[Rob1]

Windows Defender kom op med en popup, at jeg havde TrojanDownloader: Win32/Zlob Jeg klikkede fjern, men jeg ved ikke om det stadig vil være i mit system, eller hvis den er hentet andre trojanere. Jeg kunne have fået det i går, da jeg klikkede på et youtube link i firefox, men nogen havde bevidst spelt det forkert, at sendte den til en spam-websted, der sagde "din Active X ikke er op til dato, du har behov for at hente en ny. PRESS JA at gøre det "eller noget i den retning. Jeg indså, at det var en virus type ting, så jeg klikkede på Annuller, som netop gav mig den samme besked igen, så jeg dræbte firefox.exe.

Her er min HijackThis log:

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 00:28:07, den 04/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Kørende processer:
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.EXE
C: \ Windows \ system32 \ taskeng.exe
C: \ Programmer \ Windows Defender \ MSASCui.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Windows \ System32 \ hkcmd.exe
C: \ Windows \ System32 \ igfxpers.exe
C: \ Programmer \ Windows Media Player \ wmpnscfg.exe
C: \ Windows \ system32 \ igfxsrvc.exe
C: \ Programmer \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Users \ Robert \ Desktop \ HijackThis \ Run
C: \ Windows \ system32 \ DllHost.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = ca: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.thetechguys.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts::: 1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (1E8A6170-7264-4D0F-BEAE-D42A53123C75) - C: \ Programmer \ Common Files \ Symantec Shared \ coShared \ Browser \ 1.5 \ NppBho.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programmer \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: Vis Norton Toolbar - (90222687-F593-4738-B738-FBEE9C7B26DF) - C: \ Programmer \ Common Files \ Symantec Shared \ coShared \ Browser \ 1.5 \ UIBHO.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Symantec PIF AlertEng] "C: \ Programmer \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Programmer \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [MSConfig] "C: \ Windows \ System32 \ msconfig.exe" / auto
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ Windows \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ Windows \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [Persistens] C: \ Windows \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programmer \ Windows Live \ Messenger \ MsnMsgr.Exe" / baggrund
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programmer \ Windows Media Player \ WMPNSCFG.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (4A85DBE0-BFB2-4119-8401-186A7C6EB653) -- http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (5C051655-FCD5-4969-9182-770EA5AA5565) (Solitaire Showdown Class) -- http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: (71D413D7-38C5-4035-8548-976522CF11D5) (Crucial cpcScan) -- http://crucial.com/controls/cpcVistaBeta.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8) (GoPetsWeb Control) -- https: / / secure.gopetslive.com / dev / GoPetsWeb.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown ejer - C: \ Programmer \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C: \ Windows \ system32 \ DRIVERS \ xaudio.exe

--
End of file - 6756 bytes

[evilfantasy]

Velkommen til CJ.

Åbn Hijackthis og vælg lave en ordning skanne først og placere et flueben ud for

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)

Luk alle browser-vinduer undtagen Hijackthis og klik på Fix checked.

----------

Gå til msconfig og vælge Normal start tilstand.

Genstart computeren og lade denne mulighed, indtil vi er færdige med rengøring.

Hvis du har problemer med for mange emner der kører ved opstart brug Startup Tool. Når det er installeret højre på en post, og vælg Fjern. Det vil ikke fjerne programmet, men vil fjerne start post i registreringsdatabasen, som er bedre end den msconfig metode.

----------

Start her og arbejde gennem trinene. Kopiere og indsætte alle de logfiler her når du er færdig, herunder en ny HJT log, efter alle de øvrige trin er afsluttet.

[Rob1]

Jeg er nok bare at være paranoid, men her er de logs

SUPERAntiSpyware Log:

http://www.superantispyware.com

Genereret 02/04/2008 kl 07:02

Application Version: 3.9.1008

Core Rules Database Version: 3259
Trace Rules Database Version: 1386

Scan type: Complete Scan
Total Scan Time: 02:00:33

Memory poster skannet: 628
Memory trusler opdaget: 0
Elementer i registreringsdatabasen skannet: 5874
Topdomæneadministratoren trusler opdaget: 0
File poster skannet: 121.355
File trusler opdaget: 0


NOD32 online scanner log:

# Version = 4
# OnlineScanner.ocx = 1.0.0.56
# OnlineScannerDLLA.dll = 1, 0, 0, 51
# OnlineScannerDLLW.dll = 1, 0, 0, 51
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 2847 (20080204)
# Vers_arch_module = 1,063 (20080117)
# Vers_adv_heur_module = 1,060 (20070601)
# EOSSerial = b8989a4614f9574b8d372603cddbd3ef
# Udgangen = færdig
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2008-02-04 08:08:39
# Local_time = 2008-02-04 08:08:39 (+0000, GMT Standard Time)
# Land = "Det Forenede Kongerige"
# OSVer = 6.0.6000 NT
# Scannet = 191.544
# Fundet = 0
# Scan_time = 2196

Hijackthis log:

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 20:23:09, den 04/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Kørende processer:
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.EXE
C: \ Windows \ system32 \ taskeng.exe
C: \ Programmer \ Windows Defender \ MSASCui.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Windows \ System32 \ hkcmd.exe
C: \ Windows \ system32 \ igfxsrvc.exe
C: \ Windows \ System32 \ igfxpers.exe
C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Programmer \ Keyboard Manager \ Manager Utility \ KeyboardManager.exe
C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ Programmer \ Windows Media Player \ wmpnscfg.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Windows \ system32 \ igfxext.exe
C: \ Windows \ system32 \ SearchFilterHost.exe
C: \ Users \ Robert \ Desktop \ HijackThis \ sniper.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = ca: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.thetechguys.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts::: 1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (1E8A6170-7264-4D0F-BEAE-D42A53123C75) - C: \ Programmer \ Common Files \ Symantec Shared \ coShared \ Browser \ 1.5 \ NppBho.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programmer \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: Vis Norton Toolbar - (90222687-F593-4738-B738-FBEE9C7B26DF) - C: \ Programmer \ Common Files \ Symantec Shared \ coShared \ Browser \ 1.5 \ UIBHO.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Symantec PIF AlertEng] "C: \ Programmer \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Programmer \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ Windows \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ Windows \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [Persistens] C: \ Windows \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Keyboard Manager Utility] "C: \ Programmer \ Keyboard Manager \ Manager Utility \ KeyboardManager.exe" / lang da / H
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programmer \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http:// *. eset.eu
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (4A85DBE0-BFB2-4119-8401-186A7C6EB653) -- http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (5C051655-FCD5-4969-9182-770EA5AA5565) (Solitaire Showdown Class) -- http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: (71D413D7-38C5-4035-8548-976522CF11D5) (Crucial cpcScan) -- http://crucial.com/controls/cpcVistaBeta.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8) (GoPetsWeb Control) -- https: / / secure.gopetslive.com / dev / GoPetsWeb.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown ejer - C: \ Programmer \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C: \ Windows \ system32 \ DRIVERS \ xaudio.exe

--
End of file - 7121 bytes

[evilfantasy]

Alt ser fint.

Check out Holde Yourself sikkert på internettet for tips og gratis værktøjer til at holde dig sikker i fremtiden.

Se også Langsom computer? Den må ikke være Malware gratis rengøring / vedligeholdelse af værktøjer til at hjælpe med at holde din computer kører glat.

[Rob1]

Tak.