Notifikationer

Markér alle som læst Log ud

kiwankow Nybegynder

14. oktober 2008 - 18:58 Der er 17 kommentarer og
2 løsninger

hjælp til log filer

Hej jeg sidder lige og kæmper med min fætters computer er helt ude af den. her kommer de 3 log filer håber der er nogen der vil kigge på dem.

Har selvfølgelig fjernet alle de fudne virus....

-------------------------------------------------------------

UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2008 at 12:55 PM

Application Version : 4.21.1004

Core Rules Database Version : 3596
Trace Rules Database Version: 1583

Scan type : Complete Scan
Total Scan Time : 04:19:27

Memory items scanned : 182
Memory threats detected : 3
Registry items scanned : 5038
Registry threats detected : 50
File items scanned : 23148
File threats detected : 37

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\CAUDINST32.DLL
C:\WINDOWS\SYSTEM32\CAUDINST32.DLL
[A00F1F0FC8.exe] C:\DOCUME~1\EJER\LOKALE~1\TEMP\_A00F1F0FC8.EXE
C:\DOCUME~1\EJER\LOKALE~1\TEMP\_A00F1F0FC8.EXE
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\8088507448
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#LID
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
C:\DOCUMENTS AND SETTINGS\EJER\LOKALE INDSTILLINGER\TEMP\_A00F1F0FC8.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A653EB34-1D67-4EE5-A2A4-CAAA0CFE051F}\RP485\A0157460.EXE
C:\WINDOWS\SYSTEM32\OT.ICO
C:\WINDOWS\SYSTEM32\TS.ICO
C:\WINDOWS\Prefetch\_A00F1F0FC8.EXE-203B05ED.pf

Trojan.Unclassified/C00-WL/A
C:\WINDOWS\SYSTEM32\__C004B5C4.DAT
C:\WINDOWS\SYSTEM32\__C004B5C4.DAT
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\__c004B5C4

Trojan.Dropper/Gen-NV
C:\WINDOWS\SYSTEM32\__C0095D72.DAT
C:\WINDOWS\SYSTEM32\__C0095D72.DAT
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\__c0095D72
C:\WINDOWS\SYSTEM32\__C00F529E.DAT

Trojan.Unclassified/C00-Installer
[A00F1CF7C5.exe] C:\DOCUME~1\EJER\LOKALE~1\TEMP\_A00F1CF7C5.EXE
C:\DOCUME~1\EJER\LOKALE~1\TEMP\_A00F1CF7C5.EXE
[A00FE988716.exe] C:\DOCUME~1\EJER\LOKALE~1\TEMP\_A00FE988716.EXE
C:\DOCUME~1\EJER\LOKALE~1\TEMP\_A00FE988716.EXE
C:\DOCUMENTS AND SETTINGS\EJER\LOKALE INDSTILLINGER\TEMP\_A00F1CF7C5.EXE
C:\DOCUMENTS AND SETTINGS\EJER\LOKALE INDSTILLINGER\TEMP\_A00FE988716.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A653EB34-1D67-4EE5-A2A4-CAAA0CFE051F}\RP482\A0154349.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A653EB34-1D67-4EE5-A2A4-CAAA0CFE051F}\RP482\A0157390.EXE
C:\WINDOWS\Prefetch\_A00F1CF7C5.EXE-09BFEFB4.pf
C:\WINDOWS\Prefetch\_A00FE988716.EXE-1EBB0CF9.pf

Trojan.Unclassified/C00-Installer/B
[A00F2EF925.exe] C:\DOCUME~1\EJER\LOKALE~1\TEMP\_A00F2EF925.EXE
C:\DOCUME~1\EJER\LOKALE~1\TEMP\_A00F2EF925.EXE
C:\DOCUMENTS AND SETTINGS\EJER\LOKALE INDSTILLINGER\TEMP\_A00F2EF925.EXE
C:\WINDOWS\Prefetch\_A00F2EF925.EXE-26F84B99.pf

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{24A1E1CC-4393-941E-B765-2264A695D4E3}
HKCR\CLSID\{24A1E1CC-4393-941E-B765-2264A695D4E3}
HKCR\CLSID\{24A1E1CC-4393-941E-B765-2264A695D4E3}
HKCR\CLSID\{24A1E1CC-4393-941E-B765-2264A695D4E3}\InprocServer32
HKCR\CLSID\{24A1E1CC-4393-941E-B765-2264A695D4E3}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BROWSEARCH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24A1E1CC-4393-941E-B765-2264A695D4E3}

