mindre kapital

Magazine
Go Back   Computer Juice > Computer Software > Virus, spionprogram och säkerhet
Reload this Page

Smitfraud Virus

Registrera Site Spy Medlemslista Donate Söka Dagens inlägg Markera forum som lästa Forum Regler

Register


 Default 

Smitfraud Virus




Reply
Sida 1 av 2 1 2
 
Thread Tools
  #1  
Old 5 februari 2008, 12:35
New Member Group
  
Default Smitfraud Virus

Hej
Jag är ny i styrelsen och jag vill ha hjälp med att ta bort ett virus som jag kan tycka att det är Smitfraud och det har Kapade min webbläsare. Jag har kört AVG och AdAware, men det hjälper inte. OS är XP här är loggen. Tack på förhand för din hjälp.


Loggfil av HijackThis v1.99.1
Scan saved at 19:35:19, den 05/02/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Kör processer:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HJT \ HijackThis.exe
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll
O4 - HKLM \ .. \ Run: [Persistence] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" / ikon
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeras
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Support \ DSAgnt.exe" / start
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / bakgrund
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra sammanhang menyobjektet: & Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm
O8 - Extra sammanhang menyobjektet: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra sammanhang menyobjektet: E & xportera till Microsoft Excel - res: / / C: \ progra ~ 1 \ mikro ~ 2 \ Office10 \ EXCEL.EXE/3000
Ø9 - Extra button: (inget namn) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: (inget namn) - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - (no file)
Ø9 - Extra button: (inget namn) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (fil saknas)
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (fil saknas)
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Unknown file i Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file i Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file i Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file i Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file i Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl Class) -- http://catalog.update.microsoft.com/...?1199470957562
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-f000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.37 212.139.132.36
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ system32 \ igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ system32 \ WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown ägaren - C: \ WINDOWS \ system32 \ UAService7.exe
  #2  
Old 5 februari 2008, 13:04
Moderator-gruppen
  
Default Smitfraud Virus

Välkommen till CJ.

Loggen visar inte någon malware men vi kan ta en närmare titt.

Hämta Malwarebytes' Anti-Malware på skrivbordet.
  • Dubbelklicka mbam-setup.exe och följer anvisningarna för att installera programmet.
  • I slutet ska du en bockmärke placeras bredvid Update Malwarebytes' Anti-Malware och Launch Malwarebytes' Anti-Malware, Klicka på Mål.
  • Om en uppdatering finns, kommer det att hämta och installera den senaste versionen.
  • När programmet har laddats, välj Utför fullständig scan, Klicka på Scan.
  • När sökningen är klar klickar du på OKOch sedan Visa resultat att visa resultat.
  • Var noga med att allt är kontrollerat, och klicka Ta bort valda.
  • När färdig, en logg kommer att öppna i Anteckningar.
  • Post som log tillbaka.
Var noga med att starta om datorn.

Loggen finns även här:
C: \ Documents and Settings \Användarnamn\ Application Data \ Malwarebytes \ Malwarebytes' Anti-Malware \ Logs \log -datum. txt
Eller C: \ Program Files \ Malwarebytes' Anti-Malware \ Logs \log -datum. txt

Nästa post lägg till
Malwarebytes logg
__________________
  #3  
Old 5 februari 2008, 13:51
New Member Group
  
Default Smitfraud Virus

Hej EF,

Tack för det snabba svaret. Nedan är min logg för Malware:

Malwarebytes' Anti-Malware 1.02
Databasversion: 320
Scan type: Full Scan (A: \ | C: \ |)
Skannade objekt: 73.752
Tid som förflutit: 23 minute (s), 14 second (s)
Memory Processes Infekterade: 0
Minnesmoduler Infekterade: 0
Registernycklar Infekterade: 0
Registervärdena Infekterade: 0
Registry Data Items Infekterade: 0
Mappar Infekterade: 0
Filer Infekterade: 3
Memory Processes Infekterade:
(Inga illasinnade poster upptäcks)
Minnesmoduler Infekterade:
(Inga illasinnade poster upptäcks)
Registernycklar Infekterade:
(Inga illasinnade poster upptäcks)
Registervärdena Infekterade:
(Inga illasinnade poster upptäcks)
Registry Data Items Infekterade:
(Inga illasinnade poster upptäcks)
Mappar Infekterade:
(Inga illasinnade poster upptäcks)
Filer Infekterade:
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk (Malware.Trace) -> Kunde inte ta bort. (Delete vid omstart).
C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ezpinst.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Ryan Glenn \ Application Data \ inst.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
  #4  
Old 5 februari 2008, 14:01
Moderator-gruppen
  
Default Smitfraud Virus

Ser bra ut hittills.

Nästa gå till det här inlägget och göra Steg två och Steg tre - CCleaner och SUPERAntiSpyware.

Post SUPERAntiSpyware log tillsammans med en ny HijackThis-logg i nästa inlägg.
__________________
  #5  
Old 5 februari 2008, 14:44
New Member Group
  
Default Smitfraud Virus

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/05/2008 at 09:34
Application Version: 3.9.1008
Core Rules Database Version: 3395
Trace Rules Database Version: 1387
Scan type: Complete Scan
Total Scan Time: 00:22:21
Memory ex skannade: 376
Memory hot upptäcks: 0
Registreringsenheten ex skannade: 5837
Registreringsenheten hot upptäcks: 0
File ex skannade: 11.505
Arkiv hot upptäcktes: 5
Adware.Tracking Cookie
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn@ads.techguy [2]. Txt
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn @ revsci [2]. Txt
C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn @ PacificPoker [1]. Txt
C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn@videoegg.adbureau [2]. Txt
RootKit.TnCore / Trace
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk


Loggfil av HijackThis v1.99.1
Scan saved at 21:43:56, den 05/02/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Kör processer:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll
O4 - HKLM \ .. \ Run: [Persistence] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" / ikon
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeras
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Support \ DSAgnt.exe" / start
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / bakgrund
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra sammanhang menyobjektet: & Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm
O8 - Extra sammanhang menyobjektet: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra sammanhang menyobjektet: E & xportera till Microsoft Excel - res: / / C: \ progra ~ 1 \ mikro ~ 2 \ Office10 \ EXCEL.EXE/3000
Ø9 - Extra button: (inget namn) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: (inget namn) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (fil saknas)
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (fil saknas)
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Unknown file i Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file i Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file i Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file i Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file i Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl Class) -- http://catalog.update.microsoft.com/...?1199470957562
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ system32 \ igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ system32 \ WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown ägaren - C: \ WINDOWS \ system32 \ UAService7.exe
  #6  
Old 5 februari 2008, 14:54
Moderator-gruppen
  
Default Smitfraud Virus

Loggen ser fin ut nu, är datorn fortfarande ge några indikationer på malware?
__________________
  #7  
Old 5 februari 2008, 15:02
New Member Group
  
Default Smitfraud Virus

Ja det visar ändå tecken på Malware unfortunatley ..
  #8  
Old 5 februari 2008, 15:12
Moderator-gruppen
  
Default Smitfraud Virus

Hämta SmitfraudFix (av S! Ri) på skrivbordet.
  • Extrahera alla filer till din Destop.
  • En mapp som heter SmitfraudFix kommer att skapas på skrivbordet.
  • Öppna SmitfraudFix mappen och dubbelklicka på smitfraudfix.cmd
  • Välj alternativ # 1 - Sök genom att skriva 1 och tryck Ange
    • Programmet kommer att skanna stora mängder filer på din dator för kända mönster, så ha tålamod medan det fungerar.
    • När det är gjort, resultatet av sökningen visas och det kommer att skapa en logga som heter rapport.txt
      • Detta ligger i roten på din hårddisk, t.ex.: Lokal disk C: eller partitionen där operativsystemet är installerat.
    • Bifoga att logga in din nästa replik.
  • Obs! Process.exe (Som används av SmitFraudFIx) upptäcks av vissa antivirusprogram (AntiVir, Dr.Web, Kaspersky) som en "RiskTool"; Det är inte ett virus, Men ett program som används för att stoppa systemet processer. Antivirus-program kan inte skilja mellan "bra" och "skadlig" användning av sådana program, därför kan de varna användaren.
----------

