Notifikationer

Markér alle som læst Log ud

cvan Nybegynder

27. november 2007 - 20:24 Der er 12 kommentarer og
3 løsninger

Hijack log - hjælp!

Hej eksperter, vil I hjælpe mig med at kigge den her log igennem. Jeg tror at der er en masse skrammel i den :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:23, on 27-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kasper H\Lokale indstillinger\Temporary Internet Files\Content.IE5\GXYZSLY7\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DJ
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=dk&l=da&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Programmer\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Programmer\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmer\FlashFXP\IEFlash.dll
O2 - BHO: AcroIEHelper - {F3CFA533-7680-4943-A863-B8216390E847} - C:\WINDOWS\system32\AcroIEHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programmer\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Army Meet.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Enc More] C:\DOCUME~1\KASPER~1\APPLIC~1\BINDSI~1\DUPE RULE SUPPORT.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [StartUp] C:\WINDOWS\trayicons.exe /optimize speed
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: botreg - c:\Settings\bot.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9123 bytes

Synes godt om

arlet Juniormester

27. november 2007 - 20:39 #1

Ja, der er meget skidt..

1)Lad ccleaner lave en oprydning : www.arlet.dk/ccleaner.htm

2)Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind

3)Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

Vi skal se logs fra punkt 2 - 3

Synes godt om

cvan Nybegynder

27. november 2007 - 22:08 #2

ComboFix 07-11-19.4 - Kasper H 2007-11-27 21:59:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.170 [GMT 1:00]
Running from: C:\Documents and Settings\Kasper H\Skrivebord\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kasper H\Application Data\Install.dat
C:\WINDOWS\system32\config\43289898.Evt
C:\WINDOWS\system32\config\system~1\applic~1\install.dat
C:\WINDOWS\system32\config\systemprofile\Application Data\Install.dat
C:\WINDOWS\system32\G7FE9.tmp.exe
C:\WINDOWS\system32\GAC8.tmp.exe
C:\WINDOWS\system32\max1d11643v.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ASC3550P
-------\LEGACY_DRIVER
-------\LEGACY_MSUPDATE
-------\LEGACY_RUNTIME
-------\asc3550p

((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-27 21:15 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-11-27 21:15 <DIR> d-------- C:\Documents and Settings\Kasper H\Application Data\SUPERAntiSpyware.com
2007-11-27 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-27 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-27 21:12 <DIR> d-------- C:\Programmer\Yahoo!
2007-11-27 21:11 <DIR> d-------- C:\Programmer\CCleaner
2007-11-27 16:37 <DIR> d-ahs---- C:\Settings
2007-11-27 16:37 45,072 --a------ C:\WINDOWS\taskmon.exe
2007-11-27 16:37 12,783 --a------ C:\WINDOWS\system32\comdl32.exe
2007-11-27 16:37 3,072 --a------ C:\WINDOWS\system32\ipvpnbridge.sys
2007-11-27 16:37 3,072 --a------ C:\WINDOWS\system32\ipsecndis.sys
2007-11-27 16:36 25,731 --a------ C:\WINDOWS\wsystmp_cjk.exe
2007-11-27 10:01 16,384 --a------ C:\WINDOWS\windisk.dll
2007-11-27 09:43 28,929 --a------ C:\WINDOWS\trayicons.exe
2007-11-27 09:43 28,929 --a------ C:\Documents and Settings\Kasper H\wn852.exe
2007-11-22 08:43 <DIR> d-------- C:\WINDOWS\system32\da-dk
2007-11-22 08:36 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-22 08:36 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-22 08:36 1,015,808 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-22 08:36 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-22 08:36 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-22 08:36 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-22 08:36 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-22 08:36 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-22 08:36 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-19 18:25 2,852 --a------ C:\WINDOWS\system32\AcroIEHelper.xml
2007-11-09 16:29 <DIR> d-------- C:\Programmer\BindSixthSoftware
2007-11-05 15:03 528,896 --a------ C:\WINDOWS\system32\AcroIEHelper.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\file joy proc deaf
2007-11-27 20:15 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2007-11-27 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 15:47 --------- d-----w C:\Programmer\LimeWire
2007-11-09 15:29 --------- d-----w C:\Documents and Settings\Kasper H\Application Data\BindSixthSoftware
2007-11-02 18:43 --------- d-----w C:\Documents and Settings\Kasper H\Application Data\Azureus
2007-10-29 09:12 --------- d-----w C:\Programmer\FlashFXP
2007-10-22 17:58 --------- d-----w C:\Programmer\CoPilot
2007-10-22 17:47 --------- d-----w C:\Programmer\Microsoft ActiveSync
2007-01-04 22:19 56 --sh--r C:\WINDOWS\system32\39B59374B6.sys
2007-06-24 16:11 88 --sh--r C:\WINDOWS\system32\9D6E65ABE5.sys
2007-06-24 16:11 6,736 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3CFA533-7680-4943-A863-B8216390E847}]
2007-11-05 15:03 528896 --a------ C:\WINDOWS\system32\AcroIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 12:00]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" [2006-06-20 21:36]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 23:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 23:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 23:45]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 18:56]
"Dell QuickSet"="C:\Programmer\Dell\QuickSet\quickset.exe" []
"ShowLOMControl"="1 (0x1)" []
"IntelZeroConfig"="C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55]
"IntelWireless"="C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56]
"DVDLauncher"="C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"DMXLauncher"="C:\Programmer\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" []
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2005-12-10 15:57]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 12:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-02-16 09:54]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-03-14 18:05]
"MSKDetectorExe"="C:\Programmer\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 12:00]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 IPSECNDISBRIDGE;IP SEC PROTOCOL NDIS BRIDGE DRIVER;\??\C:\WINDOWS\system32\ipsecndis.sys
S3 IPSECVPN;IP SEC VPN BRIDGE DRIVER;\??\C:\WINDOWS\system32\ipvpnbridge.sys
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41f67ecc-2231-11dc-bf9b-0015c508c2ef}]
\Shell\AutoRun\command - winlist.exe
\Shell\open\command - winlist.exe

*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-27 21:00:00 C:\WINDOWS\Tasks\A3EBD5B1918452E9.job"
- c:\docume~1\kasper~1\applic~1\bindsi~1\Bat Skip Proxy.exe
"2007-11-09 19:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 22:02:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-27 22:02:49 - machine was rebooted
.
--- E O F ---

Synes godt om

cvan Nybegynder

27. november 2007 - 22:08 #3

SAS har jeg kørt, men den lavede ikke nogen log?

Synes godt om

Computer Hjælp (Gratis) Mester

27. november 2007 - 22:13 #4

Skynd dig at slette
C:\WINDOWS\Tasks\A3EBD5B1918452E9.job
(Muligvis skjult fil!)
... ellers kommer det bare igen...

<arlet> skal nok fortsætte... Der er mere 'snavs' ...

PS: Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

Synes godt om

cvan Nybegynder

27. november 2007 - 22:32 #5

Tak karise_larry. Den er hermed slettet.

Synes godt om

cvan Nybegynder

29. november 2007 - 14:10 #6

Er der stadig nogen på tråden som hjælper?

Synes godt om

arlet Juniormester

29. november 2007 - 14:35 #7

Jeps, der er bare smuttet nogle mails..

-- Hent S!Ri's SmitfraudFix.zip og gem det på dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Alternativt herfra:
http://72.232.135.12/siri/SmitfraudFix.exe

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Kør SmitfraudFix. Tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Genstart og læg en frisk log fra Combofix herind, sammen med loggen fra SmitfraudFix (C:\rapport.txt).

Synes godt om

cvan Nybegynder

03. december 2007 - 19:34 #8

SmitFraudFix v2.257

Scan done at 19:22:50,39, 03-12-2007
Run from C:\Documents and Settings\Kasper H\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B87076EC-DD83-419F-BD48-EE88CA18BB9F}: DhcpNameServer=195.184.96.2 213.173.225.86 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B87076EC-DD83-419F-BD48-EE88CA18BB9F}: DhcpNameServer=195.184.96.2 213.173.225.86 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B87076EC-DD83-419F-BD48-EE88CA18BB9F}: DhcpNameServer=195.184.96.2 213.173.225.86 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.184.96.2 213.173.225.86 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.184.96.2 213.173.225.86 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=195.184.96.2 213.173.225.86 192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

