Søg
Avatar billede jk- Nybegynder
21. juli 2008 - 10:10 Der er 4 kommentarer og
1 løsning

Hijackthis. Falsk antivirus.

Når jeg starter computeren op her så er der falsk virus program der starter.

Har fulgt http://www.eksperten.dk/artikler/1123 ....

LOGS :

(Og tak for hjælpen på forhånd)

ComboFix 08-07-20.5 - jeppeson 2008-07-21  9:55:25.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.161 [GMT 2:00]
Running from: E:\rem00ce\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menuen Start\Programmer\AntiMalwareGuard
C:\Documents and Settings\All Users\Menuen Start\Programmer\AntiMalwareGuard\AntiMalwareGuard.lnk
C:\Documents and Settings\All Users\Menuen Start\Programmer\AntiMalwareGuard\Uninstall AntiMalwareGuard.lnk
C:\Programmer\AntiMalwareGuard
C:\Programmer\AntiMalwareGuard\amg.exe
C:\Programmer\AntiMalwareGuard\BL.dat
C:\Programmer\AntiMalwareGuard\WL.dat
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gckawcri.dll
C:\WINDOWS\system32\hexhaj.dll
C:\WINDOWS\SYSTEM32\hjxicllu.ini
C:\WINDOWS\system32\lnnckvcj.dll
C:\WINDOWS\system32\lravtpvj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\njrxpi.dll
C:\WINDOWS\system32\nqodwfud.ini
C:\WINDOWS\SYSTEM32\OYIOVvut.ini
C:\WINDOWS\SYSTEM32\OYIOVvut.ini2
C:\WINDOWS\system32\pxoycypl.ini
C:\WINDOWS\system32\qiagqeca.ini
C:\WINDOWS\system32\rhihgnmd.dll
C:\WINDOWS\system32\ullcixjh.dll
C:\WINDOWS\system32\uodtteph.dll
C:\WINDOWS\system32\vxrcfiwf.dll

.
(((((((((((((((((((((((((  Files Created from 2008-06-21 to 2008-07-21  )))))))))))))))))))))))))))))))
.

2008-07-21 08:48 . 2008-07-21 08:48    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-21 08:47 . 2008-07-21 08:47    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-07-21 08:47 .     <DIR>        C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-21 08:47 . 2008-07-21 08:47    <DIR>    d--------    C:\Documents and Settings\jeppeson\Application Data\SUPERAntiSpyware.com
2008-07-15 21:16 . 2008-07-21 10:01    5,572    --a------    C:\WINDOWS\SYSTEM32\Config.MPF
2008-07-15 20:23 . 2008-07-18 09:12    <DIR>    d--------    C:\Programmer\SiteAdvisor
2008-07-15 20:23 . 2008-07-15 20:23    <DIR>    d--------    C:\Documents and Settings\LocalService\Skrivebord
2008-07-15 20:23 . 2008-07-15 20:23    <DIR>    d--------    C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-15 20:23 . 2008-07-15 22:17    <DIR>    d--------    C:\Documents and Settings\jeppeson\Application Data\SiteAdvisor
2008-07-15 20:23 . 2008-07-15 20:23    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-15 20:21 . 2007-12-02 12:51    40,488    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-07-15 20:21 . 2007-11-22 06:44    33,832    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-07-15 20:20 . 2007-11-22 06:44    201,320    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2008-07-15 20:20 . 2007-07-13 06:20    113,952    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-07-15 20:20 . 2007-11-22 06:44    79,304    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-07-15 20:20 . 2007-11-22 06:44    35,240    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-07-15 20:17 . 2008-07-15 20:18    <DIR>    d--------    C:\Programmer\McAfee.com
2008-07-15 20:17 .     <DIR>        C:\Programmer\Fælles filer\McAfee
2008-07-15 20:16 . 2008-07-15 22:13    <DIR>    d--------    C:\Programmer\McAfee
2008-07-15 20:12 . 2008-07-15 20:31    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-15 17:14 . 2008-07-15 17:14    <DIR>    d--------    C:\Programmer\CCleaner
2008-07-15 17:14 . 2008-07-21 08:21    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 20:48 . 2008-07-18 17:28    110,428    --a------    C:\WINDOWS\BM9f6e5979.xml
2008-06-29 17:21 . 2008-07-15 16:59    <DIR>    d-a------    C:\Documents and Settings\All Users\Application Data\TEMP

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 06:21    ---------    d-----w    C:\Programmer\GameHouse
2008-07-15 20:12    ---------    d-----w    C:\Programmer\Symantec
2008-07-15 19:47    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2008-07-15 16:37    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-14 09:43    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-06-14 18:00    272,256    ----a-w    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 18:00    272,256    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-05-08 12:28    202,752    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:16    1,291,776    ----a-w    C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:16    1,291,776    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-04-21 07:03    660,992    ----a-w    C:\WINDOWS\SYSTEM32\wininet.dll
2008-04-21 07:03    660,992    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2008-04-21 07:03    617,984    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2008-04-21 07:03    532,480    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2008-04-21 07:03    474,112    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2008-04-21 07:03    449,024    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2008-04-21 07:03    39,424    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2008-04-21 07:03    3,080,704    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-21 07:03    146,432    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2008-04-21 07:03    1,494,528    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2008-04-21 07:02    96,768    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
2008-04-21 07:02    55,808    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2008-04-21 07:02    357,888    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2008-04-21 07:02    251,392    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2008-04-21 07:02    205,312    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2008-04-21 07:02    16,384    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2008-04-21 07:02    151,552    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2008-04-21 07:02    1,056,256    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2008-04-21 07:02    1,023,488    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 18:19 68856]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programmer\Apoint\Apoint.exe" [2004-08-21 20:04 155648]
"SunJavaUpdateSched"="C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"Dell QuickSet"="C:\Programmer\Dell\QuickSet\quickset.exe" [2004-05-16 22:18 528384]
"PRONoMgr.exe"="C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 19:32 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 03:04 122933]
"PCMService"="C:\Programmer\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15 290816]
"DVDLauncher"="C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 13:43 53248]
"HP Component Manager"="C:\Programmer\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 13:36 229376]
"SiteAdvisor"="C:\Programmer\SiteAdvisor\6261\SiteAdv.exe" [2007-07-27 19:12 36640]
"mcagent_exe"="C:\Programmer\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 14:00 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 14:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe [2004-11-29 19:55:44 569405]
Digital Line Detect.lnk - C:\Programmer\Digital Line Detect\DLG.exe [2004-12-16 16:49:02 24576]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
HP Image Zone Hurtig start.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 08:55 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-27 14:00]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-22 22:01]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-15 18:19:04 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programmer\mcafee\mqc\QcConsol.exe'
"2008-07-15 18:19:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programmer\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-UpdateManager - C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
HKLM-Run-AntiMalwareGuard - C:\Programmer\AntiMalwareGuard\amg.exe
HKLM-Run-9c5d6ae5 - C:\WINDOWS\system32\ullcixjh.dll
HKLM-Run-BM9f6e5979 - C:\WINDOWS\system32\vxrcfiwf.dll
SharedTaskScheduler-{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4} - (no file)
Notify-vtUmlLfG - vtUmlLfG.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.dk/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R0 -: HKCU-Main,Default_Search_URL = hxxp://internetsearchservice.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.euro.dell.com/
R0 -: HKLM-Main,Search Bar = hxxp://internetsearchservice.com/ie6.html
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R1 -: HKLM-Internet Explorer,SearchURL = hxxp://internetsearchservice.com
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm

O16 -: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
C:\WINDOWS\Downloaded Program Files\comp.inf
C:\WINDOWS\Downloaded Program Files\EBJSecurity_2.dll
C:\WINDOWS\Downloaded Program Files\ActiveXSikkerhedssoftware.ocx
C:\WINDOWS\Downloaded Program Files\EBJSecurity_3.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 10:00:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programmer\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\S24EvMon.exe
C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\1XConfig.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Programmer\Fælles filer\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\FÆLLES~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Programmer\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\SYSTEM32\RegSrvc.exe
C:\Programmer\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\SYSTEM32\igfxsrvc.exe
C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Apoint\ApntEx.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Programmer\Fælles filer\PCSuite\Services\NclBTHandler.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-07-21 10:04:05 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-21 08:03:54

Pre-Run: 26,008,510,464 byte ledig
Post-Run: 25,915,129,856 byte ledig

225    --- E O F ---    2008-06-21 13:12:21


Logfile of HijackThis v1.99.1
Scan saved at 09:52:37, on 21-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmer\SiteAdvisor\6261\SiteAdv.exe
C:\Programmer\McAfee.com\Agent\mcagent.exe
C:\Programmer\AntiMalwareGuard\amg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe
c:\PROGRA~1\FÆLLES~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmer\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programmer\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Programmer\Fælles filer\PCSuite\Services\NclBTHandler.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
E:\rem00ce\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tdconline.dk/start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmer\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {82F6FEA3-A6EE-41D7-BF74-59BF9795F15E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: {4329daa9-15e7-6d49-7bd4-a1bfbe85c2da} - {ad2c58eb-fb1a-4db7-94d6-7e519aad9234} - C:\WINDOWS\system32\hexhaj.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmer\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Programmer\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Programmer\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AntiMalwareGuard] C:\Programmer\AntiMalwareGuard\amg.exe
O4 - HKLM\..\Run: [9c5d6ae5] rundll32.exe "C:\WINDOWS\system32\ullcixjh.dll",b
O4 - HKLM\..\Run: [BM9f6e5979] Rundll32.exe "C:\WINDOWS\system32\vxrcfiwf.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmer\SiteAdvisor\6261\SiteAdv.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programmer\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: vtUmlLfG - vtUmlLfG.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmer\fælles filer\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FÆLLES~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmer\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor-tjeneste (SiteAdvisor Service) - Unknown owner - C:\Programmer\SiteAdvisor\6261\SAService.exe





SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/21/2008 at 09:38 AM

Application Version : 4.15.1000

Core Rules Database Version : 3508
Trace Rules Database Version: 1499

Scan type      : Complete Scan
Total Scan Time : 00:43:17

Memory items scanned      : 202
Memory threats detected  : 1
Registry items scanned    : 5127
Registry threats detected : 16
File items scanned        : 14617
File threats detected    : 14

Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\TUVVOIYO.DLL
    C:\WINDOWS\SYSTEM32\TUVVOIYO.DLL

Rogue.PCPrivacyCleaner
    [PCPrivacyCleaner] C:\PROGRAMMER\PCPRIVACYCLEANER\PCPC.EXE
    C:\PROGRAMMER\PCPRIVACYCLEANER\PCPC.EXE
    HKU\S-1-5-21-794621179-1204332826-1642124771-1006\Software\PCPrivacyCleaner
    HKU\S-1-5-21-794621179-1204332826-1642124771-1006\Software\{65DE966D-11D1-4bb1-BF7E-B8A273514DAF}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#PCPrivacyCleaner [ C:\Programmer\PCPrivacyCleaner\pcpc.exe ]
    C:\Programmer\PCPrivacyCleaner
    C:\Documents and Settings\All Users\Menuen Start\Programmer\PCPrivacyCleaner\PCPrivacyCleaner.lnk
    C:\Documents and Settings\All Users\Menuen Start\Programmer\PCPrivacyCleaner\Uninstall PCPrivacyCleaner.lnk
    C:\Documents and Settings\All Users\Menuen Start\Programmer\PCPrivacyCleaner
    C:\Documents and Settings\jeppeson\Skrivebord\PCPrivacyCleaner.lnk
    C:\Documents and Settings\jeppeson\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk
    C:\DOCUMENTS AND SETTINGS\JEPPESON\LOKALE INDSTILLINGER\TEMP\PCPC_SETUP_FREE.EXE
    C:\WINDOWS\Prefetch\PCPC_SETUP_FREE.EXE-0E824DF5.pf

Trojan.Vundo-Variant/Small-GEN
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55B1EB98-DF13-46E0-843C-C1E588A51AB3}
    HKCR\CLSID\{55B1EB98-DF13-46E0-843C-C1E588A51AB3}
    HKCR\CLSID\{55B1EB98-DF13-46E0-843C-C1E588A51AB3}\InprocServer32
    HKCR\CLSID\{55B1EB98-DF13-46E0-843C-C1E588A51AB3}\InprocServer32#ThreadingModel

Browser Hijacker.Internet Explorer Settings Hijack
    HKLM\Software\Microsoft\Internet Explorer\Main#Search Page [ http://internetsearchservice.com ]
    HKU\S-1-5-21-794621179-1204332826-1642124771-1006\Software\Microsoft\Internet Explorer\Main#Default_Search_URL [ http://internetsearchservice.com ]
    HKLM\Software\Microsoft\Internet Explorer\Main#Search Bar [ http://internetsearchservice.com/ie6.html ]

Rogue.AntiSpywareMaster
    HKU\S-1-5-21-794621179-1204332826-1642124771-1006\Software\{5222008A-DD62-49c7-A735-7BD18ECC7350}

Adware.Vundo Variant/Rel
    HKLM\SOFTWARE\Microsoft\aoprndtws
    HKLM\SOFTWARE\Microsoft\FCOVM
    HKLM\SOFTWARE\Microsoft\RemoveRP
    HKU\S-1-5-21-794621179-1204332826-1642124771-1006\Software\Microsoft\rdfa

Browser Hijacker.Favorites
    C:\DOCUMENTS AND SETTINGS\ALL USERS\MENUEN START\ANTIVIRUS SCAN.URL
    C:\DOCUMENTS AND SETTINGS\ALL USERS\MENUEN START\ONLINE SPYWARE TEST.URL

Rogue.AntiSpyCheck
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP171\A0036106.EXE

Trojan.FakeAlert-Gen/Variant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP173\A0038168.DLL
Avatar billede Computer Hjælp (Gratis) Mester
21. juli 2008 - 20:29 #1
Jeg ser på den...
Avatar billede Computer Hjælp (Gratis) Mester
21. juli 2008 - 20:39 #2
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tdconline.dk/start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
O2 - BHO: (no name) - {82F6FEA3-A6EE-41D7-BF74-59BF9795F15E} - (no file)
O2 - BHO: {4329daa9-15e7-6d49-7bd4-a1bfbe85c2da} - {ad2c58eb-fb1a-4db7-94d6-7e519aad9234} - C:\WINDOWS\system32\hexhaj.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [AntiMalwareGuard] C:\Programmer\AntiMalwareGuard\amg.exe
O4 - HKLM\..\Run: [9c5d6ae5] rundll32.exe "C:\WINDOWS\system32\ullcixjh.dll",b
O4 - HKLM\..\Run: [BM9f6e5979] Rundll32.exe "C:\WINDOWS\system32\vxrcfiwf.dll",s

O20 - Winlogon Notify: vtUmlLfG - vtUmlLfG.dll (file missing)

Genstart normalt.

Manuelt slet mappen

C:\Programmer\Symantec
C:\Programmer\Fælles filer\Symantec Shared
C:\Documents and Settings\All Users\Application Data\Symantec

C:\Programmer\AntiMalwareGuard\
(Læs om 'pakken' her -> http://www.spywaredetector.net/spyware_encyclopedia/Fake%20Anti%20Spyware.AntiMalwareGuard.htm )

Kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

Husk komplet WindowsUpdate - du mangler vist en del

M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da
Avatar billede jk- Nybegynder
11. august 2008 - 08:57 #3
Jeg lukker. Har fet fixet det meste af det der, har ikke computeren mere . Så takker for din hjælp! :)

Smid et svar Karise :)
Avatar billede Computer Hjælp (Gratis) Mester
11. august 2008 - 21:15 #4
Ping..
(Det var et [svar]...)

PS: Ingen garanti når jeg ikke har set en frisk log fra HiJackThis efter 'rensning' ...
Avatar billede jk- Nybegynder
12. august 2008 - 08:18 #5
I know! :) Tak for hjælpen! Håber du er klar næste gang!
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
51 min siden Offline opdatering af co-working excell sheet Af morten vestergaard i Excel
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
White papers
Flere white papers »