CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede soho12 Nybegynder
23. september 2007 - 18:18 Der er 27 kommentarer

fjernelse af winantivirus og trojan winbo32 samt andre evt virus

Hej jeg har fået en virus, fordi jeg har været inde på en xxx side (jeg gør det aldrig mere) og dette popper up som start side hvergang jeg åbner en browser "C:\WINDOWS\SYSTEM32\spywarewarning.mht" det kan ikke ændres. jeg har fulgt denne artikel http://www.eksperten.dk/artikler/1123 og fået nedenstående log, hvad gør jeg for at fjerne det der har inficeret min computer?
ComboFix 07-09-21.2 - "soho" 2007-09-23 13:57:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.45.1030.18.434 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\drivers\fad.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))
.

2007-09-23 13:56 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-23 11:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-23 10:59 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-09-23 10:59 <DIR> d-------- C:\DOCUME~1\soho\APPLIC~1\SUPERAntiSpyware.com
2007-09-23 10:54 <DIR> d-------- C:\Programmer\CCleaner
2007-09-23 01:43 58,880 -r-hs---- C:\WINDOWS\SYSTEM32\acluiw.exe
2007-09-23 01:43 202,752 --a------ C:\WINDOWS\svzip.exe
2007-09-23 01:43 202,240 --a------ C:\WINDOWS\sv.exe
2007-09-23 01:43 201,728 --a------ C:\WINDOWS\runsql.exe
2007-09-23 01:43 144 --ahs---- C:\WINDOWS\SYSTEM32\1690515837.dat
2007-09-12 19:07 364 --ah----- C:\DOCUME~1\soho\APPLIC~1\hpothb07.dat
2007-09-02 16:36 <DIR> d-------- C:\DOCUME~1\soho\APPLIC~1\Leadertech
2007-09-02 16:25 <DIR> d-------- C:\DOCUME~1\soho\APPLIC~1\AdobeAUM
2007-09-02 16:20 97,088 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\sea1mdm.sys
2007-09-02 16:20 9,360 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\sea1mdfl.sys
2007-09-02 16:20 86,432 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\sea1obex.sys
2007-09-02 16:20 6,240 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\sea1cmnt.sys
2007-09-02 16:20 6,240 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\sea1cm.sys
2007-08-25 17:56 <DIR> d-------- C:\Programmer\Disc2Phone
2007-08-25 17:51 <DIR> d-------- C:\Programmer\InterCasino $$$
2007-08-25 17:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\URTTEMP
2007-08-25 17:09 <DIR> d-------- C:\DOCUME~1\soho\APPLIC~1\Teleca
2007-08-25 17:02 <DIR> d-------- C:\DOCUME~1\soho\APPLIC~1\Sony Ericsson
2007-08-25 16:54 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-08-25 16:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-08-25 16:52 <DIR> d-------- C:\Programmer\Sony Ericsson
2007-08-25 16:52 <DIR> d-------- C:\Programmer\F‘lles filer\Teleca Shared
2007-08-25 16:52 <DIR> d-------- C:\Programmer\F‘lles filer\Sony Ericsson Shared
2007-08-25 16:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 13:51 --------- d-------- C:\DOCUME~1\soho\APPLIC~1\Skype
2007-09-23 10:37 --------- d-------- C:\Programmer\Azureus
2007-09-08 15:59 --------- d-------- C:\DOCUME~1\soho\APPLIC~1\Azureus
2007-08-20 20:33 --------- d-------- C:\DOCUME~1\soho\APPLIC~1\Ahead
2007-08-12 01:55 --------- d--h----- C:\Programmer\InstallShield Installation Information
2007-08-12 01:55 --------- d-------- C:\Programmer\SuperslotsCasino
2007-08-12 01:50 --------- d-------- C:\Programmer\RubyFortune
2007-08-12 01:39 --------- d-------- C:\Programmer\Pixie
2007-08-12 01:39 --------- d-------- C:\Programmer\GameSpy Arcade
2007-08-12 01:37 --------- d-------- C:\Programmer\Cordless USB Phone
2007-08-12 01:29 --------- d-------- C:\Programmer\32red
2007-08-08 18:55 --------- d-------- C:\DOCUME~1\soho\APPLIC~1\Snapfish
2007-08-08 18:40 --------- d-------- C:\Programmer\Ahead
2007-08-08 18:38 --------- d-------- C:\DOCUME~1\soho\APPLIC~1\Simple Star
2007-07-29 02:08 --------- d-------- C:\Programmer\CasinoOnNet
2004-08-09 23:30 40960 --a------ C:\Programmer\Uninstall_CDS.exe
--------- C:\Programmer\Fælles filer\Wise Installation Wizard
--------- C:\Programmer\Fælles filer\Teleca Shared
--------- C:\Programmer\Fælles filer\Sony Ericsson Shared
--------- C:\Programmer\Fælles filer\Ahead
--------- C:\Programmer\Fælles filer
2006-03-20 21:32:30 10,022 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
"PWRISOVM.EXE"="C:\Programmer\PowerISO\PWRISOVM.EXE" [2006-05-20 12:13]
"RemoteControl"="C:\Programmer\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 21:29]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-09-24 03:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 17:43]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Programmer\Ahead\InCD\InCD.exe" [2005-01-27 19:17]
"Sony Ericsson PC Suite"="C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 13:36]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"netzip"="C:\WINDOWS\svzip.exe" [2007-09-23 01:43]
"netsv32"="C:\WINDOWS\sv.exe" [2007-09-23 01:43]
"runsql"="C:\WINDOWS\runsql.exe" [2007-09-23 01:43]
"IEUpdate"="C:\WINDOWS\system32\acluiw.exe" [2007-09-23 01:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-05-10 16:09]
"igndlm.exe"="C:\Programmer\Download Manager\DLM.exe" [2007-02-23 20:55]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-26 02:28]
"IEUpdate"="C:\WINDOWS\system32\acluiw.exe" [2007-09-23 01:43]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-23 13:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"IEUpdate"=C:\WINDOWS\system32\acluiw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"IEUpdate"=C:\WINDOWS\system32\acluiw.exe

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-16 22:05:26]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DESKTOP.INI [2002-11-26 09:33:28]
hp psc 1000 series.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 22:08:34]
hpoddt01.exe.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 21:56:10]

C:\DOCUME~1\DEFAUL~1\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2002-11-26 09:33:28]

C:\DOCUME~1\soho\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2002-11-26 09:33:28]
DLHelperEXE.exe [2006-09-13 19:01:18]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"IEUpdate"= C:\WINDOWS\system32\acluiw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Lotus Organizer EasyClip.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Lotus Organizer EasyClip.lnk
backup=C:\WINDOWS\pss\Lotus Organizer EasyClip.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Lotus QuickStart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Lotus QuickStart.lnk
backup=C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Lotus SmartCenter.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Lotus SmartCenter.lnk
backup=C:\WINDOWS\pss\Lotus SmartCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Lotus SuiteStart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Lotus SuiteStart.lnk
backup=C:\WINDOWS\pss\Lotus SuiteStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soho^Menuen Start^Programmer^Start^DLHelperEXE.exe]
path=C:\Documents and Settings\soho\Menuen Start\Programmer\Start\DLHelperEXE.exe
backup=C:\WINDOWS\pss\DLHelperEXE.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Programmer\Fælles filer\Logitech\QCDriver2\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net-It Launcher]
C:\WINDOWS\System32\NILaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Programmer\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot

R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys
S2 ClipSrvWebClient;Udklipsbog ClipSrvWebClient;C:\WINDOWS\system32\~.exe srv
S2 InCDsrvR;InCD Helper (read only);C:\Programmer\Ahead\InCD\InCDsrv.exe -r
S3 cdiskdun;cdiskdun;\??\C:\DOCUME~1\soho\LOKALE~1\Temp\cdiskdun.sys
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys
S3 ZD1211U(X-Micro);X-Micro WLAN 11g USB Adapter(X-Micro);C:\WINDOWS\system32\DRIVERS\zd1211u.sys
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{603288fd-b97c-11d8-8fe5-806d6172696f}]
AutoRun\command- D:\setup.exe

*Newly Created Service* - SASDIFSV
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-23 14:05:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\System32\DRIVERS\viaagp.sys"
.
Completion time: 2007-09-23 14:08:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-23 14:08
.
--- E O F ---

og denne her:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/23/2007 at 01:24 PM

Application Version : 3.7.1018

Core Rules Database Version : 3311
Trace Rules Database Version: 1315

Scan type : Complete Scan
Total Scan Time : 01:51:47

Memory items scanned : 169
Memory threats detected : 0
Registry items scanned : 6965
Registry threats detected : 26
File items scanned : 86228
File threats detected : 62

Adware.Tracking Cookie
C:\Documents and Settings\soho\Cookies\soho@track.adform[1].txt
C:\Documents and Settings\soho\Cookies\soho@qxl.banneradministration[1].txt
C:\Documents and Settings\soho\Cookies\soho@adtech[2].txt
C:\Documents and Settings\soho\Lokale indstillinger\Temp\Cookies\soho@3.adbrite[1].txt
C:\Documents and Settings\soho\Lokale indstillinger\Temp\Cookies\soho@ad.zanox[1].txt
C:\Documents and Settings\soho\Lokale indstillinger\Temp\Cookies\soho@atwola[1].txt
C:\Documents and Settings\soho\Lokale indstillinger\Temp\Cookies\soho@banner.wofacaicasino[2].txt
C:\Documents and Settings\soho\Lokale indstillinger\Temp\Cookies\soho@clicktorrent[2].txt
C:\Documents and Settings\soho\Lokale indstillinger\Temp\Cookies\soho@cpvfeed[2].txt
C:\Documents and Settings\soho\Lokale indstillinger\Temp\Cookies\soho@e2.emediate[2].txt
C:\Documents and Settings\soho\Lokale indstillinger\Temp\Cookies\soho@momscravebigcocks.tastyporn[1].txt
C:\Documents and Settings\soho\Lokale indstillinger\Temp\Cookies\soho@www.bestpornstardb[1].txt
C:\Documents and Settings\soho\Lokale indstillinger\Temp\Cookies\soho@www.porn-site[1].txt
C:\Documents and Settings\soho\Lokale indstillinger\Temp\Cookies\soho@www.pornsense[2].txt
C:\Documents and Settings\soho\Lokale indstillinger\Temp\Cookies\soho@yourmedia[1].txt

Adware.MyWay
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#Build
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar\partner
HKLM\Software\MyWay\myBar\partner#bitmap
HKLM\Software\MyWay\myBar\partner#name
HKLM\Software\MyWay\myBar\partner#test
HKLM\Software\MyWay\myBar\partner#PM-Home
HKLM\Software\MyWay\myBar\partner#PM-Points
HKLM\Software\MyWay\myBar\partner#PM-Redeem
HKLM\Software\MyWay\myBar\partner#PM-Wallet
HKLM\Software\MyWay\myBar\partner#PM-Settings
C:\Programmer\MyWay\myBar\History\search
C:\Programmer\MyWay\myBar\History
C:\Programmer\MyWay\myBar\Settings\prevcfg.htm
C:\Programmer\MyWay\myBar\Settings
C:\Programmer\MyWay\myBar
C:\Programmer\MyWay

Adware.Casino Games (Golden Palace Casino)
C:\ACTIVE\CASINO.EXE
C:\CASINO\CASINO KING\CASINO.EXE
C:\CASINO\PRESTIGE CASINO\CASINO.EXE
C:\CASINO\VEGAS RED CASINO\CASINO.EXE
C:\PROGRAMMER\CDPOKER\CASINO.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\MENUEN START\CDPOKER.LNK
C:\DOCUMENTS AND SETTINGS\ALL USERS\MENUEN START\PROGRAMMER\CASINO KING\CASINO KING.LNK
C:\DOCUMENTS AND SETTINGS\ALL USERS\MENUEN START\PROGRAMMER\CDPOKER\CDPOKER.LNK
C:\DOCUMENTS AND SETTINGS\ALL USERS\MENUEN START\PROGRAMMER\PRESTIGE CASINO\PRESTIGE CASINO.LNK
C:\DOCUMENTS AND SETTINGS\ALL USERS\MENUEN START\PROGRAMMER\VEGAS RED CASINO\VEGAS RED CASINO.LNK
C:\DOCUMENTS AND SETTINGS\SOHO\LOKALE INDSTILLINGER\TEMP\CASINO.EXE
C:\DOCUMENTS AND SETTINGS\SOHO\LOKALE INDSTILLINGER\TEMP\HARD ROCK CASINO\CASINO.EXE
C:\PROGRAMMER\CASINOONNET\CASINO.EXE
C:\DOCUMENTS AND SETTINGS\SOHO\MENUEN START\CASINO-ON-NET.LNK
C:\PROGRAMMER\INTERCASINO $$$\CASINO.EXE
C:\DOCUMENTS AND SETTINGS\SOHO\MENUEN START\INTERCASINO $$$.LNK
C:\PROGRAMMER\INTERCASINO 4 FRANçAIS\CASINO.EXE
C:\DOCUMENTS AND SETTINGS\SOHO\MENUEN START\INTERCASINO FRANCE.LNK
C:\DOCUMENTS AND SETTINGS\SOHO\MENUEN START\PROGRAMMER\CASINO-ON-NET\CASINO-ON-NET.LNK
C:\DOCUMENTS AND SETTINGS\SOHO\MENUEN START\PROGRAMMER\INTERCASINO $$$\INTERCASINO $$$.LNK
C:\DOCUMENTS AND SETTINGS\SOHO\MENUEN START\PROGRAMMER\INTERCASINO FRANCE\INTERCASINO FRANCE.LNK
C:\DOCUMENTS AND SETTINGS\SOHO\SKRIVEBORD\CASINO\CASINO KING.LNK
C:\DOCUMENTS AND SETTINGS\SOHO\SKRIVEBORD\CASINO\CASINO-ON-NET.LNK
C:\DOCUMENTS AND SETTINGS\SOHO\SKRIVEBORD\CASINO\INTERCASINO $$$.LNK
C:\DOCUMENTS AND SETTINGS\SOHO\SKRIVEBORD\CASINO\INTERCASINO 4+ FRANçAIS .LNK
C:\DOCUMENTS AND SETTINGS\SOHO\SKRIVEBORD\CASINO\INTERCASINO FRANCE.LNK
C:\DOCUMENTS AND SETTINGS\SOHO\SKRIVEBORD\CASINO\PRESTIGE CASINO.LNK
C:\DOCUMENTS AND SETTINGS\SOHO\SKRIVEBORD\CASINO\VEGAS RED CASINO.LNK
C:\DOCUMENTS AND SETTINGS\SOHO\SKRIVEBORD\DIVERSE\ACTIVE\CASINO.EXE
C:\DOCUMENTS AND SETTINGS\SOHO\SKRIVEBORD\POKER\CDPOKER.LNK
C:\DOCUMENTS AND SETTINGS\SOHO\START MENU\PROGRAMS\GAMES\CASINO-ON-NET.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP1181\A0138342.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP1188\A0144931.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP1188\A0148184.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP1188\A0149940.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP1188\A0153021.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP1188\A0153039.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP1188\A0153047.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP1205\A0158061.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP1227\A0160068.LNK

Trojan.WinBo32
C:\PROGRAMMER\PCPHONE\SKINS\COMBOPCPHONE.OCX

Med venlig hilsen. soho12
Avatar billede arlet Juniormester
23. september 2007 - 18:19 #1
DEt var det rigtige sted. Jeg kigger på den
Avatar billede soho12 Nybegynder
23. september 2007 - 18:34 #2
Tak. Go weekend.
Avatar billede arlet Juniormester
23. september 2007 - 18:38 #3
Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------

File::
C:\WINDOWS\SYSTEM32\acluiw.exe
C:\WINDOWS\svzip.exe
C:\WINDOWS\sv.exe
C:\WINDOWS\runsql.exe
C:\WINDOWS\SYSTEM32\1690515837.dat

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"netzip"=-
"netsv32"=-
"runsql"=-
"IEUpdate"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IEUpdate"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"IEUpdate"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"IEUpdate"=-

-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://peecee.dk/?id=60784
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind.
Avatar billede soho12 Nybegynder
23. september 2007 - 19:23 #4
hvor finder jeg combofix mappen?
Avatar billede arlet Juniormester
23. september 2007 - 19:36 #5
Der hvor du har lagt den*S*

ellers må du søge efter den.

ellers må du hente en ny og gemme den på skrivebordet http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Avatar billede soho12 Nybegynder
23. september 2007 - 20:15 #6
så fandt jeg den, den indeholder 119 filer. Jeg har gemt notebook filen med navnet CFScript.txt. (alle filer) derefter flyttet den i mappen combofix men der sker ikke noget. der er en fil hvori der står følgende: ComboFix 07-09-21.2 - "soho" 2007-09-23 20:10:40.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.414 [GMT 2:00]
.
    /wow section not completed