ComboFix 07-11-19.4 - Kasper H 2007-12-03 19:31:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.166 [GMT 1:00]
Running from: C:\Documents and Settings\Kasper H\Skrivebord\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-03 19:22 3,888 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 00:22 <DIR> d-------- C:\Programmer\MSXML 4.0
2007-12-02 00:18 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-02 00:18 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-02 00:18 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-02 00:15 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-02 00:05 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-02 00:05 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-02 00:05 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-02 00:05 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-27 21:15 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-11-27 21:15 <DIR> d-------- C:\Documents and Settings\Kasper H\Application Data\SUPERAntiSpyware.com
2007-11-27 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-27 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-27 21:12 <DIR> d-------- C:\Programmer\Yahoo!
2007-11-27 21:11 <DIR> d-------- C:\Programmer\CCleaner
2007-11-27 16:37 <DIR> d-ahs---- C:\Settings
2007-11-27 16:37 45,072 --a------ C:\WINDOWS\taskmon.exe
2007-11-27 16:37 12,783 --a------ C:\WINDOWS\system32\comdl32.exe
2007-11-27 16:37 3,072 --a------ C:\WINDOWS\system32\ipvpnbridge.sys
2007-11-27 16:37 3,072 --a------ C:\WINDOWS\system32\ipsecndis.sys
2007-11-27 16:36 25,731 --a------ C:\WINDOWS\wsystmp_cjk.exe
2007-11-27 10:01 16,384 --a------ C:\WINDOWS\windisk.dll
2007-11-27 09:43 28,929 --a------ C:\WINDOWS\trayicons.exe
2007-11-27 09:43 28,929 --a------ C:\Documents and Settings\Kasper H\wn852.exe
2007-11-22 08:43 <DIR> d-------- C:\WINDOWS\system32\da-dk
2007-11-22 08:36 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-22 08:36 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-22 08:36 1,015,808 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-22 08:36 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-22 08:36 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-22 08:36 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-22 08:36 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-22 08:36 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-22 08:36 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-19 18:25 2,852 --a------ C:\WINDOWS\system32\AcroIEHelper.xml
2007-11-09 16:29 <DIR> d-------- C:\Programmer\BindSixthSoftware
2007-11-05 15:03 528,896 --a------ C:\WINDOWS\system32\AcroIEHelper.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\file joy proc deaf
2007-11-27 20:15 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2007-11-27 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 15:47 --------- d-----w C:\Programmer\LimeWire
2007-11-09 15:29 --------- d-----w C:\Documents and Settings\Kasper H\Application Data\BindSixthSoftware
2007-11-02 18:43 --------- d-----w C:\Documents and Settings\Kasper H\Application Data\Azureus
2007-10-29 09:12 --------- d-----w C:\Programmer\FlashFXP
2007-10-25 16:43 8,472,064 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-22 17:58 --------- d-----w C:\Programmer\CoPilot
2007-10-22 17:47 --------- d-----w C:\Programmer\Microsoft ActiveSync
2007-01-04 22:19 56 --sh--r C:\WINDOWS\system32\39B59374B6.sys
2007-06-24 16:11 88 --sh--r C:\WINDOWS\system32\9D6E65ABE5.sys
2007-06-24 16:11 6,736 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-27_22.02.26.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-10-08 23:48:21 262,400 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys
- 2005-01-19 04:26:52 451,584 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
- 2005-06-23 03:34:45 2,138,624 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 16:08:22 2,140,160 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 18:08:47 2,059,392 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 16:08:30 2,061,952 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2005-06-23 03:34:52 2,018,304 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 16:08:19 2,019,840 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 18:09:00 2,181,888 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2007-02-28 16:08:27 2,184,704 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys
+ 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys
- 2004-08-27 11:00:00 1,033,216 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:22:35 1,034,240 ----a-w C:\WINDOWS\explorer.exe
+ 2007-03-06 01:11:00 214,752 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:12:08 383,200 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-12-01 23:22:49 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
+ 2004-07-15 00:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW336\_aspnet_isapi.dll
+ 2004-07-14 23:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW336\_CORPerfMonExt.dll
+ 2004-07-14 23:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW336\_fusion.dll
+ 2004-07-14 23:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW336\_mscorjit.dll
+ 2004-07-15 13:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW336\_mscorlib.dll
+ 2003-02-20 19:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW336\_mscorsn.dll
+ 2004-07-14 23:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW336\_mscorsvr.dll
+ 2004-07-14 23:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW336\_mscorwks.dll
+ 2003-02-21 04:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW336\_msvcr71.dll
+ 2004-07-14 23:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW336\_PerfCounter.dll
- 2005-04-22 05:08:31 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2007-03-09 14:00:39 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-27 11:00:00 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:59:32 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2005-05-26 02:16:24 75,544 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2004-08-27 11:00:00 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2006-06-22 05:17:16 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
