Søg
Avatar billede cypherson Nybegynder
26. september 2007 - 13:46 Der er 4 kommentarer

Samme problem som artikkel http://www.eksperten.dk/spm/797823

Nå har jeg gjort alt som  stod at man skulle gjøre. Hvordan får man fjernet dette problemet. Venter på en veiledning er dere snill. I tillegg poper det opp security alert hele tiden. Please hjelp meg å fjerne dette.

På forhånd takk
_________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 13:30:48, on 26.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe
c:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\1037n.exe
C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Windows Defender\MSASCui.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE
D:\programmer\active sync\WCESCOMM.EXE
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
D:\Spyware\superantispyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Programfiler\Logitech\Harmony Remote\HarmonyClient.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\OpenOffice.org 1.9.123\program\soffice.exe
C:\Programfiler\OpenOffice.org 1.9.123\program\soffice.BIN
C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
D:\Spyware\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [cctray] "C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\programmer\active sync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Spyware\superantispyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 1.9.123.lnk = C:\Programfiler\OpenOffice.org 1.9.123\program\quickstart.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programfiler\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = D:\Programfiler\Logitech\Harmony Remote\HarmonyClient.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\programmer\active sync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\programmer\active sync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\programmer\active sync\INETREPL.DLL
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - D:\Programmer\isilox\iSiloXIE.dll (HKCU)
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - D:\Programmer\isilox\iSiloXIE.dll (HKCU)
O12 - Plugin for .mpeg: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Spyware\superantispyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CaCCProvSP - CA, Inc. - C:\Programfiler\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HistorySweepService - Unknown owner - C:\Programfiler\HistorySweep\HSSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TVersityMediaServer - Unknown owner - D:\Programmer\Media Server\MediaServer.exe
O23 - Service: Universal Plug and Play Device Host upnphostShellHWDetection (upnphostShellHWDetection) - Unknown owner - C:\WINDOWS\system32\1037n.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

_________________________________________________________________


********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
26.09.2007 13:32:12,12

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 13:32:13
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:0deb7e58
"s2"=dword:bfa058c3
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:17,e7,4e,67,7b,a0,5f,46,41,d1,63,d2,d0,bf,ba,61,5c,61,55,9b,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,21,38,92,56,4e,13,de,eb,81,40,da,c6,3f,6f,19,57,a7,..
"khjeh"=hex:60,8e,8c,02,8d,d9,53,22,5b,43,31,29,7b,fd,a6,4d,84,3c,3d,7f,c6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:72,ca,d1,66,f4,4e,38,c2,ca,09,d0,9b,0b,1e,3b,66,84,80,55,57,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:17,5d,5e,16,af,5b,0a,c1,71,8b,ab,00,cd,e3,5a,f6,63,56,d4,09,b9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:17,e7,4e,67,7b,a0,5f,46,41,d1,63,d2,d0,bf,ba,61,5c,61,55,9b,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,21,38,92,56,4e,13,de,eb,81,40,da,c6,3f,6f,19,57,a7,..
"khjeh"=hex:60,8e,8c,02,8d,d9,53,22,5b,43,31,29,7b,fd,a6,4d,84,3c,3d,7f,c6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:72,ca,d1,66,f4,4e,38,c2,ca,09,d0,9b,0b,1e,3b,66,84,80,55,57,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:17,5d,5e,16,af,5b,0a,c1,71,8b,ab,00,cd,e3,5a,f6,63,56,d4,09,b9,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

_________________________________________________________________

ComboFix 07-09-21.2 - "Min sin" 2007-09-26 13:34:32.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.466 [GMT 2:00]
* Created a new restore point
.

(((((((((((((((((((((((((  Files Created from 2007-08-26 to 2007-09-26  )))))))))))))))))))))))))))))))
.