Trojan.Net-Winload/DF
HKLM\Software\Classes\CLSID\{3229DFCD-3EAF-4712-ED45-4876FEDC170C}
HKCR\CLSID\{3229DFCD-3EAF-4712-ED45-4876FEDC170C}
HKCR\CLSID\{3229DFCD-3EAF-4712-ED45-4876FEDC170C}
HKCR\CLSID\{3229DFCD-3EAF-4712-ED45-4876FEDC170C}\InprocServer32
HKCR\CLSID\{3229DFCD-3EAF-4712-ED45-4876FEDC170C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\WINLOAD.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{3229DFCD-3EAF-4712-ED45-4876FEDC170C}

Trojan.Unclassified/C00-WL
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C004B5C4
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C004B5C4#Asynchronous
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C004B5C4#DllName
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C004B5C4#Impersonate
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C004B5C4#Startup
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C004B5C4#Logon
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0095D72
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0095D72#Asynchronous
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0095D72#DllName
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0095D72#Impersonate
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0095D72#Startup
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0095D72#Logon
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00EE2C8
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00EE2C8#Asynchronous
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00EE2C8#DllName
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00EE2C8#Impersonate
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00EE2C8#Startup
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00EE2C8#Logon
C:\WINDOWS\SYSTEM32\__C00B8778.DAT

Adware.Casino Games (Golden Palace Casino)
C:\PROGRAMMER\INTERCASINO $$$\CASINO.EXE
C:\DOCUMENTS AND SETTINGS\EJER\MENUEN START\INTERCASINO $$$.LNK
C:\DOCUMENTS AND SETTINGS\EJER\MENUEN START\PROGRAMMER\INTERCASINO $$$\INTERCASINO $$$.LNK
C:\DOCUMENTS AND SETTINGS\EJER\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\INTERCASINO $$$.LNK
C:\POKER\EXPEKT POKER\CASINO.EXE
C:\DOCUMENTS AND SETTINGS\EJER\SKRIVEBORD\POKER\EXPEKT POKER.LNK
C:\DOCUMENTS AND SETTINGS\EJER\SKRIVEBORD\POKER\INTERCASINO $$$.LNK

Trojan.Downloader-WinLoad
C:\DOCUMENTS AND SETTINGS\EJER\APPLICATION DATA\MICROSOFT\SYSTEMBACKUP\WINLOAD.DLL

Trojan.Downloader-Gen/ScaredStraight
C:\WINDOWS\SYSTEM32\MSCERT.DLL
C:\WINDOWS\SYSTEM32\NETD.DLL
C:\WINDOWS\SYSTEM32\PXCRT.DLL

Trojan.Dropper/Gen
C:\WINDOWS\SYSTEM32\~.EXE
C:\WINDOWS\Prefetch\~.EXE-3B3A448A.pf

---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:32, on 14-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmer\Java\jre1.5.0\bin\jusched.exe
C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Programmer\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Programmer\MarkAny\ContentSafer\MAAgent.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\Programmer\CASIO\Photo Loader\Plauto.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\d744c18ba04d5b8404e940448bc0cd6d\update\update.exe
C:\Documents and Settings\Ejer\Skrivebord\spywarefri\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euroinvestor.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programmer\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmer\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programmer\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmer\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programmer\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Ejer\Skrivebord\InterCasino $$$.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Ejer\Skrivebord\InterCasino $$$.lnk (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/205/Rawflow.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152547271812
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} (QuestActiveX Class) - http://www.quest3d.com/Quest3D_WebInstall.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photocare.dk/ImageUploader3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp06.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll.dll,C:\WINDOWS\System32\CAUDINST32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - (no file)
O22 - SharedTaskScheduler: {89e4aaba-3b21-49b3-b922-8ca35193c68e} - furnariidae - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmer\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe

--
End of file - 10972 bytes

---------------------------------------------------------------

ComboFix 08-10-12.01 - Ejer 2008-10-14 18:21:08.1 - NTFSx86
Running from: C:\Documents and Settings\Ejer\Skrivebord\spywarefri\ComboFix.exe
* Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ejer\Application Data\ICROSO~1
C:\Documents and Settings\Ejer\Dokumenter\MBOLS~1
C:\Programmer\MicroAntivirus
C:\Programmer\MicroAntivirus\microAV.ooo
C:\Programmer\MicroAntivirus\microAV1.dat
C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\system32\__c00F46BB.exe
C:\WINDOWS\system32\mt_32.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.

2008-10-14 07:40 . 2008-10-14 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-14 07:17 . 2008-10-14 07:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-14 07:15 . 2008-10-14 07:15 <DIR> d-------- C:\Programmer\CCleaner
2008-10-14 07:13 . 2006-09-05 18:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 05:52 --------- d-----w C:\Programmer\SUPERAntiSpyware
2008-10-14 05:16 --------- d-----w C:\Documents and Settings\Ejer\Application Data\SUPERAntiSpyware.com
2008-10-14 05:13 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-08-06 20:36 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2007-04-10 13:02 0 ----a-w C:\Documents and Settings\Ejer\Application Data\wklnhst.dat
2006-07-17 06:09 0 ----a-w C:\Documents and Settings\Ejer\loaded.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 68856]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-10-14 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-27 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-21 344064]
"Cpqset"="C:\Programmer\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"WatchDog"="C:\Programmer\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 184320]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2004-06-11 286720]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-05-18 98304]
"eabconfg.cpl"="C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"UpdateManager"="C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0\bin\jusched.exe" [2006-05-18 36972]
"hpWirelessAssistant"="C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 59392]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2006-01-13 311296]
"SMSTray"="C:\Programmer\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="C:\Programmer\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-10-14 6731312]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BTTray.lnk - C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe [2004-11-29 569405]
DVD Check.lnk - C:\Programmer\InterVideo\DVD Check\DVDCheck.exe [2006-05-18 184320]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Photo Loader supervisory.lnk - C:\Programmer\CASIO\Photo Loader\Plauto.exe [2006-08-07 229376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-10-14 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-10-14 07:52 352256 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\InterPoker\\UA.exe"=
"C:\\Programmer\\Cyanide\\GameCenter\\GameCenter.exe"=
"C:\\Programmer\\Cyanide\\Pro Cycling Manager - Saison 2006\\PCM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Programmer\\Cyanide\\Pro Cycling Manager 2007\\PCM.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=

R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys [2007-09-28 64648]
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys [2007-09-28 83592]
R0 ps7akt6c;Cycling Manager 2007 Synchronization Driver (ps7akt6c);C:\WINDOWS\system32\drivers\ps7akt6c.sys [2007-09-28 68752]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 ewido security suite driver;ewido security suite driver;C:\Programmer\ewido\security suite\guard.sys [2004-11-22 3072]
R1 SABKUTIL;SABKUTIL;C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2006-07-12 27648]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-06-10 192896]
S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc [ ]
S3 cusbohcn;cusbohcn;C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys [ ]
S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2006-01-13 18864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8feab184-f550-11da-8a86-0016d4020254}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-04 C:\WINDOWS\Tasks\{14D5370C-EA5D-488F-BC18-CC2F19EF88B8}_EJER-F1DE54B88A_Ejer.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-27 14:00]

2008-09-10 C:\WINDOWS\Tasks\{3AD1AC38-9596-4893-BBA7-E0691573CEE9}_EJER-F1DE54B88A_Ejer.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-27 14:00]

2008-08-29 C:\WINDOWS\Tasks\{86FA2E1A-B4EF-4BDB-9CA2-04B5C49B0DE1}_EJER-F1DE54B88A_Ejer.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-27 14:00]
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-furnariidae - (no file)
Notify-winuns32 - winuns32.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.euroinvestor.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Search Bar =
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - %~$path:i
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - %~$path:i
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - %~$path:i

O16 -: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://webnode1.xstream.dk/radiostationer/rawflow/205/Rawflow.cab
C:\WINDOWS\Downloaded Program Files\Rawflow.ocx

O16 -: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} - hxxp://www.quest3d.com/Quest3D_WebInstall.cab
C:\WINDOWS\Downloaded Program Files\Quest3D.inf

O16 -: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe

O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
C:\WINDOWS\Downloaded Program Files\e-Safekey.inf
C:\WINDOWS\Downloaded Program Files\e-Safekey.dll

O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp06.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
C:\WINDOWS\Downloaded Program Files\ImageUploader_3.inf
C:\WINDOWS\Downloaded Program Files\ImageUploader_3.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 18:33:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmer\HPQ\Default Settings\cpqset.exe???????????3?7?9?3??`???? ?,?B????????? ???hLC????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\HPQ\shared\hpqwmi.exe
C:\WINDOWS\SoftwareDistribution\Download\d744c18ba04d5b8404e940448bc0cd6d\update\update.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2008-10-14 18:48:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-14 16:48:49

Pre-Run: 45,575,675,904 byte ledig
Post-Run: 45,507,268,608 byte ledig

175 --- E O F --- 2008-09-10 09:20:34

Synes godt om

levich Nybegynder

14. oktober 2008 - 19:38 #1

Et øjeblik ...

Synes godt om

levich Nybegynder

14. oktober 2008 - 19:41 #2

Det ser ud til, at du har fået fjernet en del. Men der er stadig virus/spyware tilbage.

Download "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer og start programmet, opdater, lav "fuld systemscanning" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind.
Genstart computeren og send en ny log fra hijackthis herind også.

Synes godt om

kiwankow Nybegynder

14. oktober 2008 - 19:51 #3

jeg går ud fra det skal være i fejlsikret tilstand

Synes godt om

Computer Hjælp (Gratis) Mester

14. oktober 2008 - 21:51 #4

(I normal boot...)

Synes godt om

kiwankow Nybegynder

15. oktober 2008 - 06:50 #5

hermed to nye logfiler

Malwarebytes' Anti-Malware 1.28
Database version: 1268
Windows 5.1.2600 Service Pack 2

15-10-2008 06:35:33
mbam-log-2008-10-15 (06-35-33).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 150442
Tid tilbagelagt: 6 hour(s), 9 minute(s), 10 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 2

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Poker\Expekt Poker\_t2c.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ejer\Skrivebord\MicroAntivirus.lnk (Rogue.XPertAntivirus) -> Quarantined and deleted successfully.

----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:43, on 15-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Java\jre1.5.0\bin\jusched.exe
C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Programmer\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Programmer\MarkAny\ContentSafer\MAAgent.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\Programmer\CASIO\Photo Loader\Plauto.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ejer\Skrivebord\spywarefri\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euroinvestor.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programmer\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmer\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programmer\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmer\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programmer\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Ejer\Skrivebord\InterCasino $$$.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Ejer\Skrivebord\InterCasino $$$.lnk (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/205/Rawflow.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152547271812
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} (QuestActiveX Class) - http://www.quest3d.com/Quest3D_WebInstall.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photocare.dk/ImageUploader3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp06.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmer\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe

--
End of file - 10445 bytes

Synes godt om

kiwankow Nybegynder

15. oktober 2008 - 09:01 #6

ja første scan var i fejlsikret tilstand så her kommer en fra normal boot

Malwarebytes' Anti-Malware 1.28
Database version: 1268
Windows 5.1.2600 Service Pack 2

15-10-2008 08:48:48
mbam-log-2008-10-15 (08-48-48).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 151307
Tid tilbagelagt: 1 hour(s), 7 minute(s), 10 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\System Volume Information\_restore{A653EB34-1D67-4EE5-A2A4-CAAA0CFE051F}\RP502\A0184096.exe (Adware.Agent) -> Quarantined and deleted successfully.

Synes godt om

levich Nybegynder

15. oktober 2008 - 19:59 #7

Ja, umiddelbart ser det fint ud, men kender du til den her hjemmeside: prosearching.com?

... og kører windows som den skal?

Synes godt om

kiwankow Nybegynder

16. oktober 2008 - 14:36 #8

nej ikke det er ikke en side jeg kender noget til

windows kører umiddelbart fint

Synes godt om

ejvindh Ekspert

16. oktober 2008 - 16:42 #9

@Levich: Jeg vil stærkt anbefale, at du sikrer dig, at denne driver er fjernet også:
cusbohcn

Synes godt om

kiwankow Nybegynder

16. oktober 2008 - 18:29 #10

hvad er næste skridt jeg skal foretage mig..??

Synes godt om

levich Nybegynder

16. oktober 2008 - 18:41 #11

Læs alle punkterne inden du gør noget.
Gem evt. denne vejledning som en tekstfil på skrivebordet vha. Notepad.

(1)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op) og Fix følgende linjer med HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

(2)
Åbn "denne computer", i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper", sæt prik i "Vis skjulte filer og mapper". Husk at trykke på knappen "Anvend på alle mapper" i stedet for "ok".

søg efter og slet følgende fil(er):
C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys

(3)
Genstart computeren normalt. Lav en ny log med HijackThis og send den herind.

Synes godt om

kiwankow Nybegynder

16. oktober 2008 - 23:15 #12

har fixet de fire linjer men kan ikke finde den fil du snakker om ved at søger efter den

Synes godt om

ejvindh Ekspert

16. oktober 2008 - 23:24 #13

Du kan ikke finde cusbohcn.sys -- for hvis den er der, er den gemt af et rootkit. Prøv dette:

Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~
File::
C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys

RootKit::
C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys

Driver::
cusbohcn
~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind til gennemsyn

Synes godt om

kiwankow Nybegynder

17. oktober 2008 - 18:46 #14

hermed ny combofix log:
----------------------------------------------------------------------------------

ComboFix 08-10-16.08 - Ejer 2008-10-17 8:57:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.211 [GMT 2:00]
Running from: C:\Documents and Settings\Ejer\Skrivebord\spywarefri\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ejer\Skrivebord\CFScript.txt
* Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]

FILE ::
C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CUSBOHCN
-------\Service_cusbohcn

((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
.

2008-10-15 09:04 . 2008-10-15 09:06 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-14 20:10 . 2008-10-14 20:12 <DIR> d-------- C:\Programmer\Malwarebytes' Anti-Malware
2008-10-14 20:10 . 2008-10-14 20:10 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\Malwarebytes
2008-10-14 20:10 . 2008-10-14 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 20:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-14 20:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-14 07:40 . 2008-10-14 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-14 07:17 . 2008-10-14 07:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-14 07:15 . 2008-10-14 07:15 <DIR> d-------- C:\Programmer\CCleaner
2008-10-14 07:13 . 2006-09-05 18:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 05:52 --------- d-----w C:\Programmer\SUPERAntiSpyware
2008-10-14 05:16 --------- d-----w C:\Documents and Settings\Ejer\Application Data\SUPERAntiSpyware.com
2008-10-14 05:13 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-06 20:36 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2007-04-10 13:02 0 ----a-w C:\Documents and Settings\Ejer\Application Data\wklnhst.dat
2006-07-17 06:09 0 ----a-w C:\Documents and Settings\Ejer\loaded.exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-14_18.48.05.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-02-28 16:03:09 2,138,624 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:46:27 2,138,624 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 16:03:14 2,060,160 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:46:32 2,060,288 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 16:03:08 2,018,304 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:46:25 2,018,304 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 16:03:14 2,182,912 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 13:46:30 2,182,912 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 16:33:50 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:33:50 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:33:50 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:33:50 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:33:50 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:19:04 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:33:50 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:33:50 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:33:50 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:33:50 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:33:51 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:33:51 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:33:52 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:19:22 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:33:52 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:33:52 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:33:52 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 08:33:54 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:33:53 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:33:53 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:33:53 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:33:53 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:33:53 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:11:00 214,752 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:12:08 383,200 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:33:53 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:33:53 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:33:54 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:33:54 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-06-23 16:33:50 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 08:27:23 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-06-23 16:33:50 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 08:27:23 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-06-23 16:33:50 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 08:27:23 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:33:50 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 08:27:23 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:33:50 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 08:27:23 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-06-23 16:33:50 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 08:27:23 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-06-23 09:19:04 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:36:50 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:33:50 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 08:27:23 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:33:50 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 08:27:23 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-06-23 16:33:50 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 08:27:24 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:33:50 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 08:27:24 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:33:51 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-10-03 17:12:34 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-06-23 16:33:51 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 08:27:25 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-06-23 16:33:52 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 08:27:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-06-23 09:19:22 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-06-23 16:33:52 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 08:27:26 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-06-23 16:33:52 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 08:27:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-06-23 16:33:52 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 08:27:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-06-24 08:33:54 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-27 09:27:28 3,593,216 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:33:53 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 08:27:27 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-06-23 16:33:53 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 08:27:27 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:33:53 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 08:27:27 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-27 12:00:00 72,704 -c--a-w C:\WINDOWS\system32\dllcache\msw3prt.dll
+ 2008-08-28 08:04:43 74,752 -c--a-w C:\WINDOWS\system32\dllcache\msw3prt.dll
- 2007-02-28 16:03:09 2,138,624 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 13:46:27 2,138,624 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 16:03:14 2,060,160 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 13:46:32 2,060,288 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 16:03:08 2,018,304 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 13:46:25 2,018,304 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
- 2007-02-28 16:03:14 2,182,912 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 13:46:30 2,182,912 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:33:53 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 08:27:27 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:33:53 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 08:27:27 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2008-06-23 16:33:53 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 08:27:27 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:33:53 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 08:27:27 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 16:33:54 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 08:27:27 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-20 08:09:44 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-09-15 15:40:38 1,846,016 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2004-08-27 12:00:00 101,888 -c--a-w C:\WINDOWS\system32\dllcache\win32spl.dll
+ 2008-08-28 08:04:43 104,448 -c--a-w C:\WINDOWS\system32\dllcache\win32spl.dll
- 2008-06-23 16:33:54 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 08:27:28 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2008-06-23 16:33:50 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 08:27:23 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:33:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 08:27:23 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:33:50 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 08:27:23 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-13 13:32:26 235,168 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-15 07:18:52 235,168 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-06-23 16:33:50 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 08:27:23 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-06-23 09:19:04 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:36:50 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:33:50 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 08:27:23 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:33:50 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 08:27:23 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:33:50 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 08:27:24 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-06-23 16:33:50 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 08:27:24 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-06-23 16:33:51 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:12:34 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:33:51 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 08:27:25 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-06-23 16:33:52 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 08:27:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-06-23 16:33:52 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 08:27:26 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-06-23 16:33:52 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 08:27:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-06-23 16:33:52 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 08:27:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-06-24 08:33:54 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-27 09:27:28 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:33:53 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 08:27:27 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-06-23 16:33:53 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 08:27:27 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:33:53 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 08:27:27 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-27 12:00:00 72,704 ----a-w C:\WINDOWS\system32\msw3prt.dll
+ 2008-08-28 08:04:43 74,752 ----a-w C:\WINDOWS\system32\msw3prt.dll
- 2007-02-28 16:03:14 2,060,160 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2008-08-14 13:46:32 2,060,288 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2007-02-28 16:03:14 2,182,912 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2008-08-14 13:46:30 2,182,912 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2008-06-23 16:33:53 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-08-26 08:27:27 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-06-23 16:33:53 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 08:27:27 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-11-30 12:39:13 17,784 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:31 17,784 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-06-23 16:33:53 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-26 08:27:27 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:33:53 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 08:27:27 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-06-23 16:33:54 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 08:27:27 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-20 08:09:44 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-09-15 15:40:38 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
- 2004-08-27 12:00:00 101,888 ----a-w C:\WINDOWS\system32\win32spl.dll
+ 2008-08-28 08:04:43 104,448 ----a-w C:\WINDOWS\system32\win32spl.dll
- 2008-06-23 16:33:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-08-26 08:27:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 68856]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-10-14 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-27 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-21 344064]
"Cpqset"="C:\Programmer\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"WatchDog"="C:\Programmer\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 184320]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2004-06-11 286720]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-05-18 98304]
"eabconfg.cpl"="C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"UpdateManager"="C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0\bin\jusched.exe" [2006-05-18 36972]
"hpWirelessAssistant"="C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 59392]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2006-01-13 311296]
"SMSTray"="C:\Programmer\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="C:\Programmer\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-10-14 6731312]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BTTray.lnk - C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe [2004-11-29 569405]
DVD Check.lnk - C:\Programmer\InterVideo\DVD Check\DVDCheck.exe [2006-05-18 184320]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Photo Loader supervisory.lnk - C:\Programmer\CASIO\Photo Loader\Plauto.exe [2006-08-07 229376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-10-14 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-10-14 07:52 352256 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\InterPoker\\UA.exe"=
"C:\\Programmer\\Cyanide\\GameCenter\\GameCenter.exe"=
"C:\\Programmer\\Cyanide\\Pro Cycling Manager - Saison 2006\\PCM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Programmer\\Cyanide\\Pro Cycling Manager 2007\\PCM.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=

R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys [2007-09-28 64648]
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys [2007-09-28 83592]
R0 ps7akt6c;Cycling Manager 2007 Synchronization Driver (ps7akt6c);C:\WINDOWS\system32\drivers\ps7akt6c.sys [2007-09-28 68752]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 ewido security suite driver;ewido security suite driver;C:\Programmer\ewido\security suite\guard.sys [2004-11-22 3072]
R1 SABKUTIL;SABKUTIL;C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2006-07-12 27648]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-06-10 192896]
S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc [ ]
S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2006-01-13 18864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8feab184-f550-11da-8a86-0016d4020254}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-04 C:\WINDOWS\Tasks\{14D5370C-EA5D-488F-BC18-CC2F19EF88B8}_EJER-F1DE54B88A_Ejer.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-27 14:00]

2008-10-15 C:\WINDOWS\Tasks\{3AD1AC38-9596-4893-BBA7-E0691573CEE9}_EJER-F1DE54B88A_Ejer.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-27 14:00]

2008-08-29 C:\WINDOWS\Tasks\{86FA2E1A-B4EF-4BDB-9CA2-04B5C49B0DE1}_EJER-F1DE54B88A_Ejer.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-27 14:00]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 09:06:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmer\HPQ\Default Settings\cpqset.exe???????????3?7?9?3??????? ?,?B????????? ???hLC????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HPQ\shared\hpqwmi.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2008-10-17 9:14:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-17 07:14:16
ComboFix2.txt 2008-10-14 16:49:00

Pre-Run: 44,774,100,992 byte ledig
Post-Run: 44,768,718,848 byte ledig

342 --- E O F --- 2008-10-15 07:06:11

Synes godt om

ejvindh Ekspert

18. oktober 2008 - 01:38 #15

Så røg det sidste væk også.

Synes godt om

levich Nybegynder

18. oktober 2008 - 10:30 #16

ejvindh -> Hvis nu spørgeren i stedet havde brugt et program såsom Unhackme eller Blacklight til at scanne efter og fjerne rootkit'en, ville det efter din mening så også have virket?

Synes godt om

ejvindh Ekspert

18. oktober 2008 - 14:11 #17

@Levich: Det er jeg lidt usikker på. Driveren var jo ikke skjult, så den ville de i hvert fald nok ikke finde. Men det kan godt være, at de havde fundet filen.

Dog vil jeg nok sige at Unhackme og Blacklight nok ikke er de skarpeste knive i skuffen mod rootkits længere. :-)

Synes godt om

kiwankow Nybegynder

18. oktober 2008 - 17:28 #18

Kan jeg gå ud fra at maskine erhelt renset nu..??

Synes godt om

levich Nybegynder

18. oktober 2008 - 20:21 #19

Kort sagt: Ja

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

15:55

Apples vilde planer for 2026: Her er de banebrydende produkter vi venter på

30/12

Årets 10 mest populære Computerworld-artikler: Her er historierne, der for alvor hittede

30/12

CBS lukker en stribe uddannelser: Vil fokusere på teknologi og digitalisering

30/12

En af verdens vildeste it-stillinger: Bliver CIO for over to millioner ansatte

30/12

AI-projekter fejler ikke på teknologien – de fejler på ledelsen

30/12

ERP, sikkerhed og datacentre: Her er tre store tech-opkøb du måske er gået glip af i juleferien

30/12

Omsætningen i Comm2ig rasler ned med over en halv milliard kroner: Fastholder alligevel "hovedparten af medarbejderstaben"

30/12

Stod bag dansk milliard-app: Nu kaster han sig over et nyt projekt

30/12

Bøger: Obamas bud på årets vigtigste udgivelser

30/12

Microsofts danske udviklingscenter er tynget af høje omkostninger

30/12

Meta opkøber ombejlet kinesisk AI-selskab: Vil integrere teknologien i Facebook og Instagram

Vis flere artikler

IT-JOB

KMD A/S

SAP-arkitekt

KMD A/S

Senior Business Consultant

Epona A/S

Senior Developer

Jyske Bank

Senior Java-udvikler til AML-udviklingsteamet - med fokus på samarbejde og innovation

Politiets Efterretningstjeneste

MLOps engineer i PET

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

27/1222:02	Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21	Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31	TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05	Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36	Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows

White papers

Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Er I klar til at tage næste skridt på den digitale retailrejse?
TDC Erhverv
Udnyt Genesys Cloud CX optimalt og styrk kundeoplevelsen
Sabio
Revolutionér kundeoplevelsen med AI og automatisering
Sabio

Flere white papers »