Ved ikke om jeg har gjort det rigtigt, kan ikke finde noget yderligere combofix.txt kun dette her:
No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
Avatar billede arlet Juniormester
23. september 2007 - 20:18 #7
Noget er gået galt. Så vi tager den lige forfra

Find combofix mappen
Kør så combofix.exe, og følg vejledningen i vinduet.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

Kopier loggen her ind.
Avatar billede soho12 Nybegynder
23. september 2007 - 20:31 #8
Undskyld, men der er 119 filer i mappen og ikke nogen af dem der hedder combofix.exe hvad gør jeg galt?
Avatar billede arlet Juniormester
23. september 2007 - 20:34 #9
Du skal ikke undskylde*S*
slet den du har på skrivebordet..

Så henter du en ny:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Kør så combofix.exe, og følg vejledningen i vinduet.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

Kopier loggen her ind.
Avatar billede soho12 Nybegynder
23. september 2007 - 20:55 #10
Tak, her er den:
ComboFix 07-09-21.2 - "soho" 2007-09-23 20:50:38.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.430 [GMT 2:00]
.

(((((((((((((((((((((((((  Files Created from 2007-08-23 to 2007-09-23  )))))))))))))))))))))))))))))))
.

2007-09-23 20:09    142    --a------    C:\temp\f3m0.dat
2007-09-23 20:09    0    --a------    C:\WINDOWS\whitedircreated.dat
2007-09-23 20:09    0    --a------    C:\temp\whitedone.dat
2007-09-23 18:51    <DIR>    d--------    C:\DOCUME~1\soho\Contacts
2007-09-23 13:56    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-23 11:00    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-23 10:59    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-23 10:59    <DIR>    d--------    C:\DOCUME~1\soho\APPLIC~1\SUPERAntiSpyware.com
2007-09-23 10:54    <DIR>    d--------    C:\Programmer\CCleaner
2007-09-23 01:43    58,880    -r-hs----    C:\WINDOWS\SYSTEM32\acluiw.exe
2007-09-23 01:43    202,752    --a------    C:\WINDOWS\svzip.exe
2007-09-23 01:43    202,240    --a------    C:\WINDOWS\sv.exe
2007-09-23 01:43    201,728    --a------    C:\WINDOWS\runsql.exe
2007-09-23 01:43    144    --ahs----    C:\WINDOWS\SYSTEM32\1690515837.dat
2007-09-12 19:07    364    --ah-----    C:\DOCUME~1\soho\APPLIC~1\hpothb07.dat
2007-09-02 16:36    <DIR>    d--------    C:\DOCUME~1\soho\APPLIC~1\Leadertech
2007-09-02 16:25    <DIR>    d--------    C:\DOCUME~1\soho\APPLIC~1\AdobeAUM
2007-09-02 16:20    97,088    -ra------    C:\WINDOWS\SYSTEM32\DRIVERS\sea1mdm.sys
2007-09-02 16:20    9,360    -ra------    C:\WINDOWS\SYSTEM32\DRIVERS\sea1mdfl.sys
2007-09-02 16:20    86,432    -ra------    C:\WINDOWS\SYSTEM32\DRIVERS\sea1obex.sys
2007-09-02 16:20    6,240    -ra------    C:\WINDOWS\SYSTEM32\DRIVERS\sea1cmnt.sys
2007-09-02 16:20    6,240    -ra------    C:\WINDOWS\SYSTEM32\DRIVERS\sea1cm.sys
2007-08-25 17:56    <DIR>    d--------    C:\Programmer\Disc2Phone
2007-08-25 17:51    <DIR>    d--------    C:\Programmer\InterCasino $$$
2007-08-25 17:48    <DIR>    d--------    C:\WINDOWS\SYSTEM32\URTTEMP
2007-08-25 17:09    <DIR>    d--------    C:\DOCUME~1\soho\APPLIC~1\Teleca
2007-08-25 17:02    <DIR>    d--------    C:\DOCUME~1\soho\APPLIC~1\Sony Ericsson
2007-08-25 16:54    <DIR>    d----c---    C:\WINDOWS\SYSTEM32\DRVSTORE
2007-08-25 16:53    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-08-25 16:52    <DIR>    d--------    C:\Programmer\Sony Ericsson
2007-08-25 16:52    <DIR>    d--------    C:\Programmer\F‘lles filer\Teleca Shared
2007-08-25 16:52    <DIR>    d--------    C:\Programmer\F‘lles filer\Sony Ericsson Shared
2007-08-25 16:52    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 20:48    ---------    d--------    C:\DOCUME~1\soho\APPLIC~1\Skype
2007-09-23 18:50    ---------    d--------    C:\Programmer\MSN Messenger
2007-09-23 10:37    ---------    d--------    C:\Programmer\Azureus
2007-09-08 15:59    ---------    d--------    C:\DOCUME~1\soho\APPLIC~1\Azureus
2007-08-20 20:33    ---------    d--------    C:\DOCUME~1\soho\APPLIC~1\Ahead
2007-08-12 01:55    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-08-12 01:55    ---------    d--------    C:\Programmer\SuperslotsCasino
2007-08-12 01:50    ---------    d--------    C:\Programmer\RubyFortune
2007-08-12 01:39    ---------    d--------    C:\Programmer\Pixie
2007-08-12 01:39    ---------    d--------    C:\Programmer\GameSpy Arcade
2007-08-12 01:37    ---------    d--------    C:\Programmer\Cordless USB Phone
2007-08-12 01:29    ---------    d--------    C:\Programmer\32red
2007-08-08 18:55    ---------    d--------    C:\DOCUME~1\soho\APPLIC~1\Snapfish
2007-08-08 18:40    ---------    d--------    C:\Programmer\Ahead
2007-08-08 18:38    ---------    d--------    C:\DOCUME~1\soho\APPLIC~1\Simple Star
2007-07-30 19:19    92504    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19    92504    --a------    C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19    53080    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-29 02:08    ---------    d--------    C:\Programmer\CasinoOnNet
2007-06-27 15:34    317952    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
2007-06-26 16:13    660480    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-06-26 15:57    851968    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\SYSTEM32\msxml3.dll
2007-06-26 08:10    1104896    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
2004-08-09 23:30    40960    --a------    C:\Programmer\Uninstall_CDS.exe
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Teleca Shared
    ---------        C:\Programmer\Fælles filer\Sony Ericsson Shared
    ---------        C:\Programmer\Fælles filer\Ahead
    ---------        C:\Programmer\Fælles filer
2006-03-20 21:32:30    10,022    --sha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((  snapshot_2007-09-23_140808.93  )))))))))))))))))))))))))))))))))))))))))
.
----a-r            29,926 2007-09-23 16:50:18  C:\WINDOWS\Installer\{F53548BC-B8A8-43E4-85FC-A263640C347F}\MsblIco.Exe
----a-w            51,056 2007-01-19 10:53:04  C:\WINDOWS\SYSTEM32\sirenacm.dll
----a-w          479,232 2006-06-05 12:14:28  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
----a-w          548,864 2006-06-05 12:14:28  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
----a-w          626,688 2006-06-05 12:14:28  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
"PWRISOVM.EXE"="C:\Programmer\PowerISO\PWRISOVM.EXE" [2006-05-20 12:13]
"RemoteControl"="C:\Programmer\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 21:29]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-09-24 03:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 17:43]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Programmer\Ahead\InCD\InCD.exe" [2005-01-27 19:17]
"Sony Ericsson PC Suite"="C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 13:36]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"netzip"="C:\WINDOWS\svzip.exe" [2007-09-23 01:43]
"netsv32"="C:\WINDOWS\sv.exe" [2007-09-23 01:43]
"runsql"="C:\WINDOWS\runsql.exe" [2007-09-23 01:43]
"IEUpdate"="C:\WINDOWS\system32\acluiw.exe" [2007-09-23 01:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-05-10 16:09]
"igndlm.exe"="C:\Programmer\Download Manager\DLM.exe" [2007-02-23 20:55]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-26 02:28]
"IEUpdate"="C:\WINDOWS\system32\acluiw.exe" [2007-09-23 01:43]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-23 13:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"IEUpdate"=C:\WINDOWS\system32\acluiw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"IEUpdate"=C:\WINDOWS\system32\acluiw.exe

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-16 22:05:26]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DESKTOP.INI [2002-11-26 09:33:28]
hp psc 1000 series.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 22:08:34]
hpoddt01.exe.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 21:56:10]

C:\DOCUME~1\DEFAUL~1\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2002-11-26 09:33:28]

C:\DOCUME~1\soho\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2002-11-26 09:33:28]
DLHelperEXE.exe [2006-09-13 19:01:18]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"IEUpdate"= C:\WINDOWS\system32\acluiw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Lotus Organizer EasyClip.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Lotus Organizer EasyClip.lnk
backup=C:\WINDOWS\pss\Lotus Organizer EasyClip.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Lotus QuickStart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Lotus QuickStart.lnk
backup=C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Lotus SmartCenter.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Lotus SmartCenter.lnk
backup=C:\WINDOWS\pss\Lotus SmartCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Lotus SuiteStart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Lotus SuiteStart.lnk
backup=C:\WINDOWS\pss\Lotus SuiteStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soho^Menuen Start^Programmer^Start^DLHelperEXE.exe]
path=C:\Documents and Settings\soho\Menuen Start\Programmer\Start\DLHelperEXE.exe
backup=C:\WINDOWS\pss\DLHelperEXE.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Programmer\Fælles filer\Logitech\QCDriver2\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net-It Launcher]
C:\WINDOWS\System32\NILaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Programmer\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot

R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys
S2 ClipSrvWebClient;Udklipsbog ClipSrvWebClient;C:\WINDOWS\system32\~.exe srv
S2 InCDsrvR;InCD Helper (read only);C:\Programmer\Ahead\InCD\InCDsrv.exe -r
S3 cdiskdun;cdiskdun;\??\C:\DOCUME~1\soho\LOKALE~1\Temp\cdiskdun.sys
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys
S3 ZD1211U(X-Micro);X-Micro WLAN 11g USB Adapter(X-Micro);C:\WINDOWS\system32\DRIVERS\zd1211u.sys
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{603288fd-b97c-11d8-8fe5-806d6172696f}]
AutoRun\command- D:\setup.exe

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-23 20:52:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\System32\DRIVERS\viaagp.sys"
.
Completion time: 2007-09-23 20:54:20
C:\ComboFix-quarantined-files.txt ... 2007-09-23 20:54
C:\ComboFix2.txt ... 2007-09-23 14:08
.
    --- E O F ---
Avatar billede arlet Juniormester
23. september 2007 - 20:59 #11
jeps..

Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------

File::
C:\WINDOWS\SYSTEM32\acluiw.exe
C:\WINDOWS\svzip.exe
C:\WINDOWS\sv.exe
C:\WINDOWS\runsql.exe
C:\WINDOWS\SYSTEM32\1690515837.dat

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"netzip"=-
"netsv32"=-
"runsql"=-
"IEUpdate"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IEUpdate"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"IEUpdate"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"IEUpdate"=-

-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://peecee.dk/?id=60784
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind.
Avatar billede soho12 Nybegynder
23. september 2007 - 21:24 #12
hvordan finder jeg combofix mappen den har gemt sig igen, denne computer , Cdrev, og hvad så? er denne http://peecee.dk/?id=60784 en der skal downloades for det har jeg gjort der kom en lille mappe ud af det.
Avatar billede arlet Juniormester
25. september 2007 - 20:12 #13
Prøv at gå i søg og søg efter combofix mappen
Avatar billede soho12 Nybegynder
25. september 2007 - 20:55 #14
Hej, der har ikke været noget idag, ingen pop ups, min start side er igen yahoo som det hele tiden har været, er det væk eller bare i dvale. den mappe jeg skal ligge i comfix mappen hedder sub-dims er det rigtigt? comfix mappen hedder C:\qoobox\qurantine\c.
Avatar billede arlet Juniormester
25. september 2007 - 21:23 #15
Har du lavet et tekstdokument og indsat det jeg skrev til dig, med navnet: CFScript.txt

Ellers gør det nu..
Avatar billede soho12 Nybegynder
25. september 2007 - 21:53 #16
Beklager men du bliver nødt til at forklare det som det var en tekst der skal i bogen "Computer virus for dummies" :). Jeg kan ikke finde ud af det.
Avatar billede arlet Juniormester
25. september 2007 - 21:56 #17
Det er helt i orden, vi gør noget andet..

Hent Avenger ned til skrivebordet her fra:
http://swandog46.geekstogo.com/avenger.exe

1. Dobbeltklik på avenger.exe

2. Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------

Files to delete:

C:\WINDOWS\SYSTEM32\acluiw.exe
C:\WINDOWS\svzip.exe
C:\WINDOWS\sv.exe
C:\WINDOWS\runsql.exe
C:\WINDOWS\SYSTEM32\1690515837.dat


-----------------------------

3. Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

4. Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.
Avatar billede soho12 Nybegynder
25. september 2007 - 22:18 #18
det har jeg gjort når jeg har kopieret dem ind og trykker på trafiklyset får jeg følgende besked "Error selected does not appear to be a valid script" så trykker jeg ok til det og får "error code: 0" det er ellers forklaret super nemt.
Avatar billede soho12 Nybegynder
25. september 2007 - 22:20 #19
der skulle have været et "file" indimellem selected og does.
Avatar billede soho12 Nybegynder
26. september 2007 - 00:06 #20
//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Error:  selected file does not appear to be a valid script.
Error code: 0
Avatar billede Computer Hjælp (Gratis) Mester
26. september 2007 - 07:36 #21
Måske er Avenger "hidsig" mht tomme linier ?

...lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
C:\WINDOWS\SYSTEM32\acluiw.exe
C:\WINDOWS\svzip.exe
C:\WINDOWS\sv.exe
C:\WINDOWS\runsql.exe
C:\WINDOWS\SYSTEM32\1690515837.dat
-----------------------------

(UDEN linierne)

Prøv lige den variant...
Avatar billede soho12 Nybegynder
26. september 2007 - 08:21 #22
Tak, jeg glemte at tage "Files to delete:" med, her er det.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jmtfmopl

*******************

Script file located at: \??\C:\Documents and Settings\vkoqyiok.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\SYSTEM32\acluiw.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\acluiw.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\acluiw.exe
Status: 0xc0000034



File C:\WINDOWS\svzip.exe not found!
Deletion of file C:\WINDOWS\svzip.exe failed!

Could not process line:
C:\WINDOWS\svzip.exe
Status: 0xc0000034

File C:\WINDOWS\sv.exe deleted successfully.


File C:\WINDOWS\runsql.exe not found!
Deletion of file C:\WINDOWS\runsql.exe failed!

Could not process line:
C:\WINDOWS\runsql.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\1690515837.dat deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Avatar billede arlet Juniormester
26. september 2007 - 16:37 #23
Gider du lave en ny combo fix log, så vi kan se om alt er kommet med..
Avatar billede soho12 Nybegynder
26. september 2007 - 23:32 #24
ComboFix 07-09-21.2 - "soho" 2007-09-26 23:25:01.6 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.45.1030.18.468 [GMT 2:00]
.

(((((((((((((((((((((((((  Files Created from 2007-08-26 to 2007-09-26  )))))))))))))))))))))))))))))))
.

2007-09-23 20:09    142    --a------    C:\temp\f3m0.dat
2007-09-23 20:09    0    --a------    C:\WINDOWS\whitedircreated.dat
2007-09-23 20:09    0    --a------    C:\temp\whitedone.dat
2007-09-23 18:51    <DIR>    d--------    C:\DOCUME~1\soho\Contacts
2007-09-23 13:56    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-23 11:00    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-23 10:59    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-23 10:59    <DIR>    d--------    C:\DOCUME~1\soho\APPLIC~1\SUPERAntiSpyware.com
2007-09-23 10:54    <DIR>    d--------    C:\Programmer\CCleaner
2007-09-12 19:07    364    --ah-----    C:\DOCUME~1\soho\APPLIC~1\hpothb07.dat
2007-09-02 16:36    <DIR>    d--------    C:\DOCUME~1\soho\APPLIC~1\Leadertech
2007-09-02 16:25    <DIR>    d--------    C:\DOCUME~1\soho\APPLIC~1\AdobeAUM
2007-09-02 16:20    97,088    -ra------    C:\WINDOWS\SYSTEM32\DRIVERS\sea1mdm.sys
2007-09-02 16:20    9,360    -ra------    C:\WINDOWS\SYSTEM32\DRIVERS\sea1mdfl.sys
2007-09-02 16:20    86,432    -ra------    C:\WINDOWS\SYSTEM32\DRIVERS\sea1obex.sys
2007-09-02 16:20    6,240    -ra------    C:\WINDOWS\SYSTEM32\DRIVERS\sea1cmnt.sys
2007-09-02 16:20    6,240    -ra------    C:\WINDOWS\SYSTEM32\DRIVERS\sea1cm.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 23:02    ---------    d--------    C:\DOCUME~1\soho\APPLIC~1\Skype
2007-09-23 18:50    ---------    d--------    C:\Programmer\MSN Messenger
2007-09-23 10:37    ---------    d--------    C:\Programmer\Azureus
2007-09-08 15:59    ---------    d--------    C:\DOCUME~1\soho\APPLIC~1\Azureus
2007-08-25 18:16    ---------    d--------    C:\Programmer\InterCasino $$$
2007-08-25 17:56    ---------    d--------    C:\Programmer\Disc2Phone
2007-08-25 17:09    ---------    d--------    C:\DOCUME~1\soho\APPLIC~1\Teleca
2007-08-25 17:02    ---------    d--------    C:\DOCUME~1\soho\APPLIC~1\Sony Ericsson
2007-08-25 16:54    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
2007-08-25 16:54    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-08-25 16:52    ---------    d--------    C:\Programmer\Sony Ericsson
2007-08-20 20:33    ---------    d--------    C:\DOCUME~1\soho\APPLIC~1\Ahead
2007-08-12 01:55    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-08-12 01:55    ---------    d--------    C:\Programmer\SuperslotsCasino
2007-08-12 01:50    ---------    d--------    C:\Programmer\RubyFortune
2007-08-12 01:39    ---------    d--------    C:\Programmer\Pixie
2007-08-12 01:39    ---------    d--------    C:\Programmer\GameSpy Arcade
2007-08-12 01:37    ---------    d--------    C:\Programmer\Cordless USB Phone
2007-08-12 01:29    ---------    d--------    C:\Programmer\32red
2007-08-08 18:55    ---------    d--------    C:\DOCUME~1\soho\APPLIC~1\Snapfish
2007-08-08 18:40    ---------    d--------    C:\Programmer\Ahead
2007-08-08 18:38    ---------    d--------    C:\DOCUME~1\soho\APPLIC~1\Simple Star
2007-07-30 19:19    92504    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19    92504    --a------    C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19    53080    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-29 02:08    ---------    d--------    C:\Programmer\CasinoOnNet
2007-06-27 15:34    317952    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
2007-06-26 16:13    660480    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-06-26 15:57    851968    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\SYSTEM32\msxml3.dll
2007-06-26 08:10    1104896    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
2004-08-09 23:30    40960    --a------    C:\Programmer\Uninstall_CDS.exe
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Teleca Shared
    ---------        C:\Programmer\Fælles filer\Sony Ericsson Shared
    ---------        C:\Programmer\Fælles filer\Ahead
    ---------        C:\Programmer\Fælles filer
2006-03-20 21:32:30    10,022    --sha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((  snapshot_2007-09-23_140808.93  )))))))))))))))))))))))))))))))))))))))))
.
----a-r            29,926 2007-09-23 16:50:18  C:\WINDOWS\Installer\{F53548BC-B8A8-43E4-85FC-A263640C347F}\MsblIco.Exe
----a-w            51,056 2007-01-19 10:53:04  C:\WINDOWS\SYSTEM32\sirenacm.dll
----a-w          479,232 2006-06-05 12:14:28  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
----a-w          548,864 2006-06-05 12:14:28  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
----a-w          626,688 2006-06-05 12:14:28  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
"PWRISOVM.EXE"="C:\Programmer\PowerISO\PWRISOVM.EXE" [2006-05-20 12:13]
"RemoteControl"="C:\Programmer\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 21:29]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-09-24 03:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 17:43]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Programmer\Ahead\InCD\InCD.exe" [2005-01-27 19:17]
"Sony Ericsson PC Suite"="C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 13:36]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"netzip"="C:\WINDOWS\svzip.exe" []
"netsv32"="C:\WINDOWS\sv.exe" []
"runsql"="C:\WINDOWS\runsql.exe" []
"IEUpdate"="C:\WINDOWS\system32\acluiw.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-05-10 16:09]
"igndlm.exe"="C:\Programmer\Download Manager\DLM.exe" [2007-02-23 20:55]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-26 02:28]
"IEUpdate"="C:\WINDOWS\system32\acluiw.exe" []
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-23 13:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"IEUpdate"=C:\WINDOWS\system32\acluiw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"IEUpdate"=C:\WINDOWS\system32\acluiw.exe

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-16 22:05:26]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DESKTOP.INI [2002-11-26 09:33:28]
hp psc 1000 series.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 22:08:34]
hpoddt01.exe.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 21:56:10]

C:\DOCUME~1\DEFAUL~1\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2002-11-26 09:33:28]

C:\DOCUME~1\soho\MENUEN~1\PROGRA~1\Start\
DESKTOP.INI [2002-11-26 09:33:28]
DLHelperEXE.exe [2006-09-13 19:01:18]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"IEUpdate"= C:\WINDOWS\system32\acluiw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Lotus Organizer EasyClip.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Lotus Organizer EasyClip.lnk
backup=C:\WINDOWS\pss\Lotus Organizer EasyClip.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Lotus QuickStart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Lotus QuickStart.lnk
backup=C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Lotus SmartCenter.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Lotus SmartCenter.lnk
backup=C:\WINDOWS\pss\Lotus SmartCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Lotus SuiteStart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Lotus SuiteStart.lnk
backup=C:\WINDOWS\pss\Lotus SuiteStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soho^Menuen Start^Programmer^Start^DLHelperEXE.exe]
path=C:\Documents and Settings\soho\Menuen Start\Programmer\Start\DLHelperEXE.exe
backup=C:\WINDOWS\pss\DLHelperEXE.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Programmer\Fælles filer\Logitech\QCDriver2\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net-It Launcher]
C:\WINDOWS\System32\NILaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Programmer\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot

R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys
S2 ClipSrvWebClient;Udklipsbog ClipSrvWebClient;C:\WINDOWS\system32\~.exe srv
S2 InCDsrvR;InCD Helper (read only);C:\Programmer\Ahead\InCD\InCDsrv.exe -r
S3 cdiskdun;cdiskdun;\??\C:\DOCUME~1\soho\LOKALE~1\Temp\cdiskdun.sys
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys
S3 ZD1211U(X-Micro);X-Micro WLAN 11g USB Adapter(X-Micro);C:\WINDOWS\system32\DRIVERS\zd1211u.sys
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{603288fd-b97c-11d8-8fe5-806d6172696f}]
AutoRun\command- D:\setup.exe

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 23:28:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\System32\DRIVERS\viaagp.sys"
.
Completion time: 2007-09-26 23:30:17
C:\ComboFix-quarantined-files.txt ... 2007-09-26 23:29
C:\ComboFix2.txt ... 2007-09-23 20:54
C:\ComboFix3.txt ... 2007-09-23 14:08
.
    --- E O F ---
Avatar billede arlet Juniormester
27. september 2007 - 07:05 #25
Så ser det meget bedre ud igen..

Hjalp kuren??

Kør lige trin 5 og 6 herfra: http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Her kan du læse om vores skudsikre sikkerhedspakke: http://www.malwarecheck.dk/forum/viewtopic.php?t=156 . Hvis du har nogle spørgsmål, så spørger du bare..
Avatar billede soho12 Nybegynder
28. september 2007 - 19:46 #26
Ja jeg har nogle spørgsmål. Når jeg åbner min computer får jeg en advarsels boks up: overskrift: Application launcher.exe komponenten blev ikke fundet.
tekst: Dette program kunne ikke starte fordi tlib_log.dll ikke blev fundet. Problemet kan muligvis løses ved at installere programmet igen.

Jeg har fornemmelsen af at hvis jeg trykker ok så lukker jeg noget virus ind, jeg har der for klikket den væk ved krydset i højre hjørne. Hvad kan det være?

Jeg er ved at køre programmet ovenfor du henviser til og vender tilbage.
Avatar billede Computer Hjælp (Gratis) Mester
28. september 2007 - 20:21 #27
Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
IT-JOB
Seneste spørgsmål Seneste aktivitet
06/0719:57 SMB på Synology Af johnnylassen i Servere
06/0713:51 Anmeldelse af bog i Weekendavisen Af Ikke-ekspert i Fri debat
06/0711:22 20 år gammel mobil simlåst Af xMsBx i Mobiltelefoner
05/0719:11 Ændre autoudfyld i Outlook og Word Af TTA i Office & Kontorpakker
05/0712:27 Office Pro 2019 forsvinder Af mort1 i Office & Kontorpakker
White papers
Flere white papers »


Premium
Teaser billede
Dansk AI-virksomhed henter trecifret millionbeløb fra investorer: Nu rettes fokus mod USA
Læs mere »
Staten investerer massivt i AI: 12.000 Copilot-licenser på vej til danske ministerier og styrelser
SAP Danmark sætter salgsrekord: Alligevel svinges den globale sparedolk
Juraen spænder stadig ben for AI i det offentlige - men der er veje rundt om det: “Jeg sagde fuck det, vi gør det”
Se alle »
Computerworld
Teaser billede
Aktie-kursen ottedoblet på fire år: Er nu verdenshistoriens mest værdifulde selskab
Læs mere »
Glemte at fjerne adgang for suspenderet it-medarbejder: Næste dag var kunder i Tyskland og Bahrain låst ude
Om få uger er det slut med adgangskoder i Authenticator: Har du husket at flytte dine adgangskoder?
Nørgaard: Microsoft har store problemer med AI - det kommer ikke til at gå godt
Se alle »
CIO
Teaser billede
Rigspolitiet gør klar til stort opgør med it-evighedskontrakter: Søger hjælp fra leverandørerne
Læs mere »
Mange CISO'er mistrives i jobbet: Nu stiller tidligere cyber security-chef i Energinet og Ørsted et kontroversielt forslag
Microsoft kæmper med at få Copilot ud over rampen – og det skyldes især én ting
Her står medarbejderne for at ansætte og fyre - og det har gjort rekruttering af it-professionelle langt lettere
Se alle »
Job & Karriere
Teaser billede
Fungerede ikke: Dropper AI som erstatning for kundeservice-medarbejdere - har nu brug for nye folk
Læs mere »
It-chef og halv it-afdeling fyret i forsikringsselskab på grund af kommentar om potteplante
Danske it-folk tør ikke længere skifte job hele tiden - og det er der en særlig årsag til
Itm8 fyrer: Opsiger ansatte og reorganiserer
Se alle »
White paper
Teaser billede
NIS2: Sådan styrker du både cybersikkerhed og compliance
Læs mere »
Sådan automatiserer du vagtplanlægningen med AI
AI og kunderejsen: Sådan vinder du fremtidens forbrugere
Tidsbegrænset kampagne: Overvejer du at udskifte eller tilføje printere i din forretning? Vi kan tilbyde én eller flere maskiner gratis
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »