Avatar billede rixi60 Nybegynder
15. juni 2008 - 14:00 Der er 11 kommentarer og
1 løsning

HJÆLP TIL: HijackThis, SUPERAntiSpyware og ComboFix log

Hej eksperter.

Jeg har efter jeg har fået hjælp herinde stadig haft problemer med noget Pop-Ups/SpyWare. Nu har jeg kørt nogle programmer til oprydning af computeren. efter: http://www.eksperten.dk/artikler/1123

Håber der er nogle der gider hjælpe mig med at kigge mine logs igennem!?

ComboFix LOG:

ComboFix 08-06-12.2 - Administrator 2008-06-15 13:32:23.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.699 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM47fbcaf5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ayomcclj.ini
C:\WINDOWS\system32\bcnyyejd.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\dtctewni.dll
C:\WINDOWS\system32\ecuvqova.dll
C:\WINDOWS\system32\egxwvejm.dll
C:\WINDOWS\system32\eirsbkyu.dll
C:\WINDOWS\system32\gjgrpjsw.dll
C:\WINDOWS\system32\hyamjwdi.ini
C:\WINDOWS\system32\idwjmayh.dll
C:\WINDOWS\system32\ikRsDJlm.ini
C:\WINDOWS\system32\ikRsDJlm.ini2
C:\WINDOWS\system32\jlccmoya.dll
C:\WINDOWS\system32\khowlweq.ini
C:\WINDOWS\system32\klmoq.ini
C:\WINDOWS\system32\klmoq.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\PVFOoUvw.ini
C:\WINDOWS\system32\PVFOoUvw.ini2
C:\WINDOWS\system32\qefpygnm.dll
C:\WINDOWS\system32\rluancms.dll
C:\WINDOWS\system32\ryhxcdbj.dll
C:\WINDOWS\system32\ttbnyvnd.dll
C:\WINDOWS\system32\uuebhawj.ini
C:\WINDOWS\system32\wpcap.dll

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((((((((  Files Created from 2008-05-15 to 2008-06-15  )))))))))))))))))))))))))))))))
.

2008-06-15 13:39 . 2008-06-15 13:39    <DIR>    d--------    C:\WINDOWS\LastGood
2008-06-15 12:39 . 2008-06-15 12:39    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-15 12:38 . 2008-06-15 12:52    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-06-15 12:38 . 2008-06-15 12:38    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-14 01:23 . 2008-04-13 09:36    144,384    ---------    C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-06-14 01:23 . 2008-04-13 11:40    10,240    ---------    C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-06-14 01:21 . 2006-12-28 12:01    19,569    --a------    C:\WINDOWS\005703_.tmp
2008-06-13 17:48 .     <DIR>        C:\Programmer\Fælles filer\Scanner
2008-06-13 17:47 . 2008-06-13 17:47    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-06-13 17:12 . 2008-06-13 19:58    <DIR>    d--------    C:\Programmer\Yahoo!
2008-06-13 17:12 . 2008-06-13 17:13    <DIR>    d--------    C:\Programmer\CCleaner
2008-06-13 14:17 . 2008-06-13 14:17    <DIR>    d--------    C:\Programmer\Trend Micro
2008-06-11 23:20 . 2008-06-12 15:42    <DIR>    d--------    C:\Programmer\bwin
2008-06-11 19:49 . 2008-06-11 19:52    438    --a------    C:\WINDOWS\wininit.ini
2008-06-11 18:57 . 2008-06-11 23:25    <DIR>    d--------    C:\Programmer\Spybot - Search & Destroy
2008-06-11 18:57 . 2008-06-11 23:25    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 09:45 . 2008-06-03 09:45    128    --a------    C:\WINDOWS\0C056A8E.dat
2008-06-02 10:01 . 2008-06-02 10:01    128    --a------    C:\WINDOWS\0FB11351.dat
2008-05-27 16:07 . 2008-05-27 16:07    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Microgaming
2008-05-27 16:07 . 2008-06-09 14:20    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\MGS
2008-05-22 14:21 . 2008-05-22 14:27    <DIR>    d--------    C:\Programmer\MansionPoker
2008-05-15 10:21 . 2008-05-28 16:52    <DIR>    d--------    C:\Programmer\Trafikteori

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 10:38    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-06-14 23:47    ---------    d-----w    C:\Programmer\Fælles filer\NSV
2008-06-14 23:11    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Azureus
2008-06-14 23:04    ---------    d-----w    C:\Programmer\Lavasoft
2008-06-14 22:58    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-14 22:17    ---------    d-----w    C:\Programmer\MSN Messenger
2008-06-13 12:05    ---------    d-----w    C:\Programmer\SopCast
2008-06-13 10:13    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\AVG7
2008-06-01 21:40    ---------    d-----w    C:\Programmer\Azureus
2008-05-28 18:05    ---------    d-----w    C:\Programmer\PokerStars
2008-05-28 16:12    ---------    d-----w    C:\Programmer\ScandicBookmakers.com
2008-05-28 14:45    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Microgaming
2008-05-15 08:24    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-01 16:42    ---------    d-----w    C:\Programmer\AC Tool
2008-04-27 16:08    ---------    d-----w    C:\Programmer\NEXON
2008-04-26 12:57    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2008-04-24 12:08    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-24 12:06    ---------    d-----w    C:\Programmer\BFG
2008-04-24 06:42    ---------    d-----w    C:\Programmer\Peggle Deluxe
2008-04-24 06:37    ---------    d-----w    C:\Programmer\ReflexiveArcade
2008-04-14 07:06    32,866    ------w    C:\WINDOWS\slrundll.exe
2008-04-14 07:06    284,672    ----a-w    C:\WINDOWS\winhlp32.exe
2008-04-14 07:06    150,528    ----a-w    C:\WINDOWS\regedit.exe
2008-04-14 07:05    69,632    ----a-w    C:\WINDOWS\notepad.exe
2008-04-14 07:05    50,688    ----a-w    C:\WINDOWS\twain_32.dll
2008-04-14 07:05    10,752    ----a-w    C:\WINDOWS\hh.exe
2008-04-14 07:05    1,034,752    ----a-w    C:\WINDOWS\explorer.exe
2007-05-10 13:10    81,920    ----a-w    C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2007-05-10 13:10    47,360    ----a-w    C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
.
[code]<pre>
----a-w            68,856 2007-12-25 11:10:55  C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w          579,072 2007-12-25 11:10:53  C:\Programmer\Grisoft\AVG7\avgcc .exe
----a-w            15,360 2007-12-24 11:36:14  C:\WINDOWS\system32\ctfmon .exe
</pre>[/code]


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG Control Center"="C:\Programmer\Grisoft\AVG7\avgcc .exe" [2007-12-25 13:10 579072]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:05 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 09:05 15360]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 13:49 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2008-06-15 12:52 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRlJdb]
byXRlJdb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdedb]
efcdedb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menuen Start^Programmer^Start^Screen Clipper and Launcher til OneNote 2007.lnk]
path=C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\Screen Clipper and Launcher til OneNote 2007.lnk
backup=C:\WINDOWS\pss\Screen Clipper and Launcher til OneNote 2007.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^BestCrypt Auto Open.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\BestCrypt Auto Open.lnk
backup=C:\WINDOWS\pss\BestCrypt Auto Open.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\44c8f969]
C:\WINDOWS\system32\jlccmoya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 12:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-03-22 22:10 335872 C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Programmer\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM47fbcaf5]
C:\WINDOWS\system32\ryhxcdbj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 09:05 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
C:\Programmer\FreeCall.com\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JewelMinerv2Setup.exe]
C:\DOWNLO~1\JEWELM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\qomlk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay]
C:\Programmer\ProxyWay\proxyway.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-12-19 12:53 65024 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-10 14:00 536576 C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-10 14:00 98304 C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
C:\Program Files\webHancer\Programs\whSurvey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Updates"=svshost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Azureus\\Azureus.exe"=
"C:\\Programmer\\Internet Explorer\\iexplore.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:war3

R1 BC_3DES;BC_3DES;C:\WINDOWS\system32\drivers\BC_3DES.sys [2007-05-31 05:44]
R1 BC_BF128;BC_BF128;C:\WINDOWS\system32\drivers\BC_BF128.sys [2007-05-31 05:45]
R1 BC_BF448;BC_BF448;C:\WINDOWS\system32\drivers\BC_BF448.sys [2007-05-31 05:46]
R1 BC_BFish;BC_BFish;C:\WINDOWS\system32\drivers\BC_BFish.sys [2007-05-31 05:47]
R1 BC_CAST;BC_CAST;C:\WINDOWS\system32\drivers\BC_CAST.sys [2007-05-31 05:48]
R1 BC_DES;BC_DES;C:\WINDOWS\system32\drivers\BC_DES.sys [2007-05-31 05:49]
R1 BC_Gost;BC_Gost;C:\WINDOWS\system32\drivers\BC_Gost.sys [2007-05-31 05:50]
R1 BC_RC6;BC_RC6;C:\WINDOWS\system32\drivers\BC_RC6.sys [2007-05-31 05:52]
R1 BC_RIJN;BC_RIJN;C:\WINDOWS\system32\drivers\BC_RIJN.sys [2007-05-31 05:53]
R1 BC_SERP;BC_SERP;C:\WINDOWS\system32\drivers\BC_SERP.sys [2007-05-31 05:54]
R1 BC_TFISH;BC_TFISH;C:\WINDOWS\system32\drivers\BC_TFISH.sys [2007-05-31 05:54]
R1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys [2007-06-13 13:17]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 09:06]
R3 mhk;mhk;C:\WINDOWS\system32\drivers\mhk.sys [2006-12-12 13:45]
R3 moh;moh;C:\WINDOWS\system32\drivers\moh.sys [2006-12-12 13:45]
S3 NetWlan5;Driver til symbolbaseret 802.11b Wireless LAN-netværkskort;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-27 02:49]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2007-12-26 12:57]
S4 Messagcr;Messagcr;c:\temp\svchost.exe []
S4 WZCOOK;WEP/WPA-PMK key recovery service;"C:\Documents and Settings\Administrator\Skrivebord\aircrack-ng-0.9.3-win\bin\wzcook.exe"  []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 15:20:44 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programmer\TuneUp Utilities 2008\OneClick.exe
"2008-06-14 14:46:03 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4532B0DD-FF23-4475-B392-8BD552BB5BDB}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 13:43:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-15 13:45:52 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-15 11:45:48

Pre-Run: 11,029,770,240 byte ledig
Post-Run: 10,874,171,392 byte ledig

271    --- E O F ---    2008-05-29 09:23:00


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

HijackThis LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:56, on 15-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Grisoft\AVG7\avgcc .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Skrivebord\HiJackThis version.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.87.131.104:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {07b06614-ed67-48c5-832f-e5b373a35493} - C:\WINDOWS\system32\gjgrpjsw.dll
O2 - BHO: {d531c5b9-f2a9-577a-2a84-01ff32362ff4} - {4ff26323-ff10-48a2-a775-9a2f9b5c135d} - C:\WINDOWS\system32\qefpygnm.dll
O2 - BHO: (no name) - {657FE57A-1AC8-455E-9651-51044228C11A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: (no name) - {AA77D00F-4E5E-4215-935B-733BC974094A} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C29714C2-E8CC-4B90-9BA6-9BAFCD273932} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKCU\..\Run: [AVG Control Center] C:\Programmer\Grisoft\AVG7\avgcc .exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170974229120
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O20 - Winlogon Notify: byXRlJdb - byXRlJdb.dll (file missing)
O20 - Winlogon Notify: efcdedb - efcdedb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7202 bytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SUPERAntiSpyware LOG:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/15/2008 at 01:21 PM

Application Version : 4.15.1000

Core Rules Database Version : 3482
Trace Rules Database Version: 1473

Scan type      : Complete Scan
Total Scan Time : 00:23:29

Memory items scanned      : 236
Memory threats detected  : 2
Registry items scanned    : 6846
Registry threats detected : 16
File items scanned        : 21748
File threats detected    : 7

Trojan.Vundo-Variant/Small
    C:\WINDOWS\SYSTEM32\IIFEBYPH.DLL
    C:\WINDOWS\SYSTEM32\IIFEBYPH.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38777590-2D74-4E06-AD43-E33CC64B2BA0}
    HKCR\CLSID\{38777590-2D74-4E06-AD43-E33CC64B2BA0}
    HKCR\CLSID\{38777590-2D74-4E06-AD43-E33CC64B2BA0}\InprocServer32
    HKCR\CLSID\{38777590-2D74-4E06-AD43-E33CC64B2BA0}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{38777590-2D74-4E06-AD43-E33CC64B2BA0}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\iifebYPh

Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\WVUOOFVP.DLL
    C:\WINDOWS\SYSTEM32\WVUOOFVP.DLL

Adware.Vundo Variant
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80BB55D5-0982-4A14-95AE-B5B293FF85B6}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{80BB55D5-0982-4A14-95AE-B5B293FF85B6}

Trojan.Vundo-Variant/Small-GEN
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F00A6B23-9AE9-44EE-9962-AED23241EF08}
    HKCR\CLSID\{F00A6B23-9AE9-44EE-9962-AED23241EF08}
    HKCR\CLSID\{F00A6B23-9AE9-44EE-9962-AED23241EF08}\InprocServer32
    HKCR\CLSID\{F00A6B23-9AE9-44EE-9962-AED23241EF08}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\AWTUUVLD.DLL
    C:\WINDOWS\SYSTEM32\NNNMMNOF.DLL
    C:\WINDOWS\SYSTEM32\WVUNOGWX.DLL

Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[2].txt

Adware.Vundo Variant/Rel
    HKLM\SOFTWARE\Microsoft\aoprndtws
    HKLM\SOFTWARE\Microsoft\FCOVM
    HKLM\SOFTWARE\Microsoft\RemoveRP
    HKU\S-1-5-21-823518204-492894223-1343024091-500\Software\Microsoft\rdfa

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

På forhånd tak for hjælpen..
15. juni 2008 - 14:12 #1
Jeg ser på den...
15. juni 2008 - 14:14 #2
Er det den samme som her -> http://www.eksperten.dk/spm/834789 ???
Avatar billede rixi60 Nybegynder
15. juni 2008 - 14:16 #3
jeg har lige lavet hijackThis nu her idag. Med den version af HijackThis som du gav mig, ved ikke om de er magen til hinanden
Avatar billede Jensen DK Novice
15. juni 2008 - 14:21 #4
Det ser ud som om du har 3 ens spørgsmål luk de 2 af dem det er ulovligt i følge ekspertens regler.
15. juni 2008 - 14:43 #5
(Hvis det er samme PC så holde dig til én tråd - den oprindelige...)

Hvis det er en anden PC så vil jeg anbefale at få den / de andre PC'er på dupperne først...
15. juni 2008 - 15:43 #6
Dvs. vi fortsætter herfra ?
15. juni 2008 - 15:57 #7
-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\system32\jlccmoya.dll
C:\WINDOWS\system32\ryhxcdbj.dll
C:\WINDOWS\system32\qomlk.exe
C:\WINDOWS\system32\gjgrpjsw.dll
C:\WINDOWS\system32\qefpygnm.dll
c:\temp\svchost.exe

Folders to delete:
C:\Programmer\BitTorrent
C:\Documents and Settings\Administrator\BitTorrent
C:\Programmer\Azureus
C:\Documents and Settings\Administrator\Application Data\Azureus
C:\Programmer\Yahoo!
C:\Programmer\Microgaming
C:\Documents and Settings\Administrator\Application Data\Microgaming

~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {07b06614-ed67-48c5-832f-e5b373a35493} - C:\WINDOWS\system32\gjgrpjsw.dll
O2 - BHO: {d531c5b9-f2a9-577a-2a84-01ff32362ff4} - {4ff26323-ff10-48a2-a775-9a2f9b5c135d} - C:\WINDOWS\system32\qefpygnm.dll
O2 - BHO: (no name) - {657FE57A-1AC8-455E-9651-51044228C11A} - (no file)
O2 - BHO: (no name) - {AA77D00F-4E5E-4215-935B-733BC974094A} - (no file)
O2 - BHO: (no name) - {C29714C2-E8CC-4B90-9BA6-9BAFCD273932} - (no file)
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O20 - Winlogon Notify: byXRlJdb - byXRlJdb.dll (file missing)
O20 - Winlogon Notify: efcdedb - efcdedb.dll (file missing)

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

------------

Ta' en tur med CCleaner som du allerede har...
Avatar billede rixi60 Nybegynder
15. juni 2008 - 16:27 #8
hej igen.
Nu har jeg gjort ovenstående. Det lader ikke til der er flere Pop-Ups.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:12, on 15-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Grisoft\AVG7\avgcc .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Skrivebord\HiJackThis version.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.87.131.104:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKCU\..\Run: [AVG Control Center] C:\Programmer\Grisoft\AVG7\avgcc .exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170974229120
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6189 bytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Avenger Log

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\WINDOWS\system32\jlccmoya.dll" not found!
Deletion of file "C:\WINDOWS\system32\jlccmoya.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ryhxcdbj.dll" not found!
Deletion of file "C:\WINDOWS\system32\ryhxcdbj.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\qomlk.exe" not found!
Deletion of file "C:\WINDOWS\system32\qomlk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\gjgrpjsw.dll" not found!
Deletion of file "C:\WINDOWS\system32\gjgrpjsw.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\qefpygnm.dll" not found!
Deletion of file "C:\WINDOWS\system32\qefpygnm.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\temp\svchost.exe" not found!
Deletion of file "c:\temp\svchost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  folder "C:\Programmer\BitTorrent" not found!
Deletion of folder "C:\Programmer\BitTorrent" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  folder "C:\Documents and Settings\Administrator\BitTorrent" not found!
Deletion of folder "C:\Documents and Settings\Administrator\BitTorrent" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\Programmer\Azureus" deleted successfully.
Folder "C:\Documents and Settings\Administrator\Application Data\Azureus" deleted successfully.
Folder "C:\Programmer\Yahoo!" deleted successfully.

Error:  folder "C:\Programmer\Microgaming" not found!
Deletion of folder "C:\Programmer\Microgaming" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\Documents and Settings\Administrator\Application Data\Microgaming" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
15. juni 2008 - 16:58 #9
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------
Avatar billede rixi60 Nybegynder
15. juni 2008 - 17:00 #10
tusinde tak for hjælpen !!
Avatar billede rixi60 Nybegynder
15. juni 2008 - 17:10 #11
Kom lige til at tænke på om der til dags dato er nogle virusprogrammer som er bedre end AVG som jeg kører nu ?
15. juni 2008 - 17:39 #12
Nogle ka' li' blondiner - andre vil ha' rødhåret (jeg vil dog ha' begge!)...
Altså smag og behag...
http://www.eksperten.dk/spm/834843
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester