CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede fedora Nybegynder
04. februar 2008 - 18:08 Der er 8 kommentarer og
1 løsning

Hjælp til analyse af logs

Hej Eksperter,

jeg har været i gang med at ryde op på min søsters computer, og jeg har fulgt fra artiklen Nye Våben, og vil gerne have lidt hjælp til analysen. I hijackthis loggen har jeg placeret nogle pile, på de elementer jeg tror der skal fjernes. Vil nemlig selv gerne lære at gennengå logs.

HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 17:45:59, on 04-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\VMSnap23.exe <---
C:\WINDOWS\Domino.exe <---
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Windows Live\Familiesikkerhed\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE <--- Tvivl?
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Macrogaming\SweetIM\SweetIM.exe <---
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE <--- Tvivl?
C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\McAfee\MSC\mcuimgr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Trine\Skrivebord\Cleaning\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com <---
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmer\Windows Live\Familiesikkerhed\fssbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <---
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe <--- Tvivl?
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe <--- Mulig fix?
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe <--- Muligfix?
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [mcagent_exe] C:\Programmer\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Programmer\Windows Live\Familiesikkerhed\fssui.exe" -autorun
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Mfcd Bows.exe <---
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RollerCoasterTycoon2Setup.exe] C:\DOWNLO~1\ROLLER~1.EXE /r
O4 - HKCU\..\Run: [Blue htm] C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1\Pure View Meow.exe <---
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programmer\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) <--
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) <---
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <---
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <---
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179774626030
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL <---
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL <---
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FÆLLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FÆLLES~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

COMBOFIX:
ComboFix 08-02.03.1 - Trine 2008-02-04 17:49:32.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.346 [GMT 1:00]
Running from: C:\Documents and Settings\Trine\Skrivebord\Cleaning\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\Documents and Settings\Trine\Lokale indstillinger\Application Data\zrjspaldx.dat
c:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe
C:\Documents and Settings\Trine\Lokale indstillinger\Application Data\zrjspaldx_nav.dat
C:\Documents and Settings\Trine\Lokale indstillinger\Application Data\zrjspaldx_navps.dat
C:\Documents and Settings\Trine\Menuen Start\Programmer\InternetGameBox
C:\Documents and Settings\Trine\Menuen Start\Programmer\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\Trine\Menuen Start\Programmer\InternetGameBox\Privacy Policy.lnk
C:\Documents and Settings\Trine\Menuen Start\Programmer\InternetGameBox\Terms and conditions.lnk
C:\Documents and Settings\Trine\Menuen Start\Programmer\InternetGameBox\Website.lnk
C:\Programmer\internetgamebox
C:\Programmer\internetgamebox\InternetGameBox.exe
C:\Programmer\internetgamebox\language
C:\Programmer\internetgamebox\Privacy Policy.url
C:\Programmer\internetgamebox\ressources\AttenteOff.html
C:\Programmer\internetgamebox\ressources\AttenteOn.html
C:\Programmer\internetgamebox\ressources\configv2_en.xml
C:\Programmer\internetgamebox\ressources\configv2_es.xml
C:\Programmer\internetgamebox\ressources\configv2_fr.xml
C:\Programmer\internetgamebox\ressources\favoris\defaultv2.swf
C:\Programmer\internetgamebox\skins\skinv2.skn
C:\Programmer\internetgamebox\Terms and conditions.url
C:\Programmer\internetgamebox\uninst.exe
C:\Programmer\internetgamebox\Website.url
C:\WINDOWS\system32\nvs2.inf
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
(((((((((((((((((((((((((  Files Created from 2008-01-04 to 2008-02-04  )))))))))))))))))))))))))))))))
.

2008-02-04 17:07 . 2008-02-04 17:45    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-02-04 17:07 . 2008-02-04 17:07    <DIR>    d--------    C:\Documents and Settings\Trine\Application Data\SUPERAntiSpyware.com
2008-02-04 17:07 . 2008-02-04 17:07    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-04 17:06 . 2008-02-04 17:06    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-04 17:02 . 2008-02-04 17:02    <DIR>    d--------    C:\Programmer\CCleaner
2008-01-27 21:31 . 2008-01-27 21:31    244    --ah-----    C:\sqmnoopt06.sqm
2008-01-27 21:31 . 2008-01-27 21:31    232    --ah-----    C:\sqmdata06.sqm
2008-01-21 21:17 . 2008-01-21 21:17    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\pixelStorm
2008-01-19 17:55 . 2008-01-19 17:55    <DIR>    d--------    C:\Programmer\log hope wave
2008-01-12 14:41 . 2008-01-19 17:56    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\file joy proc deaf
2008-01-12 14:40 . 2008-02-01 09:50    <DIR>    d--------    C:\Programmer\Messenger Plus! Live
2008-01-12 14:40 . 2008-01-12 14:40    <DIR>    d--------    C:\Programmer\Circle Developement
2008-01-12 14:40 . 2008-01-19 17:56    <DIR>    d--------    C:\Documents and Settings\Trine\Application Data\log hope wave
2008-01-12 14:40 . 2008-01-12 14:40    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Messenger Plus!

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 15:55    ---------    d-----w    C:\Programmer\Macrogaming
2008-02-04 15:53    ---------    d-----w    C:\Programmer\Windows Live Toolbar
2008-02-04 15:51    ---------    d-----w    C:\Programmer\Google
2008-01-20 11:36    43,520    ----a-w    C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-27 17:21    ---------    d-----w    C:\Programmer\Windows Live
2007-12-27 17:12    ---------    d-----w    C:\Programmer\Microsoft SQL Server Compact Edition
2007-12-27 17:07    ---------    dcsh--w    C:\Programmer\Fælles filer\WindowsLiveInstaller
2007-12-27 17:04    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-12 19:38    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-10 19:34    ---------    d-----w    C:\Programmer\QuickTime
2007-12-10 19:34    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-10 19:33    ---------    d-----w    C:\Programmer\Kodak
2007-12-10 19:32    ---------    d-----w    C:\Programmer\Fælles filer\Kodak
2007-12-10 19:29    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Kodak
2007-11-07 09:28    723,456    ----a-w    C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28    723,456    ----a-w    C:\WINDOWS\system32\dllcache\lsasrv.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12    56360    --a------    C:\Programmer\Windows Live\Familiesikkerhed\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 04:00 15360]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"RollerCoasterTycoon2Setup.exe"="C:\DOWNLO~1\ROLLER~1.exe" [2007-08-22 20:56 176128]
"Blue htm"="C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1\Pure View Meow.exe" [2008-01-19 17:55 457216]
"zrjspaldx"="c:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe" [ ]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2004-04-20 15:49 40960]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 15:25 98394]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 15:24 688218]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 20:05 339968]
"LaunchAp"="C:\Programmer\Launch Manager\LaunchAp.exe" [2005-03-30 14:29 32768]
"PowerKey"="C:\Programmer\Launch Manager\PowerKey.exe" [2002-08-30 14:02 94208]
"LManager"="C:\Programmer\Launch Manager\HotkeyApp.exe" [2005-05-19 13:45 69632]
"CtrlVol"="C:\Programmer\Launch Manager\CtrlVol.exe" [2003-09-16 13:28 20480]
"LMgrOSD"="C:\Programmer\Launch Manager\OSDCtrl.exe" [2004-10-11 09:47 245760]
"Wbutton"="C:\Programmer\Launch Manager\Wbutton.exe" [2005-04-18 10:41 81920]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 17:59 49152]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 02:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 18:05 385024]
"BigDogPath323VMSnap"="C:\WINDOWS\VMSnap23.exe" [2006-07-20 05:37 90112]
"BigDogPath323Domino"="C:\WINDOWS\Domino.exe" [2006-06-28 03:54 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 04:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"mcagent_exe"="C:\Programmer\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-12-10 20:34 77824]
"fssui"="C:\Programmer\Windows Live\Familiesikkerhed\fssui.exe" [2007-12-17 11:12 243240]
"Proc Deaf Delete Peak"="C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Mfcd Bows.exe" [2008-02-04 16:44 739840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 04:00 15360]

C:\Documents and Settings\Trine\Menuen Start\Programmer\Start\
PowerReg Scheduler.exe [2007-10-18 13:36:56 189952]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Kodak EasyShare software.lnk - C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-03-31 02:01:22 635019]
Kodak software updater.lnk - C:\Programmer\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-11 16:58:16 16423]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14]
R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 22:07]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Familiesikkerhed;"C:\Programmer\Windows Live\Familiesikkerhed\fsssvc.exe" [2007-12-17 11:13]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-14 23:18]
R3 POWERKEY;POWERKEY;C:\Programmer\Launch Manager\POWERKEY.sys [2000-12-19 17:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 jatmlano;jatmlano;C:\DOCUME~1\Trine\LOKALE~1\Temp\jatmlano.sys []
S3 SI15CI;SI15CI;c:\elements\1stboot\SI15CI.SYS []
S3 vmfilter323;323 filter service, Normal;C:\WINDOWS\system32\drivers\vmfilter323.sys [2006-08-08 12:25]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);C:\WINDOWS\system32\Drivers\usbvm323.sys [2006-08-21 17:40]

*Newly Created Service* - APPMGMT
*Newly Created Service* - CATCHME
*Newly Created Service* - INT15.SYS
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
"2008-02-04 16:00:03 C:\WINDOWS\Tasks\A7F16436918AE1A2.job"
- c:\docume~1\trine\applic~1\loghop~1\Type sixth live.exe
"2007-10-24 16:53:24 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-10-24 16:53:22 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programmer\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 17:51:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-04 17:52:41
ComboFix-quarantined-files.txt  2008-02-04 16:52:32
.
2008-01-23 15:23:05    --- E O F ---

ROOTCHK:
********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
04-02-2008 17:46:42,34

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 17:46:43
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
C:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe [3712]

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd600e12]
"0015b95663e5"=hex:8e,eb,15,52,ff,4a,4a,0c,04,11,59,7c,2b,07,9a,8b
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd600e12]
"0015b95663e5"=hex:8e,eb,15,52,ff,4a,4a,0c,04,11,59,7c,2b,07,9a,8b

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\x2bf8\x388\x2bf8\x388\1"
"DeviceDesc"="\x2bf8\x388\x2bf8\x388\1"
"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"
"MFG"="\x680"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"c:\elements\install\smbus\smbus\smbusati.inf"

scanning hidden files ...

hidden processes: 1
hidden services: 0
hidden files: 0

Jeg kan se, at combofix har fjernet en god slat, og efter hvad jeg kan se så er der også en skjult service via rootchk.

Ingen log fra Superantispyware, fordi den skulle være clean ingen elementer fundet/slettet

På forhånd mange tak.
Avatar billede Computer Hjælp (Gratis) Mester
04. februar 2008 - 20:01 #1
Jeg ser på den...
Avatar billede Computer Hjælp (Gratis) Mester
04. februar 2008 - 20:10 #2
Afinstaller (hvis de er der)

* MessengerPlus*
* SweetIM

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
c:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe
C:\DOCUME~1\Trine\LOKALE~1\Temp\jatmlano.sys
C:\WINDOWS\Tasks\A7F16436918AE1A2.job

Folders to delete:
C:\Documents and Settings\All Users\Application Data\file joy proc deaf\
C:\DOWNLO~1\
C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1\
C:\Programmer\log hope wave
C:\Programmer\Messenger Plus! Live
C:\Documents and Settings\Trine\Application Data\log hope wave
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Programmer\Macrogaming

~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-----------------------------

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com <---
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Mfcd Bows.exe <---

O4 - HKCU\..\Run: [RollerCoasterTycoon2Setup.exe] C:\DOWNLO~1\ROLLER~1.EXE /r
O4 - HKCU\..\Run: [Blue htm] C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1\Pure View Meow.exe <---

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) <---
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <---
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <---

-----------------------------

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

-----------------------------
Avatar billede fedora Nybegynder
04. februar 2008 - 21:03 #3
Logfile of HijackThis v1.99.1
Scan saved at 21:02:34, on 04-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Windows Live\Familiesikkerhed\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmer\McAfee\MSC\mcuimgr.exe
C:\Programmer\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Documents and Settings\Trine\Skrivebord\Cleaning\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmer\Windows Live\Familiesikkerhed\fssbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [mcagent_exe] C:\Programmer\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Programmer\Windows Live\Familiesikkerhed\fssui.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programmer\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179774626030
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FÆLLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FÆLLES~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hkqrmxvs

*******************

Script file located at: \??\C:\Documents and Settings\xambvaqg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe not found!
Deletion of file c:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe failed!

Could not process line:
c:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe
Status: 0xc0000034



File C:\DOCUME~1\Trine\LOKALE~1\Temp\jatmlano.sys not found!
Deletion of file C:\DOCUME~1\Trine\LOKALE~1\Temp\jatmlano.sys failed!

Could not process line:
C:\DOCUME~1\Trine\LOKALE~1\Temp\jatmlano.sys
Status: 0xc0000034



File C:\WINDOWS\Tasks\A7F16436918AE1A2.job not found!
Deletion of file C:\WINDOWS\Tasks\A7F16436918AE1A2.job failed!

Could not process line:
C:\WINDOWS\Tasks\A7F16436918AE1A2.job
Status: 0xc0000034

Folder C:\Documents and Settings\All Users\Application Data\file joy proc deaf deleted successfully.
Folder C:\DOWNLO~1 deleted successfully.


Folder C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1 not found!
Deletion of folder C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1 failed!

Could not process line:
C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1
Status: 0xc0000034



Folder C:\Programmer\log hope wave not found!
Deletion of folder C:\Programmer\log hope wave failed!

Could not process line:
C:\Programmer\log hope wave
Status: 0xc0000034



Folder C:\Programmer\Messenger Plus! Live not found!
Deletion of folder C:\Programmer\Messenger Plus! Live failed!

Could not process line:
C:\Programmer\Messenger Plus! Live
Status: 0xc0000034



Folder C:\Documents and Settings\Trine\Application Data\log hope wave not found!
Deletion of folder C:\Documents and Settings\Trine\Application Data\log hope wave failed!

Could not process line:
C:\Documents and Settings\Trine\Application Data\log hope wave
Status: 0xc0000034



Folder C:\Documents and Settings\All Users\Application Data\Messenger Plus! not found!
Deletion of folder C:\Documents and Settings\All Users\Application Data\Messenger Plus! failed!

Could not process line:
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
Status: 0xc0000034

Folder C:\Programmer\Macrogaming deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Avatar billede Computer Hjælp (Gratis) Mester
04. februar 2008 - 21:25 #4
Selvom Avenger rokkede sig lidt - men bare for at være sikker...

Umiddelbart er du 'ren' ...

Eftercheck lige om filen C:\WINDOWS\Tasks\A7F16436918AE1A2.job (eller lign. navn) ER slettet helt...
(Du skal aktivere vis skjulte mapper/filer/systemfiler !)

Hvordan kører PC'en så nu ?

Har du rullet CCleaner ?
Avatar billede fedora Nybegynder
05. februar 2008 - 07:41 #5
Jeg kørte CCleaner, som det første og der var en del der blev ryddet op i. Den er stadigvæk lidt langsom under opstart, men tjekket lige om task'en er fjernet.
Avatar billede fedora Nybegynder
05. februar 2008 - 20:02 #6
Der er ingenting i mappen tasks
Avatar billede Computer Hjælp (Gratis) Mester
05. februar 2008 - 20:58 #7
Hvordan kører PC'en så nu ?
Avatar billede fedora Nybegynder
05. februar 2008 - 22:10 #8
Den er hurtigere til at starte op, men den hænger lidt ved logonscreenen, men jeg regner med at køre diskoprydning og en diskfragmentering, og ser om det hjælper på hastigheden. Jeg siger ihvertfald tak for at du kiggede på den. Læg et svar, så er point'sne dine :)
Avatar billede Computer Hjælp (Gratis) Mester
06. februar 2008 - 07:51 #9
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Google ser ud til at være malware, lyder advarsel på alle vore mobiler! Af vbr i Virus 9 30/10/202312:12 15/12/202310:17
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:32 Formler der blev væk Af Klaus W i Excel
I går 15:22 Hent array key Af nemlig i PHP
16/0523:46 Er det journalisten Ole Ryborg? Af ErikHg i Fri debat
16/0521:25 find bestemt indehold i et felt Af gylling i Access
16/0518:08 Firefox adresse fra Firefox ned på proceslinjen Af valby i Windows
White papers
Flere white papers »


Premium
Teaser billede
Her er de nye medlemmer af Statens It-råd: Skal vurdere it-projekter på over 15 millioner kroner
Læs mere »
Antallet af anmeldelser af ulovligt indhold på beskedtjenester stiger: Regeringen skubber ansvaret videre til EU og Belgien
Efter masser af kritik af store prisstigninger: VMware åbner for gratis licenser - ændrer i licens-strukturen
Seks store selskaber med på årets image-liste for første gang: Kæmper alle med lav kendskabsgrad
Se alle »
Computerworld
Teaser billede
Nyopdaget sårbarhed rammer næsten alle VPN'er: Gør dem usikre og nærmest ubrugelige
Læs mere »
Om under en uge går det løs: Pc’en bliver aldrig den samme igen
Guide: Sådan surfer du under hackernes radarer – via en VPN-forbindelse
Opdater din browser med det samme: Stor sårbarhed rammer Chrome og en række andre browsere
Se alle »
CIO
Teaser billede
Nu begynder den største GDPR-retssag mod dansk myndighed nogensinde: Står over for million-bøde
Læs mere »
Lukker it-systemerne ned i to uger på grund af implementering: Den bedste måde at sikre, at ingen data går tabt
Sådan har Coop sagt farvel til mainframen - sparer et to-cifret millionbeløb årligt på licenser
Hundredevis af selskaber klager over Microsofts licens-policy: Vi er låst fast og bundet
Se alle »
Job & Karriere
Teaser billede
Her er Danmarks fem bedste CIO’er lige nu: Se de fem nominerede til prisen som Årets CIO 2024
Læs mere »
Medarbejderne fik udleveret badetøfler ved indflytningen: Kom med inden for i IBM Danmarks nye topmoderne hovedkontor
Så meget tjener dine kollegaer: Her er alle data fra Computerworlds store it-lønstatistik for 2024
Får du den løn, du fortjener? Få overblikket over hvor meget dine kolleger tjener hver måned
Se alle »
White paper
Teaser billede
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Læs mere »
Cybersikkerhed: Skær antallet af alarmer ned fra tusindvis til blot en håndfuld
Opdag fordelene ved cloud-baseret backup og recovery
SASE: Træf det rette valg – første gang
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »