Søg
Avatar billede fence Nybegynder
04. december 2007 - 23:49

Hjælp med hijack, har fulgt vejledning og postet alle logfiler

Min browser har pådraget sig et meget irriterende hijack, som gør at alle søgninger i Google og Yahoo (og måske andre søgemaskiner) alle leder til det samme sted, en side der hedder hxxp://85.255.120.28/index2.php. Jeg har prøvet alt hvad jeg kunne komme i nærheden af for at finde frem til problemet og har da også fundet et par trojans og mærkelige filer undervejs, som måske har haft noget at gøre med problemet, men lige lidt hjælper det.

Håber meget at nogen kan hjælpe med dette genstridige problem, på forhånd mange tak!

Her følger de 4 logs, som jeg har fået ved at følge vejledningen til problemfindingen:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/04/2007 at 10:58 PM

Application Version : 3.9.1008

Core Rules Database Version : 3354
Trace Rules Database Version: 1353

Scan type      : Quick Scan
Total Scan Time : 00:29:24

Memory items scanned      : 179
Memory threats detected  : 0
Registry items scanned    : 846
Registry threats detected : 0
File items scanned        : 17790
File threats detected    : 1

Trojan.Unclassified/WN852
    C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\JESPER HEYN\WN852.EXE.VIR




Logfile of HijackThis v1.99.1
Scan saved at 23:05:43, on 04-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jesper Heyn\Skrivebord\Jebus\misc\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.powerfist.dk/forum/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEHelper - {F3CFA533-7680-4943-A863-B8216390E847} - C:\WINDOWS\SYSTEM32\AcroIEHelper.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [StartCCC] C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134304634000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134304592234
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe




********************************* ROOTCHK-(25-11-07)-LOG, by ejvindh
04-12-2007 23:08:42,71

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 23:08:45
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000001f2

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0




ComboFix 07-12-02.7 - Jesper Heyn 2007-12-04 23:12:25.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.564 [GMT 1:00]
Running from: C:\Documents and Settings\Jesper Heyn\Skrivebord\Jebus\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-11-04 to 2007-12-04  )))))))))))))))))))))))))))))))
.

2007-12-04 22:12 . 2007-12-04 22:12    <DIR>    d--------    C:\Programmer\CCleaner
2007-12-04 21:43 . 2007-09-05 23:22    289,144    --a------    C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-12-04 21:43 . 2006-04-27 16:49    288,417    --a------    C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-12-04 21:43 . 2003-06-05 20:13    53,248    --a------    C:\WINDOWS\SYSTEM32\Process.exe
2007-12-04 21:43 . 2004-07-31 17:50    51,200    --a------    C:\WINDOWS\SYSTEM32\dumphive.exe
2007-12-04 21:43 . 2007-10-03 23:36    25,600    --a------    C:\WINDOWS\SYSTEM32\WS2Fix.exe
2007-12-04 21:35 . 2007-12-04 21:35    2,616    --a------    C:\WINDOWS\SYSTEM32\tmp.reg
2007-12-04 20:42 . 2007-12-04 22:27    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-12-04 20:42 . 2007-12-04 20:42    <DIR>    d--------    C:\Documents and Settings\Jesper Heyn\Application Data\SUPERAntiSpyware.com
2007-12-04 20:42 . 2007-12-04 20:42    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-04 20:28 . 2007-12-04 20:28    <DIR>    d--------    C:\Documents and Settings\Jesper Heyn\Application Data\TrojanHunter
2007-12-04 19:38 . 2007-12-04 19:39    <DIR>    d--------    C:\Programmer\TrojanHunter 5.0
2007-12-04 17:35 . 2007-12-04 17:35    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-04 17:26 . 2007-12-04 20:42    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-03 22:44 . 2007-12-03 22:44    2,852    --a------    C:\WINDOWS\SYSTEM32\AcroIEHelper.xml
2007-12-03 21:44 . 2007-08-20 11:00    6,058,496    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-12-03 21:44 . 2007-04-17 10:32    2,455,488    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2007-12-03 21:44 . 2007-03-08 06:09    1,015,808    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2007-12-03 21:44 . 2007-08-20 11:00    459,264    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-12-03 21:44 . 2007-08-20 11:00    383,488    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-12-03 21:44 . 2007-08-20 11:00    267,776    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-12-03 21:44 . 2007-08-20 11:00    63,488    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-12-03 21:44 . 2007-08-20 11:00    52,224    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-12-03 21:44 . 2007-08-17 11:20    13,824    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-03 21:34 . 2006-09-06 17:42    22,752    --a------    C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-12-03 21:26 . 2007-08-13 18:54    33,792    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
2007-12-03 21:17 . 2007-12-03 21:17    <DIR>    d--------    C:\Programmer\IObit
2007-12-03 20:28 . 2007-10-25 17:58    26,624    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2007-11-30 19:18 . 2007-11-30 19:18    <DIR>    d--------    C:\Programmer\DreamCatcher
2007-11-30 12:55 . 2007-11-30 12:55    528,896    --a------    C:\WINDOWS\SYSTEM32\AcroIEHelper.dll
2007-11-17 22:02 . 2007-11-30 18:57    <DIR>    d--------    C:\Programmer\Postal2
2007-11-11 00:45 . 2007-11-30 08:08    <DIR>    d--------    C:\Documents and Settings\Jesper Heyn\Application Data\DivX
2007-11-11 00:45 . 2007-10-20 01:56    129,784    ---------    C:\WINDOWS\SYSTEM32\pxafs.dll
2007-11-11 00:45 . 2007-10-20 01:56    120,056    ---------    C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-11-11 00:45 . 2007-10-20 01:56    118,520    ---------    C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-11-11 00:45 . 2007-10-20 01:56    9,464    ---------    C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
2007-11-11 00:45 . 2007-10-20 01:56    9,336    ---------    C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2007-11-11 00:44 . 2007-11-11 00:45    <DIR>    d--------    C:\Programmer\DivX

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 21:05    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2007-12-04 16:36    ---------    d-----w    C:\Programmer\Lavasoft
2007-12-04 16:36    ---------    d-----w    C:\Documents and Settings\Jesper Heyn\Application Data\Lavasoft
2007-12-03 23:16    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-03 00:53    196,608    ----a-w    C:\WINDOWS\system32\drivers\aStandard.bin
2007-12-01 07:10    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-11-01 20:13    ---------    d-----w    C:\Programmer\Flagship Studios
2007-10-25 17:05    94,416    ----a-w    C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05    93,264    ----a-w    C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03    23,152    ----a-w    C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01    42,912    ----a-w    C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58    26,624    ----a-w    C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 16:56    8,466,432    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-25 16:24    815,480    ----a-w    C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-10-25 16:14    95,608    ----a-w    C:\WINDOWS\SYSTEM32\AVASTSS.scr
2007-10-20 00:56    524,288    ----a-w    C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-10-20 00:56    43,528    ------w    C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-20 00:56    3,596,288    ----a-w    C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-10-20 00:56    200,704    ----a-w    C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-10-20 00:56    1,044,480    ----a-w    C:\WINDOWS\SYSTEM32\libdivx.dll
2007-10-20 00:54    823,296    ----a-w    C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-10-20 00:54    823,296    ----a-w    C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-10-20 00:54    81,920    ----a-w    C:\WINDOWS\SYSTEM32\dpl100.dll
2007-10-20 00:54    802,816    ----a-w    C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-10-20 00:54    739,840    ----a-w    C:\WINDOWS\SYSTEM32\DivX.dll
2007-10-20 00:54    196,608    ----a-w    C:\WINDOWS\SYSTEM32\dtu100.dll
2007-10-19 18:13    ---------    d-----w    C:\Programmer\AGEIA Technologies
2007-10-19 17:45    278,728    ----a-w    C:\WINDOWS\system32\drivers\atksgt.sys
2007-10-19 17:45    25,416    ----a-w    C:\WINDOWS\system32\drivers\lirsgt.sys
2007-10-19 15:22    ---------    d-----w    C:\Programmer\Monte Cristo
2007-10-18 09:06    156,992    ----a-w    C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-10-18 09:03    593,920    ----a-w    C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-10-18 09:03    57,344    ----a-w    C:\WINDOWS\SYSTEM32\dpv11.dll
2007-10-18 09:03    53,248    ----a-w    C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-10-18 09:03    344,064    ----a-w    C:\WINDOWS\SYSTEM32\dpus11.dll
2007-10-18 09:03    294,912    ----a-w    C:\WINDOWS\SYSTEM32\dpu11.dll
2007-10-18 09:03    294,912    ----a-w    C:\WINDOWS\SYSTEM32\dpu10.dll
2007-10-18 09:02    12,288    ----a-w    C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-09-27 19:12    43,520    ----a-w    C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
.

(((((((((((((((((((((((((((((  snapshot@2007-12-04_21.07.32.26  )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-29 16:21:29    370,688    ----a-w    C:\WINDOWS\SYSTEM32\swsc.exe
+ 2006-01-09 08:36:06    40,960    ----a-w    C:\WINDOWS\SYSTEM32\swsc.exe
- 2006-12-01 04:20:32    212,480    ----a-w    C:\WINDOWS\SYSTEM32\swxcacls.exe
+ 2006-12-01 04:20:32    79,360    ----a-w    C:\WINDOWS\SYSTEM32\swxcacls.exe
+ 2007-12-04 21:59:41    16,384    ----atw    C:\WINDOWS\Temp\Perflib_Perfdata_694.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3CFA533-7680-4943-A863-B8216390E847}]
2007-11-30 12:55    528896    --a------    C:\WINDOWS\SYSTEM32\AcroIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 14:53]
"StartCCC"="C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04]
"PCMService"="C:\Programmer\Dell\Media Experience\PCMService.exe" [2003-08-26 19:47]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 10:27]
"UpdateManager"="C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" [2005-03-30 13:05]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-08-22 02:36]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 17:20]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"THGuard"="C:\Programmer\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 01:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R1 SSHDRV65;SSHDRV65;\??\C:\WINDOWS\System32\drivers\SSHDRV65.sys
R1 SSHDRV79;SSHDRV79;\??\C:\WINDOWS\System32\drivers\SSHDRV79.sys
R1 SSHDRV85;SSHDRV85;\??\C:\WINDOWS\System32\drivers\SSHDRV85.sys
R2 SVKP;SVKP;\??\C:\WINDOWS\System32\SVKP.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys
R4 atidgllk;atidgllk;\??\C:\WINDOWS\atidgllk.sys
S3 iMSPCLOj;iMSPCLOj;\??\C:\DOCUME~1\JESPER~1\LOKALE~1\Temp\iMSPCLOj.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-04 22:02:42 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
"2007-12-04 20:45:19 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 23:15:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-04 23:16:33
C:\ComboFix2.txt ... 2007-12-04 22:04
C:\ComboFix3.txt ... 2007-12-04 21:08
.
    --- E O F ---
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed 4 13/11/202515:09 14/11/202510:45
Google fake Af johp i Andet sikkerhed 3 27/10/202516:31 28/10/202506:52
Generator til strømafbrydelse Af arnepedersen i Andet sikkerhed 11 06/10/202510:26 07/10/202516:37
Sophus Scan og Clean på USB- samler den "snavs" op? Af Uvanga i Andet sikkerhed 7 24/09/202522:06 25/09/202518:27
synology surveillance Af johnnylassen i Andet sikkerhed 2 09/06/202514:49 09/06/202518:18
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36 Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows
White papers
Flere white papers »