Søg
Avatar billede peterlund83 Nybegynder
21. februar 2006 - 11:40 Der er 8 kommentarer

Problemer med "Your computer is infeceted" og "Spy Falcon" virus!

Jeg er endnu engang blevet ramt af denne meget irriterende virus, som forsager en konstant pop-up hvori den skriver at min computer er inficeret med virus. Den installere selv dette antispyware program "Spyfalcon". Hvad skal jeg gøre for at fjerne skidtet???

Her har i min log:

Logfile of HijackThis v1.99.1
Scan saved at 11:39:57, on 21-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
J:\WINDOWS\system32\DVDRAMSV.exe
J:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
J:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\ZoneLabs\vsmon.exe
J:\WINDOWS\system32\wscntfy.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\mssearchnet.exe
J:\WINDOWS\system32\nvctrl.exe
J:\WINDOWS\Dit.exe
J:\WINDOWS\system32\RunDll32.exe
J:\WINDOWS\system32\PRISMSTA.EXE
J:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
J:\WINDOWS\MXOALDR.EXE
J:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
J:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
J:\WINDOWS\system32\LVCOMSX.EXE
J:\Program Files\Logitech\Video\LogiTray.exe
J:\Program Files\MSN Messenger\msnmsgr.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
J:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
J:\WINDOWS\system32\RAMASST.exe
J:\WINDOWS\DitExp.exe
J:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
J:\Program Files\Logitech\Video\FxSvr2.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\SpyFalcon\spyfalcon.exe
J:\Program Files\SpyFalcon\spyfalcon.exe
J:\Program Files\Antivirus\hjt.exe

O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - J:\WINDOWS\system32\hpCBB4.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - j:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] J:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MXO Auto Loader] J:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] J:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MXOBG] J:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] J:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] J:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Zone Labs Client] J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LVCOMSX] J:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] J:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] J:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SpyFalcon] J:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [msnmsgr] "J:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] J:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "J:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Gamma Loader.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = J:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = J:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google-søgning - res://j:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://j:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Lignende sider - res://j:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://j:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://j:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.v-codec.com/getcodec/SVideoCodec4_01a.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photocare.dk/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://pgdownload.dacom.net/keycrypt/npkcx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "J:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - J:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - J:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - J:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - J:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - J:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - Unknown owner - J:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - J:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - J:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - J:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - J:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - J:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Håber på at høre fra jer snarest!

Bedste hilsner
Peter
Avatar billede levich Nybegynder
21. februar 2006 - 12:55 #1
jeg ser på det, øjeblik
Avatar billede levich Nybegynder
21. februar 2006 - 13:13 #2
(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Hent http://downloads.stevengould.org/cleanup/CleanUp40.exe
Læs vejledningen til Cleanup her: http://www.bleepingcomputer.com/forums/tutorial93.html

Hent scannereren http://www.spywareinfo.dk/download/mwav.exe.

Hent og udpak Killbox http://www.bleepingcomputer.com/files/spyware/KillBox.zip

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - J:\WINDOWS\system32\hpCBB4.tmp
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SpyFalcon] J:\Program Files\SpyFalcon\SpyFalcon.exe /h
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.v-codec.com/getcodec/SVideoCodec4_01a.exe
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://pgdownload.dacom.net/keycrypt/npkcx.cab

(4)
Tast CTRL+ALT+DEL, vælg faneblade Processer og find denne fil(er):
Dit.exe
mssearchnet.exe
nvctrl.exe
Højreklik på filen og vælg Afslut.

(5)
Åbn en tilfældig mappe, i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende fil(er):
J:\WINDOWS\system32\hpCBB4.tmp
J:\WINDOWS\system32\mssearchnet.exe
J:\WINDOWS\system32\nvctrl.exe
J:\WINDOWS\Dit.exe
... og følgende mappe(r):
J:\Program Files\SpyFalcon\

(6)
Kør scanneren mwav.exe, og sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files. Tryk på Scan Clean.
Scanningen kan godt nogen tid.

(7)
Kør Cleanup. Gå til option og sæt flueben ved cookies, prefetch, temp og all users. Tryk på “cleanup”.

(8)
Start KillBox, sæt prik i "Delete on reboot", kopier nedenstående filnavn(e) til tekstfeltet i Killbox og klik herefter på den røde knap med det hvide kryds. Gentag det for alle filerne, men sig først ja til at genstarte, når du kommer til den sidste fil. Du skal genstarte i fejlsikret tilstand.

J:\WINDOWS\system32\mssearchnet.exe
J:\WINDOWS\system32\nvctrl.exe
J:\WINDOWS\Dit.exe

(9)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(10)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.

(11)
Når vi er helt færdige, så husk at aktiver systemgendannelse igen.
Avatar billede peterlund83 Nybegynder
21. februar 2006 - 20:00 #3
Jeg har gjort alt som du foreskrev, desværre har det ikke virket. Da jeg starter computeren op normalt til sidst. Kommer denne "Virus alert" frem på system tray og programmet "Spy Falcon" springer frem af den blå luft. Jeg lod også mærke til at da jeg var i Fejlsikret tilstand det blev denne "Virus Alert" ved med at blinke, ikke på noget tidspunkt forsvandt den... men anyway, her er min log:

Logfile of HijackThis v1.99.1
Scan saved at 19:57:52, on 21-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
J:\WINDOWS\system32\DVDRAMSV.exe
J:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
J:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\ZoneLabs\vsmon.exe
J:\WINDOWS\system32\RunDll32.exe
J:\WINDOWS\system32\PRISMSTA.EXE
J:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
J:\WINDOWS\MXOALDR.EXE
J:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
J:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
J:\WINDOWS\system32\LVCOMSX.EXE
J:\Program Files\Logitech\Video\LogiTray.exe
J:\Program Files\MSN Messenger\msnmsgr.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
J:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
J:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
J:\WINDOWS\system32\RAMASST.exe
J:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
J:\Program Files\Logitech\Video\FxSvr2.exe
J:\WINDOWS\system32\wscntfy.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\system32\wuauclt.exe
J:\Program Files\Antivirus\hjt.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - j:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] J:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MXO Auto Loader] J:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] J:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MXOBG] J:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] J:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] J:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Zone Labs Client] J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LVCOMSX] J:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] J:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] J:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SpyFalcon] J:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [msnmsgr] "J:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] J:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "J:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = J:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = J:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google-søgning - res://j:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://j:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Lignende sider - res://j:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://j:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://j:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photocare.dk/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "J:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - J:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - J:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - J:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - J:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - J:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - Unknown owner - J:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - J:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - J:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - J:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - J:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - J:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Avatar billede levich Nybegynder
21. februar 2006 - 20:34 #4
Ok, nu tror jeg, at jeg har den.

(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Hent scannereren http://www.spywareinfo.dk/download/mwav.exe.

Hent smitrem.exe: http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Dobbeltklik på smitrem.exe og udpak til c:\smitrem

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
O4 - HKLM\..\Run: [SpyFalcon] J:\Program Files\SpyFalcon\SpyFalcon.exe /h
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)

(4)
Dobbeltklik på c:\smitrem\RunThis.bat, hvilket starter programmet, som sletter nogle inficerede filer.

(5)
Åbn en tilfældig mappe, i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende mappe(r):
J:\Program Files\SpyFalcon\

(6)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(7)
Kør scanneren mwav.exe, og sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files. Tryk på Scan Clean.
Scanningen kan godt tage nogen tid.

(8)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.

(9)
Når vi er helt færdige, så husk at aktiver systemgendannelse igen.
Avatar billede peterlund83 Nybegynder
22. februar 2006 - 18:00 #5
Har igen fulgt dine anvisninger og indtil videre har programmet ikke installeret sig selv men jeg får stadig den samme pop-up fra system tray!

Logfile of HijackThis v1.99.1
Scan saved at 17:58:50, on 22-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
J:\WINDOWS\system32\DVDRAMSV.exe
J:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
J:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
J:\WINDOWS\system32\RunDll32.exe
J:\WINDOWS\system32\PRISMSTA.EXE
J:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
J:\WINDOWS\MXOALDR.EXE
J:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
J:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
J:\WINDOWS\system32\LVCOMSX.EXE
J:\Program Files\Logitech\Video\LogiTray.exe
J:\Program Files\MSN Messenger\msnmsgr.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
J:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
J:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
J:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
J:\Program Files\Logitech\Video\FxSvr2.exe
J:\WINDOWS\system32\RAMASST.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\ZoneLabs\vsmon.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\system32\wscntfy.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Outlook Express\msimn.exe
J:\Program Files\Antivirus\hjt.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - j:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] J:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MXO Auto Loader] J:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] J:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MXOBG] J:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] J:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] J:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Zone Labs Client] J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LVCOMSX] J:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] J:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] J:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [msnmsgr] "J:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] J:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "J:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = J:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Easy-PrintToolBox.lnk = J:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = J:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google-søgning - res://j:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://j:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Lignende sider - res://j:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://j:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://j:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photocare.dk/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "J:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - J:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - J:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - J:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - J:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - J:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - Unknown owner - J:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - J:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - J:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - J:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - J:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - J:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Avatar billede levich Nybegynder
22. februar 2006 - 19:44 #6
Installer venligst en antivirusprogram, f.eks. dette som er gratis: http://free.grisoft.com/doc/2/lng/us/tpl/v5

Når du har installeret et-eller-andet program, så opdater og scan hele computeren.

Sidder du på et lokalnetværk, f.eks. et kollegium?
Avatar billede levich Nybegynder
11. marts 2006 - 17:04 #7
Jeg regner med at problemet er løst? Pointtildeling, tak.
Avatar billede levich Nybegynder
04. juni 2006 - 13:55 #8
Problemet er altså ikke løst?
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 09:02 Glemt adgangskode Af summer i Windows
I går 15:29 Opdatering af Windows 11 Af ingeman i Windows
I går 14:10 burgermenu til hjemmeside - hjælp! Af SabrinaL i Andet programmering
11/1113:19 Strømforsyning ekstern harddisk Af clausito i NAS & storage
11/1111:06 Wifi 7 Af skolevej321 i Routere & Switches
White papers
Flere white papers »