CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede wimmer Nybegynder
30. august 2007 - 14:59 Der er 10 kommentarer

HJT Log + Effektiv sikring

Min søster er desperat efter at få sin laptop til at fungere ordentligt igen, derfor har hun lagt den i hænderne på undertegende. Jeg spiller så bolden videre med en HJT log + spørgsmålet: "Hvad skal jeg bruge for at sikre hendes computer i fremtiden?" Det skal helst være freeware.

Jeg takker på forhånd :)



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:59:11, on 30-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Novell\ZENworks\nalntsrv.exe
C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmer\Novell\ZENworks\wm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dpmw32.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmer\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Novell\ZENworks\NALDESK.EXE
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\dllhost.exe
C:\Programmer\palmOne\HOTSYNC.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Novell\ZENworks\WMRUNDLL.EXE
C:\Documents and Settings\ude\Skrivebord\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Programmer\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Programmer\Registry Cleaner Trial\Regclean.exe"  -startminimize
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Programmer\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Application Explorer.lnk = C:\Programmer\Novell\ZENworks\NALDESK.EXE
O4 - Global Startup: dllhost.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\appl\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programmer\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156076283414
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.nordstrandskolen.skoleintra.dk/li/_includes/XUpload.ocx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = skolenet.dragoer.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = skolenet.dragoer.dk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = skolenet.dragoer.dk
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmer\HPQ\SHARED\HPQWMI.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programmer\Novell\ZENworks\nalntsrv.exe
O23 - Service: Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN Status Agent) - Novell Inc. - C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
O23 - Service: Novell ZfD Remote Management (Remote Management Agent) - Novell Inc. - C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. - C:\Programmer\Novell\ZENworks\wm.exe

--
End of file - 9388 bytes
Avatar billede nva Praktikant
30. august 2007 - 15:30 #1
Der er snavs på pc'en - følg denne vejledning http://www.eksperten.dk/artikler/1123
Avatar billede nva Praktikant
30. august 2007 - 15:32 #2
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Jeg bruger selv de gratis AVG Antivirus, AVG Antispyware og Spywareguard. Desuden Ccleaner en gang imellem for at rydde lidt op i diverse temp-filer og reg.db.
Avatar billede arlet Juniormester
30. august 2007 - 16:39 #3
nva -> Citat fra linket(sikkerhedspakken) "Du bør hvis dette sker, efterfølgende besøge vores forum, hvor vi vil hjælpe dig med, at få disse programmer afinstalleret igen. Vores forum finder du her: http://www.spywarefri.dk/forum"

Hvorfor skal folk ind på spywarefri´s forum for at få hjælp..

Er der noget med at man ikke skal kaste med sten!!!!!!
Avatar billede wimmer Nybegynder
30. august 2007 - 19:29 #4
Har nu fulgt den guide nva postede så her kommer alle log filer, hvis der er nogen der gider løbe dem igennem ville det være super.

Logfile of HijackThis v1.99.1
Scan saved at 19:07:14, on 30-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Novell\ZENworks\nalntsrv.exe
C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmer\Novell\ZENworks\wm.exe
C:\Programmer\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dpmw32.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmer\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Novell\ZENworks\NALDESK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\dllhost.exe
C:\Programmer\palmOne\HOTSYNC.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Novell\ZENworks\WMRUNDLL.EXE
C:\Documents and Settings\ude\Skrivebord\Bla bla\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Programmer\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HotSync Manager.lnk = C:\Programmer\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Application Explorer.lnk = C:\Programmer\Novell\ZENworks\NALDESK.EXE
O4 - Global Startup: dllhost.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\appl\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programmer\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156076283414
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.nordstrandskolen.skoleintra.dk/li/_includes/XUpload.ocx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = skolenet.dragoer.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = skolenet.dragoer.dk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = skolenet.dragoer.dk
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmer\HPQ\SHARED\HPQWMI.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programmer\Novell\ZENworks\nalntsrv.exe
O23 - Service: Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN Status Agent) - Novell Inc. - C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
O23 - Service: Novell ZfD Remote Management (Remote Management Agent) - Novell Inc. - C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. - C:\Programmer\Novell\ZENworks\wm.exe




ComboFix 07-08-30.3 - "ude" 2007-08-30 19:12:31.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.155 [GMT 2:00]
* Created a new restore point


(((((((((((((((((((((((((  Files Created from 2007-07-28 to 2007-08-30  )))))))))))))))))))))))))))))))


2007-08-30 19:10    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-08-30 17:14    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-30 17:13    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-08-30 17:13    <DIR>    d--------    C:\DOCUME~1\ude\APPLIC~1\SUPERAntiSpyware.com
2007-08-30 16:44    <DIR>    d--------    C:\Programmer\CCleaner
2007-08-30 14:52    31,616    --a------    C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-27 15:31    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-24 16:10    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
2007-08-24 16:04    <DIR>    d--------    C:\DOCUME~1\ude\APPLIC~1\Big Fish Games
2007-08-05 22:41    61,536    -ra------    C:\WINDOWS\system32\drivers\se44bus.sys
2007-08-05 22:41    5,872    -ra------    C:\WINDOWS\system32\drivers\se44whnt.sys
2007-08-05 22:41    5,872    -ra------    C:\WINDOWS\system32\drivers\se44wh.sys
2007-08-01 23:58    147,456    --a------    C:\WINDOWS\system32\vbzip10.dll
2007-07-31 22:12    417,792    --a------    C:\Programmer\Video.exe
2007-07-31 22:12    417,792    --a------    C:\Programmer\Track_03.exe
2007-07-31 22:12    417,792    --a------    C:\Programmer\Setup.exe
2007-07-25 19:00    <DIR>    d--------    C:\DOCUME~1\ude\APPLIC~1\Gamelab
2007-07-20 22:55    46,726    --a------    C:\WINDOWS\macromix.dll
2007-07-17 11:10    <DIR>    d--------    C:\DOCUME~1\ude\cbt
2007-07-09 22:16    <DIR>    d--------    C:\BP2


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 19:02    25214    --a------    C:\Programmer\B.ico
2007-08-30 19:02    25214    --a------    C:\Programmer\A.ico
2007-08-30 19:02    218606    --a------    C:\Programmer\c.zip
2007-08-30 19:02    218600    --a------    C:\Programmer\a.zip
2007-08-30 19:02    217706    --a------    C:\Programmer\b.zip
2007-08-24 17:17    ---------    d--------    C:\Programmer\Yahoo! Games
2007-08-06 21:35    ---------    d--------    C:\Programmer\LimeWire
2007-08-06 17:14    ---------    d--------    C:\DOCUME~1\ude\APPLIC~1\iWin
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-26 19:35    ---------    d--------    C:\DOCUME~1\ude\APPLIC~1\PlayFirst
2007-07-26 19:35    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-07-09 22:03    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-06-26 16:13    660480    ---------    C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 15:57    851968    ---------    C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10    1104896    ---------    C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32    282112    ---------    C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 20:11    96768    ---------    C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 20:11    617472    ---------    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 20:11    55808    ---------    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 20:11    532480    ---------    C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 20:11    474112    ---------    C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 20:11    449024    ---------    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 20:11    39424    ---------    C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 20:11    357888    ---------    C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 20:11    3079680    ---------    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 20:11    251392    ---------    C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 20:11    205312    ---------    C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 20:11    16384    ---------    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 20:11    151552    ---------    C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 20:11    1494528    ---------    C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 20:11    146432    ---------    C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 20:11    1056256    ---------    C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 20:11    1023488    ---------    C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 16:07    18432    ---------    C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\explorer.exe
2007-06-13 15:22    1034240    ---------    C:\WINDOWS\system32\dllcache\explorer.exe
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Microsoft Shared


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 13:19 C:\WINDOWS\AGRSMMSG.exe]
"NDPS"="C:\WINDOWS\system32\dpmw32.exe" [2004-05-17 14:27]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 20:40]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 20:38]
"eabconfg.cpl"="C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 17:19]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 11:37 C:\WINDOWS\system32\nwtray.exe]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14]
"RoxioEngineUtility"="C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe" []
"RoxioDragToDisc"="C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2004-01-09 17:01]
"ZENRC Tray Icon"="C:\WINDOWS\system32\zentray.exe" [2003-03-18 14:37]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 10:15]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 10:15]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-19 10:15]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"OrderReminder"="C:\Programmer\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 19:28]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-11-08 14:27]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-06-07 18:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"WMPNSCFG"="C:\Programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:30]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-08-30 17:25]

C:\DOCUME~1\ude\MENUEN~1\PROGRA~1\Start\
HotSync Manager.lnk - C:\Programmer\palmOne\HOTSYNC.EXE [2004-03-04 17:25:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{B4870B70-F390-11d2-9FB9-F4ED725EA20D}"= C:\Programmer\Novell\ZENworks\NalExpEx.dll [2003-05-05 20:34 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwv1_0

R0 NICM;Novell InterService Communication Driver;C:\WINDOWS\system32\Drivers\Nicm.sys
R0 NWFILTER;Novell UNC Path Filter;C:\WINDOWS\system32\NetWare\nwfilter.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 BlankScr;HBDevice;C:\WINDOWS\system32\drivers\BlankScr.sys
R2 Kblock;Kblock;C:\WINDOWS\system32\drivers\Kblock.sys
R2 Mouslock;Mouslock;C:\WINDOWS\system32\drivers\Mouslock.sys
R2 NetwareWorkstation;Novell Client for Windows;C:\WINDOWS\system32\NetWare\nwfs.sys
R2 NWDHCP;Novell DHCP Inform Client;C:\WINDOWS\system32\NetWare\nwdhcp.sys
R2 Prometheus Wake-On-LAN Status Agent;Novell ZfD Wake on LAN Status Agent;C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
R2 Remote Management Agent;Novell ZfD Remote Management;C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
R2 RESMGR;Novell NetWare Resource Manager;C:\WINDOWS\system32\NetWare\resmgr.sys
R2 SRVLOC;Novell Service Location;C:\WINDOWS\system32\NetWare\srvloc.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 nscmnt;Novell Local Security Context Manager;C:\WINDOWS\system32\drivers\novell\nscmnt.sys
R3 NWDNS;Novell DNS Name Space Service Provider;C:\WINDOWS\system32\NetWare\nwdns.sys
R3 NWHOST;Novell Host File Name Space Service Provider;C:\WINDOWS\system32\NetWare\NWHOST.sys
R3 NWSLP;Novell SLP Name Space Service Provider;C:\WINDOWS\system32\NetWare\nwslp.sys
R3 NWSNS;Novell Simple Naming Services;C:\WINDOWS\system32\NetWare\NWSNS.sys
R3 xauthnt;Novell XTier Authentication Service;C:\WINDOWS\system32\drivers\novell\xauthnt.sys
S2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface;C:\WINDOWS\system32\NetWare\nwsipx32.sys
S3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys
S3 cusrvc;Client Update Service for Novell;C:\WINDOWS\system32\cusrvc.exe
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys
S3 NWSAP;Novell SAP Name Space Provider;C:\WINDOWS\system32\NetWare\NWSAP.sys
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys
S3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

*Newly Created Service* - CATCHME

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 19:17:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\ComboFix\sed.cfexe [3548] 0xFE8FF020


scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys"

Completion time: 2007-08-30 19:20:35
C:\ComboFix-quarantined-files.txt ... 2007-08-30 19:19

    --- E O F ---


********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
30-08-2007 19:08:08,50

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 19:08:09
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/30/2007 at 06:27 PM

Application Version : 3.9.1008

Core Rules Database Version : 3296
Trace Rules Database Version: 1305

Scan type      : Complete Scan
Total Scan Time : 00:49:11

Memory items scanned      : 178
Memory threats detected  : 0
Registry items scanned    : 5752
Registry threats detected : 1
File items scanned        : 22834
File threats detected    : 19

Adware.Tracking Cookie
    C:\Documents and Settings\ude\Cookies\ude@track.adform[1].txt
    C:\Documents and Settings\ude\Cookies\ude@adtech[2].txt

Registry Cleaner Trial
    HKU\S-1-5-21-3757435101-1266486392-1332218255-1008\Software\Microsoft\Windows\CurrentVersion\Run#Registry Cleaner [ "C:\Programmer\Registry Cleaner Trial\Regclean.exe"  -startminimize ]
    C:\Programmer\Registry Cleaner Trial\EmailAddressCapture.hta
    C:\Programmer\Registry Cleaner Trial\EULA_REGCLEAN.rtf
    C:\Programmer\Registry Cleaner Trial\NoSpam.jpg
    C:\Programmer\Registry Cleaner Trial\RCBanner.jpg
    C:\Programmer\Registry Cleaner Trial\RCUninstall.exe
    C:\Programmer\Registry Cleaner Trial\regclean.dll
    C:\Programmer\Registry Cleaner Trial\Regclean.exe
    C:\Programmer\Registry Cleaner Trial\Registry Cleaner.chm
    C:\Programmer\Registry Cleaner Trial\soref.dll
    C:\Programmer\Registry Cleaner Trial\unins000.dat
    C:\Programmer\Registry Cleaner Trial\unins000.exe
    C:\Programmer\Registry Cleaner Trial\uninstall.hta
    C:\Programmer\Registry Cleaner Trial
    C:\Documents and Settings\ude\Application Data\Registry Cleaner\Backups\2007-03-15,16-31 01 556.zip
    C:\Documents and Settings\ude\Application Data\Registry Cleaner\Backups
    C:\Documents and Settings\ude\Application Data\Registry Cleaner\Regclean.ini
    C:\Documents and Settings\ude\Application Data\Registry Cleaner
Avatar billede ejvindh Ekspert
30. august 2007 - 22:22 #5
Der er et par rester tilbage. Dem kan du fixe således:

-- Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~
File::
C:\WINDOWS\system32\vbzip10.dll
C:\Programmer\Video.exe
C:\Programmer\Track_03.exe
C:\Programmer\Setup.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind til gennemsyn

-- Hent så denne fil, og pak den ud til en mappe på skrivebordet:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Gå så ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.
Avatar billede nva Praktikant
31. august 2007 - 09:18 #6
arlet -> sorry.
Avatar billede arlet Juniormester
31. august 2007 - 10:21 #7
nva-> no hard feelings ;-)
Avatar billede wimmer Nybegynder
31. august 2007 - 13:10 #8
Nye logs:




SDFix: Version 1.101

Run by ude on 31-08-2007 at 12:57

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\dllhost.exe  - Deleted
C:\Programmer\a.zip  - Deleted
C:\Programmer\b.zip  - Deleted
C:\Programmer\c.zip  - Deleted
C:\Programmer\A.ico  - Deleted
C:\Programmer\B.ico  - Deleted
C:\Programmer\Setup.exe  - Deleted
C:\Programmer\Track_03.exe  - Deleted
C:\Programmer\Video.exe  - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                Final Check:

Remaining Services:
------------------



Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Programmer\Mikrov\Matematikvaerktoejet_Niveau_2\50comupd.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\ude\Dokumenter\Christine\N. Zahles Seminarium\Dansk\Mundtlig eksamen 2006\~WRL0004.tmp
C:\Documents and Settings\ude\Dokumenter\Christine\N. Zahles Seminarium\Dansk\Skriftlig eksamen 2006\~WRL2977.tmp
C:\Documents and Settings\ude\Dokumenter\Christine\N. Zahles Seminarium\Didaktik\Eksamen 2007\~WRL2269.tmp
C:\Documents and Settings\ude\Dokumenter\Christine\N. Zahles Seminarium\Didaktik\Eksamen 2007\~WRL2318.tmp
C:\Documents and Settings\ude\Dokumenter\Christine\N. Zahles Seminarium\Didaktik\Eksamen 2007\~WRL3432.tmp
C:\Documents and Settings\ude\Dokumenter\Christine\N. Zahles Seminarium\Psykologi\Psyk. eksamen\~WRL1232.tmp
C:\WINDOWS\SoftwareDistribution\Download\d87ee8d2c68eca2963029a5f749a21f3\BIT2.tmp

