Avatar billede bellek Nybegynder
25. august 2007 - 19:38 Der er 10 kommentarer og
1 løsning

Er der en virus eller?

Hej

Jeg har tidligere oprettet et spg, men på en "forkert" linie.
Jeg fik der nogle ting jeg skulle gøre og lægger derfor nogle logfiler herind fra nogle progr. som jeg blev bedt om. Se spg.
http://www.eksperten.dk/spm/792059
Er der en der vil være sød at kigge på dem?

Logfile of HijackThis v1.99.1
Scan saved at 19:30:32, on 25-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\Analog Devices\SoundMAX\Smax4.exe
C:\Programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Programmer\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programmer\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\Programmer\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Bruger\Skrivebord\temp til rensning\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programmer\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programmer\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmer\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmer\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.midtdata.dk
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe

---------------------------------------------

********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
25-08-2007 19:31:26,48

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 19:31:26
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ec,62,28,ce,a0,b6,b5,c4,74,97,34,85,69,d2,00,68,32,43,d2,ec,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6f,1f,54,ff,94,0a,4f,31,83,65,94,f6,11,e1,2d,00,f1,..
"khjeh"=hex:bf,7b,11,20,f5,18,74,07,63,0e,11,69,8f,03,38,1c,81,74,01,33,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ea,ed,15,e0,3c,d2,f5,0e,a5,fe,cf,61,47,13,0b,c6,b2,ed,82,24,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ec,62,28,ce,a0,b6,b5,c4,74,97,34,85,69,d2,00,68,32,43,d2,ec,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6f,1f,54,ff,94,0a,4f,31,83,65,94,f6,11,e1,2d,00,f1,..
"khjeh"=hex:bf,7b,11,20,f5,18,74,07,63,0e,11,69,8f,03,38,1c,81,74,01,33,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ea,ed,15,e0,3c,d2,f5,0e,a5,fe,cf,61,47,13,0b,c6,b2,ed,82,24,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ec,62,28,ce,a0,b6,b5,c4,74,97,34,85,69,d2,00,68,32,43,d2,ec,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6f,1f,54,ff,94,0a,4f,31,83,65,94,f6,11,e1,2d,00,f1,..
"khjeh"=hex:bf,7b,11,20,f5,18,74,07,63,0e,11,69,8f,03,38,1c,81,74,01,33,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ea,ed,15,e0,3c,d2,f5,0e,a5,fe,cf,61,47,13,0b,c6,b2,ed,82,24,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ec,62,28,ce,a0,b6,b5,c4,74,97,34,85,69,d2,00,68,32,43,d2,ec,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6f,1f,54,ff,94,0a,4f,31,83,65,94,f6,11,e1,2d,00,f1,..
"khjeh"=hex:bf,7b,11,20,f5,18,74,07,63,0e,11,69,8f,03,38,1c,81,74,01,33,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ea,ed,15,e0,3c,d2,f5,0e,a5,fe,cf,61,47,13,0b,c6,b2,ed,82,24,06,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

--------------------------------------

ComboFix 07-08-25.2 - "Bruger" 2007-08-25 19:33:54.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1423 [GMT 2:00]
* Created a new restore point


(((((((((((((((((((((((((  Files Created from 2007-07-25 to 2007-08-25  )))))))))))))))))))))))))))))))


2007-08-25 19:33    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-08-25 18:00    75,932    --a------    C:\WINDOWS\system32\drivers\klick.dat
2007-08-25 18:00    75,248    --a------    C:\WINDOWS\zllsputility.exe
2007-08-25 18:00    74,396    --a------    C:\WINDOWS\system32\drivers\klin.dat
2007-08-25 18:00    4,212    ---h-----    C:\WINDOWS\system32\zllictbl.dat
2007-08-25 18:00    30,752    --ahs----    C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-25 18:00    110,360    --a------    C:\WINDOWS\system32\drivers\kl1.sys
2007-08-25 18:00    11,264    --a------    C:\WINDOWS\system32\SpOrder.dll
2007-08-25 18:00    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-08-25 17:59    1,086,952    --a------    C:\WINDOWS\system32\zpeng24.dll
2007-08-25 17:59    <DIR>    d--------    C:\WINDOWS\system32\ZoneLabs
2007-08-25 17:46    <DIR>    d--------    C:\WINDOWS\Internet Logs
2007-08-25 17:28    <DIR>    d--------    C:\WINDOWS\system32\appmgmt
2007-08-17 23:35    <DIR>    d--------    C:\Programmer\Skype
2007-08-17 23:35    <DIR>    d--------    C:\Programmer\F‘lles filer\Skype
2007-08-17 23:35    <DIR>    d--------    C:\DOCUME~1\Bruger\APPLIC~1\Skype
2007-08-17 23:35    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-08-17 19:22    <DIR>    d--------    C:\Programmer\Nero
2007-08-16 20:12    <DIR>    d--------    C:\Programmer\CCleaner
2007-08-16 01:20    221,184    --a------    C:\WINDOWS\system32\wmpns.dll
2007-08-06 16:28    <DIR>    d--------    C:\WINDOWS\system32\ActiveScan
2007-08-05 07:02    <DIR>    d--------    C:\Programmer\F‘lles filer\DirectX
2007-08-04 15:07    <DIR>    d--------    C:\DOCUME~1\Bruger\APPLIC~1\CyberLink
2007-08-04 15:07    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-04 15:05    <DIR>    d--------    C:\Programmer\CyberLink
2007-08-04 11:28    9,464    ---------    C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-08-04 11:28    9,336    ---------    C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-08-04 11:28    43,528    ---------    C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-08-04 11:28    129,784    ---------    C:\WINDOWS\system32\pxafs.dll
2007-08-04 11:28    <DIR>    d--------    C:\Programmer\Winamp
2007-08-03 14:58    <DIR>    d--------    C:\Programmer\eMule


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 19:19    ---------    d--------    C:\Programmer\Symantec AntiVirus
2007-08-25 18:32    ---------    d--------    C:\Programmer\SUPERAntiSpyware
2007-08-25 18:08    1436    --ahs----    C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-25 17:28    ---------    d--------    C:\Programmer\Macrogaming
2007-08-15 17:46    11576    --a------    C:\WINDOWS\system32\drivers\fwdrv.err
2007-08-04 15:06    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-21 21:53    ---------    d--------    C:\Programmer\Polar
2007-07-20 14:31    ---------    d--------    C:\Programmer\SupportSoft
2007-07-20 14:31    ---------    d--------    C:\Programmer\Support.com
2007-07-20 14:31    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
2007-07-09 08:46    ---------    d--------    C:\Programmer\Sunbelt Software
2007-07-08 23:47    ---------    d--------    C:\DOCUME~1\Bruger\APPLIC~1\Pro Cycling Manager 2007
2007-07-08 23:47    ---------    d--------    C:\DOCUME~1\Bruger\APPLIC~1\Pro Cycling Manager 2007
2007-07-02 19:53    ---------    d--------    C:\Programmer\Microsoft Application Compatibility Toolkit 5
2007-07-02 19:27    686840    --a------    C:\WINDOWS\system32\drivers\sptd.sys
2007-07-02 19:26    ---------    d--------    C:\Programmer\DAEMON Tools
2007-06-30 18:15    108144    --a------    C:\WINDOWS\system32\CmdLineExt.dll
2007-06-26 12:37    2829    --a------    C:\WINDOWS\War3Unin.pif
2007-06-26 12:37    139264    --a------    C:\WINDOWS\War3Unin.exe
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\gdi32.dll
2007-06-17 19:59    8972    --a------    C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-06-17 19:59    2426    --a------    C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\explorer.exe
2007-06-08 19:29    407184    --a------    C:\WINDOWS\system32\pr2akt6c.exe
2007-05-25 17:34    81920    --a------    C:\WINDOWS\system32\OpenAL32.dll
2007-05-25 17:34    233472    --a------    C:\WINDOWS\system32\wrap_oal.dll
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Skype
    ---------        C:\Programmer\Fælles filer\DirectX
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-28 00:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Programmer\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11]
"SoundMAX"="C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" [2005-09-08 00:35]
"CTDVDDET"="C:\Programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 10:00]
"RCSystem"="C:\Programmer\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 03:25]
"AudioDrvEmulator"="C:\Programmer\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 03:25]
"VolPanel"="C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 20:34]
"CTHelper"="CTHELPER.EXE" [2005-08-08 00:10 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 00:10 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 10:00]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" []
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38]
"LanguageShortcut"="C:\Programmer\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]
"ZoneAlarm Client"="C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-27 07:53]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2007-05-29 14:10 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL 2007-05-29 14:10 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys
R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys
R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINDOWS\system32\drivers\ps6akt6c.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys
S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Autorun.exe

*Newly Created Service* - CATCHME

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 19:35:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-25 19:35:23

    --- E O F ---

-------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/25/2007 at 07:02 PM

Application Version : 3.9.1008

Core Rules Database Version : 3287
Trace Rules Database Version: 1298

Scan type      : Complete Scan
Total Scan Time : 00:30:12

Memory items scanned      : 171
Memory threats detected  : 0
Registry items scanned    : 5049
Registry threats detected : 0
File items scanned        : 33696
File threats detected    : 32

Adware.Tracking Cookie
    C:\Documents and Settings\Bruger\Cookies\bruger@2o7[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@ad.ofir[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@ad1.emediate[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@adopt.euroclick[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@adtech[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@adtech[3].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@advertising[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@atdmt[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@casalemedia[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@data3.perf.overture[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@doubleclick[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@doubleclick[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@eas.apm.emediate[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@edsa.122.2o7[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@ehg-eset.hitbox[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@fastclick[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@hitbox[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@ilead.itrack[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@imrworldwide[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@imrworldwide[3].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@mediaplex[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@mediaplex[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@perf.overture[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@revsci[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@specificclick[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@stat.onestat[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@track.adform[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@tradedoubler[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@tradedoubler[3].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@www.burstnet[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@www.googleadservices[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@www.googleadservices[2].txt

------------------------------------------------

Må sige det er noget af en mundfuld, men håber der er en der kan hjælpe mig.

På forhånd tak

Belinda
25. august 2007 - 22:17 #1
Sådan kan det let gå når man leger med P2P programmer
[C:\Programmer\eMule]
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284


Afinstaller

* eMule
* SweetIM
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------
Avatar billede bellek Nybegynder
26. august 2007 - 15:33 #2
begge dele er gjort. blev gjort før jeg lagde denne ind, desværre viser logfilen hvad jeg har installeret og ikke hvad jeg har slettet, så det er skam væk fra pc'en.
så begge dele er skam væk.
Avatar billede bellek Nybegynder
26. august 2007 - 15:40 #3
Men når jeg nu får småting på pc'en. er der så nogen måde hvorpå jeg selv kan få øje på noget i mine logfiler. Hvad kigger i efter?
26. august 2007 - 16:10 #4
-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ ind:

~~~~~~~~~~~~~~~~~~~~~~~~~~~
Folders to delete:
C:\Programmer\eMule
C:\Programmer\Macrogaming
C:\DOCUME~1\Bruger\APPLIC~1\Pro Cycling Manager 2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.
Avatar billede bellek Nybegynder
26. august 2007 - 16:28 #5
okay det er så gjort.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\knibxjmo

*******************

Script file located at: \??\C:\Documents and Settings\ufomwcvm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Folder C:\Programmer\eMule not found!
Deletion of folder C:\Programmer\eMule failed!

Could not process line:
C:\Programmer\eMule
Status: 0xc0000034

Folder C:\Programmer\Macrogaming deleted successfully.
Folder C:\DOCUME~1\Bruger\APPLIC~1\Pro Cycling Manager 2007 deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 16:28:22, on 26-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\Analog Devices\SoundMAX\Smax4.exe
C:\Programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Programmer\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmer\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Documents and Settings\Bruger\Skrivebord\temp til rensning\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programmer\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programmer\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmer\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmer\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.midtdata.dk
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe
26. august 2007 - 16:45 #6
Efterfølgende oprydning:

-----------------------------------------------------------------------

Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten

* Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide -

stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

-----------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

Så er den også ved at være i hus !
Hvordan kører PC'en så nu ?

-----------------------------------------------------------------------
Avatar billede bellek Nybegynder
26. august 2007 - 17:36 #7
Logfile of HijackThis v1.99.1
Scan saved at 17:35:01, on 26-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\Analog Devices\SoundMAX\Smax4.exe
C:\Programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Programmer\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Documents and Settings\Bruger\Skrivebord\temp til rensning\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programmer\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programmer\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programmer\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmer\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmer\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.midtdata.dk
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe

her er så en frisk log. prøvede lige at gå på forskellige hjemmesider, og må sige det har umiddelbart har virket.. Dejligt..
Mange tak.

Hvad er det ved lige de filer der gør at du kan se at det er noget der skal ordnes?
26. august 2007 - 19:11 #8
* En 'hemmelighed' *
(Øvelse går mester)

Bla. herfra -> http://www.spywareinfo.com/~merijn/htlogtutorial.php

MEN GØR DET IKKE SELV - du kan gøre mere skade en gavn...
26. august 2007 - 19:11 #9
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt prik i "Vis ikke skjulte filer og mapper".

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede bellek Nybegynder
08. september 2007 - 18:25 #10
Og ang. at gøre det der står i det link du gav mig om htlogs. Så ville jeg ikke selv gøre det. Jeg har bare været noget så imponeret når i "bare" kan fortælle mig hvilke filer jeg skal afhjælpe. Og har undret mig noget over hvordan i viste det.

Men mange tak for din hjælp.
Hilsen Belinda
09. september 2007 - 16:15 #11
Der er også nogle som 'bare'
* kan tune/fixe deres bil
* banke en kage sammen på ingen tid
* male et portræt
* spille på guitar gehør

Heldigvis er folk forskellige - ellers ville verden jo være kedelig!
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester



IT-JOB

Capgemini Danmark A/S

Cloud Architect

Danske Spil A/S

Senior backend-udvikler

Rohde & Schwarz Technology Center A/S

FPGA-udvikler