Søg
Avatar billede daniel2005 Nybegynder
07. november 2007 - 14:23 Der er 18 kommentarer

backdoor trojan

hej jeg har scanned min computer med det der norton scan og den fandt en backdoor trojan og har været inde på nettet og læst hva den kan og der fik jeg et chok og blev lidt forskrækket fordi jeg bruger mange "passwords" til næsten alt så kan i hjælpe mig med at fjerne den please    Tak

mvh Daniel
Avatar billede daniel2005 Nybegynder
07. november 2007 - 14:43 #1
PS Har Vista
Avatar billede daniel2005 Nybegynder
07. november 2007 - 16:05 #2
er der ingen der ved hvordan?
Avatar billede daniel2005 Nybegynder
07. november 2007 - 16:23 #3
please hjælp mig
Avatar billede Slettet bruger
07. november 2007 - 16:29 #4
Jeg ved ikke om du gider, men du kan jo prøve den jeg anbefaler her http://www.eksperten.dk/spm/804636
Avatar billede daniel2005 Nybegynder
07. november 2007 - 16:32 #5
jeg ville prøve alt
Avatar billede daniel2005 Nybegynder
07. november 2007 - 16:35 #6
kan det her hjælpe? Infection:
  c:\users\"min computers navn"\appdata\roaming:svhosts.exe
Avatar billede Computer Hjælp (Gratis) Mester
07. november 2007 - 16:36 #7
http://www.eksperten.dk/artikler/1123 - følg proceduren her ...
Avatar billede daniel2005 Nybegynder
07. november 2007 - 16:37 #8
Denne vejledning dækker Win XP, Win 2000 og delvist Win 98. står der
Avatar billede daniel2005 Nybegynder
07. november 2007 - 16:38 #9
men prøver alligevel
Avatar billede daniel2005 Nybegynder
07. november 2007 - 20:35 #10
hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 20:25:20, on 07-11-2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\VIRUSfighter\Npm\Bin\Zlh.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Dalle\alternativ.exe
C:\Windows\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\VIRUSfighter\Npm\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [{26AC2EC6-37B3-F6AA-28B0-9BE785507068}] C:\Users\Dalle\AppData\Roaming:svhosts.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\VIRUSfighter\Npm\Bin\eLogsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

rootlog
catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 20:27:57
Windows 6.0.6000
detected NTDLL code modification:
ZwClose
scanning hidden processes ...

detected NTDLL code modification:
ZwClose
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LanmanServer\Linkage]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LanmanWorkstation\Linkage]

detected NTDLL code modification:
ZwClose
scanning hidden registry entries ...

detected NTDLL code modification:
ZwClose
scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

SUPERantispyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/07/2007 at 08:07 PM

Application Version : 3.7.1018

Core Rules Database Version : 3339
Trace Rules Database Version: 1340

Scan type      : Complete Scan
Total Scan Time : 00:52:28

Memory items scanned      : 281
Memory threats detected  : 0
Registry items scanned    : 5461
Registry threats detected : 0
File items scanned        : 101607
File threats detected    : 211

and i know what i got it from
Avatar billede Computer Hjælp (Gratis) Mester
07. november 2007 - 20:56 #11
Joooo - denne ser lidt underlig ud ->

O4 - HKCU\..\Run: [{26AC2EC6-37B3-F6AA-28B0-9BE785507068}] C:\Users\Dalle\AppData\Roaming:svhosts.exe

'Fixes' i HiJackThis...

Genstart og se hvad der sker...
Avatar billede daniel2005 Nybegynder
07. november 2007 - 21:02 #12
forgot combo ComboFix 07-11-07.4 - Dalle 2007-11-07 20:50:27.1 - NTFSx86
Microsoft® Windows Vista™ Business  6.0.6000.0.1252.1.1030.18.166 [GMT 1:00]
Running from: C:\Users\Dalle\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\Windows\server.exe

.
(((((((((((((((((((((((((  Files Created from 2007-10-07 to 2007-11-07  )))))))))))))))))))))))))))))))
.

2007-11-07 20:46    51,200    --a------    C:\Windows\NirCmd.exe
2007-11-07 18:02    <DIR>    d--------    C:\Users\Dalle\AppData\Roaming\SUPERAntiSpyware.com
2007-11-07 18:02    <DIR>    d--------    C:\Users\All Users\SUPERAntiSpyware.com
2007-11-07 18:02    <DIR>    d--------    C:\ProgramData\SUPERAntiSpyware.com
2007-11-07 18:02    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2007-11-07 17:59    <DIR>    d--------    C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 17:55    <DIR>    d--------    C:\Program Files\CCleaner
2007-11-07 16:42    5,810,976    --a------    C:\Users\Dalle\SUPERAntiSpywarePro1241.exe
2007-11-07 16:42    1,532,998    --a------    C:\Users\Dalle\ComboFix.exe
2007-11-07 16:42    218,112    --a------    C:\Users\Dalle\alternativ.exe
2007-11-07 16:42    201,649    --a------    C:\Users\Dalle\rootchk.exe
2007-11-07 16:39    2,725,528    --a------    C:\Users\Dalle\ccsetup202.exe
2007-11-07 06:59    <DIR>    d--------    C:\Program Files\VIRUSfighter
2007-11-07 06:55    23,890,776    --a------    C:\Users\Dalle\virusfighter_590_da.exe
2007-11-06 20:00    <DIR>    d-a------    C:\Users\All Users\TEMP
2007-11-06 20:00    <DIR>    d-a------    C:\ProgramData\TEMP
2007-11-06 20:00    79,688    --a------    C:\Windows\System32\drivers\iksyssec.sys
2007-11-06 20:00    62,280    --a------    C:\Windows\System32\drivers\iksysflt.sys
2007-11-06 20:00    41,288    --a------    C:\Windows\System32\drivers\ikfilesec.sys
2007-11-06 20:00    29,000    --a------    C:\Windows\System32\drivers\kcom.sys
2007-11-06 19:59    <DIR>    d--------    C:\Program Files\Spyware Doctor
2007-11-06 19:59    626,688    --a------    C:\Windows\System32\msvcr80.dll
2007-11-06 19:58    34,661,712    --a------    C:\Users\Dalle\sdasetup.exe
2007-11-05 19:54    <DIR>    d--------    C:\Windows\PCHEALTH
2007-11-05 19:54    <DIR>    d--------    C:\Program Files\MSN Messenger
2007-11-01 11:26    <DIR>    d--------    C:\Windows\System32\xlive
2007-11-01 11:26    3,495,784    --a------    C:\Windows\System32\d3dx9_33.dll
2007-11-01 11:26    1,123,696    --a------    C:\Windows\System32\D3DCompiler_33.dll
2007-11-01 11:26    443,752    --a------    C:\Windows\System32\d3dx10_33.dll
2007-11-01 11:26    81,768    --a------    C:\Windows\System32\xinput1_3.dll
2007-10-27 19:57    <DIR>    d--------    C:\Users\All Users\CyberLink
2007-10-27 19:57    <DIR>    d--------    C:\ProgramData\CyberLink
2007-10-24 13:07    <DIR>    d--------    C:\Program Files\Common Files\Symantec Shared
2007-10-24 13:06    <DIR>    d--------    C:\Users\All Users\Symantec
2007-10-24 13:06    <DIR>    d--------    C:\ProgramData\Symantec
2007-10-23 18:01    <DIR>    d--------    C:\Windows\Downloaded Installations
2007-10-23 17:59    <DIR>    d--------    C:\Program Files\Norton Security Scan
2007-10-23 17:57    <DIR>    d--------    C:\Users\All Users\Google
2007-10-23 17:57    <DIR>    d--------    C:\Program Files\Google
2007-10-20 16:18    <DIR>    d--------    C:\Program Files\Sierra On-Line
2007-10-20 16:16    <DIR>    d--------    C:\Sierra
2007-10-19 22:19    <DIR>    d--------    C:\Users\All Users\Reflexive
2007-10-19 22:19    <DIR>    d--------    C:\ProgramData\Reflexive
2007-10-16 19:14    <DIR>    d--------    C:\bad boy
2007-10-14 21:55    <DIR>    d--------    C:\Program Files\Microsoft Games
2007-10-14 14:21    <DIR>    d--------    C:\Windows\pss
2007-10-14 12:05    <DIR>    d--------    C:\Program Files\Windows Live Toolbar
2007-10-13 15:29    <DIR>    d--------    C:\Users\All Users\NVIDIA
2007-10-13 15:29    <DIR>    d--------    C:\ProgramData\NVIDIA
2007-10-13 15:26    1,073,152    --a------    C:\Windows\System32\nvcpluir.dll
