/ Forside/ Teknologi / Internet / Sikkerhed / Spørgsmål
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
Virus problem
Fra : Sunnyman
Vist : 820 gange
100 point
Dato : 02-01-07 15:53

Hejsa,

Jeg har fået en virus som hedder :

BACKDOOR:WIN32/SDBOT!EA6F

Ingen af alle de programmer jeg har prøvet, kan fjerne den....Kan i hjælpe ?

Henrik

 
 
Kommentar
Fra : troldenesdhb


Dato : 02-01-07 16:01
Kommentar
Fra : stl_s


Dato : 02-01-07 16:23
Kommentar
Fra : miritdk


Dato : 02-01-07 17:12

ohoooo geniet stl_s på arbejde allerede - så er du i gode hænder sunnyman

Kommentar
Fra : Sunnyman


Dato : 02-01-07 17:17

Hjælper ikke...

Microsoft malicius removal, kan ikke fjerne alle inficerede filer !!!




Kommentar
Fra : stl_s


Dato : 02-01-07 17:22

Nej, men jeg har et værktøj der kan, men følg lige min vejledning først http://sptlarsenserious.googlepages.com/hijackthis

Kommentar
Fra : Sunnyman


Dato : 02-01-07 17:25

Logfile of HijackThis v1.99.1
Scan saved at 17:22:00, on 02-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Acer\OrbiCam\CameraAssistant.exe
C:\Acer\GraviSense\GraviSense.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Acer\VoIP Phone Charger\voip phone charger.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
c:\Temp\WinTemp\RtkBtMnt.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\OpenOffice.org 2.1\program\soffice.exe
C:\Programmer\OpenOffice.org 2.1\program\soffice.BIN
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Azureus\Azureus.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmer\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmer\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmer\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\GraviSense.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [voip phone charger] "C:\Programmer\Acer\VoIP Phone Charger\voip phone charger.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eNMTray.exe] c:\Acer\Empowering Technology\eNet\eNMTray.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Programmer\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Send til &Bluetooth-enhed... - c:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe



Kommentar
Fra : stl_s


Dato : 02-01-07 17:29

Hent og dobbeltklik denne fil. Den pakker sig ud til C:\SDFix:
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

Gå så ind i mappen SDFix på C drevet. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.


Kommentar
Fra : Sunnyman


Dato : 02-01-07 17:54


SDFix: Version 1.53
****************

02-01-2007 - 17:44:08,54

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

Checking Services...

Service Name:


File Path:



Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------


Backing Up and Removing any Files Found...

Alternate Stream Check:

C:\WINDOWS\system32
No streams found.
Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmer\\Azureus\\Azureus.exe"="C:\\Programmer\\Azureus\\Azureus.exe:*:Enabled:Azureus"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\WINDOWS\system32\NTIBUN4.dll
C:\WINDOWS\system32\NTICDMK7.dll
C:\WINDOWS\system32\NTIFCD3.dll
C:\WINDOWS\system32\NTIMP3.dll
C:\WINDOWS\system32\NTIMPEG2.dll
C:\Programmer\Outlook Express\msimn.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys

FINISHED!


Kommentar
Fra : Sunnyman


Dato : 02-01-07 17:55

Stl_s !

Hvad gør det program du har givet mig helt nøjagtigt ?

Kommentar
Fra : stl_s


Dato : 02-01-07 18:14

Den gjorde ikke noget. Jeg kan også kun se ormen i dine tempfiler, så det meste af den er nok væk.

Der er også lidt tegn på noget andet skidt, så kør lige disse to scannere, som bør fjerne det sidste af ormen, og lidt til:

1.

Hent denne virus scanner ned til skrivebordet, den skal du bruge senere.

http://www.spywareinfo.dk/download/mwav.exe

----------------------------------------------------------------
2.

Hent derefter denne scanner http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Installer scanneren, og opdater dens database manuelt. OBS, ved installationen bliver det foreslået at du registrerer med din email. Det behøver du ikke at gøre.

----------------------------------------------------------------
3.

Så starter du op i fejlsikret tilstand http://www.spywareinfo.dk/htm/fejlsikret_tilstand.htm

Lykkes det ikke, så se her http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1

(OBS: Hvis du bruger Bootsafe, som er en nødløsning, så tjek vejledningen for hvordan du kommer tilbage i normal tilstand)

----------------------------------------------------------------
4.

Kør nu scanneren MWAV.exe. Kør zipfilen og klik UNZIP, så bliver scanneren pakket ud og brugerfladen åbner.

Sæt et flueben i DRIVE. Klik nu på Scan/Clean, og så scanner den for virus og sletter hvad den finder.


Jeg vil gerne se hvad scanneren har fundet og slettet, så gør venligst dette:

I vinduet VIRUS LOG INFORMATION (vinduet vises KUN hvis scanneren finder virus) markerer du teksten med musen, og trykker så på CTRL og C knapperne samtidig. Så er teksten kopieret til udklipsholderen. Sæt det ind i et tekst dokument (f,eks Notesblok eller Wordpad), og sæt det ind i tråden i dit næste indlæg.


OBS: Scanneren kan også generere en meget lang log. Den skal du venligst IKKE kopiere ind.


Luk scanneren ved at klikke EXIT og EXIT igen (Ignorer reklamen for købe versionen).

-----------------------------------------------------------------
5.

Så scanner du med SuperAntiSpyware:


Start SuperAntiSpyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

Genstart til normal tilstand (scanneren tilbyder måske at gøre det).

Åbn scanneren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log".

-----------------------------------------------------------------
6.

Kopier venligst loggen fra SuperAntiSpyware her ind i tråden, sammen med loggen fra MWAV, og en frisk HijackThis log.

Kommentar
Fra : stl_s


Dato : 02-01-07 18:36

Citat
Stl_s !

Hvad gør det program du har givet mig helt nøjagtigt ?


Det er et værktøj, som er specielt udviklet til at fjerne SD bots, men den fandt som sagt ikke noget.

Hvis scannerne ikke ikke fjerner den, så nupper vi den manuelt.

Kommentar
Fra : Sunnyman


Dato : 02-01-07 20:44

Her er log fra E-scan :

File C:\Programmer\DAEMON Tools\SetupDTSB.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.

Kører superAntispyware nu

Kommentar
Fra : Sunnyman


Dato : 02-01-07 21:55

SUPERAntiSpyware Scan Log
Generated 01/02/2007 at 09:11 PM

Application Version : 3.3.1020

Core Rules Database Version : 3158
Trace Rules Database Version: 1171

Scan type : Complete Scan
Total Scan Time : 00:14:06

Memory items scanned : 175
Memory threats detected : 0
Registry items scanned : 4903
Registry threats detected : 7
File items scanned : 9566
File threats detected : 1

Adware.IWantSearchBar
   HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
   HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32
   HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32#ThreadingModel
   HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID
   HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\Programmable
   HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib
   HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID

Adware.WhenU
   C:\PROGRAMMER\DAEMON TOOLS\SETUPDTSB.EXE



SDFix: Version 1.53
****************

02-01-2007 - 21:44:13,90

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

Checking Services...

Service Name:


File Path:



Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------


Backing Up and Removing any Files Found...

Alternate Stream Check:

C:\WINDOWS\system32
No streams found.
Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmer\\Azureus\\Azureus.exe"="C:\\Programmer\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\WINDOWS\system32\NTIBUN4.dll
C:\WINDOWS\system32\NTICDMK7.dll
C:\WINDOWS\system32\NTIFCD3.dll
C:\WINDOWS\system32\NTIMP3.dll
C:\WINDOWS\system32\NTIMPEG2.dll
C:\Programmer\Outlook Express\msimn.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys

FINISHED!

Kommentar
Fra : stl_s


Dato : 02-01-07 22:09

Der er altså ikke noget at se fra den SD bot infektion. Hvorfor tror du ikke at alle filerne blev fjernet af Microsoft værktøjet ?

Citat
Dato : 02-01-07 18:14

Jeg kan også kun se ormen i dine tempfiler


Det var mig der vrøvlede .



Kommentar
Fra : Sunnyman


Dato : 02-01-07 23:13

Når jeg scanner med Microsoft malicius removal tool, skriver den at den kun er delvist fjernet, og at jeg skal bruge et antivirus prg til at fjerne resten med, men der er ingen der kan fjerne resten ????

Kommentar
Fra : stl_s


Dato : 02-01-07 23:23

Den har muligvis fjernet det hele alligevel. Den giver måske rådet om et antivirus, for at man skal dobbelttjekke.

Dette værktøj kan se om der skulle ligge nogle rester:


Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

Kopier loggen her ind.

Kommentar
Fra : Sunnyman


Dato : 03-01-07 07:22

Henrik - 07-01-03 7:14:56,56 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Temp"

((((((((((((((((((((((((((((((( Files Created from 2006-12-03 to 2007-01-03 ))))))))))))))))))))))))))))))))))


2007-01-02   20:45   <DIR>   d--------   C:\Programmer\SUPERAntiSpyware
2007-01-02   20:45   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\SUPERAntiSpyware.com
2007-01-02   19:45   <DIR>   d--------   C:\Kaspersky
2007-01-02   17:34   <DIR>   d--------   C:\SDFix
2007-01-02   17:21   218,112   --a------   C:\Programmer\HJTrenamed.exe
2007-01-02   09:17   7,552   --a------   C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-01-02   07:52   765,952   --a------   C:\WINDOWS\system32\xvidcore.dll
2007-01-02   07:52   630,784   --a------   C:\WINDOWS\system32\vp7vfw.dll
2007-01-02   07:52   558,592   --a------   C:\WINDOWS\system32\x264vfw.dll
2007-01-02   07:52   5,120   --a------   C:\WINDOWS\system32\ff_vfw.dll
2007-01-02   07:52   438,272   --a------   C:\WINDOWS\system32\vp6vfw.dll
2007-01-02   07:52   39,936   --a------   C:\WINDOWS\system32\huffyuv.dll
2007-01-02   07:52   217,088   --a------   C:\WINDOWS\system32\yv12vfw.dll
2007-01-02   07:52   217,088   --a------   C:\WINDOWS\system32\i420vfw.dll
2007-01-02   07:52   180,224   --a------   C:\WINDOWS\system32\xvidvfw.dll
2007-01-02   07:52   1,415,680   --a------   C:\WINDOWS\system32\WMV9VCM.dll
2007-01-02   07:52   <DIR>   d--------   C:\Programmer\K-Lite Codec Pack
2006-12-31   10:01   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\e-Safekey
2006-12-31   09:06   <DIR>   d--------   C:\WINDOWS\system32\autorun
2006-12-31   08:50   21,275   --a------   C:\WINDOWS\system32\drivers\AegisP.sys
2006-12-31   08:48   61,440   --a------   C:\WINDOWS\system32\acerGina.dll
2006-12-30   18:59   <DIR>   dr-h-----   C:\Documents and Settings\Henrik\Recent
2006-12-30   18:58   <DIR>   d--------   C:\Programmer\CCleaner
2006-12-30   18:54   118,784   --a------   C:\WINDOWS\system32\MSSTDFMT.DLL
2006-12-30   18:54   <DIR>   d--------   C:\Programmer\SpywareBlaster
2006-12-30   18:52   <DIR>   d--------   C:\Programmer\Windows Defender
2006-12-30   18:34   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\Uniblue
2006-12-30   17:56   <DIR>   d--------   C:\WINDOWS\pss
2006-12-29   09:07   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\AdobeUM
2006-12-29   08:39   <DIR>   d--------   C:\Programmer\Skype
2006-12-29   08:39   <DIR>   d--------   C:\Programmer\F‘lles filer\Skype
2006-12-29   08:39   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\Skype
2006-12-29   08:39   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Skype
2006-12-29   08:33   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\Intel
2006-12-28   09:38   <DIR>   d--------   C:\Programmer\RegCure
2006-12-28   09:34   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\OpenOffice.org2
2006-12-28   09:33   <DIR>   d--hs----   C:\RECYCLER
2006-12-28   09:31   <DIR>   d--------   C:\WINDOWS\Sun
2006-12-28   09:31   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\Sun
2006-12-27   23:30   <DIR>   d--------   C:\Programmer\Azureus
2006-12-27   23:30   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\Azureus
2006-12-27   23:03   <DIR>   d--------   C:\Programmer\Java
2006-12-27   22:58   <DIR>   d--------   C:\Programmer\F‘lles filer\Java
2006-12-27   18:10   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\InterVideo
2006-12-27   18:02   204,800   --a------   C:\WINDOWS\system32\IVIresizeW7.dll
2006-12-27   18:02   200,704   --a------   C:\WINDOWS\system32\IVIresizeA6.dll
2006-12-27   18:02   20,480   --a------   C:\WINDOWS\system32\IVIresize.dll
2006-12-27   18:02   192,512   --a------   C:\WINDOWS\system32\IVIresizeP6.dll
2006-12-27   18:02   192,512   --a------   C:\WINDOWS\system32\IVIresizeM6.dll
2006-12-27   18:02   188,416   --a------   C:\WINDOWS\system32\IVIresizePX.dll
2006-12-27   18:02   <DIR>   d--------   C:\Programmer\InterVideo
2006-12-27   18:02   <DIR>   d--------   C:\Programmer\F‘lles filer\InterVideo
2006-12-27   18:02   <DIR>   d--------   C:\Programmer\DivX
2006-12-27   18:02   <DIR>   d--------   C:\Program Files
2006-12-27   17:56   <DIR>   d--------   C:\Documents and Settings\Henrik\Contacts
2006-12-27   17:50   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2006-12-27   17:49   <DIR>   d--------   C:\Programmer\MSN Messenger
2006-12-27   11:08   <DIR>   d--------   C:\Programmer\Microsoft.NET
2006-12-27   11:08   <DIR>   d--------   C:\Programmer\Microsoft Office
2006-12-27   11:08   <DIR>   d--------   C:\Programmer\F‘lles filer\DESIGNER
2006-12-27   11:05   <DIR>   d--------   C:\Programmer\DAEMON Tools
2006-12-27   11:02   639,224   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2006-12-27   10:30   <DIR>   d--------   C:\Programmer\OpenOffice.org 2.1
2006-12-27   09:23   <DIR>   d--------   C:\Temp
2006-12-27   09:23   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\Adobe
2006-12-27   09:21   60,416   --a------   C:\WINDOWS\system32\tzchange.exe
2006-12-27   09:18   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-27   09:10   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2006-12-27   09:09   <DIR>   d--------   C:\Programmer\MSXML 4.0
2006-12-27   09:05   <DIR>   d--------   C:\Programmer\RegistryFix
2006-12-27   08:47   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2006-12-27   08:47   <DIR>   d--------   C:\WINDOWS\system32\PreInstall
2006-12-27   08:46   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\CyberLink
2006-12-27   08:43   <DIR>   d--hs----   C:\Recycled
2006-12-27   00:25   816,672   --a------   C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-27   00:25   4,960   --a------   C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-27   00:25   4,224   --a------   C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-27   00:25   3,968   --a------   C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-27   00:25   28,416   --a------   C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-27   00:25   18,240   --a------   C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-27   00:25   <DIR>   d--------   C:\Programmer\Grisoft
2006-12-27   00:25   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\AVG7
2006-12-27   00:25   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2006-12-27   00:25   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg7
2006-12-27   00:17   <DIR>   d--------   C:\Programmer\Mozilla Firefox
2006-12-27   00:17   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\Talkback
2006-12-27   00:17   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\Mozilla
2006-12-26   23:58   <DIR>   d--------   C:\Programmer\WinRAR
2006-12-26   23:55   <DIR>   d--------   C:\WINDOWS\system32\SoftwareDistribution
2006-12-26   23:54   <DIR>   d---s----   C:\Documents and Settings\Henrik\UserData
2006-12-26   22:51   <DIR>   d--------   C:\WINDOWS\Acer
2006-12-26   22:51   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\Macromedia
2006-12-26   22:49   4,392   --a------   C:\WINDOWS\system32\drivers\NdisFilt.sys
2006-12-26   22:49   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\Acer
2006-12-26   22:49   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Acer
2006-12-26   22:48   7,296   --a------   C:\WINDOWS\system32\drivers\osaio.sys
2006-12-26   22:48   4,010   --a------   C:\WINDOWS\system32\drivers\osanbm.sys
2006-12-26   22:48   12,106   --a------   C:\WINDOWS\system32\drivers\OsaFsLoc.sys
2006-12-26   22:41   258,048   --a------   C:\WINDOWS\system32\Uninstall_eRecovery.exe
2006-12-26   22:40   81,920   --a------   C:\WINDOWS\system32\packet.dll
2006-12-26   22:40   78,208   --a------   C:\WINDOWS\system32\drivers\epm-shd.sys
2006-12-26   22:40   61,440   --a------   C:\WINDOWS\system32\WanPacket.dll
2006-12-26   22:40   53,299   --a------   C:\WINDOWS\system32\pthreadVC.dll
2006-12-26   22:40   4,096   --a------   C:\WINDOWS\system32\drivers\epm-psd.sys
2006-12-26   22:40   32,512   --a------   C:\WINDOWS\system32\drivers\npf.sys
2006-12-26   22:40   233,472   --a------   C:\WINDOWS\system32\wpcap.dll
2006-12-26   22:40   <DIR>   d--------   C:\Programmer\WinPCap
2006-12-26   22:40   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Intel
2006-12-26   22:39   5,120   --a------   C:\WINDOWS\system32\FILTRCOI.DLL
2006-12-26   22:39   49,152   --a------   C:\WINDOWS\system32\QtBtLib.dll
2006-12-26   22:39   16,896   --a------   C:\WINDOWS\system32\drivers\DKbFltr.SYS
2006-12-26   22:39   <DIR>   d--------   C:\Programmer\Launch Manager
2006-12-26   22:38   <DIR>   d--------   C:\Documents and Settings\Henrik\Bluetooth Software
2006-12-26   22:36   59,648   --a------   C:\WINDOWS\system32\drivers\rfcomm.sys
2006-12-26   22:36   274,432   --a------   C:\WINDOWS\system32\drivers\bthport.sys
2006-12-26   22:36   225,350   --a------   C:\WINDOWS\system32\Epm-Po.dll
2006-12-26   22:36   18,944   --a------   C:\WINDOWS\system32\drivers\BTHUSB.SYS
2006-12-26   22:36   17,024   --a------   C:\WINDOWS\system32\drivers\BthEnum.sys
2006-12-26   22:36   100,992   --a------   C:\WINDOWS\system32\drivers\bthpan.sys
2006-12-26   22:36   <DIR>   d--------   C:\Programmer\WIDCOMM
2006-12-26   22:35   984,064   --a------   C:\WINDOWS\system32\ShowErrUI.dll
2006-12-26   22:35   94,208   --a------   C:\WINDOWS\system32\ToolBand.dll
2006-12-26   22:35   822,784   --a------   C:\WINDOWS\system32\UIVCL.dll
2006-12-26   22:35   81,920   --a------   C:\WINDOWS\system32\Outlook Addin.dll
2006-12-26   22:35   81,920   --a------   C:\WINDOWS\system32\MSNSpook.dll
2006-12-26   22:35   61,440   --a------   C:\WINDOWS\system32\ShowErrMsg.dll
2006-12-26   22:35   57,344   --a------   C:\WINDOWS\system32\LogSPWusage.dll
2006-12-26   22:35   53,248   --a------   C:\WINDOWS\system32\sysenv.dll
2006-12-26   22:35   53,248   --a------   C:\WINDOWS\system32\APISlice.dll
2006-12-26   22:35   45,056   --a------   C:\WINDOWS\system32\SC_res.dll
2006-12-26   22:35   45,056   --a------   C:\WINDOWS\system32\EN_res.dll
2006-12-26   22:35   389,120   --a------   C:\WINDOWS\system32\CryptoAPI.dll
2006-12-26   22:35   352,256   --a------   C:\WINDOWS\system32\UI.dll
2006-12-26   22:35   32,768   --a------   C:\WINDOWS\system32\TC_res.dll
2006-12-26   22:35   27,136   --a------   C:\WINDOWS\system32\eDSshellExt.dll
2006-12-26   22:35   233,472   --a------   C:\WINDOWS\system32\keyManager.dll
2006-12-26   22:35   19,968   --a------   C:\WINDOWS\system32\ActiveToolBand.dll
2006-12-26   22:35   10,752   --a------   C:\WINDOWS\system32\MSNChatHook.dll
2006-12-26   22:34   69,632   --a------   C:\WINDOWS\Alcmtr.exe
2006-12-26   22:34   <DIR>   d--------   C:\Acer
2006-12-26   22:33   <DIR>   dr-h-----   C:\Documents and Settings\Henrik\SendTo
2006-12-26   22:33   <DIR>   dr-h-----   C:\Documents and Settings\Henrik\Application Data\.
2006-12-26   22:33   <DIR>   dr-h-----   C:\Documents and Settings\Henrik\Application Data
2006-12-26   22:33   <DIR>   dr-------   C:\Documents and Settings\Henrik\Menuen Start
2006-12-26   22:33   <DIR>   dr-------   C:\Documents and Settings\Henrik\Foretrukne
2006-12-26   22:33   <DIR>   dr-------   C:\Documents and Settings\Henrik\Dokumenter
2006-12-26   22:33   <DIR>   d--h-----   C:\Documents and Settings\Henrik\Skabeloner
2006-12-26   22:33   <DIR>   d--h-----   C:\Documents and Settings\Henrik\Printere
2006-12-26   22:33   <DIR>   d--h-----   C:\Documents and Settings\Henrik\Lokale indstillinger
2006-12-26   22:33   <DIR>   d--h-----   C:\Documents and Settings\Henrik\Andre computere
2006-12-26   22:33   <DIR>   d---s----   C:\Documents and Settings\Henrik\Cookies
2006-12-26   22:33   <DIR>   d---s----   C:\Documents and Settings\Henrik\Application Data\Microsoft
2006-12-26   22:33   <DIR>   d--------   C:\Documents and Settings\Henrik\Skrivebord
2006-12-26   22:33   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\Identities
2006-12-26   22:33   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\ATI
2006-12-26   22:33   <DIR>   d--------   C:\Documents and Settings\Henrik\Application Data\..
2006-12-26   22:33   <DIR>   d--------   C:\Documents and Settings\Henrik\..
2006-12-26   22:33   <DIR>   d--------   C:\Documents and Settings\Henrik\.
2006-12-26   22:32   <DIR>   d--hs----   C:\System Volume Information
2006-12-26   22:26   589,824   --a------   C:\WINDOWS\AntiV.EXE
2006-12-26   22:26   163,840   --a------   C:\WINDOWS\AExec.exe
2006-12-26   22:26   <DIR>   d-a------   C:\WINDOWS\ezDock
2006-12-26   22:26   <DIR>   d-a------   C:\WINDOWS\Cardrdr


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-02 17:22   7795   --a------   C:\Programmer\hijackthis.log
2006-12-31 08:48   --------   d--h-----   C:\Programmer\InstallShield Installation Information
2006-12-30 23:10   --------   d--------   C:\Programmer\Intel
2006-12-29 08:39   --------   d--------   C:\Programmer\F‘lles filer
2006-12-26 22:26   787   --a------   C:\WINDOWS\HotFix.bat
2006-12-26 22:26   777   --a------   C:\WINDOWS\CLEANUP.CMD
2006-12-07 17:02   2174976   --a------   C:\WINDOWS\system32\wmvcore.dll
2006-11-04 14:14   1245696   --a------   C:\WINDOWS\system32\msxml4.dll
2006-10-20 02:39   713216   --a------   C:\WINDOWS\system32\sxs.dll
2006-10-13 13:40   65536   --a------   C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:40   64000   --a------   C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:40   142848   --a------   C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Programmer\\MSN Messenger\\MsnMsgr.Exe\" /background"
"eNMTray.exe"="c:\\Acer\\Empowering Technology\\eNet\\eNMTray.exe"
"SUPERAntiSpyware"="C:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AzMixerSel"="C:\\Programmer\\Realtek\\InstallShield\\AzMixerSel.exe"
"SynTPLpr"="C:\\Programmer\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programmer\\Synaptics\\SynTP\\SynTPEnh.exe"
"RemoteControl"="C:\\Programmer\\CyberLink\\PowerDVD\\PDVDServ.exe"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"LogitechCameraAssistant"="C:\\Programmer\\Acer\\OrbiCam\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Programmer\\Acer\\OrbiCam\\InstallHelper.exe /inspect"
"GraviSense"="C:\\Acer\\GraviSense\\GraviSense.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"voip phone charger"="\"C:\\Programmer\\Acer\\VoIP Phone Charger\\voip phone charger.exe\""
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"ATICCC"="\"C:\\Programmer\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"SunJavaUpdateSched"="\"C:\\Programmer\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Windows Defender"="\"C:\\Programmer\\Windows Defender\\MSASCui.exe\" -hide"
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuelle startside"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,50,01,00,00,00,00,00,00,40,05,00,00,1a,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f4,01,00,00,bd,00,00,00,78,00,00,00,6e,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programmer\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ElkCtrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMSX"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ImScInst"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RegCure.job

Completion time: 07-01-03 7:15:17.97
C:\ComboFix.txt ... 07-01-03 07:15

Accepteret svar
Fra : stl_s

Modtaget 100 point
Dato : 03-01-07 16:32

Ingen problemer der. Som du kan se her, så lægger den SDbot kun en enkelt exefil ind, og den har Microsofts værktøj fjernet http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor-Win32/Sdbot!EA6F&threatid=100446

Som sagt, så beder værktøjet nok altid om en ekstra kontrol med et antivirus.

Hvis du kører en diskoprydning, og fjerner gamle systemgendannelsespunkter, skulle det være ok.

Godkendelse af svar
Fra : Sunnyman


Dato : 03-01-07 22:55

Ja, nu er den væk...

Tak for det

Du har følgende muligheder
Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.
Søg
Reklame
Statistik
Spørgsmål : 177580
Tips : 31968
Nyheder : 719565
Indlæg : 6409079
Brugere : 218888

Månedens bedste
Årets bedste
Sidste års bedste