CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede fedora Nybegynder
04. februar 2008 - 18:08 Der er 8 kommentarer og
1 løsning

Hjælp til analyse af logs

Hej Eksperter,

jeg har været i gang med at ryde op på min søsters computer, og jeg har fulgt fra artiklen Nye Våben, og vil gerne have lidt hjælp til analysen. I hijackthis loggen har jeg placeret nogle pile, på de elementer jeg tror der skal fjernes. Vil nemlig selv gerne lære at gennengå logs.

HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 17:45:59, on 04-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\VMSnap23.exe <---
C:\WINDOWS\Domino.exe <---
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Windows Live\Familiesikkerhed\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE <--- Tvivl?
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Macrogaming\SweetIM\SweetIM.exe <---
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE <--- Tvivl?
C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\McAfee\MSC\mcuimgr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Trine\Skrivebord\Cleaning\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com <---
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmer\Windows Live\Familiesikkerhed\fssbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <---
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe <--- Tvivl?
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe <--- Mulig fix?
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe <--- Muligfix?
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [mcagent_exe] C:\Programmer\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Programmer\Windows Live\Familiesikkerhed\fssui.exe" -autorun
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Mfcd Bows.exe <---
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RollerCoasterTycoon2Setup.exe] C:\DOWNLO~1\ROLLER~1.EXE /r
O4 - HKCU\..\Run: [Blue htm] C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1\Pure View Meow.exe <---
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programmer\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) <--
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) <---
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <---
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <---
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179774626030
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL <---
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL <---
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FÆLLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FÆLLES~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

COMBOFIX:
ComboFix 08-02.03.1 - Trine 2008-02-04 17:49:32.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.346 [GMT 1:00]
Running from: C:\Documents and Settings\Trine\Skrivebord\Cleaning\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\Documents and Settings\Trine\Lokale indstillinger\Application Data\zrjspaldx.dat
c:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe
C:\Documents and Settings\Trine\Lokale indstillinger\Application Data\zrjspaldx_nav.dat
C:\Documents and Settings\Trine\Lokale indstillinger\Application Data\zrjspaldx_navps.dat
C:\Documents and Settings\Trine\Menuen Start\Programmer\InternetGameBox
C:\Documents and Settings\Trine\Menuen Start\Programmer\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\Trine\Menuen Start\Programmer\InternetGameBox\Privacy Policy.lnk
C:\Documents and Settings\Trine\Menuen Start\Programmer\InternetGameBox\Terms and conditions.lnk
C:\Documents and Settings\Trine\Menuen Start\Programmer\InternetGameBox\Website.lnk
C:\Programmer\internetgamebox
C:\Programmer\internetgamebox\InternetGameBox.exe
C:\Programmer\internetgamebox\language
C:\Programmer\internetgamebox\Privacy Policy.url
C:\Programmer\internetgamebox\ressources\AttenteOff.html
C:\Programmer\internetgamebox\ressources\AttenteOn.html
C:\Programmer\internetgamebox\ressources\configv2_en.xml
C:\Programmer\internetgamebox\ressources\configv2_es.xml
C:\Programmer\internetgamebox\ressources\configv2_fr.xml
C:\Programmer\internetgamebox\ressources\favoris\defaultv2.swf
C:\Programmer\internetgamebox\skins\skinv2.skn
C:\Programmer\internetgamebox\Terms and conditions.url
C:\Programmer\internetgamebox\uninst.exe
C:\Programmer\internetgamebox\Website.url
C:\WINDOWS\system32\nvs2.inf
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
(((((((((((((((((((((((((  Files Created from 2008-01-04 to 2008-02-04  )))))))))))))))))))))))))))))))
.

2008-02-04 17:07 . 2008-02-04 17:45    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-02-04 17:07 . 2008-02-04 17:07    <DIR>    d--------    C:\Documents and Settings\Trine\Application Data\SUPERAntiSpyware.com
2008-02-04 17:07 . 2008-02-04 17:07    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-04 17:06 . 2008-02-04 17:06    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-04 17:02 . 2008-02-04 17:02    <DIR>    d--------    C:\Programmer\CCleaner
2008-01-27 21:31 . 2008-01-27 21:31    244    --ah-----    C:\sqmnoopt06.sqm
2008-01-27 21:31 . 2008-01-27 21:31    232    --ah-----    C:\sqmdata06.sqm
2008-01-21 21:17 . 2008-01-21 21:17    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\pixelStorm
2008-01-19 17:55 . 2008-01-19 17:55    <DIR>    d--------    C:\Programmer\log hope wave
2008-01-12 14:41 . 2008-01-19 17:56    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\file joy proc deaf
2008-01-12 14:40 . 2008-02-01 09:50    <DIR>    d--------    C:\Programmer\Messenger Plus! Live
2008-01-12 14:40 . 2008-01-12 14:40    <DIR>    d--------    C:\Programmer\Circle Developement
2008-01-12 14:40 . 2008-01-19 17:56    <DIR>    d--------    C:\Documents and Settings\Trine\Application Data\log hope wave
2008-01-12 14:40 . 2008-01-12 14:40    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Messenger Plus!

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 15:55    ---------    d-----w    C:\Programmer\Macrogaming
2008-02-04 15:53    ---------    d-----w    C:\Programmer\Windows Live Toolbar
2008-02-04 15:51    ---------    d-----w    C:\Programmer\Google
2008-01-20 11:36    43,520    ----a-w    C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-27 17:21    ---------    d-----w    C:\Programmer\Windows Live
2007-12-27 17:12    ---------    d-----w    C:\Programmer\Microsoft SQL Server Compact Edition
2007-12-27 17:07    ---------    dcsh--w    C:\Programmer\Fælles filer\WindowsLiveInstaller
2007-12-27 17:04    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-12 19:38    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-10 19:34    ---------    d-----w    C:\Programmer\QuickTime
2007-12-10 19:34    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-10 19:33    ---------    d-----w    C:\Programmer\Kodak
2007-12-10 19:32    ---------    d-----w    C:\Programmer\Fælles filer\Kodak
2007-12-10 19:29    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Kodak
2007-11-07 09:28    723,456    ----a-w    C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28    723,456    ----a-w    C:\WINDOWS\system32\dllcache\lsasrv.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12    56360    --a------    C:\Programmer\Windows Live\Familiesikkerhed\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 04:00 15360]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"RollerCoasterTycoon2Setup.exe"="C:\DOWNLO~1\ROLLER~1.exe" [2007-08-22 20:56 176128]
"Blue htm"="C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1\Pure View Meow.exe" [2008-01-19 17:55 457216]
"zrjspaldx"="c:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe" [ ]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2004-04-20 15:49 40960]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 15:25 98394]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 15:24 688218]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 20:05 339968]
"LaunchAp"="C:\Programmer\Launch Manager\LaunchAp.exe" [2005-03-30 14:29 32768]
"PowerKey"="C:\Programmer\Launch Manager\PowerKey.exe" [2002-08-30 14:02 94208]
"LManager"="C:\Programmer\Launch Manager\HotkeyApp.exe" [2005-05-19 13:45 69632]
"CtrlVol"="C:\Programmer\Launch Manager\CtrlVol.exe" [2003-09-16 13:28 20480]
"LMgrOSD"="C:\Programmer\Launch Manager\OSDCtrl.exe" [2004-10-11 09:47 245760]
"Wbutton"="C:\Programmer\Launch Manager\Wbutton.exe" [2005-04-18 10:41 81920]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 17:59 49152]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 02:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 18:05 385024]
"BigDogPath323VMSnap"="C:\WINDOWS\VMSnap23.exe" [2006-07-20 05:37 90112]
"BigDogPath323Domino"="C:\WINDOWS\Domino.exe" [2006-06-28 03:54 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 04:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"mcagent_exe"="C:\Programmer\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-12-10 20:34 77824]
"fssui"="C:\Programmer\Windows Live\Familiesikkerhed\fssui.exe" [2007-12-17 11:12 243240]
"Proc Deaf Delete Peak"="C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Mfcd Bows.exe" [2008-02-04 16:44 739840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 04:00 15360]

C:\Documents and Settings\Trine\Menuen Start\Programmer\Start\
PowerReg Scheduler.exe [2007-10-18 13:36:56 189952]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Kodak EasyShare software.lnk - C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-03-31 02:01:22 635019]
Kodak software updater.lnk - C:\Programmer\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-11 16:58:16 16423]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14]
R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 22:07]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Familiesikkerhed;"C:\Programmer\Windows Live\Familiesikkerhed\fsssvc.exe" [2007-12-17 11:13]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-14 23:18]
R3 POWERKEY;POWERKEY;C:\Programmer\Launch Manager\POWERKEY.sys [2000-12-19 17:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 jatmlano;jatmlano;C:\DOCUME~1\Trine\LOKALE~1\Temp\jatmlano.sys []
S3 SI15CI;SI15CI;c:\elements\1stboot\SI15CI.SYS []
S3 vmfilter323;323 filter service, Normal;C:\WINDOWS\system32\drivers\vmfilter323.sys [2006-08-08 12:25]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);C:\WINDOWS\system32\Drivers\usbvm323.sys [2006-08-21 17:40]

*Newly Created Service* - APPMGMT
*Newly Created Service* - CATCHME
*Newly Created Service* - INT15.SYS
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
"2008-02-04 16:00:03 C:\WINDOWS\Tasks\A7F16436918AE1A2.job"
- c:\docume~1\trine\applic~1\loghop~1\Type sixth live.exe
"2007-10-24 16:53:24 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-10-24 16:53:22 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programmer\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 17:51:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-04 17:52:41
ComboFix-quarantined-files.txt  2008-02-04 16:52:32
.
2008-01-23 15:23:05    --- E O F ---

ROOTCHK:
********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
04-02-2008 17:46:42,34

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 17:46:43
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
C:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe [3712]

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd600e12]
"0015b95663e5"=hex:8e,eb,15,52,ff,4a,4a,0c,04,11,59,7c,2b,07,9a,8b
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd600e12]
"0015b95663e5"=hex:8e,eb,15,52,ff,4a,4a,0c,04,11,59,7c,2b,07,9a,8b

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\x2bf8\x388\x2bf8\x388\1"
"DeviceDesc"="\x2bf8\x388\x2bf8\x388\1"
"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"
"MFG"="\x680"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"c:\elements\install\smbus\smbus\smbusati.inf"

scanning hidden files ...

hidden processes: 1
hidden services: 0
hidden files: 0

Jeg kan se, at combofix har fjernet en god slat, og efter hvad jeg kan se så er der også en skjult service via rootchk.

Ingen log fra Superantispyware, fordi den skulle være clean ingen elementer fundet/slettet

På forhånd mange tak.
Avatar billede Computer Hjælp (Gratis) Mester
04. februar 2008 - 20:01 #1
Jeg ser på den...
Avatar billede Computer Hjælp (Gratis) Mester
04. februar 2008 - 20:10 #2
Afinstaller (hvis de er der)

* MessengerPlus*
* SweetIM

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
c:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe
C:\DOCUME~1\Trine\LOKALE~1\Temp\jatmlano.sys
C:\WINDOWS\Tasks\A7F16436918AE1A2.job

Folders to delete:
C:\Documents and Settings\All Users\Application Data\file joy proc deaf\
C:\DOWNLO~1\
C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1\
C:\Programmer\log hope wave
C:\Programmer\Messenger Plus! Live
C:\Documents and Settings\Trine\Application Data\log hope wave
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Programmer\Macrogaming

~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-----------------------------

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com <---
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Mfcd Bows.exe <---

O4 - HKCU\..\Run: [RollerCoasterTycoon2Setup.exe] C:\DOWNLO~1\ROLLER~1.EXE /r
O4 - HKCU\..\Run: [Blue htm] C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1\Pure View Meow.exe <---

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) <---
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <---
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <---

-----------------------------

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

-----------------------------
Avatar billede fedora Nybegynder
04. februar 2008 - 21:03 #3
Logfile of HijackThis v1.99.1
Scan saved at 21:02:34, on 04-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Windows Live\Familiesikkerhed\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmer\McAfee\MSC\mcuimgr.exe
C:\Programmer\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Documents and Settings\Trine\Skrivebord\Cleaning\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmer\Windows Live\Familiesikkerhed\fssbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [mcagent_exe] C:\Programmer\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Programmer\Windows Live\Familiesikkerhed\fssui.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programmer\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179774626030
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FÆLLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FÆLLES~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmer\Fælles filer\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hkqrmxvs

*******************

Script file located at: \??\C:\Documents and Settings\xambvaqg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe not found!
Deletion of file c:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe failed!

Could not process line:
c:\documents and settings\trine\lokale indstillinger\application data\zrjspaldx.exe
Status: 0xc0000034



File C:\DOCUME~1\Trine\LOKALE~1\Temp\jatmlano.sys not found!
Deletion of file C:\DOCUME~1\Trine\LOKALE~1\Temp\jatmlano.sys failed!

Could not process line:
C:\DOCUME~1\Trine\LOKALE~1\Temp\jatmlano.sys
Status: 0xc0000034



File C:\WINDOWS\Tasks\A7F16436918AE1A2.job not found!
Deletion of file C:\WINDOWS\Tasks\A7F16436918AE1A2.job failed!

Could not process line:
C:\WINDOWS\Tasks\A7F16436918AE1A2.job
Status: 0xc0000034

Folder C:\Documents and Settings\All Users\Application Data\file joy proc deaf deleted successfully.
Folder C:\DOWNLO~1 deleted successfully.


Folder C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1 not found!
Deletion of folder C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1 failed!

Could not process line:
C:\DOCUME~1\Trine\APPLIC~1\LOGHOP~1
Status: 0xc0000034



Folder C:\Programmer\log hope wave not found!
Deletion of folder C:\Programmer\log hope wave failed!

Could not process line:
C:\Programmer\log hope wave
Status: 0xc0000034



Folder C:\Programmer\Messenger Plus! Live not found!
Deletion of folder C:\Programmer\Messenger Plus! Live failed!

Could not process line:
C:\Programmer\Messenger Plus! Live
Status: 0xc0000034



Folder C:\Documents and Settings\Trine\Application Data\log hope wave not found!
Deletion of folder C:\Documents and Settings\Trine\Application Data\log hope wave failed!

Could not process line:
C:\Documents and Settings\Trine\Application Data\log hope wave
Status: 0xc0000034



Folder C:\Documents and Settings\All Users\Application Data\Messenger Plus! not found!
Deletion of folder C:\Documents and Settings\All Users\Application Data\Messenger Plus! failed!

Could not process line:
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
Status: 0xc0000034

Folder C:\Programmer\Macrogaming deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Avatar billede Computer Hjælp (Gratis) Mester
04. februar 2008 - 21:25 #4
Selvom Avenger rokkede sig lidt - men bare for at være sikker...

Umiddelbart er du 'ren' ...

Eftercheck lige om filen C:\WINDOWS\Tasks\A7F16436918AE1A2.job (eller lign. navn) ER slettet helt...
(Du skal aktivere vis skjulte mapper/filer/systemfiler !)

Hvordan kører PC'en så nu ?

Har du rullet CCleaner ?
Avatar billede fedora Nybegynder
05. februar 2008 - 07:41 #5
Jeg kørte CCleaner, som det første og der var en del der blev ryddet op i. Den er stadigvæk lidt langsom under opstart, men tjekket lige om task'en er fjernet.
Avatar billede fedora Nybegynder
05. februar 2008 - 20:02 #6
Der er ingenting i mappen tasks
Avatar billede Computer Hjælp (Gratis) Mester
05. februar 2008 - 20:58 #7
Hvordan kører PC'en så nu ?
Avatar billede fedora Nybegynder
05. februar 2008 - 22:10 #8
Den er hurtigere til at starte op, men den hænger lidt ved logonscreenen, men jeg regner med at køre diskoprydning og en diskfragmentering, og ser om det hjælper på hastigheden. Jeg siger ihvertfald tak for at du kiggede på den. Læg et svar, så er point'sne dine :)
Avatar billede Computer Hjælp (Gratis) Mester
06. februar 2008 - 07:51 #9
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
pop up black friday Af Malm i Virus 3 I går 20:49 I dag 01:12
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 20:49 pop up black friday Af Malm i Virus
I går 18:31 Hvor finder jeg en netværksdriver? Af jcr18 i Wifi
I går 16:49 Identificér og hent del af tekststreng Af TheLibrarian i Excel
I går 16:30 Smart vægt til fitness tracking Af Henrik i Fitness & Smartwatches
I går 08:08 touchpad virker ikke Af Malm i PC
White papers
Flere white papers »


Premium
Teaser billede
Vil købe tele-løsninger til det offentlige for 370 millioner kroner
Læs mere »
Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"
Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen
Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet
Se alle »
Computerworld
Teaser billede
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Læs mere »
Test: Audi Q6 er en super fed SUV - men gør dig selv en tjeneste og kast flere penge efter den
Test: Prøv kun disse B&O-hovedtelefoner, hvis du har råd
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Se alle »
CIO
Teaser billede
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Læs mere »
Kæmpe-opgave for Danske Bank har banet vej for fuldautomatiseret migrering til cloud: Nu udbredes metoden i hele AWS
Stor sag mod Microsoft kan være på vej: Beskyldes for at låse Azure-kunder fast med ulovlige metoder
Microsofts store årlige event: De tre vigtigste nøglebudskaber fra Satya Nadella om Microsofts fremtid
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Tre Norlys-topchefer fratræder med omgående virkning: Internet-forretningen er udfordret - vil have mere fart i integrationen af Telia Danmark
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Se alle »
White paper
Teaser billede
Sådan får du overblik og beskytter dine cloudapplikationer
Læs mere »
Cyberstatus 2024: Her er truslerne – og her forbereder virksomhederne sig
Managed Detection & Response: Forsvar din virksomhed mod cybertrusler døgnet rundt
SMB og cybertrusler: Brug sikkerhedsressourcerne optimalt
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »