Søg
Avatar billede dytti Novice
27. november 2007 - 15:22 Der er 3 kommentarer og
1 løsning

Suk - endu en hijack

Under indstallering af Powered Keylogger, dukkede en virusalarm op.
Jeg kan ikke åbne keyloggeren på den anviste måde, og kan derfor ikke finde og afindstallere den.

Kan nogen se om jeg har snavs.
Jeg har fulgt denne vejledning:http://www.eksperten.dk/artikler/1123

Logfile of HijackThis v1.99.1
Scan saved at 14:59:28, on 27-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Sunbelt Software\iHateSpam\ihsService.exe
C:\Programmer\Comodo\Firewall\cfp.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Sunbelt Software\iHateSpam\ihsSpamFilterEngine.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Sunbelt Software\iHateSpam\ihsMailProxyServer.exe
C:\Programmer\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\download\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?hl=da
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ihsService.exe] "C:\Programmer\Sunbelt Software\iHateSpam\ihsService.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmer\Comodo\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programmer\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe

SUPERAntiSpyware Scan Log
Generated 11/27/2007 at 02:52 PM

Application Version : 3.5.1016

Core Rules Database Version : 3351
Trace Rules Database Version: 1350

Scan type      : Complete Scan
Total Scan Time : 00:48:14

Memory items scanned      : 164
Memory threats detected  : 0
Registry items scanned    : 6998
Registry threats detected : 0
File items scanned        : 31156
File threats detected    : 7

Adware.Tracking Cookie
    C:\Documents and Settings\Michael Pedersen\Cookies\michael_pedersen@track.adform[1].txt
    C:\Documents and Settings\Michael Pedersen\Cookies\michael_pedersen@bs.serving-sys[1].txt
    C:\Documents and Settings\Michael Pedersen\Cookies\michael_pedersen@ads2.jubii[1].txt
    C:\Documents and Settings\Michael Pedersen\Cookies\michael_pedersen@www.googleadservices[1].txt
    C:\Documents and Settings\Michael Pedersen\Cookies\michael_pedersen@ncom.banneradministration[1].txt
    C:\Documents and Settings\Michael Pedersen\Cookies\michael_pedersen@serving-sys[2].txt
    C:\Documents and Settings\Michael Pedersen\Cookies\michael_pedersen@imrworldwide[2].txt

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
27-11-2007 15:02:23,54

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 15:02:24
Windows 5.1.2600 Service Pack 2
detected NTDLL code modification:
ZwClose
scanning hidden processes ...

detected NTDLL code modification:
ZwClose
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ahhcc]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"system32\drivers\ahhcc.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ahhcc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ahhcc]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"system32\drivers\ahhcc.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ahhcc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

detected NTDLL code modification:
ZwClose
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20226~\2]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{499C7599-31A3-E908-61E9-AD2521F0F616}]
"ablpodobdeofaobdjilejgaepieecckfef"=hex:61,61,00,00
"bblpodobdeofaobdjicboaefjemjochjnbkd"=hex:61,61,00,00

detected NTDLL code modification:
ZwClose
scanning hidden files ...
C:\WINDOWS\plahhcc
C:\WINDOWS\prlahhcc
C:\WINDOWS\sahhcc
C:\WINDOWS\ulahhcc
C:\WINDOWS\iahhcc
C:\WINDOWS\ilahhcc
C:\WINDOWS\esahhcc
C:\WINDOWS\klahhcc
C:\WINDOWS\mlahhcc
C:\WINDOWS\wlahhcc
C:\WINDOWS\clahhcc
C:\WINDOWS\oahhcc
C:\WINDOWS\ahhcc
C:\WINDOWS\bahhcc

hidden processes: 0
hidden services: 1
hidden files: 14

ComboFix 07-11-19.4 - Michael Pedersen 2007-11-27 15:04:01.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.483 [GMT 1:00]
Running from: C:\download\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-10-27 to 2007-11-27  )))))))))))))))))))))))))))))))
.

2007-11-27 13:40    <DIR>    d--------    C:\Programmer\Fælles filer\ODBC
2007-11-26 13:53    46    --a------    C:\WINDOWS\system32\6DAEE2BCFEDB43a581D1CC58E9642691.ini
2007-11-25 10:45    271,224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-11-25 10:45    207,736    --a------    C:\WINDOWS\system32\muweb.dll
2007-11-25 10:45    30,072    --a------    C:\WINDOWS\system32\mucltui.dll.mui
2007-11-24 21:16    <DIR>    d--hsc---    C:\Programmer\Fælles filer\WindowsLiveInstaller
2007-11-24 21:16    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-23 10:45    139,008    --a------    C:\WINDOWS\system32\guard32.dll
2007-11-23 10:45    79,096    --a------    C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-23 10:45    23,672    --a------    C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-19 16:14    <DIR>    d--------    C:\Documents and Settings\Michael Pedersen\Application Data\TrojanHunter
2007-11-14 18:06    <DIR>    d--------    C:\Programmer\MSECache
2007-11-12 11:49    <DIR>    d--------    C:\Programmer\IrfanView
2007-11-09 17:01    <DIR>    d--------    C:\Programmer\MagicISO
2007-11-09 16:55    <DIR>    d--------    C:\Programmer\PowerISO
2007-11-02 13:21    <DIR>    d--------    C:\Programmer\Sunbelt Software
2007-11-02 13:05    <DIR>    d--------    C:\temp
2007-11-02 13:05    <DIR>    d--------    C:\Documents and Settings\Michael Pedersen\Application Data\AntiSpamFilter
2007-11-01 15:15    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2007-11-01 15:15    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Ipswitch
2007-10-31 10:24    1,159,680    --a------    C:\WINDOWS\sqlserver.dll
2007-10-30 12:05    <DIR>    d--------    C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2007-10-30 12:05    <DIR>    d--------    C:\Programmer\Ipswitch
2007-10-30 12:05    <DIR>    d--------    C:\Documents and Settings\Michael Pedersen\Application Data\Ipswitch
2007-10-30 12:05    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Ipswitch
2007-10-30 12:05    606,293    --a------    C:\WINDOWS\system32\wbocx.ocx
2007-10-30 12:05    50,688    --a------    C:\WINDOWS\system32\wbhelp2.dll
2007-10-30 12:04    4,543,488    ---hs----    C:\WINDOWS\alg.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 13:03    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2007-11-27 11:51    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-11-27 10:41    ---------    d-----w    C:\Documents and Settings\Michael Pedersen\Application Data\Microgaming
2007-11-26 13:26    ---------    d-----w    C:\Documents and Settings\Michael Pedersen\Application Data\Eltima Software
2007-11-23 09:51    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-23 09:45    ---------    d-----w    C:\Programmer\Comodo
2007-11-23 09:45    ---------    d-----w    C:\Documents and Settings\Michael Pedersen\Application Data\Comodo
2007-11-19 17:30    ---------    d-----w    C:\Programmer\Lexmark X1100 Series
2007-11-06 16:03    ---------    d-----w    C:\Documents and Settings\Michael Pedersen\Application Data\Vso
2007-10-23 07:36    ---------    d-----w    C:\Programmer\Java
2007-10-09 12:16    64,093    ----a-w    C:\WINDOWS\BricoPackUninst.cmd
2007-10-09 12:16    6,120    ----a-w    C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-10-09 12:16    219,136    ----a-w    C:\WINDOWS\system32\uxtheme.dll
2007-09-06 10:09    801,144    ----a-w    C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00    95,608    ----a-w    C:\WINDOWS\system32\AVASTSS.scr
2007-04-22 08:07    87,608    ----a-w    C:\Documents and Settings\Michael Pedersen\Application Data\ezpinst.exe
2007-04-22 08:07    47,360    ----a-w    C:\Documents and Settings\Michael Pedersen\Application Data\pcouffin.sys
2007-02-03 23:55    85,368    ----a-w    C:\Documents and Settings\Michael Pedersen\Application Data\GDIPFONTCACHEV1.DAT
2007-03-10 09:52    5    --sha-w    C:\WINDOWS\system32\aeadecbbc_s.dll
.

(((((((((((((((((((((((((((((  snapshot@2007-11-27_13.48.19,75  )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-27 13:54:18    16,384    ----atw    C:\WINDOWS\TEMP\Perflib_Perfdata_560.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-12-27 12:38]
"ihsService.exe"="C:\Programmer\Sunbelt Software\iHateSpam\ihsService.exe" [2006-11-01 16:00]
"COMODO Firewall Pro"="C:\Programmer\Comodo\Firewall\cfp.exe" [2007-11-23 10:45]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Speed Launch.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2007-08-31 06:21:49]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2007-01-22 10:10 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 10:12 258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys
S4 hg1;hg1;C:\WINDOWS\hg1.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\alerter]
C:\WINDOWS\alerter.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 15:07:08
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\plahhcc 0 bytes
C:\WINDOWS\prlahhcc 0 bytes
C:\WINDOWS\sahhcc 0 bytes
C:\WINDOWS\ulahhcc 0 bytes
C:\WINDOWS\iahhcc 1308 bytes
C:\WINDOWS\ilahhcc 0 bytes
C:\WINDOWS\esahhcc 0 bytes
C:\WINDOWS\klahhcc 33184 bytes
C:\WINDOWS\mlahhcc 0 bytes
C:\WINDOWS\wlahhcc 0 bytes
C:\WINDOWS\clahhcc 0 bytes
C:\WINDOWS\oahhcc 1504 bytes
C:\WINDOWS\ahhcc
C:\WINDOWS\bahhcc 5444 bytes
IPC error: 2 Den angivne fil blev ikke fundet.
C:\WINDOWS\system32\drivers\ahhcc.sys 194336 bytes executable

scan completed successfully
hidden files: 15

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ahhcc]
"ImagePath"="system32\drivers\ahhcc.sys"
.
Completion time: 2007-11-27 15:08:02
C:\ComboFix2.txt ... 2007-11-27 13:49
C:\ComboFix3.txt ... 2007-11-01 16:16
.
    --- E O F ---
Avatar billede ejvindh Ekspert
28. november 2007 - 09:25 #1
Ja, computeren er inficeret. Men når man bevidst installerer spyware (spionerings-software), så kan man vel ikke rigtig undre sig over at man får spyware på computeren...
Avatar billede dytti Novice
28. november 2007 - 10:03 #2
Ja - Det var bevidst.
Var nysgerrig efter at se hvordan sådan en fætter (keylogger) virkede.
Jeg læste at den havde fået 5 køer på tocows, så jeg regnede med at den var sikker.
Avatar billede ejvindh Ekspert
28. november 2007 - 12:59 #3
Det har du jo så god lejlighed til at studere nu. En keylogger fungerer ved at gøre sig usynlig, ellers er den jo ikke meget gavn til.

Jeg vil anbefale at du formaterer computeren, og så lader være med at foretage den slags eksperimenter i fremtiden.

Det kan sådan set godt fjernes, men jeg tvivler på, at du finder nogen, der vil hjælpe dig med det. Ved at installere sådan noget bevidst, hopper du jo over i den lejr, som vi normalt betragter som fjenden: Dem der installerer skidt for at udspionere.
Avatar billede dytti Novice
29. november 2007 - 11:10 #4
Problemet løst via et tysk forum.
Men jeg formattere alligevel, da pc trænger til en gevaldig oprydning.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:59 2 skærme til en stationær computer Af BIRGER i Skærme
I går 19:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
25/0117:08 Problemer med borger.dk Af valby i Windows
25/0114:19 Fejl Af buls i Windows
White papers
Flere white papers »