Run by lillekiller on 23-11-2007 at 16:48

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Avatar billede lillekiller Nybegynder
23. november 2007 - 17:16 #6
denne log er vist bedre (SDfix)

SDFix: Version 1.115

Run by lillekiller on 23-11-2007 at 16:48

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 17:10:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9c,18,e7,4d,21,ff,a5,57,77,8a,06,fb,90,42,b7,28,dd,b9,d4,09,03,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:ce,4d,f2,06,07,83,60,2a,34,a1,f9,ae,83,9b,31,59,80,86,56,52,d1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,76,82,59,3a,9f,aa,c2,e9,a2,89,a2,bb,26,7d,05,32,78,..
"khjeh"=hex:8c,35,c9,ab,df,d0,9c,15,31,5e,c5,9c,dd,c1,44,19,f8,c1,07,df,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7d,d2,20,7f,9e,a3,70,12,f0,9b,8f,5d,82,c2,4f,1a,57,55,8c,bc,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9c,18,e7,4d,21,ff,a5,57,77,8a,06,fb,90,42,b7,28,dd,b9,d4,09,03,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:ce,4d,f2,06,07,83,60,2a,34,a1,f9,ae,83,9b,31,59,80,86,56,52,d1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,76,82,59,3a,9f,aa,c2,e9,a2,89,a2,bb,26,7d,05,32,78,..
"khjeh"=hex:8c,35,c9,ab,df,d0,9c,15,31,5e,c5,9c,dd,c1,44,19,f8,c1,07,df,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7d,d2,20,7f,9e,a3,70,12,f0,9b,8f,5d,82,c2,4f,1a,57,55,8c,bc,28,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory"="C:\Documents and Settings\lillekiller\Lokale indstillinger\Temporary Internet Files\Content.IE5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath"="C:\Documents and Settings\lillekiller\Lokale indstillinger\Temporary Internet Files\Content.IE5\Cache1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath"="C:\Documents and Settings\lillekiller\Lokale indstillinger\Temporary Internet Files\Content.IE5\Cache2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath"="C:\Documents and Settings\lillekiller\Lokale indstillinger\Temporary Internet Files\Content.IE5\Cache3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath"="C:\Documents and Settings\lillekiller\Lokale indstillinger\Temporary Internet Files\Content.IE5\Cache4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"RefCount"=dword:00000001

scanning hidden files ...

C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\01\10-{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}-v1-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\11\12-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v11-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 50430 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\11\12-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v11-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3612 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\11\12-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v11-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5608 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 77106 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 5574 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3 462 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8592 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\13-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v13-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\14-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v14-Downloading.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 655230 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\14-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v14-Downloading.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 45390 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\14-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v14-Downloading.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 16384 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\14-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v14-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 24 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\14-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v14-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 24 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\14-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v14-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 0 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\14\19-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v14-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 79950 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\14\19-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v14-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 5664 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\14\19-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v14-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8840 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\16\24-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v16-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 42708 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\16\24-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v16-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3018 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\16\24-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v16-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4768 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\25\25-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v25-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 22386 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\25\25-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v25-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1560 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\25\25-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v25-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2520 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\26\26-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v26-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 365790 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\26\26-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v26-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 25734 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\26\26-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v26-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3 1974 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\26\26-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v26-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 40808 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\27\27-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v27-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 17076 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\27\27-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v27-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1200 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\27\27-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v27-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1864 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 31


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Tue 25 Sep 2007      380,416 ..SHR --- "C:\WINDOWS\svcbost.exe"
Thu 10 May 2007        4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 29 Jul 2007            0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 17 Nov 2007            0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a8854e655142ed27a05c1cb74f7baa3\BIT2.tmp"
Thu 10 May 2007        4,348 ...H. --- "C:\Documents and Settings\lillekiller\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1key.bak"
Sat 14 Jul 2007            20 A..H. --- "C:\Documents and Settings\lillekiller\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1lic.bak"
Thu 21 Jun 2007          400 ...H. --- "C:\Documents and Settings\lillekiller\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv2key.bak"
Sat 14 Jul 2007        1,536 A..H. --- "C:\Documents and Settings\lillekiller\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv2lic.bak"

Finished!
Avatar billede ejvindh Ekspert
23. november 2007 - 21:28 #7
Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~
File::
C:\WINDOWS\system32\dbyblqxw.ini
C:\WINDOWS\system32\wxqlbybd.dll
C:\WINDOWS\system32\iupjvfdq.dll
C:\WINDOWS\system32\dxrdxbmc.exe
C:\WINDOWS\system32\xckmewta.dll
C:\WINDOWS\system32\pxajeeys.dll
C:\WINDOWS\system32\numjdojy.ini
C:\WINDOWS\system32\yjodjmun.dll
C:\WINDOWS\system32\jxiufuho.dll
C:\WINDOWS\svcbost.exe
C:\WINDOWS\system32\ddaya.dll

Driver::
svcbost.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind til gennemsyn
Avatar billede lillekiller Nybegynder
24. november 2007 - 09:08 #8
Hmm kan sgu ikk finde de linier de nævner :-( Har sat pc til at vise skjulte filer og kørt sdfix først og så combofix i fejltilstand. smider begge log ind nu. kan du prøve at forklare det igen tak ! go week
Avatar billede lillekiller Nybegynder
24. november 2007 - 09:08 #9
SDFix: Version 1.115

Run by lillekiller on 24-11-2007 at 07:57

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 08:03:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9c,18,e7,4d,21,ff,a5,57,77,8a,06,fb,90,42,b7,28,dd,b9,d4,09,03,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:ce,4d,f2,06,07,83,60,2a,34,a1,f9,ae,83,9b,31,59,80,86,56,52,d1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,76,82,59,3a,9f,aa,c2,e9,a2,89,a2,bb,26,7d,05,32,78,..
"khjeh"=hex:8c,35,c9,ab,df,d0,9c,15,31,5e,c5,9c,dd,c1,44,19,f8,c1,07,df,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7d,d2,20,7f,9e,a3,70,12,f0,9b,8f,5d,82,c2,4f,1a,57,55,8c,bc,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E5CE3098-9431-4978-A04B-EEB5F3227A9C}]
"DhcpRetryStatus"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9c,18,e7,4d,21,ff,a5,57,77,8a,06,fb,90,42,b7,28,dd,b9,d4,09,03,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:ce,4d,f2,06,07,83,60,2a,34,a1,f9,ae,83,9b,31,59,80,86,56,52,d1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,76,82,59,3a,9f,aa,c2,e9,a2,89,a2,bb,26,7d,05,32,78,..
"khjeh"=hex:8c,35,c9,ab,df,d0,9c,15,31,5e,c5,9c,dd,c1,44,19,f8,c1,07,df,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7d,d2,20,7f,9e,a3,70,12,f0,9b,8f,5d,82,c2,4f,1a,57,55,8c,bc,28,..

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\01\10-{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}-v1-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\11\12-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v11-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 50430 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\11\12-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v11-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3612 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\11\12-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v11-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5608 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 77106 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 5574 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3 462 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8592 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\13-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v13-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\14-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v14-Downloading.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 655230 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\14-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v14-Downloading.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 45390 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\14-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v14-Downloading.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 16384 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\14-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v14-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 24 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\14-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v14-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 24 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\13\14-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v13-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v14-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 0 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\14\19-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v14-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 79950 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\14\19-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v14-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 5664 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\14\19-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v14-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8840 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\16\24-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v16-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 42708 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\16\24-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v16-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3018 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\16\24-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v16-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4768 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\25\25-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v25-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 22386 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\25\25-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v25-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1560 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\25\25-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v25-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2520 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\26\26-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v26-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 365790 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\26\26-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v26-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 25734 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\26\26-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v26-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3 1974 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\26\26-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v26-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 40808 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\27\27-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v27-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 17076 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\27\27-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v27-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1200 bytes hidden from API
C:\Documents and Settings\lillekiller\Lokale indstillinger\Application Data\Microsoft\Messenger\ole@cantea.dk\SharingMetadata\keested@mail.dk\DFSR\Staging\CS{4ADC3A0A-E7EF-AE76-6632-858F44A96C7E}\27\27-{80F05A5C-BFEB-4393-A33E-04D4ABA6D3D2}-v27-{A793C20E-91B5-4963-942A-AFDE39D35D75}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1864 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 31


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Tue 25 Sep 2007      380,416 ..SHR --- "C:\WINDOWS\svcbost.exe"
Thu 10 May 2007        4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 29 Jul 2007            0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 17 Nov 2007            0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a8854e655142ed27a05c1cb74f7baa3\BIT2.tmp"
Thu 10 May 2007        4,348 ...H. --- "C:\Documents and Settings\lillekiller\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1key.bak"
Sat 14 Jul 2007            20 A..H. --- "C:\Documents and Settings\lillekiller\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1lic.bak"
Thu 21 Jun 2007          400 ...H. --- "C:\Documents and Settings\lillekiller\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv2key.bak"
Sat 14 Jul 2007        1,536 A..H. --- "C:\Documents and Settings\lillekiller\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv2lic.bak"

Finished!
Avatar billede lillekiller Nybegynder
24. november 2007 - 09:08 #10
ComboFix 07-11-19.3 - lillekiller 2007-11-24  8:26:27.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.45.1030.18.650 [GMT 1:00]
Running from: C:\Documents and Settings\lillekiller\Skrivebord\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-10-24 to 2007-11-24  )))))))))))))))))))))))))))))))
.

2007-11-23 06:35    <DIR>    d--------    C:\WINDOWS\ERUNT
2007-11-22 15:57    737,018    ---hs----    C:\WINDOWS\system32\dbyblqxw.ini
2007-11-22 15:57    85,056    --a------    C:\WINDOWS\system32\wxqlbybd.dll
2007-11-22 15:57    79,936    --a------    C:\WINDOWS\system32\iupjvfdq.dll
2007-11-22 15:47    <DIR>    d--------    C:\VundoFix Backups
2007-11-22 15:47    71,232    ---------    C:\WINDOWS\system32\dxrdxbmc.exe
2007-11-22 15:43    145,984    --a------    C:\WINDOWS\system32\xckmewta.dll
2007-11-21 15:46    80,960    --a------    C:\WINDOWS\system32\pxajeeys.dll
2007-11-21 15:40    714,281    ---hs----    C:\WINDOWS\system32\numjdojy.ini
2007-11-21 15:40    85,056    --a------    C:\WINDOWS\system32\yjodjmun.dll
2007-11-21 15:34    145,984    --a------    C:\WINDOWS\system32\jxiufuho.dll
2007-11-20 20:49    <DIR>    d--------    C:\tarzan
2007-11-20 15:41    <DIR>    d--------    C:\Programmer\Ubisoft
2007-11-20 15:06    <DIR>    d--------    C:\Programmer\MansionPoker
2007-11-20 01:06    <DIR>    d--------    C:\Programmer\Winamp
2007-11-17 10:25    <DIR>    d--------    C:\Programmer\DAEMON Tools
2007-11-17 09:27    <DIR>    d--------    C:\Programmer\DAEMON Tools Pro
2007-11-10 21:42    <DIR>    d--------    C:\BMW M3 Challenge

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 22:49    ---------    d-----w    C:\Documents and Settings\lillekiller\Application Data\uTorrent
2007-11-23 16:48    ---------    d-----w    C:\Programmer\UnibetpokerMPP
2007-11-23 16:48    ---------    d-----w    C:\Documents and Settings\lillekiller\Application Data\Microgaming
2007-11-22 20:38    ---------    d-----w    C:\Documents and Settings\lillekiller\Application Data\SUPERAntiSpyware.com
2007-11-20 14:41    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-11-19 14:51    ---------    d-----w    C:\Programmer\THQ
2007-11-09 09:02    ---------    d-----w    C:\Programmer\PKR
2007-10-21 15:50    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-02 19:11    685,816    ----a-w    C:\WINDOWS\system32\drivers\sptd.sys
2007-09-28 22:38    ---------    d-----w    C:\Programmer\Google
2007-09-25 04:42    380,416    --sh--r    C:\WINDOWS\svcbost.exe
2007-09-21 13:12    4,608    ----a-w    C:\WINDOWS\system32\w95inf32.dll
2007-09-06 10:09    801,144    ----a-w    C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00    95,608    ----a-w    C:\WINDOWS\system32\AVASTSS.scr
.

(((((((((((((((((((((((((((((  snapshot@2007-11-23_ 6.53.12.25  )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-23 05:36:01    3,780,608    ----a-w    C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-11-24 07:19:12    3,780,608    ----a-w    C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2007-11-23 05:36:01    143,360    ----a-w    C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-24 07:19:12    143,360    ----a-w    C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-24 07:23:41    16,384    ----atw    C:\WINDOWS\TEMP\Perflib_Perfdata_164.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"ccleaner"="C:\Programmer\CCleaner\ccleaner.exe" []
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2007-08-29 16:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-28 17:59]
"amd_dc_opt"="C:\Programmer\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)

R0 SI3114;SiI-3114 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3114.sys
R2 svcbost.exe;svcbost.exe;"C:\WINDOWS\svcbost.exe"
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8fe011-cea2-11db-9baa-806d6172696f}]
\Shell\AutoRun\command - D:\SETUP.EXE /UPDATE

.
Contents of the 'Scheduled Tasks' folder
"2007-11-20 11:41:11 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmer\RegistrySmart\RegistrySmart.ex
- C:\Programmer\RegistrySmart
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 08:27:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-24  8:27:14
C:\ComboFix2.txt ... 2007-11-24 08:14
C:\ComboFix3.txt ... 2007-11-24 07:46
.
    --- E O F ---
Avatar billede ejvindh Ekspert
24. november 2007 - 22:20 #11
Det følgende er hvad jeg kalder en bølget linie:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Prøv så at læse min post ovenfor igen, og følg den instruksion, som jeg lagde. Det er nødvendig med et special-indgreb, for at få fixet din infektion, og dette indgreb befinder sig mellem de nævnte linier ;-)
Avatar billede lillekiller Nybegynder
12. januar 2008 - 16:49 #12
Lavede en format c: symtes maskinen kørte lidt dårligt, tak for hjælpen :-)
Avatar billede ejvindh Ekspert
12. januar 2008 - 20:24 #13
Ja, det er også den sikreste metode ;-)

Du er velkommen :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
25/0117:08 Problemer med borger.dk Af valby i Windows
25/0114:19 Fejl Af buls i Windows
White papers
Flere white papers »