                                Finished







ComboFix 07-08-30.3 - "ude" 2007-08-31 12:22:51.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.138 [GMT 2:00]
Command switches used ::  C:\Documents and Settings\ude\Skrivebord\Bla bla\Ny Tekstdokument.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\vbzip10.dll
C:\Programmer\Video.exe
C:\Programmer\Track_03.exe
C:\Programmer\Setup.exe


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programmer\Setup.exe
C:\Programmer\Track_03.exe
C:\Programmer\Video.exe
C:\WINDOWS\system32\vbzip10.dll


(((((((((((((((((((((((((  Files Created from 2007-07-28 to 2007-08-31  )))))))))))))))))))))))))))))))


2007-08-30 19:10    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-08-30 17:14    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-30 17:13    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-08-30 17:13    <DIR>    d--------    C:\DOCUME~1\ude\APPLIC~1\SUPERAntiSpyware.com
2007-08-30 16:44    <DIR>    d--------    C:\Programmer\CCleaner
2007-08-30 14:52    31,616    --a------    C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-27 15:31    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-24 16:10    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
2007-08-24 16:04    <DIR>    d--------    C:\DOCUME~1\ude\APPLIC~1\Big Fish Games
2007-08-05 22:41    61,536    -ra------    C:\WINDOWS\system32\drivers\se44bus.sys
2007-08-05 22:41    5,872    -ra------    C:\WINDOWS\system32\drivers\se44whnt.sys
2007-08-05 22:41    5,872    -ra------    C:\WINDOWS\system32\drivers\se44wh.sys
2007-07-31 22:12    417,792    --a------    C:\Programmer\Video.exe
2007-07-31 22:12    417,792    --a------    C:\Programmer\Track_03.exe
2007-07-31 22:12    417,792    --a------    C:\Programmer\Setup.exe
2007-07-25 19:00    <DIR>    d--------    C:\DOCUME~1\ude\APPLIC~1\Gamelab
2007-07-20 22:55    46,726    --a------    C:\WINDOWS\macromix.dll
2007-07-17 11:10    <DIR>    d--------    C:\DOCUME~1\ude\cbt
2007-07-09 22:16    <DIR>    d--------    C:\BP2


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-31 12:42    25214    --a------    C:\Programmer\B.ico
2007-08-31 12:42    25214    --a------    C:\Programmer\A.ico
2007-08-31 11:54    218606    --a------    C:\Programmer\c.zip
2007-08-31 11:54    218600    --a------    C:\Programmer\a.zip
2007-08-31 11:54    217706    --a------    C:\Programmer\b.zip
2007-08-24 17:17    ---------    d--------    C:\Programmer\Yahoo! Games
2007-08-06 21:35    ---------    d--------    C:\Programmer\LimeWire
2007-08-06 17:14    ---------    d--------    C:\DOCUME~1\ude\APPLIC~1\iWin
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-26 19:35    ---------    d--------    C:\DOCUME~1\ude\APPLIC~1\PlayFirst
2007-07-26 19:35    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-07-09 22:03    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-06-26 16:13    660480    ---------    C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 15:57    851968    ---------    C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10    1104896    ---------    C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32    282112    ---------    C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 20:11    96768    ---------    C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 20:11    617472    ---------    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 20:11    55808    ---------    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 20:11    532480    ---------    C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 20:11    474112    ---------    C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 20:11    449024    ---------    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 20:11    39424    ---------    C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 20:11    357888    ---------    C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 20:11    3079680    ---------    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 20:11    251392    ---------    C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 20:11    205312    ---------    C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 20:11    16384    ---------    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 20:11    151552    ---------    C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 20:11    1494528    ---------    C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 20:11    146432    ---------    C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 20:11    1056256    ---------    C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 20:11    1023488    ---------    C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 16:07    18432    ---------    C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\explorer.exe
2007-06-13 15:22    1034240    ---------    C:\WINDOWS\system32\dllcache\explorer.exe
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Microsoft Shared


(((((((((((((((((((((((((((((  snapshot_2007-08-30_191829,61  )))))))))))))))))))))))))))))))))))))))))

----a-w            14,560 2007-03-06 01:10:55  C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll
----a-w          214,752 2007-03-06 01:11:00  C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe
----a-w            60,416 2007-07-18 10:33:06  C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe
----a-w            22,752 2007-03-06 01:10:53  C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll
----a-w          721,120 2007-03-06 01:11:17  C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
----a-w          383,200 2007-03-06 01:12:08  C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll
-c----w            60,416 2007-01-29 08:58:06  C:\WINDOWS\$NtUninstallKB933360$\tzchange.exe
-c----w          214,752 2007-03-06 01:11:00  C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe
-c----w          383,200 2007-03-06 01:12:08  C:\WINDOWS\$NtUninstallKB933360$\spuninst\updspapi.dll
----a-w            76,888 2007-08-31 10:40:17  C:\WINDOWS\system32\perfc006.dat
----a-w            65,228 2007-08-31 10:40:17  C:\WINDOWS\system32\perfc009.dat
----a-w          421,648 2007-08-31 10:40:17  C:\WINDOWS\system32\perfh006.dat
----a-w          407,390 2007-08-31 10:40:17  C:\WINDOWS\system32\perfh009.dat
------w            60,416 2007-07-18 12:42:22  C:\WINDOWS\system32\tzchange.exe

----a-w            76,888 2007-08-30 17:03:36  C:\WINDOWS\system32\perfc006.dat
----a-w            65,228 2007-08-30 17:03:36  C:\WINDOWS\system32\perfc009.dat
----a-w          421,648 2007-08-30 17:03:36  C:\WINDOWS\system32\perfh006.dat
----a-w          407,390 2007-08-30 17:03:36  C:\WINDOWS\system32\perfh009.dat
------w            60,416 2007-01-29 08:58:06  C:\WINDOWS\system32\tzchange.exe

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 13:19 C:\WINDOWS\AGRSMMSG.exe]
"NDPS"="C:\WINDOWS\system32\dpmw32.exe" [2004-05-17 14:27]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 20:40]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 20:38]
"eabconfg.cpl"="C:\Programmer\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 17:19]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 11:37 C:\WINDOWS\system32\nwtray.exe]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14]
"RoxioEngineUtility"="C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe" []
"RoxioDragToDisc"="C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2004-01-09 17:01]
"ZENRC Tray Icon"="C:\WINDOWS\system32\zentray.exe" [2003-03-18 14:37]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 10:15]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 10:15]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-19 10:15]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"OrderReminder"="C:\Programmer\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 19:28]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-11-08 14:27]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-06-07 18:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"WMPNSCFG"="C:\Programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:30]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-08-30 17:25]

C:\DOCUME~1\ude\MENUEN~1\PROGRA~1\Start\
HotSync Manager.lnk - C:\Programmer\palmOne\HOTSYNC.EXE [2004-03-04 17:25:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{B4870B70-F390-11d2-9FB9-F4ED725EA20D}"= C:\Programmer\Novell\ZENworks\NalExpEx.dll [2003-05-05 20:34 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwv1_0

R0 NICM;Novell InterService Communication Driver;C:\WINDOWS\system32\Drivers\Nicm.sys
R0 NWFILTER;Novell UNC Path Filter;C:\WINDOWS\system32\NetWare\nwfilter.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 BlankScr;HBDevice;C:\WINDOWS\system32\drivers\BlankScr.sys
R2 Kblock;Kblock;C:\WINDOWS\system32\drivers\Kblock.sys
R2 Mouslock;Mouslock;C:\WINDOWS\system32\drivers\Mouslock.sys
R2 NetwareWorkstation;Novell Client for Windows;C:\WINDOWS\system32\NetWare\nwfs.sys
R2 NWDHCP;Novell DHCP Inform Client;C:\WINDOWS\system32\NetWare\nwdhcp.sys
R2 Prometheus Wake-On-LAN Status Agent;Novell ZfD Wake on LAN Status Agent;C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
R2 Remote Management Agent;Novell ZfD Remote Management;C:\Programmer\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
R2 RESMGR;Novell NetWare Resource Manager;C:\WINDOWS\system32\NetWare\resmgr.sys
R2 SRVLOC;Novell Service Location;C:\WINDOWS\system32\NetWare\srvloc.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 nscmnt;Novell Local Security Context Manager;C:\WINDOWS\system32\drivers\novell\nscmnt.sys
R3 NWDNS;Novell DNS Name Space Service Provider;C:\WINDOWS\system32\NetWare\nwdns.sys
R3 NWHOST;Novell Host File Name Space Service Provider;C:\WINDOWS\system32\NetWare\NWHOST.sys
R3 NWSLP;Novell SLP Name Space Service Provider;C:\WINDOWS\system32\NetWare\nwslp.sys
R3 NWSNS;Novell Simple Naming Services;C:\WINDOWS\system32\NetWare\NWSNS.sys
R3 xauthnt;Novell XTier Authentication Service;C:\WINDOWS\system32\drivers\novell\xauthnt.sys
S2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface;C:\WINDOWS\system32\NetWare\nwsipx32.sys
S3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys
S3 cusrvc;Client Update Service for Novell;C:\WINDOWS\system32\cusrvc.exe
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys
S3 NWSAP;Novell SAP Name Space Provider;C:\WINDOWS\system32\NetWare\NWSAP.sys
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys
S3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 12:42:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys"

Completion time: 2007-08-31 12:45:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-31 12:44
C:\ComboFix2.txt ... 2007-08-30 19:20

    --- E O F ---
Avatar billede ejvindh Ekspert
31. august 2007 - 20:00 #9
-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
C:\Programmer\Video.exe
C:\Programmer\Track_03.exe
C:\Programmer\Setup.exe
-----------------------------

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Lav også gerne en ny log med Combofix, som du lægger herind til gennemsyn.
Avatar billede ejvindh Ekspert
26. oktober 2007 - 09:06 #10
Fik du løst dit problem?
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 11:14 Bærbar til Sims 3? Af idamarie i PC
I dag 10:49 Adobe til excel Af densortehingst i Andet software
I dag 09:26 Chrome Af fjorbak i Andet netværk
I går 21:08 Hvor kan man se Alan Turings mekaniske apparat til at løse Enignas koder Af KurtG i Andet hardware
I går 18:46 Kan det passe ;-) Af fjorbak i Routere & Switches
White papers
Flere white papers »


Premium
Teaser billede
Microsoft skyder dele af skylden for CrowdStrike-nedbrud på 15 år gammel EU-aftale
Læs mere »
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Det er blevet kaldt ”det største it-nedbrud i historien” og omkostningerne kan nemt løbe op i syv milliarder kroner: Men hvem skal betale for Crowdstrikes fejl?
Europas største software-leverandør stryger frem på cloud-fronten – men 97 procent af overskuddet er forduftet
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Peter Lüth udlever CTO-drømmen: Bygger et system fra bunden og tjener kassen på det
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Guide: Sådan udvikler du en moderne netværksstrategi
Læs mere »
SASE: Træf det rette valg – første gang
Vejen væk fra WAN: Sådan skifter du til en moderne infrastruktur
Nemmere overblik, styring og omkostningskontrol i dit multicloud-miljø
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »