protect.trustedantivirus.com / Virus Allert!
Jeg har søgt flere steder på nette, og prøvet diverse virus scanner / spy scanner, men ikke noget har hjulpen.Det startede med at jeg fik 3 ekstra ikoner på skrivebordet, og at jeg som administrator blev nægte adgang til visse dele (kontrol panel, ”CMD”, ”REGEDI”). Dette fik jeg fikset ved at kære disse programmer som i foreslår i ”artikler/123”, men når jeg surfer rund på dvs. hjemme sider, så kommer der tit en side frem hvor den skriver noget i retningen af ”Virus Detektet”, og der kommer 2 link man kan klikke på, eller at der kommer en ”AktivX” der henviser til siden ” protect.trustedantivirus.com” Det skal lige siges at efter jeg har kørt de programmer som så beskrevet i artiklen ”123” så ser dette ikke ud til at give probler PT.
Til gengæld har jeg stadigvæk problemer med at der ”VIRUS ALERT!” nede ved siden af mit ur, og derfor tro jeg ikke at det er helt væk i nu.
MVH
Schievelbein
*******************************Hijackthis *******************************
Logfile of HijackThis v1.99.1
Scan saved at 08:49: VIRUS ALERT!, on 29-05-2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\PROMon.exe
C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\Programmer\VERITAS Software\Update Manager\sgtray.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\internat.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\OpenOffice.org 2.4\program\soffice.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.BIN
C:\Documents and Settings\Administrator\Skrivebord\Ny mappe\Hijakthis\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmer\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211953879765
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINNT\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
******************************** Combifix ******************************
ComboFix 08-05-28.4 - Administrator 29-05-2008 8:53:41.3 - FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1030.18.81 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\Ny mappe\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.
2008-05-29 08:06 . 29-05-08 08:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-29 08:05 . 29-05-08 08:05 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-05-29 08:05 . 29-05-08 08:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-29 08:00 . 29-05-08 08:00 <DIR> d-------- C:\Programmer\CCleaner
2008-05-29 07:50 . 29-05-08 07:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-28 15:21 . 28-05-08 15:16 233,252,201 --a------ C:\temp\C_DATA.DAT
2008-05-28 14:25 . 28-05-08 14:25 <DIR> d-------- C:\WINNT\BDOSCAN8
2008-05-28 09:40 . 28-05-08 09:40 16,384 --a------ C:\WINNT\system32\Perflib_Perfdata_860.dat
2008-05-28 09:29 . 28-05-08 09:29 <DIR> d-------- C:\Programmer\Lavasoft
2008-05-28 09:29 . 28-05-08 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 09:22 . 28-05-08 09:22 16,384 --a------ C:\WINNT\system32\Perflib_Perfdata_454.dat
2008-05-28 09:21 . 28-05-08 09:21 <DIR> d-------- C:\Deckard
2008-05-28 08:03 . 28-05-08 08:03 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2008-05-28 08:03 . 28-05-08 08:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 07:55 . 28-05-08 07:55 <DIR> d-------- C:\VundoFix Backups
2008-05-27 21:12 . 27-05-08 21:12 <DIR> d-------- C:\Programmer\Spybot - Search & Destroy
2008-05-27 21:12 . 27-05-08 21:08 691,545 --a------ C:\WINNT\unins000.exe
2008-05-27 21:12 . 27-05-08 21:12 2,562 --a------ C:\WINNT\unins000.dat
2008-05-27 15:11 . 27-05-08 15:11 <DIR> d-------- C:\Programmer\Avira
2008-05-27 15:11 . 27-05-08 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-27 14:45 . 27-05-08 14:45 <DIR> d-------- C:\Programmer\Enigma Software Group
2008-05-27 13:33 . 27-05-08 13:53 3,600 --a------ C:\WINNT\system32\tmp.reg
2008-05-27 09:46 . 27-05-08 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-27 07:49 . 27-05-08 07:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-26 16:05 . 26-05-08 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-26 15:56 . 26-05-08 15:56 <DIR> d-------- C:\Documents and Settings\hsj\Application Data\VERITAS
2008-05-26 15:56 . 26-05-08 15:56 <DIR> d-------- C:\Documents and Settings\hsj\Application Data\TmpRecentIcons
2008-05-26 15:56 . 26-05-08 15:56 <DIR> d-------- C:\Documents and Settings\hsj\Application Data\Mappen Share-to-Web-overførsel
2008-05-26 15:55 . 28-04-03 05:23 <DIR> d-------- C:\Documents and Settings\hsj\Skrivebord
2008-05-26 15:55 . 28-04-03 05:23 <DIR> d--h----- C:\Documents and Settings\hsj\Skabeloner
2008-05-26 15:55 . 28-04-03 05:23 <DIR> d--h----- C:\Documents and Settings\hsj\Printere
2008-05-26 15:55 . 28-04-03 05:23 <DIR> d-------- C:\Documents and Settings\hsj\Menuen Start
2008-05-26 15:55 . 28-04-03 05:23 <DIR> d--h----- C:\Documents and Settings\hsj\Lokale indstillinger
2008-05-26 15:55 . 26-05-08 15:55 <DIR> dr------- C:\Documents and Settings\hsj\Foretrukne
2008-05-26 15:55 . 28-04-03 05:23 <DIR> d-------- C:\Documents and Settings\hsj\Dokumenter
2008-05-26 15:55 . 28-08-06 09:55 <DIR> d-------- C:\Documents and Settings\hsj\Application Data\Symantec
2008-05-26 15:55 . 28-04-03 05:23 <DIR> d--h----- C:\Documents and Settings\hsj\Andre computere
2008-05-26 15:55 . 26-05-08 15:55 <DIR> d-------- C:\Documents and Settings\hsj
2008-05-26 15:33 . 19-06-03 20:05 19,728 --a------ C:\WINNT\system32\hidserv.exe
2008-05-26 15:33 . 11-02-00 21:21 13,744 --a------ C:\WINNT\system32\drivers\kbdhid.sys
2008-05-26 08:20 . 26-05-08 08:20 <DIR> d-------- C:\WINNT\Resources
2008-05-26 08:20 . 26-05-08 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-05-26 08:20 . 26-05-08 08:20 113 --a------ C:\345543.bat
2008-05-25 18:17 . 25-05-08 15:15 94,208 --a------ C:\WINNT\etkq.exe
2008-05-25 17:52 . 25-05-08 17:52 <DIR> d-------- C:\Programmer\OpenOffice.org 2.4
2008-05-25 16:26 . 25-05-08 16:26 <DIR> d-------- C:\Programmer\Fælles filer\Adobe AIR
2008-05-25 11:12 . 25-05-08 11:12 <DIR> d-------- C:\WINNT\winsxs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-04-28 03:29 271 ---h--w C:\Programmer\desktop.ini
2003-04-28 03:29 22,029 ---h--w C:\Programmer\folder.htt
2002-08-22 15:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@ti 27-05-2008_ 9.26.08,64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-28 12:25:46 45,056 ----a-w C:\WINNT\BDOSCAN8\avxdisk.dll
+ 2008-05-28 12:25:46 10,240 ----a-w C:\WINNT\BDOSCAN8\avxs.dll
+ 2008-05-28 12:25:46 27,136 ----a-w C:\WINNT\BDOSCAN8\avxt.dll
+ 2008-05-28 12:25:48 181,760 ----a-w C:\WINNT\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINNT\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINNT\BDOSCAN8\ipsupd.dll
+ 2008-05-28 12:25:48 142,848 ----a-w C:\WINNT\BDOSCAN8\libfn.dll
+ 2008-05-28 12:25:46 86,016 ----a-w C:\WINNT\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINNT\bdoscandel.exe
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINNT\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINNT\Downloaded Program Files\ipsupd.dll
+ 2008-05-29 06:06:02 34,304 ----a-r C:\WINNT\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2008-01-21 16:12:10 59,968 ----a-w C:\WINNT\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 18,496 ----a-w C:\WINNT\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:54 79,424 ----a-w C:\WINNT\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINNT\system32\drivers\ssmdrv.sys
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-05-29 06:53:46 16,384 ----a-w C:\WINNT\system32\Perflib_Perfdata_3c0.dat
- 2005-05-26 02:19:32 173,536 ----a-w C:\WINNT\system32\wuweb.dll
+ 2007-07-30 17:19:46 203,096 ----a-w C:\WINNT\system32\wuweb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [22-08-02 17:00 20752 C:\WINNT\system32\internat.exe]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [28-01-08 11:43 2097488]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29-02-08 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINNT\System32\igfxtray.exe" [09-09-02 00:18 155648]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [09-09-02 00:05 114688]
"Synchronization Manager"="mobsync.exe" [19-06-03 20:05 111888 C:\WINNT\system32\mobsync.exe]
"PROMon.exe"="PROMon.exe" [18-04-02 18:32 73728 C:\WINNT\system32\PROMon.exe]
"UC_SMB"="" []
"Smapp"="C:\Programmer\Analog Devices\SoundMAX\Smtray.exe" [26-06-02 16:36 90112]
"NeroCheck"="C:\WINNT\System32\\NeroCheck.exe" [09-07-01 12:50 155648]
"RealTray"="C:\Programmer\Real\RealPlayer\RealPlay.exe" [24-06-03 21:36 26112]
"StorageGuard"="C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" [18-06-02 00:01 155648]
"Share-to-Web Namespace Daemon"="C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [11-04-02 04:19 69632]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [13-08-04 19:05 2532576]
"HP Component Manager"="C:\Programmer\HP\hpcoretech\hpcmpmgr.exe" [22-12-03 08:38 241664]
"HP Software Update"="C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [18-02-04 19:55 49152]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [04-03-04 16:46 172032]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-08 22:16 39792]
"avgnt"="C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12-02-08 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [22-08-02 17:00 20752 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe" [19-06-03 20:05 187664]
C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\
OpenOffice.org 2.4.lnk - C:\Programmer\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 17:54:44 393216]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
WinZip Quick Pick.lnk - C:\Programmer\WinZip\WZQKPICK.EXE [2008-05-28 09:20:50 106560]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [20-12-06 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 19-04-07 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
R2 NMSSvc;Intel(R) NMS;C:\WINNT\System32\NMSSvc.exe [03-05-02 12:36 ]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINNT\system32\drivers\NMSCFG.SYS [03-05-02 12:36 ]
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [19-06-03 20:05 ]
S4 BsUDF;InCD UDF Driver;C:\WINNT\system32\drivers\BsUDF.sys [27-01-03 21:46 ]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 06:00:02 C:\WINNT\Tasks\Scheduled Snapshot.job"
- C:\CFGSAFE\SCHWIZEX.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 08:54:55
Windows 5.0.2195 Service Pack 4 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 29-05-2008 8:55:23
ComboFix-quarantined-files.txt 2008-05-29 06:55:18
ComboFix3.txt 2008-05-27 07:26:40
ComboFix2.txt 2008-05-27 11:31:18
Pre-Run: 32,173,719,552 byte ledig
Post-Run: 32,166,969,344 byte ledig
156
********************** SuperAntiSpyware *****************************
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/29/2008 at 08:37 AM
Application Version : 4.0.1154
Core Rules Database Version : 3470
Trace Rules Database Version: 1461
Scan type : Complete Scan
Total Scan Time : 00:23:57
Memory items scanned : 149
Memory threats detected : 1
Registry items scanned : 3404
Registry threats detected : 15
File items scanned : 11923
File threats detected : 2
Trojan.Vundo-Variant/Small-GEN
C:\WINNT\SYSTEM32\RQRLDBSS.DLL
C:\WINNT\SYSTEM32\RQRLDBSS.DLL
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}
HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}
HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}
HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}\InprocServer32
HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}\InprocServer32#ThreadingModel
HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}\ProgID
HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}\Programmable
HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}\TypeLib
HKCR\CLSID\{4EE62603-9BB7-462B-8A8D-E9F4BF11BE49}\VersionIndependentProgID
C:\WINNT\BOQNRWDMVDR.DLL
Trojan.Vundo-Variant/Small
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48F0B738-34A6-4113-B966-33C4EF85BCD9}
HKCR\CLSID\{48F0B738-34A6-4113-B966-33C4EF85BCD9}
HKCR\CLSID\{48F0B738-34A6-4113-B966-33C4EF85BCD9}\InprocServer32
HKCR\CLSID\{48F0B738-34A6-4113-B966-33C4EF85BCD9}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{48F0B738-34A6-4113-B966-33C4EF85BCD9}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rqRLdBss