- 2004-08-27 11:00:00 611,328 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2006-08-25 15:51:16 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2004-08-27 11:00:00 111,104 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-05-19 13:24:52 111,616 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-08-16 11:59:32 100,352 ------w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2007-03-09 14:00:39 57,344 ------w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2005-05-26 02:16:24 75,544 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2006-06-22 05:17:16 69,120 ------w C:\WINDOWS\system32\dllcache\ciodm.dll
+ 2006-08-25 15:51:16 617,472 ------w C:\WINDOWS\system32\dllcache\comctl32.dll
+ 2006-05-19 13:24:52 111,616 ------w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
+ 2007-05-16 15:14:25 86,528 ------w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2006-06-26 17:45:29 148,480 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2006-08-24 12:17:00 498,742 ------w C:\WINDOWS\system32\dllcache\dxmasf.dll
+ 2007-06-13 13:22:35 1,034,240 ------w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-19 13:32:41 282,112 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2006-07-21 08:27:26 72,704 ------w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2007-08-21 06:17:41 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2006-05-19 13:24:53 95,232 ------w C:\WINDOWS\system32\dllcache\iphlpapi.dll
+ 2006-06-01 18:48:54 163,840 ------w C:\WINDOWS\system32\dllcache\jgdw400.dll
+ 2006-06-01 18:48:54 27,648 ------w C:\WINDOWS\system32\dllcache\jgpl400.dll
+ 2007-04-16 15:54:25 1,000,960 ------w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2004-08-03 22:07:50 171,776 ----a-w C:\WINDOWS\system32\dllcache\kmixer.sys
+ 2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\dllcache\kmixer.sys
+ 2006-08-17 12:29:48 723,456 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-03-08 15:38:16 40,960 ------w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2006-11-01 19:18:32 927,504 ------w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-10-14 08:13:25 981,760 ------w C:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys
+ 2006-12-26 13:09:02 536,576 ------w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:09:02 180,224 ------w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:09:02 200,704 ------w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2006-11-27 14:55:32 539,136 ------w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2006-12-26 13:09:02 102,400 ------w C:\WINDOWS\system32\dllcache\msjro.dll
+ 2007-05-16 15:14:25 1,314,816 ------w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2007-06-26 06:10:32 1,104,896 ------w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2006-08-17 12:29:48 332,288 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2007-02-09 11:10:35 574,464 ------w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-28 16:08:22 2,140,160 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 16:08:30 2,061,952 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 16:08:19 2,019,840 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 16:08:27 2,184,704 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2006-10-13 12:39:59 142,848 ------w C:\WINDOWS\system32\dllcache\nwprovau.dll
+ 2007-05-17 11:29:55 549,376 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2006-10-16 16:15:52 122,880 ------w C:\WINDOWS\system32\dllcache\oledlg.dll
+ 2006-06-22 05:17:17 1,438,720 ------w C:\WINDOWS\system32\dllcache\query.dll
+ 2006-06-26 17:45:29 8,192 ------w C:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2006-06-22 10:48:21 181,248 ------w C:\WINDOWS\system32\dllcache\rasmans.dll
+ 2006-05-05 09:47:57 174,592 ------w C:\WINDOWS\system32\dllcache\rdbss.sys
+ 2006-11-27 14:55:32 433,152 ------w C:\WINDOWS\system32\dllcache\riched20.dll
+ 2006-07-13 08:48:58 202,240 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2007-04-25 14:22:43 144,896 ------w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2006-12-19 21:50:34 134,656 ------w C:\WINDOWS\system32\dllcache\shsvcs.dll
- 2004-08-03 22:07:48 6,400 ----a-w C:\WINDOWS\system32\dllcache\splitter.sys
+ 2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\dllcache\splitter.sys
+ 2006-08-14 10:34:41 332,928 ------w C:\WINDOWS\system32\dllcache\srv.sys
+ 2006-08-24 12:19:40 246,814 ------w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2006-10-20 01:39:01 713,216 ------w C:\WINDOWS\system32\dllcache\sxs.dll
+ 2006-04-20 11:51:50 359,808 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2006-08-16 09:37:30 225,664 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2007-04-23 10:32:54 364,160 ------w C:\WINDOWS\system32\dllcache\update.sys
+ 2007-02-05 20:19:14 185,344 ------w C:\WINDOWS\system32\dllcache\upnphost.dll
+ 2007-03-08 15:38:16 577,536 ------w C:\WINDOWS\system32\dllcache\user32.dll
- 2007-08-13 17:54:10 765,952 ------w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:31:53 765,952 ------w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-05-16 15:14:25 510,976 ------w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:14:25 85,504 ------w C:\WINDOWS\system32\dllcache\wabimp.dll
- 2004-08-03 22:15:06 82,944 ----a-w C:\WINDOWS\system32\dllcache\wdmaud.sys
+ 2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\dllcache\wdmaud.sys
+ 2006-12-19 18:17:16 333,824 ------w C:\WINDOWS\system32\dllcache\wiaservc.dll
+ 2007-03-08 15:35:19 1,843,584 ------w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2007-03-17 13:45:03 292,864 ------w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2006-08-17 12:29:48 132,096 ------w C:\WINDOWS\system32\dllcache\wkssvc.dll
- 2004-08-11 00:45:06 2,362,104 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2005-05-26 02:16:22 465,688 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2005-05-26 02:16:22 124,696 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2005-05-26 02:16:30 1,343,768 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2005-05-26 02:16:22 127,768 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2005-05-26 02:16:30 41,240 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2005-05-26 02:19:32 173,536 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 18:19:46 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2004-08-27 11:00:00 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2006-06-26 17:45:29 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-27 11:00:00 124,800 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys
+ 2006-08-21 09:14:58 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
- 2004-10-08 23:48:21 262,400 ----a-w C:\WINDOWS\system32\drivers\http.sys
+ 2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
- 2004-08-03 22:07:50 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
- 2005-01-19 04:26:52 451,584 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2004-08-27 11:00:00 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
- 2004-10-28 01:13:58 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2004-08-27 11:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2004-08-03 22:07:48 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
- 2005-05-10 00:17:51 332,544 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2006-01-13 02:28:14 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-08-27 11:00:00 223,616 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2004-08-27 11:00:00 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys
+ 2007-04-23 10:32:54 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
- 2004-08-03 22:15:06 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
- 2004-08-27 11:00:00 498,205 ----a-w C:\WINDOWS\system32\dxmasf.dll
+ 2006-08-24 12:17:00 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll
- 2004-08-27 11:00:00 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
+ 2006-08-21 12:27:26 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
- 2004-08-27 11:00:00 22,528 ----a-w C:\WINDOWS\system32\fltMc.exe
+ 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe
- 2007-10-22 17:49:15 146,808 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-12-02 00:04:30 146,808 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2005-12-29 02:56:05 280,064 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2007-06-19 13:32:41 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2004-11-16 21:17:57 68,608 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2006-07-21 08:27:26 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
- 2006-03-17 09:13:02 679,424 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:17:41 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2004-08-27 11:00:00 95,232 ----a-w C:\WINDOWS\system32\iphlpapi.dll
+ 2006-05-19 13:24:53 95,232 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2004-08-27 11:00:00 144,896 ----a-w C:\WINDOWS\system32\jgdw400.dll
+ 2006-06-01 18:48:54 163,840 ----a-w C:\WINDOWS\system32\jgdw400.dll
- 2004-08-27 11:00:00 42,496 ----a-w C:\WINDOWS\system32\jgpl400.dll
+ 2006-06-01 18:48:54 27,648 ----a-w C:\WINDOWS\system32\jgpl400.dll
- 2004-08-27 11:00:00 999,936 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:54:25 1,000,960 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2006-05-17 09:23:38 579,888 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 13:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2004-10-28 01:28:45 723,456 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2006-08-17 12:29:48 723,456 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2004-08-27 11:00:00 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2007-03-08 15:38:16 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
- 2004-08-27 11:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll
+ 2006-11-01 19:18:32 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
- 2004-08-27 11:00:00 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
- 2007-09-27 21:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-27 11:00:00 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:55:32 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2005-05-04 18:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:14:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-27 11:00:00 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:10:32 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2003-04-18 15:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 14:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2004-08-27 11:00:00 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:29:48 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2005-06-23 03:34:52 2,018,304 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 16:08:19 2,019,840 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2005-06-23 03:34:45 2,138,624 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 16:08:22 2,140,160 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2004-08-27 11:00:00 144,896 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:39:59 142,848 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2004-08-27 11:00:00 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-05-17 11:29:55 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2004-08-27 11:00:00 117,760 ----a-w C:\WINDOWS\system32\oledlg.dll
+ 2006-10-16 16:15:52 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2007-10-28 07:03:01 63,602 ----a-w C:\WINDOWS\system32\perfc006.dat
+ 2007-12-02 00:05:57 63,602 ----a-w C:\WINDOWS\system32\perfc006.dat
- 2007-10-28 07:03:01 53,770 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-02 00:05:57 53,770 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 07:03:01 396,682 ----a-w C:\WINDOWS\system32\perfh006.dat
+ 2007-12-02 00:05:57 396,682 ----a-w C:\WINDOWS\system32\perfh006.dat
- 2007-10-28 07:03:01 382,026 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-02 00:05:57 382,026 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2004-08-27 11:00:00 1,438,720 ----a-w C:\WINDOWS\system32\query.dll
+ 2006-06-22 05:17:17 1,438,720 ----a-w C:\WINDOWS\system32\query.dll
- 2004-08-27 11:00:00 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:45:29 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2004-08-27 11:00:00 174,080 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:48:21 181,248 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2004-08-27 11:00:00 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:55:32 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-08-27 11:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:19:29 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-27 11:00:00 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:22:43 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2006-03-17 04:07:53 8,463,872 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:43:57 8,472,064 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-27 11:00:00 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:50:34 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.0.6000.381\wuapi.dll
+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
- 2007-03-06 01:10:50 14,560 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 13:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-09-06 16:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-06-28 09:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2004-08-27 11:00:00 246,302 ----a-w C:\WINDOWS\system32\strmdll.dll
+ 2006-08-24 12:19:40 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
- 2004-08-27 11:00:00 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2006-10-20 01:39:01 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2004-08-27 11:00:00 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2007-02-05 20:19:14 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2005-03-02 18:18:13 577,024 ----a-w C:\WINDOWS\system32\user32.dll
+ 2007-03-08 15:38:16 577,536 ----a-w C:\WINDOWS\system32\user32.dll
- 2004-08-27 11:00:00 333,312 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2006-12-19 18:17:16 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2005-10-06 03:09:54 1,839,488 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2007-03-08 15:35:19 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
- 2005-09-01 01:43:25 291,840 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-27 11:00:00 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:29:48 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
- 2004-08-10 22:41:20 5,550,080 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 07:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-11 00:45:06 2,362,104 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2005-05-26 02:16:22 465,688 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2005-05-26 02:16:22 124,696 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2005-05-26 02:16:30 1,343,768 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2005-05-26 02:16:22 127,768 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2005-05-26 02:16:30 41,240 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2005-05-26 02:16:30 18,200 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2005-05-26 02:19:32 173,536 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 18:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
- 2006-10-09 22:12:24 222,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:07:10 359,936 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-05-08 14:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2007-01-19 12:51:53 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2007-01-19 12:51:53 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2007-01-19 12:51:53 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2007-01-19 12:51:53 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2006-08-25 15:51:14 1,054,208 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3CFA533-7680-4943-A863-B8216390E847}]
2007-11-05 15:03 528896 --a------ C:\WINDOWS\system32\AcroIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 12:00]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" [2006-06-20 21:36]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 23:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 23:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 23:45]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 18:56]
"Dell QuickSet"="C:\Programmer\Dell\QuickSet\quickset.exe" []
"ShowLOMControl"="1 (0x1)" []
"IntelZeroConfig"="C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55]
"IntelWireless"="C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56]
"DVDLauncher"="C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"DMXLauncher"="C:\Programmer\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2005-12-10 15:57]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 12:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-02-16 09:54]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-03-14 18:05]
"MSKDetectorExe"="C:\Programmer\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 12:00]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 IPSECNDISBRIDGE;IP SEC PROTOCOL NDIS BRIDGE DRIVER;\??\C:\WINDOWS\system32\ipsecndis.sys
S3 IPSECVPN;IP SEC VPN BRIDGE DRIVER;\??\C:\WINDOWS\system32\ipvpnbridge.sys
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41f67ecc-2231-11dc-bf9b-0015c508c2ef}]
\Shell\AutoRun\command - winlist.exe
\Shell\open\command - winlist.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 19:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 19:33:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 19:33:38
C:\ComboFix2.txt ... 2007-11-27 22:02
.
--- E O F ---

Synes godt om

arlet Juniormester

03. december 2007 - 21:21 #9

Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------

File::
C:\WINDOWS\system32\comdl32.exe
C:\WINDOWS\system32\ipvpnbridge.sys
C:\WINDOWS\system32\ipsecndis.sys
C:\WINDOWS\wsystmp_cjk.exe
C:\WINDOWS\windisk.dll
C:\WINDOWS\trayicons.exe
C:\Documents and Settings\Kasper H\wn852.exe
C:\WINDOWS\system32\39B59374B6.sys
C:\WINDOWS\system32\9D6E65ABE5.sys
-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind sammen med en ny hijackthis log

Synes godt om

cvan Nybegynder

03. december 2007 - 21:46 #10

ComboFix 07-11-19.4 - Kasper H 2007-12-03 21:36:38.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.181 [GMT 1:00]
Running from: C:\Documents and Settings\Kasper H\Skrivebord\combofix\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kasper H\Skrivebord\combofix\CFScript.txt.txt
* Created a new restore point

FILE
C:\Documents and Settings\Kasper H\wn852.exe
C:\WINDOWS\system32\39B59374B6.sys
C:\WINDOWS\system32\9D6E65ABE5.sys
C:\WINDOWS\system32\comdl32.exe
C:\WINDOWS\system32\ipsecndis.sys
C:\WINDOWS\system32\ipvpnbridge.sys
C:\WINDOWS\trayicons.exe
C:\WINDOWS\windisk.dll
C:\WINDOWS\wsystmp_cjk.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kasper H\wn852.exe
C:\WINDOWS\system32\39B59374B6.sys
C:\WINDOWS\system32\9D6E65ABE5.sys
C:\WINDOWS\system32\comdl32.exe
C:\WINDOWS\system32\ipsecndis.sys
C:\WINDOWS\system32\ipvpnbridge.sys
C:\WINDOWS\trayicons.exe
C:\WINDOWS\windisk.dll
C:\WINDOWS\wsystmp_cjk.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-03 19:22 3,888 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 00:22 <DIR> d-------- C:\Programmer\MSXML 4.0
2007-12-02 00:18 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-02 00:18 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-02 00:18 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-02 00:15 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-02 00:05 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-02 00:05 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-02 00:05 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-02 00:05 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-27 21:15 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-11-27 21:15 <DIR> d-------- C:\Documents and Settings\Kasper H\Application Data\SUPERAntiSpyware.com
2007-11-27 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-27 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-27 21:12 <DIR> d-------- C:\Programmer\Yahoo!
2007-11-27 21:11 <DIR> d-------- C:\Programmer\CCleaner
2007-11-27 16:37 <DIR> d-ahs---- C:\Settings
2007-11-27 16:37 45,072 --a------ C:\WINDOWS\taskmon.exe
2007-11-22 08:43 <DIR> d-------- C:\WINDOWS\system32\da-dk
2007-11-22 08:36 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-22 08:36 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-22 08:36 1,015,808 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-22 08:36 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-22 08:36 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-22 08:36 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-22 08:36 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-22 08:36 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-22 08:36 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-19 18:25 2,852 --a------ C:\WINDOWS\system32\AcroIEHelper.xml
2007-11-09 16:29 <DIR> d-------- C:\Programmer\BindSixthSoftware
2007-11-05 15:03 528,896 --a------ C:\WINDOWS\system32\AcroIEHelper.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\file joy proc deaf
2007-11-27 20:15 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2007-11-27 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 15:47 --------- d-----w C:\Programmer\LimeWire
2007-11-09 15:29 --------- d-----w C:\Documents and Settings\Kasper H\Application Data\BindSixthSoftware
2007-11-02 18:43 --------- d-----w C:\Documents and Settings\Kasper H\Application Data\Azureus
2007-10-29 09:12 --------- d-----w C:\Programmer\FlashFXP
2007-10-22 17:58 --------- d-----w C:\Programmer\CoPilot
2007-10-22 17:47 --------- d-----w C:\Programmer\Microsoft ActiveSync
2007-06-24 16:11 6,736 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3CFA533-7680-4943-A863-B8216390E847}]
2007-11-05 15:03 528896 --a------ C:\WINDOWS\system32\AcroIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 12:00]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" [2006-06-20 21:36]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 23:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 23:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 23:45]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 18:56]
"Dell QuickSet"="C:\Programmer\Dell\QuickSet\quickset.exe" []
"ShowLOMControl"="1 (0x1)" []
"IntelZeroConfig"="C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55]
"IntelWireless"="C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56]
"DVDLauncher"="C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"DMXLauncher"="C:\Programmer\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" []
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2005-12-10 15:57]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 12:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-02-16 09:54]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-03-14 18:05]
"MSKDetectorExe"="C:\Programmer\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 12:00]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 IPSECNDISBRIDGE;IP SEC PROTOCOL NDIS BRIDGE DRIVER;\??\C:\WINDOWS\system32\ipsecndis.sys
S3 IPSECVPN;IP SEC VPN BRIDGE DRIVER;\??\C:\WINDOWS\system32\ipvpnbridge.sys
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41f67ecc-2231-11dc-bf9b-0015c508c2ef}]
\Shell\AutoRun\command - winlist.exe
\Shell\open\command - winlist.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 19:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 21:40:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 21:40:48 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-03 19:33
C:\ComboFix3.txt ... 2007-11-27 22:02
.
--- E O F ---

Synes godt om

cvan Nybegynder

03. december 2007 - 22:03 #11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:12, on 03-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DJ
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=dk&l=da&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Programmer\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Programmer\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmer\FlashFXP\IEFlash.dll
O2 - BHO: AcroIEHelper - {F3CFA533-7680-4943-A863-B8216390E847} - C:\WINDOWS\system32\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programmer\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196550268109
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9007 bytes

Synes godt om

cvan Nybegynder

04. december 2007 - 10:16 #12

Er den helt fin nu? :)

Synes godt om

arlet Juniormester

04. december 2007 - 18:12 #13

Ja, så lykkes det..

Dit Java er forældet, derfor skal du afinstaller dit Java via Kontrolpanel => Tilføj/Fjern Programmer. Af sikkerhedsmæssige årsager, skal den gamle version af programmet slettes, inden man henter nyeste version.

Hent derefter den nye version Java her:
http://www.java.com/en/

Kør lige til sidst trin 5 og 6 herfra: http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Synes godt om

cvan Nybegynder

04. december 2007 - 19:15 #14

mange tak for hjælpen, samt tiden du gad bruge på mig :)

Synes godt om

arlet Juniormester

04. december 2007 - 19:53 #15

Velbekommen..

Husk at lukke efter os

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed	4	13/11/202515:09	14/11/202510:45
Google fake Af johp i Andet sikkerhed	3	27/10/202516:31	28/10/202506:52
Generator til strømafbrydelse Af arnepedersen i Andet sikkerhed	11	06/10/202510:26	07/10/202516:37
Sophus Scan og Clean på USB- samler den "snavs" op? Af Uvanga i Andet sikkerhed	7	24/09/202522:06	25/09/202518:27
synology surveillance Af johnnylassen i Andet sikkerhed	2	09/06/202514:49	09/06/202518:18

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS