mindre egenkapital

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Sikkerhed
Reload this Page

Smitfraud Virus

Registrer Site Spy Medlem List Donate Søgning Dagens Stillinger Mark Forums Read Forum Regler

Register


 Default 

Smitfraud Virus




Reply
Side 1 af 2 1 2
 
Thread Tools
  #1  
Old 5 februar 2008, 12:35
Ny Medlem Gruppen
  
Default Smitfraud Virus

Hej
Jeg er ny i bestyrelsen, og jeg vil gerne hjælpe med at fjerne en virus, som jeg tror måske, at det er Smitfraud, og det har kapret min browser. Jeg har kørt AVG og adaware, men det hjælper ikke. OS er XP her er loggen. På forhånd tak for din hjælp.


Logfile af HijackThis v1.99.1
Scan gemt kl 19:35:19, den 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Programmer \ Lexmark 4300 Series \ ezprint.exe
C: \ Programmer \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Programmer \ PowerISO \ PWRISOVM.EXE
C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Programmer \ Dell Support \ DSAgnt.exe
C: \ Programmer \ MSN Messenger \ msnmsgr.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ HJT \ Run
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programmer \ Windows Live Toolbar \ msntb.dll
O4 - HKLM \ .. \ Run: [Persistens] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Programmer \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Programmer \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Programmer \ Lexmark Fax Solutions \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Programmer \ Thomson \ SpeedTouch USB \ Dragdiag.exe" / ikon
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Programmer \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / START
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeret
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Programmer \ Dell Support \ DSAgnt.exe" / start
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Programmer \ MSN Messenger \ msnmsgr.exe" / baggrund
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Programmer \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Programmer \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra sammenhæng menupunktet: & Windows Live Search - res: / / C: \ Programmer \ Windows Live Toolbar \ msntb.dll / search.htm
O8 - Extra sammenhæng menupunkt: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra knappen: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mangler)
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mangler)
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O10 - Ukendt fil i Winsock LSP: c: \ Windows \ system32 \ avgfwafu.dll
O10 - Ukendt fil i Winsock LSP: c: \ Windows \ system32 \ avgfwafu.dll
O10 - Ukendt fil i Winsock LSP: c: \ Windows \ system32 \ avgfwafu.dll
O10 - Ukendt fil i Winsock LSP: c: \ Windows \ system32 \ avgfwafu.dll
O10 - Ukendt fil i Winsock LSP: c: \ Windows \ system32 \ avgfwafu.dll
O11 - Valg gruppe: [INTERNATIONAL] International *
O16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl klasse) -- http://catalog.update.microsoft.com/...?1199470957562
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.37 212.139.132.36
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Programmer \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Ukendt ejer - C: \ WINDOWS \ system32 \ UAService7.exe
  #2  
Old 5 februar 2008, 13:04
Redaktør Gruppen
  
Default Smitfraud Virus

Velkommen til CJ.

Loggen viser ikke noget malware, men vi kan tage et nærmere kig.

Downloade Malwarebytes' Anti-Malware til skrivebordet.
  • Dobbeltklik på mbam-setup.exe og følg instruktionerne for at installere programmet.
  • Ved udgangen, skal du sørge for en hak er placeret ved siden af Update Malwarebytes' Anti-Malware og Launch Malwarebytes' Anti-MalwareKlik derefter på Udfør.
  • Hvis en opdatering er fundet, vil det at hente og installere den nyeste version.
  • Når programmet er indlæst, skal du vælge Udfør fuld scanningKlik derefter på Scan.
  • Når scanningen er færdig, skal du klikke på OK, Derefter Vis resultater at se resultaterne.
  • Vær sikker på at alt er markeret, og klik Fjern markering.
  • Når det er udfyldt, en log åbnes i Notesblok.
  • Post at logge ind her.
Skal du sørge for at genstarte computeren.

Logfilen kan også findes her:
C: \ Documents and Settings \Brugernavn\ Application Data \ Malwarebytes \ Malwarebytes' Anti-Malware \ Logs \log -dato. txt
Eller på C: \ Programmer \ Malwarebytes' Anti-Malware \ Logs \log -dato. txt

Næste post skal du tilføje
Malwarebytes log
__________________
  #3  
Old 5 februar 2008, 13:51
Ny Medlem Gruppen
  
Default Smitfraud Virus

Hi EF,

Tak for det hurtige svar. Nedenfor er min log for malware:

Malwarebytes' Anti-Malware 1.02
Database version: 320
Scan type: Fuldstændig skanning (A: \ | C: \ |)
Objekter skannet: 73.752
Tidsforbrug: 23 minutter (s), 14 second (s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registreringsdatabasenøgler Inficerede: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(Nr. ondsindede elementer opdaget)
Memory Modules Infected:
(Nr. ondsindede elementer opdaget)
Registreringsdatabasenøgler Inficerede:
(Nr. ondsindede elementer opdaget)
Registry Values Infected:
(Nr. ondsindede elementer opdaget)
Registry Data Items Infected:
(Nr. ondsindede elementer opdaget)
Folders Infected:
(Nr. ondsindede elementer opdaget)
Files Infected:
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk (Malware.Trace) -> Kunne ikke slette. (Delete on reboot).
C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ezpinst.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Ryan Glenn \ Application Data \ inst.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
  #4  
Old 5 februar 2008, 14:01
Redaktør Gruppen
  
Default Smitfraud Virus

Ser godt ud indtil videre.

Næste gå til dette indlæg og gøre Trin to og Trin Tre - CCleaner og SUPERAntiSpyware.

Post SUPERAntiSpyware loggen sammen med en ny hijackthis log i den næste post.
__________________
  #5  
Old 5 februar 2008, 14:44
Ny Medlem Gruppen
  
Default Smitfraud Virus

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Genereret 02/05/2008 kl 09:34
Application Version: 3.9.1008
Core Rules Database Version: 3.395
Trace Rules Database Version: 1387
Scan type: Complete Scan
Total Scan Time: 00:22:21
Memory poster skannet: 376
Memory trusler opdaget: 0
Topdomæneadministratoren poster scannet: 5837
Topdomæneadministratoren trusler opdaget: 0
File poster skannet: 11.505
File trusler opdaget: 5
Adware.Tracking Cookie
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn@ads.techguy [2]. Txt
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn @ revsci [2]. Txt
C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn @ PacificPoker [1]. Txt
C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn@videoegg.adbureau [2]. Txt
RootKit.TnCore / Trace
C: \ Windows \ System32 \ Drivers \ core.cache.dsk


Logfile af HijackThis v1.99.1
Scan gemt kl 21:43:56, den 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Programmer \ Lexmark 4300 Series \ ezprint.exe
C: \ Programmer \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Programmer \ PowerISO \ PWRISOVM.EXE
C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Programmer \ Dell Support \ DSAgnt.exe
C: \ Programmer \ MSN Messenger \ msnmsgr.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ explorer.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ Programmer \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programmer \ Windows Live Toolbar \ msntb.dll
O4 - HKLM \ .. \ Run: [Persistens] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Programmer \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Programmer \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Programmer \ Lexmark Fax Solutions \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Programmer \ Thomson \ SpeedTouch USB \ Dragdiag.exe" / ikon
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Programmer \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / START
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeret
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Programmer \ Dell Support \ DSAgnt.exe" / start
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Programmer \ MSN Messenger \ msnmsgr.exe" / baggrund
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Programmer \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Programmer \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra sammenhæng menupunktet: & Windows Live Search - res: / / C: \ Programmer \ Windows Live Toolbar \ msntb.dll / search.htm
O8 - Extra sammenhæng menupunkt: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mangler)
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mangler)
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O10 - Ukendt fil i Winsock LSP: c: \ Windows \ system32 \ avgfwafu.dll
O10 - Ukendt fil i Winsock LSP: c: \ Windows \ system32 \ avgfwafu.dll
O10 - Ukendt fil i Winsock LSP: c: \ Windows \ system32 \ avgfwafu.dll
O10 - Ukendt fil i Winsock LSP: c: \ Windows \ system32 \ avgfwafu.dll
O10 - Ukendt fil i Winsock LSP: c: \ Windows \ system32 \ avgfwafu.dll
O11 - Valg gruppe: [INTERNATIONAL] International *
O16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl klasse) -- http://catalog.update.microsoft.com/...?1199470957562
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Programmer \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Ukendt ejer - C: \ WINDOWS \ system32 \ UAService7.exe
  #6  
Old 5 februar 2008, 14:54
Redaktør Gruppen
  
Default Smitfraud Virus

Loggen ser fint nu, er computeren stadig give nogen indikationer af malware?
__________________
  #7  
Old 5 februar 2008, 15:02
Ny Medlem Gruppen
  
Default Smitfraud Virus

Ja det viser fortsat tegn på Malware unfortunatley ..
  #8  
Old 5 februar 2008, 15:12
Redaktør Gruppen
  
Default Smitfraud Virus

Downloade SmitfraudFix (med S! Ri) til dit skrivebord.
  • Udpak alle filer på din Destop.
  • En mappe, der hedder SmitfraudFix vil blive oprettet på skrivebordet.
  • Åbn SmitfraudFix mappe og dobbeltklik på smitfraudfix.cmd
  • Vælg option # 1 - Søg ved at taste 1 og tryk Indtast
    • Dette program vil scanne store mængder af filer på din computer for kendte mønstre, så du bedes være tålmodig, mens den arbejder på.
    • Når det er gjort, skal resultaterne af scanningen vil blive vist, og det vil skabe en log navngivet rapport.txt
      • Dette er i roden af din harddisk, f.eks: Lokal disk C: eller partition, hvor operativsystemet er installeret.
    • Vedlæg venligst at logge på din næste svar.
  • Bemærk: process.exe (Som er anvendt ved SmitFraudFIx) er opdaget af nogle antivirus programmer (AntiVir, Dr.Web, Kaspersky) som en "RiskTool"; Det er ikke en virus, Men et program bruges til at stoppe system processer. Antivirus programmer ikke kan skelne mellem "gode" og "skadeligt" brugen af sådanne programmer, derfor kan de advare brugeren.
----------

Hent Combofix af subs fra en af de nedenstående links.
(Prøv alle tre, hvis det er nødvendigt)Vigtigt! Combofix.exe SKAL gemmes på og løb fra Desktop.
  • Luk alle åbne Internet-browsere. (Firefox, Internet Explorer, osv.), før de starter Combofix.
  • Vigtigt! Midlertidigt deaktivere din antivirus, script blokering og enhver antispyware realtid beskyttelse før udførelse af en scanning.
    • Klik på dette link at se en liste over sikkerhedsprogrammer, der skal være slået fra, og hvordan du deaktivere dem.
    • Hvis din ikke er børsnoteret, og du ikke ved hvordan man deaktivere det, så spørg.
  • Advarsel: Combofix afbryder din computer fra Internettet. Forbindelsen automatisk gendannet før Combofix afslutter sit løb.
  • Dobbeltklik combofix.exe & følg instruktionerne.
    • Fra tastaturet vælge 1 og tryk Indtast
  • Når du er færdig, vil den udarbejde en log for dig.
  • Post at logge på din næste svar.
Advarsel: Må ikke mouseclick combofix vindue mens den kører. Det kan få det til at stall
  • Hvis Combofix løber ind i vanskeligheder og udtræder for tidligt, at forbindelsen kan manuelt genoprettes ved at genstarte computeren.
  • Vigtigt: Husk at genaktivere dine antivirus-og antispyware før genskabe forbindelsen til internettet.
----------

Næste post
SmitFraudFix log
Combofix log
__________________
  #9  
Old 5. februar 2008, 15:43
Ny Medlem Gruppen
  
Default Smitfraud Virus

SmitFraudFix v2.281
Scan done at 22:40:52.84, 05/02/2008
Kør fra C: \ Documents and Settings \ Ryan Glenn \ Desktop \ SmitFraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Filsystemet er NTFS
Fix køre i normal tilstand
»»»»»»»»»»»»»»»»»»»»»»»» Process
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Programmer \ Lexmark 4300 Series \ ezprint.exe
C: \ Programmer \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Programmer \ PowerISO \ PWRISOVM.EXE
C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Programmer \ Dell Support \ DSAgnt.exe
C: \ Programmer \ MSN Messenger \ msnmsgr.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ Notepad.exe
C: \ Programmer \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» Hosts

»»»»»»»»»»»»»»»»»»»»»»»» C: \

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ Web

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system32

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn \ Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ Favori ~ 1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Beskadiget nøgler

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
! Opmærksomhed, følgende taster er ikke nødvendigvis inficerede!
IEDFix.exe med S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
! Opmærksomhed, følgende taster er ikke nødvendigvis inficerede!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
! Opmærksomhed, følgende taster er ikke nødvendigvis inficerede!
SrchSTS.exe med S! Ri
Search SharedTaskScheduler's. Dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
! Opmærksomhed, følgende taster er ikke nødvendigvis inficerede!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
! Opmærksomhed, følgende taster er ikke nødvendigvis inficerede!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"System" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Beskrivelse: WAN (PPP / SLIP) Interface
DNS Server Search Order: 212.139.132.8
DNS Server Search Order: 212.139.132.9
HKLM \ SYSTEM \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS1 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS3 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for Wininet.dll infektion

»»»»»»»»»»»»»»»»»»»»»»»» End




ComboFix 08-02.05.3 - Ryan Glenn 2008-02-05 22:31:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT 0:00]
Running from: C: \ Documents and Settings \ Ryan Glenn \ Desktop \ ComboFix.exe
ADVARSEL-maskinen IKKE HAR RECOVERY CONSOLE INSTALLERET!!
.
((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Windows \ System32 \ Drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr0.dat
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr1.dat
C: \ temp \ tn3
C: \ Windows \ System32 \ Drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ WINDOWS \ system32 \ install.exe
----- BITS: Possible inficerede sites -----
hxxp: / / www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers / Services )))))))) )))))))))))))))))))))))))))))))))))))))))
.
------- \ LEGACY_RMCASTT
------- \ rmcastt

((((((((((((((((((((((((( Files Created from 2008/01/05 til 2008/02/05 ))))))))))) ))))))))))))))))))))
.
2008-02-05 22:22. 2008-02-05 22:23 <DIR> d -------- C: \ ComboFix [1]
2008-02-05 21:02. 2004-08-04 05:00 388.608 - a ------ C: \ kmd.exe
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Programmer \ Malwarebytes 'Anti-Malware
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Malwarebytes
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-02-05 19:05. 2008-02-05 19:05 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Uniblue
2008-02-05 18:50. 2008-02-05 18:50 444 - a ------ C: \ WINDOWS \ system32 \ d3d8caps.dat
2008-02-05 18:21. 2008-02-05 18:21 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Grisoft
2008-02-05 18:00. 2008-02-05 18:00 <DIR> d -------- C: \ Programmer \ RogueRemover GRATIS
2008-02-05 17:57. 2007-09-05 23:22 289.144 - a ------ C: \ WINDOWS \ system32 \ VCCLSID.exe
2008-02-05 17:57. 2006-04-27 16:49 288.417 - a ------ C: \ WINDOWS \ system32 \ SrchSTS.exe
2008-02-05 17:57. 2008-02-05 00:23 85.504 - a ------ C: \ WINDOWS \ system32 \ VACFix.exe
2008-02-05 17:57. 2008-01-27 14:37 81.920 - a ------ C: \ WINDOWS \ system32 \ IEDFix.exe
2008-02-05 17:57. 2003-06-05 20:13 53.248 - a ------ C: \ WINDOWS \ system32 \ Process.exe
2008-02-05 17:57. 2004-07-31 17:50 51.200 - a ------ C: \ WINDOWS \ system32 \ dumphive.exe
2008-02-05 17:57. 2007-10-03 23:36 25.600 - a ------ C: \ WINDOWS \ system32 \ WS2Fix.exe
2008-02-04 19:47. 2008-02-04 19:47 <DIR> d -------- C: \ Programmer \ MaxSecureBackup
2008-02-04 19:46. 2008-02-04 19:57 <DIR> d -------- C: \ Programmer \ Max Registry Cleaner
2008-02-04 19:46. 2007-05-24 16:57 143.360 - a ------ C: \ WINDOWS \ system32 \ GetHardDiskNo.dll
2008-02-04 19:46. 2008-02-04 19:46 63 - a ------ C: \ Windows \ System \ SYSRegC.dll
2008-02-02 13:49. 2008-02-02 13:49 <DIR> d -------- C: \ Programmer \ Panicware
2008-02-01 20:22. 2008-02-05 22:17 3.352 - a ------ C: \ WINDOWS \ system32 \ tmp.reg
2008-02-01 19:32. 2008-02-01 19:32 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SUPERAntiSpyware.com
2008-02-01 18:42. 2008-02-05 19:56 <DIR> d -------- C: \ Programmer \ HJT
2008-02-01 18:39. 2008-02-01 18:39 <DIR> d -------- C: \ Programmer \ FileASSASSIN
2008-02-01 18:31. 2008-02-01 18:31 100 - a ------ C: \ WINDOWS \ system32 \ ikhcore.cfg
2008-02-01 18:21. 2005-09-23 07:29 626.688 - a ------ C: \ WINDOWS \ system32 \ msvcr80.dll
2008-01-31 20:28. 2008-01-31 20:28 <DIR> d -------- C: \ VundoFix Backups
2008-01-31 19:34. 2008-02-05 22:26 <DIR> d -------- C: \ Programmer \ SUPERAntiSpyware
2008-01-31 19:34. 2008-02-02 00:55 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SUPERAntiSpyware.com
2008-01-31 19:34. 2008-01-31 19:34 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-29 22:28. 2008-01-29 22:28 <DIR> d -------- C: \ Programmer \ Common Files \ Download Manager
2008-01-29 22:08. 2008-02-01 18:49 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-01-29 21:15. 2008-02-03 17:03 <DIR> d -------- C: \ Programmer \ SpywareBlaster
2008-01-23 18:08. 2008-01-23 18:08 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SuperAdBlocker.com
2008-01-22 18:39. 2008-01-22 18:39 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Grisoft
2008-01-22 18:39. 2007-05-30 12:10 10.872 - a ------ C: \ WINDOWS \ system32 \ drivers \ AvgAsCln.sys
2008-01-22 18:18. 2008-01-22 18:18 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2008-01-22 18:15. 2008-02-05 21:48 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AVG7
2008-01-22 18:15. 2008-01-22 18:15 110.592 - a ------ C: \ WINDOWS \ system32 \ avgfwafu.dll
2008-01-22 17:56. 2008-02-03 08:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ AVG7
2008-01-21 21:10. 2008-01-22 18:14 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008-01-20 16:33. 2008-01-20 16:33 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ErrorSmart
2008-01-19 10:09. 2008-01-19 10:09 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab Setup Files
2008-01-12 11:46. 2008-01-12 11:46 <DIR> d -------- C: \ Programmer \ Common Files \ xing delt
2008-01-12 10:17. 2008-02-02 00:54 <DIR> d -------- C: \ Programmer \ Common Files \ Wise Installation Wizard
2008-01-10 19:54. 2008-01-12 10:18 <DIR> d -------- C: \ Programmer \ Lavasoft
2008-01-10 19:38. 2008-01-10 19:38 <DIR> d -------- C: \ Programmer \ AVI Codec Pack
2008-01-10 18:51. 2005-04-05 14:18 135.168 - a ------ C: \ WINDOWS \ system32 \ igfxres.dll
2008-01-09 19:20. 2008-01-09 19:20 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Yahoo!
2008-01-09 18:03. 2008-01-09 18:03 <DIR> d - h ----- C: \ Programmer \ PIF
2008-01-09 17:52. 2008-01-10 17:51 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ dvdcss
2008-01-08 18:20. 2007-03-05 05:00 421.888 - a ------ C: \ WINDOWS \ system32 \ lxcedrs.dll
2008-01-08 18:20. 2007-01-30 10:22 413.696 - a ------ C: \ WINDOWS \ system32 \ lxceinpa.dll
2008-01-08 18:20. 2007-01-30 10:35 397.312 - a ------ C: \ WINDOWS \ system32 \ lxceiesc.dll
2008-01-08 18:20. 2007-02-22 18:32 344.064 - a ------ C: \ WINDOWS \ system32 \ lxcecoin.dll
2008-01-08 18:20. 2006-10-03 23:21 330.030 - a ------ C: \ WINDOWS \ system32 \ lxcehelp.chm
2008-01-08 18:20. 2007-01-30 10:18 323.584 - a ------ C: \ WINDOWS \ system32 \ lxcehcp.dll
2008-01-08 18:20. 2007-01-30 10:35 274.432 - a ------ C: \ WINDOWS \ system32 \ lxceinst.dll
2008-01-08 18:20. 2005-02-24 17:23 61.440 - a ------ C: \ WINDOWS \ system32 \ lxcecnv4.dll
2008-01-07 20:59. 2008-01-07 20:59 54.156 - ah ----- C: \ Programmer \ QTFont.qfn
2008-01-06 20:31. 2008-01-06 20:31 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ InstallShield
2008-01-06 20:18. 2008-01-06 20:35 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ VersionTracker Pro
2008-01-05 16:23. 2008-01-05 16:23 <DIR> d -------- C: \ Programmer \ Windows Media Connect 2
2008-01-05 16:23. 2006-10-04 14:06 1.197.294 --------- C: \ WINDOWS \ system32 \ dllcache \ Sysmain.sdb
2008-01-05 16:23. 2006-10-04 14:06 764.868 --------- C: \ WINDOWS \ system32 \ dllcache \ apph_sp.sdb
2008-01-05 16:23. 2006-10-04 14:06 217.118 --------- C: \ WINDOWS \ system32 \ dllcache \ apphelp.sdb
2008-01-05 16:19. 2008-01-05 16:21 <DIR> d -------- C: \ WINDOWS \ system32 \ drivers \ UMDF
2008-01-05 15:19. 2008-01-05 15:19 <DIR> d -------- C: \ swsetup
2008-01-05 15:09. 2008-01-05 15:08 23.600 - a ------ C: \ WINDOWS \ system32 \ drivers \ TVICHW32.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 23:25 --------- d ----- w C: \ Programmer \ Google
2008-01-31 10:50 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Vso
2008-01-24 17:31 --------- d ----- w C: \ Programmer \ Lx_cats
2008-01-18 19:58 --------- d ----- w C: \ Programmer \ DivX
2008-01-18 19:57 --------- d ----- w C: \ Programmer \ Java
2008-01-18 19:56 --------- d ----- w C: \ Programmer \ Real
2008-01-12 11:45 --------- d ----- w C: \ Programmer \ Common Files \ Real
2008-01-12 10:26 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008-01-12 10:18 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Lavasoft
2008-01-09 19:24 --------- d ----- w C: \ Programmer \ Yahoo!
2008-01-08 18:20 --------- d ----- w C: \ Programmer \ Lexmark 4300-serien
2008-01-07 21:55 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AdobeUM
2008-01-04 20:45 --------- d - h - w C: \ Programmer \ InstallShield Installation Information
2008-01-04 19:57 --------- d ----- w C: \ Programmer \ Analog Devices
2008-01-04 19:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ PC Drivers HeadQuarters
2008-01-04 18:08 --------- d ----- w C: \ Programmer \ Gabest
2008-01-04 18:08 --------- d ----- w C: \ Programmer \ CyberLink
2008-01-02 23:18 --------- d ----- w C: \ Programmer \ Ahead
2008-01-02 23:14 --------- d ----- w C: \ Programmer \ Common Files \ Ahead
2007-12-29 14:16 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ DivX
2007-12-22 11:48 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ vsosdk
2007-12-21 16:06 47.360 ---- aw C: \ WINDOWS \ system32 \ drivers \ pcouffin.sys
2007-12-21 16:06 47.360 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Application Data \ pcouffin.sys
2007-12-21 16:06 --------- d ----- w C: \ Programmer \ VSO
2007-12-11 20:36 --------- d ----- w C: \ Programmer \ Virtual Dub
2007-12-10 20:22 --------- d ----- w C: \ Programmer \ plugins
2007-12-10 20:22 --------- d ----- w C: \ Programmer \ aviproxy
2007-12-10 19:47 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Pegasys Inc
2007-12-10 19:39 33.408 ---- aw C: \ WINDOWS \ system32 \ drivers \ CDRBSDRV.SYS
2007-12-06 01:47 --------- d ----- w C: \ Programmer \ MSN Messenger
2007-05-20 11:28 31.528 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Application Data \ GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"DellSupport" = "C: \ Programmer \ Dell Support \ DSAgnt.exe" [2004-07-19 07:51 306688]
"CTFMON.EXE" = "C: \ Programmer \ MSN Messenger \ msnmsgr.exe" [2007-01-19 12:54 5674352]
"updateMgr" = "C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SUPERAntiSpyware" = "C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"Uniblue RegistryBooster 2" = "C: \ Programmer \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe" []
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Persistence" = "C: \ WINDOWS \ system32 \ igfxpers.ex e" [2005-04-05 19:23 114688]
"ISUSScheduler" = "C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ issch.exe" [2004-07-27 16:50 81920]
"Apoint" = "C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup" [2005-04-05 14:22 94208]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NeroCheck.exe" [2005-04-05 19:19 77824]
"LXCECATS" = "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 05:17 73728]
"lxcemon.exe" = "C: \ Programmer \ Lexmark 4300-serien \ lxcemon.exe" [2005-08-02 17:45 192512]
"EzPrint" = "C: \ Programmer \ Lexmark 4300-serien \ ezprint.exe" [2005-07-26 12:17 94208]
"FaxCenterServer" = "C: \ Programmer \ Lexmark Fax Solutions \ fm3032.exe" [2005-07-12 09:36 299008]
"SpeedTouch USB Diagnostik" = "C: \ Programmer \ Thomson \ SpeedTouch USB \ Dragdiag.exe" [2004-01-26 11:38 866816]
"PWRISOVM.EXE" = "C: \ Programmer \ PowerISO \ PWRISOVM.EXE" [2007-01-20 07:09 200704]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001-07-09 11:50 155648]
"SunJavaUpdateSched" = "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-01-22 18:14 579072]
"! AVG Anti-Spyware" = "C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-01-22 18:14 219136]
C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \
Adobe Reader Speed Launch.lnk - C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C: \ Programmer \ Microsoft Office \ Office10 \ OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system]
"DisableRegistryTools" = 0 (0x0)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \! SASWinLogon]
C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SecurityProviders]
SecurityProviders msapsspc.dll, Schannel.dll, digest.dll, msnsspc.dll,
S1 SABKUTIL; SABKUTIL; C: \ Programmer \ SuperAdBlocker.com \ Super Ad Blocker \ SABKUTIL.sys []
.
Indhold af "Planlagte opgaver" mappe
"2008-02-05 21:51:05 C: \ WINDOWS \ Tasks \ Check Updates for Windows Live Toolbar.job"
- C: \ Programmer \ Windows Live Toolbar \ MSNTBUP.EXE
"2008-02-05 03:30:00 C: \ WINDOWS \ Tasks \ ErrorSmart Scheduled Scan.job"
- C: \ Programmer \ ErrorSmart \ ErrorSmart.ex
- C: \ Programmer \ ErrorSmart
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 22:35:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning skjulte processer ...
scanning skjulte autostart entries ...
scanning skjulte filer ...
scanning afsluttet med succes
skjulte filer: 0
************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ LOCALS ~ 1 \ Temp \ SSUPDATE.EXE
.
************************************************** ************************
.
Completion time: 2008-02-05 22:38:02 - maskinen blev genstartet [Ryan Glenn]
ComboFix-quarantined-files.txt 2008-02-05 22:37:46
.
2008-01-06 03:02:26 --- EOF ---
  #10  
Old 5. februar 2008, 15:55
Redaktør Gruppen
  
Default Smitfraud Virus

Kør CCleaner.

Skriv en ny HijackThis log.

Har Combofix hjælpe?
__________________
Reply
Side 1 af 2 1 2

Register

Bogmærker

Lignende Tråde
Tråd Thread Starter Forum Svar Last Post
Mine venner MAC er en virus ... Umm ... yeah ... en virus ... cheesepuff Virus, Spyware & Sikkerhed 3 29 oktober 2008 12:58
Smitfraud-C Han ønsker ikke at dø! PlatSpin Virus, Spyware & Sikkerhed 13 19 august 2008 10:24
Smitfraud-c.msvps guccijana Virus, Spyware & Sikkerhed 158 30 januar 2008 20:07
Smitfraudfix.exe - Smitfraud-C.Toolbar888 Hybr! D Virus, Spyware & Sikkerhed 1 29 oktober 2007 11:02
Zlob, smitfraud, pop-ups, rød tapet ændringer guccijana Virus, Spyware & Sikkerhed 20 30. sep 2007 20:26
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Kontakt -- Privacy -- Sitemap -- Top

Annoncenetværk baseret på bytteøkonomi ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO ved vBSEO © 2009, websteds egnethed til webcrawling, Inc.