2007-09-26 13:33    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-26 12:13    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com
2007-09-26 12:12    <DIR>    d--------    C:\Programfiler\Fellesfiler\Wise Installation Wizard
2007-09-26 01:49    95,608    --a------    C:\WINDOWS\system32\AvastSS.scr
2007-09-26 01:49    94,416    --a------    C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-26 01:49    92,848    --a------    C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-26 01:49    801,144    --a------    C:\WINDOWS\system32\aswBoot.exe
2007-09-26 01:49    42,912    --a------    C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-26 01:49    26,624    --a------    C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-26 01:49    23,152    --a------    C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-26 01:49    <DIR>    d--------    C:\Programfiler\Alwil Software
2007-09-26 00:58    <DIR>    d--------    C:\Programfiler\Bazooka Scanner
2007-09-26 00:53    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\PROGRA~1\Spybot - Search & Destroy
2007-09-25 00:00    48,640    -r-hs----    C:\WINDOWS\system32\1037n.exe
2007-09-24 23:59    144    --ahs----    C:\WINDOWS\system32\3222128280.dat
2007-09-11 21:17    131    --a------    C:\initemp.dat
2007-09-11 21:14    <DIR>    d--------    C:\WINDOWS\uninstall
2007-09-08 17:19    <DIR>    d--------    C:\ppmaterecord

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 12:08    ---------    d--------    C:\Programfiler\Microsoft AntiSpyware
2007-09-14 02:03    ---------    d--------    C:\Programfiler\MSN Messenger
2007-09-11 20:26    ---------    d--------    C:\Programfiler\PPMate
2007-09-08 16:45    ---------    d--------    C:\Programfiler\PPStream
2007-09-06 12:00    26624    --a------    C:\WINDOWS\system32\drivers\aavmker4.sys
2003-12-22 03:28    257536    --a------    C:\Programfiler\MSWRD832.CNV
2003-12-22 03:28    200789    --a------    C:\Programfiler\RICHINK.DLL
2003-12-22 03:28    128000    --a------    C:\Programfiler\MSCONV97.DLL
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 16:35]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 16:34]
"Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-10-18 12:58]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2005-12-17 11:42]
"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-01-18 23:47]
"cctray"="C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-28 19:21]
"CAVRID"="C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-09 14:48]
"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Steam"="d:\programmer\steam\steam.exe" [2007-07-07 01:35]
"H/PC Connection Agent"="D:\programmer\active sync\WCESCOMM.EXE" [2004-02-03 07:42]
"DAEMON Tools"="D:\Programmer\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="D:\Spyware\superantispyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t

C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\
Cisco Systems VPN Client.lnk - C:\Programfiler\Cisco Systems\VPN Client\vpngui.exe [2005-08-16 08:40:51]
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Logitech Harmony Remote.lnk - D:\Programfiler\Logitech\Harmony Remote\HarmonyClient.exe [2005-07-26 11:35:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Spyware\superantispyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Spyware\superantispyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Spyware\superantispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
R2 upnphostShellHWDetection;Universal Plug and Play Device Host upnphostShellHWDetection;C:\WINDOWS\system32\1037n.exe srv
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
S2 HistorySweepService;HistorySweepService;C:\Programfiler\HistorySweep\HSSvc.exe
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 grmnusb;grmnusb;C:\WINDOWS\system32\drivers\grmnusb.sys
S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d7c22d0-634b-11da-bc94-00030d2f1f87}]
AutoRun\command- H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d7c22d1-634b-11da-bc94-00030d2f1f87}]
AutoRun\command- H:\setupSNK.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 11:27:57 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programfiler\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 13:36:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aavmker4]

.
Completion time: 2007-09-26 13:38:03
.
    --- E O F ---

_________________________________________________________________

Ingen logg etter bruk av superantispyware. Men har scannet og fjernet som beskrevet.

Hva nå?
Avatar billede ejvindh Ekspert
26. september 2007 - 14:31 #1
Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~
File::
C:\WINDOWS\system32\1037n.exe

Driver::
upnphostShellHWDetection
~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind til gennemsyn.

Skriv også gerne om det har hjulpet på problemet.
Avatar billede cypherson Nybegynder
27. september 2007 - 12:39 #2
Ny Logg. Fortsatt samme problem.


ComboFix 07-09-21.2 - "Min sin" 2007-09-27 12:27:57.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.382 [GMT 2:00]
Command switches used ::  D:\Spyware\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\1037n.exe
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\1037n.exe

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_UPNPHOSTSHELLHWDETECTION
-------\upnphostShellHWDetection


(((((((((((((((((((((((((  Files Created from 2007-08-27 to 2007-09-27  )))))))))))))))))))))))))))))))
.

2007-09-26 13:33    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-26 12:13    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com
2007-09-26 12:12    <DIR>    d--------    C:\Programfiler\Fellesfiler\Wise Installation Wizard
2007-09-26 01:49    95,608    --a------    C:\WINDOWS\system32\AvastSS.scr
2007-09-26 01:49    94,416    --a------    C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-26 01:49    92,848    --a------    C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-26 01:49    801,144    --a------    C:\WINDOWS\system32\aswBoot.exe
2007-09-26 01:49    42,912    --a------    C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-26 01:49    26,624    --a------    C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-26 01:49    23,152    --a------    C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-26 01:49    <DIR>    d--------    C:\Programfiler\Alwil Software
2007-09-26 00:58    <DIR>    d--------    C:\Programfiler\Bazooka Scanner
2007-09-26 00:53    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\PROGRA~1\Spybot - Search & Destroy
2007-09-24 23:59    144    --ahs----    C:\WINDOWS\system32\3222128280.dat
2007-09-11 21:17    131    --a------    C:\initemp.dat
2007-09-11 21:14    <DIR>    d--------    C:\WINDOWS\uninstall
2007-09-08 17:19    <DIR>    d--------    C:\ppmaterecord

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 12:08    ---------    d--------    C:\Programfiler\Microsoft AntiSpyware
2007-09-14 02:03    ---------    d--------    C:\Programfiler\MSN Messenger
2007-09-11 20:26    ---------    d--------    C:\Programfiler\PPMate
2007-09-08 16:45    ---------    d--------    C:\Programfiler\PPStream
2007-09-06 12:00    26624    --a------    C:\WINDOWS\system32\drivers\aavmker4.sys
2003-12-22 03:28    257536    --a------    C:\Programfiler\MSWRD832.CNV
2003-12-22 03:28    200789    --a------    C:\Programfiler\RICHINK.DLL
2003-12-22 03:28    128000    --a------    C:\Programfiler\MSCONV97.DLL
.

(((((((((((((((((((((((((((((  snapshot_2007-09-26_133713,59  )))))))))))))))))))))))))))))))))))))))))
.
----atw            16,384 2007-09-27 10:32:32  C:\WINDOWS\Temp\Perflib_Perfdata_130.dat
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 16:35]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 16:34]
"Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-10-18 12:58]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2005-12-17 11:42]
"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-01-18 23:47]
"cctray"="C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-28 19:21]
"CAVRID"="C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-09 14:48]
"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Steam"="d:\programmer\steam\steam.exe" [2007-07-07 01:35]
"H/PC Connection Agent"="D:\programmer\active sync\WCESCOMM.EXE" [2004-02-03 07:42]
"DAEMON Tools"="D:\Programmer\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="D:\Spyware\superantispyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t

C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\
Cisco Systems VPN Client.lnk - C:\Programfiler\Cisco Systems\VPN Client\vpngui.exe [2005-08-16 08:40:51]
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Logitech Harmony Remote.lnk - D:\Programfiler\Logitech\Harmony Remote\HarmonyClient.exe [2005-07-26 11:35:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Spyware\superantispyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Spyware\superantispyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Spyware\superantispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
S2 HistorySweepService;HistorySweepService;C:\Programfiler\HistorySweep\HSSvc.exe
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 grmnusb;grmnusb;C:\WINDOWS\system32\drivers\grmnusb.sys
S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fb83362-e82b-11db-bd7b-00030d2f1f87}]
AutoRun\command- F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d7c22d0-634b-11da-bc94-00030d2f1f87}]
AutoRun\command- H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d7c22d1-634b-11da-bc94-00030d2f1f87}]
AutoRun\command- H:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-27 10:35:36 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programfiler\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-27 12:33:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aavmker4]

.
Completion time: 2007-09-27 12:37:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-27 12:37
C:\ComboFix2.txt ... 2007-09-26 13:38
.
    --- E O F ---
Avatar billede ejvindh Ekspert
27. september 2007 - 12:59 #3
-- Hent S!Ri's SmitfraudFix.zip og gem det på dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Alternativt herfra:
http://72.232.135.12/siri/SmitfraudFix.exe

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Kør SmitfraudFix. Tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Genstart og check om det har hjulpet.
Avatar billede ejvindh Ekspert
26. oktober 2007 - 09:05 #4
Fik du løst dit problem? Hvis ja, så husk at lukke tråden efter dig.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:36 godt råd søges Alternativ styresystem på Mac pc Af luffe1955 i Andre styresystemer
I går 11:32 Hjælp til kontrol af sygefravær Af Maja i Excel
27/0113:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
White papers
Flere white papers »