CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede schievelbein Nybegynder
29. maj 2008 - 09:30 Der er 16 kommentarer

protect.trustedantivirus.com / Virus Allert!

Jeg har søgt flere steder på nette, og prøvet diverse virus scanner / spy scanner, men ikke noget har hjulpen.

Det startede med at jeg fik 3 ekstra ikoner på skrivebordet, og at jeg som administrator blev nægte adgang til visse dele (kontrol panel, ”CMD”, ”REGEDI”). Dette fik jeg fikset ved at kære disse programmer som i foreslår i ”artikler/123”, men når jeg surfer rund på dvs. hjemme sider, så kommer der tit en side frem hvor den skriver noget i retningen af ”Virus Detektet”, og der kommer 2 link man kan klikke på, eller at der kommer en ”AktivX” der henviser til siden ” protect.trustedantivirus.com”    Det skal lige siges at efter jeg har kørt de programmer som så beskrevet i artiklen ”123” så ser dette ikke ud til at give probler PT.

Til gengæld har jeg stadigvæk problemer med at der ”VIRUS ALERT!” nede ved siden af mit ur, og derfor tro jeg ikke at det er helt væk i nu.

MVH
Schievelbein


*******************************Hijackthis *******************************
Logfile of HijackThis v1.99.1
Scan saved at 08:49: VIRUS ALERT!, on 29-05-2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\PROMon.exe
C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\Programmer\VERITAS Software\Update Manager\sgtray.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\internat.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\OpenOffice.org 2.4\program\soffice.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.BIN
C:\Documents and Settings\Administrator\Skrivebord\Ny mappe\Hijakthis\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmer\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211953879765
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINNT\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe





******************************** Combifix ******************************

ComboFix 08-05-28.4 - Administrator 29-05-2008  8:53:41.3 - FAT32x86
Microsoft Windows 2000 Professional  5.0.2195.4.1252.1.1030.18.81 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\Ny mappe\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-04-28 to 2008-05-29  )))))))))))))))))))))))))))))))
.

2008-05-29 08:06 . 29-05-08 08:06     <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-29 08:05 . 29-05-08 08:05     <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-05-29 08:05 . 29-05-08 08:05     <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-29 08:00 . 29-05-08 08:00     <DIR>    d--------    C:\Programmer\CCleaner
2008-05-29 07:50 . 29-05-08 07:50     <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-28 15:21 . 28-05-08 15:16     233,252,201    --a------    C:\temp\C_DATA.DAT
2008-05-28 14:25 . 28-05-08 14:25     <DIR>    d--------    C:\WINNT\BDOSCAN8
2008-05-28 09:40 . 28-05-08 09:40     16,384    --a------    C:\WINNT\system32\Perflib_Perfdata_860.dat
2008-05-28 09:29 . 28-05-08 09:29     <DIR>    d--------    C:\Programmer\Lavasoft
2008-05-28 09:29 . 28-05-08 09:29     <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 09:22 . 28-05-08 09:22     16,384    --a------    C:\WINNT\system32\Perflib_Perfdata_454.dat
2008-05-28 09:21 . 28-05-08 09:21     <DIR>    d--------    C:\Deckard
2008-05-28 08:03 . 28-05-08 08:03     <DIR>    d--------    C:\WINNT\system32\Kaspersky Lab
2008-05-28 08:03 . 28-05-08 08:03     <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 07:55 . 28-05-08 07:55     <DIR>    d--------    C:\VundoFix Backups
2008-05-27 21:12 . 27-05-08 21:12     <DIR>    d--------    C:\Programmer\Spybot - Search & Destroy
2008-05-27 21:12 . 27-05-08 21:08     691,545    --a------    C:\WINNT\unins000.exe
2008-05-27 21:12 . 27-05-08 21:12     2,562    --a------    C:\WINNT\unins000.dat
2008-05-27 15:11 . 27-05-08 15:11     <DIR>    d--------    C:\Programmer\Avira
2008-05-27 15:11 . 27-05-08 15:11     <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Avira
2008-05-27 14:45 . 27-05-08 14:45     <DIR>    d--------    C:\Programmer\Enigma Software Group
2008-05-27 13:33 . 27-05-08 13:53     3,600    --a------    C:\WINNT\system32\tmp.reg
2008-05-27 09:46 . 27-05-08 09:46     <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-27 07:49 . 27-05-08 07:49     <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-26 16:05 . 26-05-08 16:05     <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-26 15:56 . 26-05-08 15:56     <DIR>    d--------    C:\Documents and Settings\hsj\Application Data\VERITAS
2008-05-26 15:56 . 26-05-08 15:56     <DIR>    d--------    C:\Documents and Settings\hsj\Application Data\TmpRecentIcons
2008-05-26 15:56 . 26-05-08 15:56     <DIR>    d--------    C:\Documents and Settings\hsj\Application Data\Mappen Share-to-Web-overførsel
2008-05-26 15:55 . 28-04-03 05:23     <DIR>    d--------    C:\Documents and Settings\hsj\Skrivebord
2008-05-26 15:55 . 28-04-03 05:23     <DIR>    d--h-----    C:\Documents and Settings\hsj\Skabeloner
2008-05-26 15:55 . 28-04-03 05:23     <DIR>    d--h-----    C:\Documents and Settings\hsj\Printere
2008-05-26 15:55 . 28-04-03 05:23     <DIR>    d--------    C:\Documents and Settings\hsj\Menuen Start
2008-05-26 15:55 . 28-04-03 05:23     <DIR>    d--h-----    C:\Documents and Settings\hsj\Lokale indstillinger
2008-05-26 15:55 . 26-05-08 15:55     <DIR>    dr-------    C:\Documents and Settings\hsj\Foretrukne
2008-05-26 15:55 . 28-04-03 05:23     <DIR>    d--------    C:\Documents and Settings\hsj\Dokumenter
2008-05-26 15:55 . 28-08-06 09:55     <DIR>    d--------    C:\Documents and Settings\hsj\Application Data\Symantec
2008-05-26 15:55 . 28-04-03 05:23     <DIR>    d--h-----    C:\Documents and Settings\hsj\Andre computere
2008-05-26 15:55 . 26-05-08 15:55     <DIR>    d--------    C:\Documents and Settings\hsj
2008-05-26 15:33 . 19-06-03 20:05     19,728    --a------    C:\WINNT\system32\hidserv.exe
2008-05-26 15:33 . 11-02-00 21:21     13,744    --a------    C:\WINNT\system32\drivers\kbdhid.sys
2008-05-26 08:20 . 26-05-08 08:20     <DIR>    d--------    C:\WINNT\Resources
2008-05-26 08:20 . 26-05-08 08:20     <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-05-26 08:20 . 26-05-08 08:20     113    --a------    C:\345543.bat
2008-05-25 18:17 . 25-05-08 15:15     94,208    --a------    C:\WINNT\etkq.exe
2008-05-25 17:52 . 25-05-08 17:52     <DIR>    d--------    C:\Programmer\OpenOffice.org 2.4
2008-05-25 16:26 . 25-05-08 16:26     <DIR>    d--------    C:\Programmer\Fælles filer\Adobe AIR
2008-05-25 11:12 . 25-05-08 11:12     <DIR>    d--------    C:\WINNT\winsxs

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-04-28 03:29    271    ---h--w    C:\Programmer\desktop.ini
2003-04-28 03:29    22,029    ---h--w    C:\Programmer\folder.htt
2002-08-22 15:00    32,528    ----a-w    C:\WINNT\inf\wbfirdma.sys
.

------- Sigcheck -------


.
(((((((((((((((((((((((((((((  snapshot@ti 27-05-2008_ 9.26.08,64  )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-28 12:25:46    45,056    ----a-w    C:\WINNT\BDOSCAN8\avxdisk.dll
+ 2008-05-28 12:25:46    10,240    ----a-w    C:\WINNT\BDOSCAN8\avxs.dll
+ 2008-05-28 12:25:46    27,136    ----a-w    C:\WINNT\BDOSCAN8\avxt.dll
+ 2008-05-28 12:25:48    181,760    ----a-w    C:\WINNT\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48    118,784    ----a-w    C:\WINNT\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48    53,248    ----a-w    C:\WINNT\BDOSCAN8\ipsupd.dll
+ 2008-05-28 12:25:48    142,848    ----a-w    C:\WINNT\BDOSCAN8\libfn.dll
+ 2008-05-28 12:25:46    86,016    ----a-w    C:\WINNT\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48    53,248    ----a-w    C:\WINNT\bdoscandel.exe
+ 2008-01-09 13:01:48    118,784    ----a-w    C:\WINNT\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48    53,248    ----a-w    C:\WINNT\Downloaded Program Files\ipsupd.dll
+ 2008-05-29 06:06:02    34,304    ----a-r    C:\WINNT\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2008-01-21 16:12:10    59,968    ----a-w    C:\WINNT\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28    18,496    ----a-w    C:\WINNT\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:54    79,424    ----a-w    C:\WINNT\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22    28,352    ----a-w    C:\WINNT\system32\drivers\ssmdrv.sys
+ 2005-05-24 10:27:16    213,048    ----a-w    C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20    94,208    ----a-w    C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54    950,272    ----a-w    C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-05-29 06:53:46    16,384    ----a-w    C:\WINNT\system32\Perflib_Perfdata_3c0.dat
- 2005-05-26 02:19:32    173,536    ----a-w    C:\WINNT\system32\wuweb.dll
+ 2007-07-30 17:19:46    203,096    ----a-w    C:\WINNT\system32\wuweb.dll
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [22-08-02 17:00  20752 C:\WINNT\system32\internat.exe]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [28-01-08 11:43  2097488]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29-02-08 16:03  1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINNT\System32\igfxtray.exe" [09-09-02 00:18  155648]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [09-09-02 00:05  114688]
"Synchronization Manager"="mobsync.exe" [19-06-03 20:05  111888 C:\WINNT\system32\mobsync.exe]
"PROMon.exe"="PROMon.exe" [18-04-02 18:32  73728 C:\WINNT\system32\PROMon.exe]
"UC_SMB"="" []
"Smapp"="C:\Programmer\Analog Devices\SoundMAX\Smtray.exe" [26-06-02 16:36  90112]
"NeroCheck"="C:\WINNT\System32\\NeroCheck.exe" [09-07-01 12:50  155648]
"RealTray"="C:\Programmer\Real\RealPlayer\RealPlay.exe" [24-06-03 21:36  26112]
"StorageGuard"="C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" [18-06-02 00:01  155648]
"Share-to-Web Namespace Daemon"="C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [11-04-02 04:19  69632]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [13-08-04 19:05  2532576]
"HP Component Manager"="C:\Programmer\HP\hpcoretech\hpcmpmgr.exe" [22-12-03 08:38  241664]
"HP Software Update"="C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [18-02-04 19:55  49152]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [04-03-04 16:46  172032]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-08 22:16  39792]
"avgnt"="C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12-02-08 10:06  262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [22-08-02 17:00  20752 C:\WINNT\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe" [19-06-03 20:05  187664]

C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\
OpenOffice.org 2.4.lnk - C:\Programmer\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 17:54:44 393216]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
WinZip Quick Pick.lnk - C:\Programmer\WinZip\WZQKPICK.EXE [2008-05-28 09:20:50 106560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [20-12-06 12:55  77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 19-04-07 12:41  294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

R2 NMSSvc;Intel(R) NMS;C:\WINNT\System32\NMSSvc.exe [03-05-02 12:36 ]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINNT\system32\drivers\NMSCFG.SYS [03-05-02 12:36 ]
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [19-06-03 20:05 ]
S4 BsUDF;InCD UDF Driver;C:\WINNT\system32\drivers\BsUDF.sys [27-01-03 21:46 ]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 06:00:02 C:\WINNT\Tasks\Scheduled Snapshot.job"
- C:\CFGSAFE\SCHWIZEX.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 08:54:55
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 29-05-2008  8:55:23
ComboFix-quarantined-files.txt  2008-05-29 06:55:18
ComboFix3.txt  2008-05-27 07:26:40
ComboFix2.txt  2008-05-27 11:31:18

Pre-Run: 32,173,719,552 byte ledig
Post-Run: 32,166,969,344 byte ledig

156





********************** SuperAntiSpyware *****************************
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/29/2008 at 08:37 AM

Application Version : 4.0.1154

Core Rules Database Version : 3470
Trace Rules Database Version: 1461

Scan type      : Complete Scan
Total Scan Time : 00:23:57

Memory items scanned      : 149
Memory threats detected  : 1
Registry items scanned    : 3404
Registry threats detected : 15
File items scanned        : 11923
File threats detected    : 2

Trojan.Vundo-Variant/Small-GEN
    C:\WINNT\SYSTEM32\RQRLDBSS.DLL
    C:\WINNT\SYSTEM32\RQRLDBSS.DLL

Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}
    HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}
    HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}
    HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}\InprocServer32
    HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}\InprocServer32#ThreadingModel
    HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}\ProgID
    HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}\Programmable
    HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}\TypeLib
    HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}\VersionIndependentProgID
    C:\WINNT\BOQNRWDMVDR.DLL

Trojan.Vundo-Variant/Small
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48F0B738-34A6-4113-B966-33C4EF85BCD9}
    HKCR\CLSID\{48F0B738-34A6-4113-B966-33C4EF85BCD9}
    HKCR\CLSID\{48F0B738-34A6-4113-B966-33C4EF85BCD9}\InprocServer32
    HKCR\CLSID\{48F0B738-34A6-4113-B966-33C4EF85BCD9}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{48F0B738-34A6-4113-B966-33C4EF85BCD9}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rqRLdBss
Avatar billede Computer Hjælp (Gratis) Mester
29. maj 2008 - 12:40 #1
I første omgang ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

------------------------------------------------------------------------

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.
Avatar billede schievelbein Nybegynder
29. maj 2008 - 13:10 #2
Hejsa

Jeg har gjort som du foreslog. "Virus Alert!" står stativæk ved siden af klokken i neders højre hjørne.

Her er log filen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04: VIRUS ALERT!, on 29-05-2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\PROMon.exe
C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\internat.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\OpenOffice.org 2.4\program\soffice.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.BIN
C:\Documents and Settings\Administrator\Skrivebord\Ny mappe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmer\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211953879765
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINNT\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6913 bytes
Avatar billede Computer Hjælp (Gratis) Mester
29. maj 2008 - 16:23 #3
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINNT\SYSTEM32\PLSRemote.exe (file missing)

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

PS: Jeg har noget mere oprydning; det tager vi bagefter!
Avatar billede schievelbein Nybegynder
29. maj 2008 - 16:37 #4
ok men jeg for først tid til at kikke på det, på mandag.
Avatar billede schievelbein Nybegynder
02. juni 2008 - 08:38 #5
Den skriver statigvæk "VIRUS ALLERT!" ved siden af klokken

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:32: VIRUS ALERT!, on 02-06-2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\PROMon.exe
C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\Programmer\VERITAS Software\Update Manager\sgtray.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.BIN
C:\Documents and Settings\Administrator\Skrivebord\Ny mappe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmer\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211953879765
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINNT\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6532 bytes
Avatar billede Computer Hjælp (Gratis) Mester
02. juni 2008 - 16:16 #6
Hmmm...

------------------

Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten (Hvis den er der?)
* PLSRemote Service
Stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

------------------

I HiJackThis fixe denne linie ->

O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINNT\SYSTEM32\PLSRemote.exe (file missing)

------------------

Lad SAS (SUPERAntiSpyware) køre helt færdig...

------------------

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

NB: Inden næste kørsel med HiJackThis.exe skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!
Avatar billede schievelbein Nybegynder
03. juni 2008 - 21:58 #7
Hej igen

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55: VIRUS ALERT!, on 03-06-2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\PROMon.exe
C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\Programmer\VERITAS Software\Update Manager\sgtray.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.BIN
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Administrator\Skrivebord\Ny mappe\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmer\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211953879765
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6563 bytes
Avatar billede Computer Hjælp (Gratis) Mester
04. juni 2008 - 06:53 #8
Hvordan kører PC'en så nu ?
Avatar billede schievelbein Nybegynder
05. juni 2008 - 09:47 #9
PC'eren køre OK, men der sår start statigvæk "VIRUS ALERT!" ved siden af uret
Avatar billede Computer Hjælp (Gratis) Mester
05. juni 2008 - 17:41 #10
Ja det ser 'sjovt' ud i Logfilen ->

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55: VIRUS ALERT!, on 03-06-2008

Burde se sådan ud ->
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:52:28, on 04-06-2008

---------
Avatar billede Computer Hjælp (Gratis) Mester
05. juni 2008 - 17:44 #11
Aha - Man kan faktisk godt putte en stump valgfri tekst ind imellem ved [klokkeslet]+[dato] informationen i tastbaren (ved siden af 'uret')...

Har engang læst/set det trix...
Avatar billede Computer Hjælp (Gratis) Mester
05. juni 2008 - 17:48 #12
[Start][Kør][REGEDIT] - ENTER

Så dukker et billed op alá stifinder...

Søg [F3] efter strengen (PRÆCIST)

VIRUS ALERT!

og slet den stump tekst. Du skal muligvis taste ENTER når/hvis den er fundet og så slet KUN den tekstdel.

Eller evt. fortæl mig hvor den blev fundet. Hvad der står i strengen/linien ?

Gå pænt ud af REGEDIT programmet. Genstart.
Hvad så ?
Avatar billede schievelbein Nybegynder
05. juni 2008 - 20:55 #13
Det forsvat det, men det står statigvæk i en nøgle :
HKEY_LOCAL_MACHINE\SOTWARE\Microsoft\Windows NT\CurrentVersion\ProduktId=VIRUS ALERT"


Ellers ser alt andet OK ud
Avatar billede Computer Hjælp (Gratis) Mester
05. juni 2008 - 21:09 #14
BINGO

Ændre keyen

HKEY_LOCAL_MACHINE\SOTWARE\Microsoft\Windows NT\CurrentVersion\ProduktId=VIRUS ALERT"
=>
HKEY_LOCAL_MACHINE\SOTWARE\Microsoft\Windows NT\CurrentVersion\ProduktId=Anders And"

(Eller hvad du nu vil *S* )
Avatar billede schievelbein Nybegynder
06. juni 2008 - 12:00 #15
OK tak for hjælpen
Avatar billede Computer Hjælp (Gratis) Mester
06. juni 2008 - 18:31 #16
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Safe Surfing...

--------------
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 10:07 2 Ipads - gammel og ny Af nu_igen i Tablet
I dag 08:53 Omdanne link af billede til image Af karina1971 i Excel
I dag 08:16 Autotekster i Outlook. Af SilentSloth i Chat & Messaging
I dag 01:39 Ipad lyd slår fra Af nu_igen i Apps til iOS
I går 14:48 Datoformat ved eksport til Excel Af dane022 i PHP
White papers
Flere white papers »


Premium
Teaser billede
Salesforce-CEO kalder kæmpe AI-sats for det "største gennembrud nogensinde" – men er det bare varm luft?
Læs mere »
Så meget er it-udgifterne i din kommune steget på 10 år: Gå på opdagelse i i Computerworlds interaktive Danmarkskort
Efter pludselig annullering: Nu er Energinet klar igen med stor-udbud - prisen er steget med 50 millioner kroner
Vinder Computerworlds Top 100: Her er Danmarks dygtigste it-virksomhed lige nu
Se alle »
Computerworld
Teaser billede
Apple klar med ny iOS 18 til din iPhone: Husk at slå den nye besked-funktion til
Læs mere »
Apple ændrer grundlæggende om på den måde, som din iPhone skal opdateres på
Guide: Sådan wiper du dine harddrev og andre medier, så ingen kan læse dem – nogensinde
Test: Det kan ikke gå helt galt med B&O-lyd til under 1.000 kroner
Se alle »
CIO
Teaser billede
Dansk top-CIO går i rette med professor: Vi kan altså ikke undvære it-afdelingerne - vil være helt forkert beslutning at afvikle dem
Læs mere »
Kæmpe-aftale: Sælger 68.000 Copilot-licenser med et pennestrøg
Tre måneder efter sin tiltræden har Nilfisk-CIO Anders Liechti lagt sin it-strategi - her er de fem store punkter
Søstrene Grene skifter Microsoft ud med SAP og rykker for første gang i clouden i stor ERP-transformation
Se alle »
Job & Karriere
Teaser billede
Pludselig exit fra Schultz kom som en overraskelse for Merete Søby: Derfor stoppede samarbejdet
Læs mere »
Merete Søby fratræder med omgående virkning som CEO for Schultz efter blot tre måneder på posten
Professor: "Det er på høje tid at opløse virksomhedernes it-afdelinger"
Kom tæt på Danmarks nye digitaliserings-minister: 33-årige Caroline Stage Olsen er tidligere tobaks-lobbyist - har været aktiv i politik siden hun var helt ung
Se alle »
White paper
Teaser billede
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Læs mere »
Sådan høster du forretningsfordelene ved Internet of Things
Få mere ud af din cloudinfrastruktur og gør op med de konstant stigende omkostninger
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »