Nid hjælp! ~ Jeg kan ikke fjerne denne adware / virus!

jomm43point67 · #1 14. januar 2008, 19:29

Navn: Trojan.Win32.Obfuscated.gx Type: Trojan Risiko konsekvenser: Ekstremt høje Falske kritiske systemfejl advarsel

**evilfantasy** · #2 14 januar 2008, 21:18

Lad os få en HJT log.

Download og omdøbe HijackThis (HJT)

Dobbeltklik på HJTInstall.
Klik på Installer knappen.
Det vil automatisk placere HJT i C: \ Programmer \ TrendMicro \ HijackThis \ HijackThis.exe.
Efter installere, HijackThis bør åbne for dig.
- Luk HijackThis og omdøb den.
- Gå til C: \ Programmer \ Trend Micro \HijackThis.exe
- Højreklik på HijackThis.exe og vælge Omdøb.
- Skriv sniper.exe og tryk Indtast.
- Højreklik på på sniper.exe og vælge Send til > Desktop (Opret genvej)
Fra skrivebordet åbne HiackThis.
Hvis du bruger Windows Vista, skal du sørge for at Kør som administrator
Klik på Må en systemscanning og gemme en logfil knappen
HijackThis scanner og derefter en log åbnes i Notesblok.
Kopier og indsæt derefter logge på dit indlæg.
- Må ikke har Hijackthis fastsætte noget endnu. Det meste af, hvad det finder vil være harmløse eller endda kræves.

Selv om vi har omdøbt HijackThis til snigskytte, vil vi stadig referere til det som HijackThis eller HJT.

Næste post skal du tilføje
Hijackthis log

jomm43point67 · #3 14 januar 2008, 23:55

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt på 2:49:52 PM, den 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ Explorer.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programmer \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ PROGRA ~ 1 \ FREEDO ~ 1 \ fdm.exe
C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Programmer \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / START
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programmer \ Messenger \ msmsgs.exe" / baggrund
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra sammenhæng menupunkt: Download alle med Free Download Manager - file: / / C: \ Programmer \ Free Download Manager \ dlall.htm
O8 - Extra sammenhæng menupunkt: Download valgte med Free Download Manager - file: / / C: \ Programmer \ Free Download Manager \ dlselected.htm
O8 - Extra sammenhæng menupunkt: Download video med Free Download Manager - file: / / C: \ Programmer \ Free Download Manager \ dlfvideo.htm
O8 - Extra sammenhæng menupunkt: Download med Free Download Manager - file: / / C: \ Programmer \ Free Download Manager \ dllink.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Ekstra knap: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programmer \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe

--
End of file - 5867 bytes

**evilfantasy** · #4 15. januar 2008, 00:47

Logfilen viser ikke malware overhovedet.

Kør dette og post loggen bagefter.

Hent Combofix af subs fra en af de nedenstående links.
(Prøv alle tre, hvis det er nødvendigt)

VIGTIGT - Combofix.exe SKAL gemmes på dit Desktop.

Luk alle åbne Internet-browsere. (Firefox, Internet Explorer, etc)
Luk / deaktiver alle anti-virus og anti malware-programmer så de ikke interfererer med Combofix. <- VIGTIGT
- Klik på dette link at se en liste over programmer, der skal deaktiveres. Hvis din ikke er børsnoteret, og du ikke ved hvordan man deaktivere det, så spørg.
Dobbeltklik combofix.exe & følg instruktionerne.
- Fra tastaturet vælge 1 og tryk Indtast
Når du er færdig, vil den udarbejde en log for dig.
Post at logge på din næste svar.

Må ikke mouseclick combofix vindue, mens den kører.
Scanningen deaktiverer midlertidigt skrivebordet.
Hvis afbrydes den kan forlade computeren indefryses.
Hvis dette sker, skal du genstarte at genoprette skrivebordet.

**evilfantasy** · #5 15. januar 2008, 08:52

Thats ikke hele log.

Hvis du har brug for at gå til C: \ combofix.txt og efter hele log.

jomm43point67 · #6 15. januar 2008, 09:47

Citat:

Oprindeligt Indsendt af evilfantasy

Thats ikke hele log.

Hvis du har brug for at gå til C: combofix.txt og efter hele log.

ComboFix 08-01-15.4 - Jomel 2008-01-15 22:29:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT -8:00]
Kører fra: C: \ Downloads \ Software \ ComboFix.exe
* Skabt et nyt gendannelsespunkt
ADVARSEL-maskinen IKKE HAR RECOVERY CONSOLE INSTALLERET!!
.
((((((((((((((((((((((((( Files Created fra 2007-12-16 til 2008-01-16 ))))))))))) ))))))))))))))))))))
.
2008-01-15 22:29. 2000-08-31 08:00 51.200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 14:46. 2008-01-15 14:46 <DIR> d -------- C: \ Programmer \ Trend Micro
2008-01-15 13:35. 2008-01-15 13:36 <DIR> d -------- C: \ Programmer \ Common Files \ Adobe
2008-01-15 12:08. 2007-10-10 15:55 6.065.664 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll
2008-01-15 12:08. 2007-06-30 19:31 2.455.488 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieapfltr.dat
2008-01-15 12:08. 2007-06-30 19:36 991.232 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll.mui
2008-01-15 12:08. 2007-10-10 15:55 459.264 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ msfeeds.dll
2008-01-15 12:08. 2007-10-10 15:55 383.488 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieapfltr.dll
2008-01-15 12:08. 2007-10-10 15:55 267.776 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ iertutil.dll
2008-01-15 12:08. 2007-10-10 15:55 63.488 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ icardie.dll
2008-01-15 12:08. 2007-10-10 15:55 52.224 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ msfeedsbs.dll
2008-01-15 12:08. 2007-10-10 02:59 13.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieudinit.exe
2008-01-15 09:09. 2004-08-03 08:56 221.184 - a ------ C: \ WINDOWS \ system32 \ wmpns.dll
2008-01-15 08:13. 2008-01-15 08:13 <DIR> d -------- C: \ Programmer \ Fraps
2008-01-15 01:15. 2008-01-15 12:49 <DIR> d - h ----- C: \ WINDOWS \ $ hf_mig $
2008-01-15 01:15. 2006-09-06 17:43 22,752 - a ------ C: \ WINDOWS \ system32 \ spupdsvc.exe
2008-01-15 00:59. 2008-01-15 00:59 <DIR> d -------- C: \ Programmer \ IObit
2008-01-15 00:55. 2008-01-15 00:55 1.167 - a ------ C: \ WINDOWS \ mozver.dat
2008-01-15 00:00. 2008-01-15 00:01 1.074 - a ------ C: \ WINDOWS \ system32 \ tmp.reg
2008-01-14 23:05. 2008-01-14 23:23 <DIR> d -------- C: \ Programmer \ SUPERAntiSpyware
2008-01-14 23:04. 2008-01-14 23:04 <DIR> d -------- C: \ Programmer \ Common Files \ Wise Installation Wizard
2008-01-14 22:39. 2008-01-14 23:00 <DIR> d -------- C: \ Programmer \ EsetOnlineScanner
2008-01-14 22:31. 2008-01-14 22:31 <DIR> d -------- C: \ Downloads
2008-01-13 13:51. 2008-01-13 13:54 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ NCH Swift Sound
2008-01-13 13:51. 2008-01-13 13:52 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ NCH Swift Sound
2008-01-13 13:50. 2008-01-13 17:35 <DIR> d -------- C: \ Programmer \ NCH Swift Sound
2008-01-13 08:30. 2008-01-13 08:30 <DIR> d -------- C: \ Programmer \ HJÆLP
2008-01-13 08:10. 2008-01-13 08:10 <DIR> d -------- C: \ Programmer \ Free Download Manager
2008-01-13 08:10. 2008-01-15 22:29 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Free Download Manager
2008-01-13 08:10. 2008-01-13 08:10 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ FreeDownloadManager.ORG
2008-01-12 20:03. 2008-01-12 20:03 <DIR> d -------- C: \ Programmer \ AVI MPEG RM WMV Splitter
2008-01-12 18:38. 2008-01-12 18:39 26 - a ------ C: \ WINDOWS \ system32 \ satsukidecodersettings.ini
2008-01-08 06:45. 2008-01-14 19:34 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-01-08 06:44. 2006-05-25 14:52 162,304 - a ------ C: \ WINDOWS \ system32 \ ztvunrar36.dll
2008-01-08 06:44. 2003-02-02 19:06 153.088 - a ------ C: \ WINDOWS \ system32 \ UNRAR3.dll
2008-01-08 06:44. 2005-08-26 00:50 77.312 - a ------ C: \ WINDOWS \ system32 \ ztvunace26.dll
2008-01-08 06:44. 2002-03-06 00:00 75.264 - a ------ C: \ WINDOWS \ system32 \ unacev2.dll
2008-01-08 06:44. 2006-06-19 12:01 69.632 - a ------ C: \ WINDOWS \ system32 \ ztvcabinet.dll
2008-01-07 21:59. 2008-01-07 21:59 <DIR> d --- s ---- C: \ Documents and Settings \ Jomel \ UserData
2008-01-06 20:56. 2004-08-03 23:08 26,496 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ usbstor.sys
2008-01-05 18:55. 2008-01-05 18:55 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ nView_Profiles
2008-01-05 09:16. 2008-01-05 09:16 <DIR> d -------- C: \ Programmer \ K-Lite Codec Pack
2008-01-04 16:13. 2008-01-04 16:13 <DIR> d -------- C: \ Programmer \ ZillaSoft.ws
2008-01-04 16:13. 2004-02-05 13:53 389,120 - a ------ C: \ WINDOWS \ system32 \ actskn43.ocx
2008-01-04 16:13. 2004-01-09 04:54 188.416 - a ------ C: \ WINDOWS \ system32 \ actsplash.ocx
2008-01-04 16:12. 2005-08-27 02:38 1.435.272 - a ------ C: \ WINDOWS \ system32 \ Flash.ocx
2008-01-04 16:12. 2002-03-04 12:27 1.140.472 - a ------ C: \ WINDOWS \ system32 \ IGUltraGrid20.ocx
2008-01-04 16:12. 2000-05-22 04:00 1.066.176 - a ------ C: \ WINDOWS \ system32 \ mscomctl.ocx
2008-01-04 16:12. 2003-11-19 13:59 512,688 - a ------ C: \ WINDOWS \ system32 \ XceedCry.dll
2008-01-04 16:12. 2001-07-28 12:50 265.753 - a ------ C: \ WINDOWS \ system32 \ AS-Exp2.ocx
2008-01-04 16:12. 2004-03-08 23:00 131.856 - a ------ C: \ WINDOWS \ system32 \ MSADODC.ocx
2008-01-04 16:12. 2000-07-14 23:00 118.784 - a ------ C: \ WINDOWS \ system32 \ MSSTDFMT.DLL
2008-01-04 16:12. 2000-07-15 05:00 101.888 - a ------ C: \ WINDOWS \ system32 \ VB6STKIT.DLL
2008-01-04 16:12. 1999-01-26 19:36 11.012 - a ------ C: \ WINDOWS \ system32 \ threadapi.tlb
2007-12-31 20:24. 2007-12-31 20:24 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Ahead
2007-12-31 17:07. 2007-12-31 17:07 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Yahoo!
2007-12-31 17:07. 2007-12-31 17:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Netmakker
2007-12-30 22:27. 2007-12-30 22:27 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ WebCompiler3
2007-12-30 22:00. 2008-01-15 08:21 49 - a ------ C: \ WINDOWS \ NeroDigital.ini
2007-12-30 21:58. 2007-12-30 21:58 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ FDRLab
2007-12-29 20:21. 2007-12-29 20:21 <DIR> d -------- C: \ WINDOWS \ system32 \ QuickTime
2007-12-29 14:40. 2007-12-29 14:40 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Ufuldstændige
2007-12-29 14:39. 2008-01-12 19:10 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ LimeWire
2007-12-29 14:39. 2007-09-24 23:31 69.632 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2007-12-29 14:37. 2007-12-29 14:38 <DIR> d -------- C: \ Programmer \ Java
2007-12-29 14:36. 2007-12-29 14:36 <DIR> d -------- C: \ Programmer \ Common Files \ Java
2007-12-29 11:25. 2008-01-01 20:43 <DIR> d -------- C: \ Programmer \ LimeWire
2007-12-28 23:32. 2007-12-29 21:36 <DIR> d -------- C: \ Programmer \ Common Files \ Macromedia
2007-12-28 23:28. 2007-12-29 20:15 <DIR> d -------- C: \ WINDOWS \ Downloaded Anlæg
2007-12-28 22:36. 2007-12-28 22:36 <DIR> d -------- C: \ Programmer \ uTorrent
2007-12-28 22:36. 2008-01-14 22:12 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ uTorrent
2007-12-28 22:13. 2007-12-28 22:13 <DIR> d -------- C: \ Programmer \ CCleaner
2007-12-28 19:48. 2007-12-28 19:50 <DIR> d -------- C: \ WINDOWS \ nview
2007-12-28 19:48. 2006-10-22 12:22 208.896 - a ------ C: \ WINDOWS \ system32 \ nvudisp.exe
2007-12-28 19:48. 2008-01-15 21:49 88.566 - a ------ C: \ WINDOWS \ system32 \ nvapps.xml
2007-12-28 19:48. 2006-10-22 12:22 17.056 - a ------ C: \ WINDOWS \ system32 \ nvdisp.nvu
2007-12-28 19:47. 2006-10-22 15:06 208.896 - a ------ C: \ WINDOWS \ system32 \ NVUNINST.EXE
2007-12-28 15:05. 2007-12-28 15:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo!
2007-12-28 14:55. 2007-12-28 15:03 <DIR> d -------- C: \ Programmer \ Yahoo!
2007-12-28 10:39. 2008-01-14 23:05 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ SUPERAntiSpyware.com
2007-12-28 10:39. 2007-12-28 10:39 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2007-12-28 09:13. 2007-12-28 09:13 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007-12-27 21:37. 2008-01-08 11:43 <DIR> d -------- C: \ Programmer \ EA SPORTS
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Programmer \ Support
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Programmer \ vigtigste
2007-12-27 21:05. 2007-12-29 21:36 <DIR> d -------- C: \ Programmer \ Macromedia
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Programmer \ IE
2007-12-27 21:03. 2006-09-29 20:42 <DIR> d -------- C: \ Programmer \ DirectX
2007-12-27 19:59. 2008-01-10 22:39 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ AVG7
2007-12-27 19:58. 2007-12-27 19:58 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007-12-27 19:58. 2007-12-27 19:58 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007-12-27 19:58. 2008-01-07 22:53 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ avg7
2007-12-27 19:58. 2007-12-27 19:58 499.712 - a ------ C: \ WINDOWS \ system32 \ msvcp71.dll
2007-12-27 19:58. 2007-12-27 19:58 348.160 - a ------ C: \ WINDOWS \ system32 \ msvcr71.dll
2007-12-27 18:48. 2007-12-27 18:48 <DIR> d -------- C: \ NVIDIA
2007-12-27 18:44. 2004-08-03 23:10 10,880 - a ------ C: \ Windows \ System32 \ Drivers \ NdisIP.sys
2007-12-27 18:44. 2004-08-03 23:10 10,880 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-27 18:44. 2004-08-03 22:58 5504 - a ------ C: \ Windows \ System32 \ Drivers \ MSTEE.sys
2007-12-27 18:44. 2004-08-03 22:58 5,504 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-27 18:37. 2001-11-22 20:08 712.704 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ a3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 07:17 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2007-12-28 01:28 --------- d ----- w C: \ Programmer \ Microsoft FrontPage
2007-12-04 10:33 682.496 ---- aw C: \ WINDOWS \ system32 \ divx.dll
2007-11-30 07:30 3.596.288 ---- aw C: \ WINDOWS \ system32 \ qt-dx331.dll
2007-11-30 07:28 81.920 ---- aw C: \ WINDOWS \ system32 \ dpl100.dll
2007-11-21 18:23 81,920 ---- aw C: \ WINDOWS \ system32 \ frapsvid.dll
2007-11-07 09:26 721.920 ---- aw C: \ WINDOWS \ system32 \ lsasrv.dll
2007-10-29 22:43 1.287.680 ---- aw C: \ WINDOWS \ system32 \ Quartz.dll
2007-10-28 01:40 227.328 ---- aw C: \ WINDOWS \ system32 \ wmasf.dll
2007-10-22 11:39 267.272 ---- aw C: \ WINDOWS \ system32 \ xactengine2_10.dll
2007-10-22 11:37 17.928 ---- aw C: \ WINDOWS \ system32 \ X3DAudio1_2.dll
2007-10-17 17:23 10.752 ---- aw C: \ WINDOWS \ system32 \ WhoisCL.exe
2001-11-23 04:08 712.704 ---- ar C: \ Windows \ Inf \ ANDET \ AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"SUPERAntiSpyware" = "C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"MSMSGS" = "C: \ Programmer \ Messenger \ msmsgs.exe" [2004-10-13 08:24 1694208]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-03 08:56 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2004-07-07 17:28 155648]
"Cmaudio" = "cmicnfg.cpl" []
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-27 19:58 579072]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz" = "nwiz.exe" [2006-10-22 12:22 1622016 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2006-10-22 12:22 86016]
"SunJavaUpdateSched" = "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher" = "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-27 19:58 219136]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ Explorer]
"NoResolveSearch" = 1 (0x1)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \! SASWinLogon]
C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
R2 SetupNT; SetupNT; C: \ WINDOWS \ system32 \ SetupNT.sys [2000-10-25 04:27]
* Nyoprettede Service * - PROCEXP90
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:31:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning skjulte processer ...
scanning skjulte autostart entries ...
scanning skjulte filer ...
scanning afsluttet med succes
skjulte filer: 0
************************************************** ************************
.
Afslutning tid: 2008-01-15 22:32:38
.
2008-01-15 20:49:48 --- EOF ---

**evilfantasy** · #7 15 januar 2008, 10:12

Først skal du gå til dette selvstudium og installere genoprettelseskonsollen.

----------

Downloade FixIEDef ved ShadowPuterDude til skrivebordet.
Dobbeltklik på FixIEDef.exe
- hvis der køres Vista, Klik OK om FixIEDef kører som administrator popup

ADVARSEL: FixIEDef vil dræbe alle kopier af Internet Explorer og Explorer , der kører under fjernelse af ondsindet filer. Ikonerne og menuen Start på skrivebordet, vil ikke være synlige, mens FixIEDef er fjerne ondsindede filer. Det er nødvendigt at fjerne dele af infektion, som ellers ikke ville blive fjernet.

FixIEDef vil returnere alt til normal, når den er færdig fjernelsesprocessen.

Klik på Afslut gang FixIEDef viser alle færdiggjorte besked.
Fastgør FixIEDef.log til din næste besked. Log vil blive på skrivebordet.

----------

Kør en ny Hijackthis scanne og post loggen.

----------

Næste post skal du tilføje
FixIEDef log
Ny Hijackthis log

jomm43point67 · #8 15 januar 2008, 17:21

************************************************** ******************************
* *
* FixIEDef Log *
* Version 1.0.0.875 *
* *
************************************************** ******************************
Oprettet på 08:12:02 onsdag, januar 16, 2008
Operativsystem: Windows XP
Service Pack Niveau: Service Pack 2
System language: English
Processor: X86
-------------------------------------------------- ------------------------------
! Filer, der er blevet slettet!
Nr. ondsindede filer fundet
-------------------------------------------------- ------------------------------
! Mapper, der er blevet fjernet!
Nr. ondsindede mapper, der skal fjernes
-------------------------------------------------- ------------------------------
! Registreringsdatabaseposter som er blevet fjernet!
HKEY_CLASSES_ROOT \ toprates.Video
HKEY_CLASSES_ROOT \ AppID \ toprates.dll
HKEY_CLASSES_ROOT \ AppID \ (038F228B-EED3-4A87-A565-F88FC99EBA91)
HKEY_CLASSES_ROOT \ Interface \ (48D78BE5-CFB9-4B66-9AC4-96D4CF21DE06)
HKEY_CLASSES_ROOT \ TypeLib \ (74D46BBA-5638-473A-83B6-97E7804A7411)
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ DateTime
================================================== ==============================
Alle Udfærdiget:)
ShadowPuterDude
Safe Surfing!




Logfile af Trend Micro HijackThis v2.0.2
Scan gemt på 8:13:36 AM, den 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ Explorer.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programmer \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ PROGRA ~ 1 \ FREEDO ~ 1 \ fdm.exe
C: \ WINDOWS \ system32 \ Notepad.exe
C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Programmer \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / START
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programmer \ Messenger \ msmsgs.exe" / baggrund
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra sammenhæng menupunkt: Download alle med Free Download Manager -- file: / / C: \ Programmer Files \ Free Download Manager \ dlall.htm
O8 - Extra sammenhæng menupunkt: Download valgte med Free Download Manager -- file: / / C: \ Programmer Files \ Free Download Manager \ dlselected.htm
O8 - Extra sammenhæng menupunkt: Download video med Free Download Manager -- file: / / C: \ Programmer Files \ Free Download Manager \ dlfvideo.htm
O8 - Extra sammenhæng menupunkt: Download med Free Download Manager -- file: / / C: \ Programmer Files \ Free Download Manager \ dllink.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Ekstra knap: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programmer \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
--
End of file - 5838 bytes

**evilfantasy** · #9 15 januar 2008, 17:32

Din Java er forældet forlader dit system sårbart.
Ældre versioner af Java have sårbarheder, at malware kan bruge til at inficere dit system.

Gå til>> http://java.sun.com/javase/downloads/index.jsp
På Sun Java side rulle til den 4. download Java Runtime Environment (JRE) 6 Update 4 at installere den nye version.
Næste gå til tilføj / fjern programmer og fjern alle ældre versioner.
Må ikke afinstallere Java (JRE) 6 Update 4.
Så gå til C: \ Programmer \Java og slette de gamle mapper.
Sørg for at holde jre1.6.0_04

Loggen ser fint nu.

Hvordan er computeren nu?

jomm43point67 · #10 15 januar 2008, 23:16

wow! Endelig! Jeg demonterede 4 adware, trojanske heste!

En stor tak til Dem, sir!
mere magt!

denne hjemmeside er så cool! _m /