2007-10-13 15:26    753,664    --a------    C:\Windows\System32\nvcplui.exe
2007-10-13 15:26    307,200    --a------    C:\Windows\System32\nvexpbar.dll
2007-10-13 15:21    <DIR>    d--------    C:\Program Files\SystemRequirementsLab
2007-10-13 14:52    8,138,240    --a------    C:\Windows\System32\ssBranded.scr
2007-10-13 14:52    974,336    --a------    C:\Windows\System32\crypt32.dll
2007-10-13 13:18    <DIR>    d--------    C:\Users\All Users\Microsoft Games
2007-10-13 13:18    <DIR>    d--------    C:\ProgramData\Microsoft Games
2007-10-13 13:04    <DIR>    d--------    C:\Windows\Install_Vista_6197_0924
2007-10-13 12:39    <DIR>    d--------    C:\Users\All Users\Adobe
2007-10-13 12:39    <DIR>    d--------    C:\Program Files\Common Files\Adobe
2007-10-13 12:36    <DIR>    d--------    C:\Program Files\CyberLink
2007-10-13 12:34    49,152    -r-------    C:\Windows\System32\ChCfg.exe
2007-10-13 12:33    <DIR>    d--------    C:\Windows\System32\RTCOM
2007-10-13 12:32    <DIR>    d--------    C:\Program Files\Realtek
2007-10-13 12:30    5,824    --a------    C:\Windows\System32\drivers\ASUSHWIO.SYS
2007-10-13 02:12    205,824    --a------    C:\Windows\System32\msoeacct.dll
2007-10-13 02:12    87,040    --a------    C:\Windows\System32\msoert2.dll
2007-10-13 02:12    39,424    --a------    C:\Windows\System32\ACCTRES.dll
2007-10-13 02:11    376,320    --a------    C:\Windows\System32\winsrv.dll
2007-10-13 02:11    49,664    --a------    C:\Windows\System32\csrsrv.dll
2007-10-13 02:09    2,048    --a------    C:\Windows\System32\tzres.dll
2007-10-13 02:08    374,456    --a------    C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-10-13 02:07    414,208    --a------    C:\Windows\System32\msscp.dll
2007-10-13 02:05    104,448    --a------    C:\Windows\System32\DWWIN.EXE
2007-10-13 02:04    4,247,552    --a------    C:\Windows\System32\GameUXLegacyGDFs.dll
2007-10-13 02:04    1,686,528    --a------    C:\Windows\System32\gameux.dll
2007-10-13 02:04    1,191,936    --a------    C:\Windows\System32\msxml3.dll
2007-10-13 02:04    2,048    --a------    C:\Windows\System32\msxml3r.dll
2007-10-13 02:00    750,080    --a------    C:\Windows\System32\qmgr.dll
2007-10-12 23:19    13,653,824    --a------    C:\Windows\System32\xlivefnt.dll
2007-10-12 23:19    10,155,840    --a------    C:\Windows\System32\xlive.dll
2007-10-12 21:00    356,352    --a------    C:\Windows\System32\NVUNINST.EXE
2007-10-12 20:56    <DIR>    d--------    C:\Program Files\Leadtek Research Inc
2007-10-12 20:53    <DIR>    d--------    C:\Program Files\Common Files\Ulead Systems
2007-10-12 20:52    <DIR>    d--------    C:\Windows\ulead.dat
2007-10-12 20:52    <DIR>    d--hs----    C:\Users\Public\DRM
2007-10-12 20:52    258,048    --a------    C:\Windows\System32\drmclien.dll
2007-10-12 20:52    49,152    --a------    C:\Windows\System32\TempDel.EXE
2007-10-12 20:51    <DIR>    d--------    C:\WinFast WorkArea
2007-10-12 20:51    <DIR>    d--------    C:\Windows\System32\WinFox
2007-10-12 20:51    <DIR>    d--------    C:\Windows\System32\WinFast
2007-10-12 20:51    <DIR>    d--------    C:\Program Files\WinFast
2007-10-12 20:51    9,600    ---------    C:\Windows\System32\drivers\WINFOXIO.sys
2007-10-12 20:51    9,446    --a------    C:\Windows\System32\drivers\WFIOCTL.sys
2007-10-12 20:44    278,728    --a------    C:\Windows\System32\drivers\atksgt.sys
2007-10-12 20:44    25,416    --a------    C:\Windows\System32\drivers\lirsgt.sys
2007-10-12 20:38    <DIR>    d---s----    C:\Program Files\Xfire
2007-10-12 20:36    <DIR>    d--------    C:\Windows\Driver Cache
2007-10-12 20:34    <DIR>    d--------    C:\Program Files\SpellForce
2007-10-12 20:33    <DIR>    d--hs----    C:\Windows\Installer

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 15:07    ---------    d-----w    C:\Program Files\Windows Mail
2007-10-20 15:19    4,608    ----a-w    C:\Windows\System32\w95inf32.dll
2007-10-13 13:56    174    --sha-w    C:\Program Files\desktop.ini
2007-10-13 13:53    88,576    ----a-w    C:\Windows\System32\avifil32.dll
2007-10-13 13:53    82,944    ----a-w    C:\Windows\System32\mciavi32.dll
2007-10-13 13:53    712,192    ----a-w    C:\Windows\System32\WindowsCodecs.dll
2007-10-13 13:53    704,000    ----a-w    C:\Windows\System32\PhotoScreensaver.scr
2007-10-13 13:53    69,632    ----a-w    C:\Windows\System32\sendmail.dll
2007-10-13 13:53    65,024    ----a-w    C:\Windows\System32\avicap32.dll
2007-10-13 13:53    61,440    ----a-w    C:\Windows\System32\ntprint.exe
2007-10-13 13:53    320,000    ----a-w    C:\Windows\system32\drivers\csc.sys
2007-10-13 13:53    31,232    ----a-w    C:\Windows\System32\msvidc32.dll
2007-10-13 13:53    3,504,824    ----a-w    C:\Windows\System32\ntkrnlpa.exe
2007-10-13 13:53    3,470,008    ----a-w    C:\Windows\System32\ntoskrnl.exe
2007-10-13 13:53    269,824    ----a-w    C:\Windows\System32\schannel.dll
2007-10-13 13:53    220,160    ----a-w    C:\Windows\System32\ntprint.dll
2007-10-13 13:53    123,904    ----a-w    C:\Windows\System32\msvfw32.dll
2007-10-13 13:53    120,320    ----a-w    C:\Windows\System32\dhcpcsvc6.dll
2007-10-13 13:53    12,800    ----a-w    C:\Windows\System32\msrle32.dll
2007-10-13 13:53    105,984    ----a-w    C:\Windows\System32\CscMig.dll
2007-10-13 13:53    10,240    ----a-w    C:\Windows\System32\dhcpcmonitor.dll
2007-10-13 13:53    1,984,512    ----a-w    C:\Windows\System32\authui.dll
2007-10-13 01:19    ---------    d-----w    C:\Program Files\Windows Defender
2007-10-13 01:19    ---------    d-----w    C:\Program Files\Windows Calendar
2007-10-13 01:13    8,192    ----a-w    C:\Windows\System32\riched32.dll
2007-10-13 01:13    77,824    ----a-w    C:\Windows\System32\rascfg.dll
2007-10-13 01:13    70,144    ----a-w    C:\Windows\system32\drivers\pacer.sys
2007-10-13 01:13    694,784    ----a-w    C:\Windows\System32\localspl.dll
2007-10-13 01:13    619,008    ----a-w    C:\Windows\system32\drivers\dxgkrnl.sys
2007-10-13 01:13    61,952    ----a-w    C:\Windows\system32\drivers\wanarp.sys
2007-10-13 01:13    52,736    ----a-w    C:\Windows\System32\rasdiag.dll
2007-10-13 01:13    48,640    ----a-w    C:\Windows\system32\drivers\ndproxy.sys
2007-10-13 01:13    384,000    ----a-w    C:\Windows\System32\netcfgx.dll
2007-10-13 01:13    36,864    ----a-w    C:\Windows\System32\cdd.dll
2007-10-13 01:13    33,280    ----a-w    C:\Windows\System32\traffic.dll
2007-10-13 01:13    32,768    ----a-w    C:\Windows\System32\rasmxs.dll
2007-10-13 01:13    286,208    ----a-w    C:\Windows\System32\ipnathlp.dll
2007-10-13 01:13    22,016    ----a-w    C:\Windows\System32\rasser.dll
2007-10-13 01:13    20,480    ----a-w    C:\Windows\system32\drivers\ndistapi.sys
2007-10-13 01:13    15,360    ----a-w    C:\Windows\System32\pacerprf.dll
2007-10-13 01:13    134,656    ----a-w    C:\Windows\System32\dps.dll
2007-10-13 01:13    13,824    ----a-w    C:\Windows\System32\wshqos.dll
2007-10-13 01:13    13,824    ----a-w    C:\Windows\System32\icsunattend.exe
2007-10-13 01:06    86,016    ----a-w    C:\Windows\System32\icfupgd.dll
2007-10-13 01:06    8,147,968    ----a-w    C:\Windows\System32\wmploc.DLL
2007-10-13 01:06    7,680    ----a-w    C:\Windows\System32\spwmp.dll
2007-10-13 01:06    63,488    ----a-w    C:\Windows\system32\drivers\mpsdrv.sys
2007-10-13 01:06    61,952    ----a-w    C:\Windows\System32\cmifw.dll
2007-10-13 01:06    4,096    ----a-w    C:\Windows\System32\dxmasf.dll
2007-10-13 01:06    396,800    ----a-w    C:\Windows\System32\MPSSVC.dll
2007-10-13 01:06    392,192    ----a-w    C:\Windows\System32\FirewallAPI.dll
2007-10-13 01:06    356,864    ----a-w    C:\Windows\System32\MediaMetadataHandler.dll
2007-10-13 01:06    23,040    ----a-w    C:\Windows\system32\drivers\tunnel.sys
2007-10-13 01:06    178,688    ----a-w    C:\Windows\System32\iphlpsvc.dll
2007-10-13 01:06    16,896    ----a-w    C:\Windows\System32\wfapigp.dll
2007-10-13 01:06    15,360    ----a-w    C:\Windows\system32\drivers\TUNMP.SYS
2007-10-13 01:04    537,600    ----a-w    C:\Windows\AppPatch\AcLayers.dll
2007-10-13 01:04    449,536    ----a-w    C:\Windows\AppPatch\AcSpecfc.dll
2007-10-13 01:04    2,144,256    ----a-w    C:\Windows\AppPatch\AcGenral.dll
2007-10-13 01:04    173,056    ----a-w    C:\Windows\AppPatch\AcXtrnal.dll
2007-10-13 01:02    57,856    ----a-w    C:\Windows\System32\SLUINotify.dll
2007-10-13 01:02    566,784    ----a-w    C:\Windows\System32\SLCommDlg.dll
2007-10-13 01:02    56,320    ----a-w    C:\Windows\System32\iesetup.dll
2007-10-13 01:02    52,736    ----a-w    C:\Windows\AppPatch\iebrshim.dll
2007-10-13 01:02    39,936    ----a-w    C:\Windows\System32\slcinst.dll
2007-10-13 01:02    351,232    ----a-w    C:\Windows\System32\SLUI.exe
2007-10-13 01:02    33,280    ----a-w    C:\Windows\System32\slwmi.dll
2007-10-13 01:02    268,288    ----a-w    C:\Windows\System32\mcbuilder.exe
2007-10-13 01:02    26,624    ----a-w    C:\Windows\System32\ieUnatt.exe
2007-10-13 01:02    223,232    ----a-w    C:\Windows\System32\SLC.dll
2007-10-13 01:02    2,605,568    ----a-w    C:\Windows\System32\SLsvc.exe
2007-10-13 01:02    186,368    ----a-w    C:\Windows\System32\SLLUA.exe
2007-10-13 01:01    84,480    ----a-w    C:\Windows\System32\INETRES.dll
2007-10-13 01:01    788,992    ----a-w    C:\Windows\System32\rpcrt4.dll
2007-10-13 01:01    737,792    ----a-w    C:\Windows\System32\inetcomm.dll
2007-10-13 01:01    633,856    ----a-w    C:\Windows\System32\user32.dll
2007-10-13 01:01    53,760    ----a-w    C:\Windows\system32\drivers\hdaudbus.sys
2007-10-13 01:01    5,120    ----a-w    C:\Windows\System32\wmi.dll
2007-10-13 01:01    2,026,496    ----a-w    C:\Windows\System32\win32k.sys
2007-10-13 01:01    152,576    ----a-w    C:\Windows\System32\imagehlp.dll
2007-10-13 01:01    12,800    ----a-w    C:\Windows\system32\drivers\fs_rec.sys
2007-10-13 01:01    1,335,296    ----a-w    C:\Windows\System32\msxml6.dll
2007-10-12 14:56    ---------    d-sh--w    C:\ProgramData\Skrivebord
2007-10-12 14:56    ---------    d-sh--w    C:\ProgramData\Skabeloner
2007-10-12 14:56    ---------    d-sh--w    C:\ProgramData\Menuen Start
2007-10-12 14:56    ---------    d-sh--w    C:\ProgramData\Favoritter
2007-10-12 14:56    ---------    d-sh--w    C:\ProgramData\Dokumenter
2007-10-12 14:56    ---------    d-sh--w    C:\Program Files\Fælles filer
2007-09-15 17:29    0    ----a-w    C:\cabal_total.exe
2007-09-11 20:28    86,016    ----a-w    C:\Windows\System32\nvsvc.dll
2007-09-11 20:28    81,920    ----a-w    C:\Windows\System32\nvmctray.dll
2007-09-11 20:28    8,497,696    ----a-w    C:\Windows\System32\nvcpl.dll
2007-09-11 20:28    7,623,968    ----a-w    C:\Windows\system32\drivers\nvlddmkm.sys
2007-09-11 20:28    6,942,720    ----a-w    C:\Windows\System32\nvoglv32.dll
2007-09-11 20:28    6,344,704    ----a-w    C:\Windows\System32\nvdisps.dll
2007-09-11 20:28    521,128    ----a-w    C:\Windows\System32\dpinst.exe
2007-09-11 20:28    5,509,120    ----a-w    C:\Windows\System32\nvdispsr.dll
2007-09-11 20:28    458,752    ----a-w    C:\Windows\System32\nvmccssr.dll
2007-09-11 20:28    45,056    ----a-w    C:\Windows\System32\nvmccsrs.dll
2007-09-11 20:28    4,988,928    ----a-w    C:\Windows\System32\nvd3dum.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 C:\Windows\SkyTel.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-06 20:01]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 15:00 C:\Windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:14 C:\Windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 17:26 C:\Windows\alcwzrd.exe]
"Norman ZANDA"="C:\Program Files\VIRUSfighter\Npm\Bin\ZLH.exe" [2007-04-27 13:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-23 17:57]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"{26AC2EC6-37B3-F6AA-28B0-9BE785507068}"="C:\Users\Dalle\AppData\Roaming:svhosts.exe" [2007-11-07 18:02]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sitecom WL-022 Wireless LAN Utility.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom WL-022 Wireless LAN Utility.lnk
backup=C:\Windows\pss\Sitecom WL-022 Wireless LAN Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Dalle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Users\Dalle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\Windows\pss\Xfire.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast2KLoadDefault]
rundll32.exe C:\Windows\system32\wf2kcpl.dll,DllLoadDefaultSettings

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFoxV2]
C:\Windows\system32\WF2K.EXE Initial

R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 RTL8169;Realtek 8169 NT-driver;C:\Windows\system32\DRIVERS\Rtlh86.sys
R3 WlanUIB;Sitecom 802.11b USB Driver;C:\Windows\system32\DRIVERS\WlanUIB.sys
S3 viaagp;VIA AGP Bus Filter;C:\Windows\system32\drivers\viaagp.sys
S4 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService    nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted    hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork    PLA DPS BFE mpssvc
LocalServiceNetworkRestricted    DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ce1bb26-78d1-11dc-943e-806e6f6e6963}]
\shell\AutoRun\command - D:\Startup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - ERASERUTILDRV10733
.
Contents of the 'Scheduled Tasks' folder
"2007-10-26 13:58:27 C:\Windows\Tasks\Norton Security Scan.job"
"2007-11-07 17:17:00 C:\Windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 20:57:26
Windows 6.0.6000  NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  {26AC2EC6-37B3-F6AA-28B0-9BE785507068} = C:\Users\Dalle\AppData\Roaming:svhosts.exe??\?R?o?a?m?i?n?g???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-07 21:01:08
.
    --- E O F ---
Avatar billede daniel2005 Nybegynder
07. november 2007 - 21:03 #13
C:\Users\Dalle\AppData\Roaming:svhosts.exe det er der norton siger background trojan'en er
Avatar billede Computer Hjælp (Gratis) Mester
07. november 2007 - 21:18 #14
[07/11-2007 20:56:42] !!!
Avatar billede daniel2005 Nybegynder
07. november 2007 - 21:25 #15
okay okay 2 sec
Avatar billede daniel2005 Nybegynder
08. november 2007 - 11:54 #16
har prøvet og nu kan jeg nok ik komme på nettet på den
Avatar billede Computer Hjælp (Gratis) Mester
09. november 2007 - 23:38 #17
Lige en hurtig ->

Hent Dial-a-fix på dette link, og gem det på skrivebordet.
http://djlizard.net/Dial-a-fix-2006-09-19.exe

Kør programmet, klik på "Tools" knappen (billede af en hammer), marker følgende punkt, og klik på "GO"

Reset networking interfaces

Fortæl bagefter om det har hjulpet.
Avatar billede Computer Hjælp (Gratis) Mester
13. november 2007 - 21:03 #18
???
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
25/0117:08 Problemer med borger.dk Af valby i Windows
25/0114:19 Fejl Af buls i Windows
White papers
Flere white papers »