Ladda ner Combofix av följande från en av nedanstående länkar.
(Prova alla tre vid behov)Viktigt! Combofix.exe MÅSTE sparas och sprang från Desktop.
  • Stäng alla öppna webbläsare. (Firefox, Internet Explorer, etc.) innan du startar Combofix.
  • Viktigt! Tillfälligt inaktivera din antivirus, script blockerande och alla AntiSpyware realtid skydd innan utför en genomsökning.
    • Klicka denna länk vill se en lista över säkerhetsprogram som bör funktionshindrade och hur man kan inaktivera dem.
    • Om du inte finns med och du vet inte hur man kan stänga av den, vänd.
  • Varning! Combofix kopplar bort datorn från internet. Anslutningen automatiskt återställas innan Combofix slutför loppet.
  • Dubbelklicka combofix.exe & följ anvisningarna.
    • Från tangentbordet väljer 1 och tryck Ange
  • När du är klar kommer det fram en logga åt dig.
  • Post att logga in din nästa replik.
Varning! Don't mouseclick combofix fönster medan det körs. Det kan orsaka att stanna
  • Om Combofix körs i svårigheter och slutar i förtid, anslutningen kan manuellt återställas genom att starta om datorn.
  • Viktigt: Tänk på att åter aktivera ditt antivirus-och antispionprogram innan återknyta till Internet.
----------

Nästa post
Smitfraudfix log
Combofix log
__________________
  #9  
Old 5 februari 2008, 15:43
New Member Group
  
Default Smitfraud Virus

SmitFraudFix v2.281
Scan upprättat i 22:40:52.84, 05/02/2008
Kör från C: \ Documents and Settings \ Ryan Glenn \ Desktop \ SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Filsystemet är NTFS
Fix kör i normalläge
»»»»»»»»»»»»»»»»»»»»»»»» Process
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» Hosts

»»»»»»»»»»»»»»»»»»»»»»»» C: \

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ Web

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system32

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn \ Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ FAVORI ~ 1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Skadad nycklar

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
! Attention, följande knappar inte oundvikligen smittade!
IEDFix.exe med S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
! Attention, följande knappar inte oundvikligen smittade!
VACFix
Poäng: Malware Analysis & Diagnostic
Code: S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
! Attention, följande knappar inte oundvikligen smittade!
SrchSTS.exe med S! Ri
Search SharedTaskScheduler's. Dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
! Attention, följande knappar inte oundvikligen smittade!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
! Attention, följande knappar inte oundvikligen smittade!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"System" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP / SLIP) Interface
DNS Server Search Order: 212.139.132.8
DNS Server Search Order: 212.139.132.9
HKLM \ SYSTEM \ CCS \ Services \ Tcpip \ .. \ (EB470484-f000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS1 \ Services \ Tcpip \ .. \ (EB470484-f000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS3 \ Services \ Tcpip \ .. \ (EB470484-f000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37

»»»»»»»»»»»»»»»»»»»»»»»» Scanning för wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End




ComboFix 08-02.05.3 - Ryan Glenn 2008-02-05 22:31:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT 0:00]
Running from: C: \ Documents and Settings \ Ryan Glenn \ Desktop \ ComboFix.exe
VARNING-Den här maskinen har inte Återställningskonsolen INSTALLERADE!
.
((((((((((((((((((((((((((((((((((((((( Andra Strykningar ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr0.dat
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr1.dat
C: \ Temp \ tn3
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ WINDOWS \ system32 \ install.exe
----- BITS: Possible smittade områden -----
hxxp: / / www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers / Services )))))))) )))))))))))))))))))))))))))))))))))))))))
.
------- \ LEGACY_RMCASTT
------- \ rmcastt

((((((((((((((((((((((((( Files Created from 2008/01/05 till 2008/02/05 ))))))))))) ))))))))))))))))))))
.
2008-02-05 22:22. 2008-02-05 22:23 <KAT> d -------- C: \ ComboFix [1]
2008-02-05 21:02. 2004-08-04 05:00 388.608 - a ------ C: \ kmd.exe
2008-02-05 20:11. 2008-02-05 20:11 <KAT> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-02-05 20:11. 2008-02-05 20:11 <KAT> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Malwarebytes
2008-02-05 20:11. 2008-02-05 20:11 <KAT> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-02-05 19:05. 2008-02-05 19:05 <KAT> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Uniblue
2008-02-05 18:50. 2008-02-05 18:50 444 - a ------ C: \ WINDOWS \ system32 \ d3d8caps.dat
2008-02-05 18:21. 2008-02-05 18:21 <KAT> d -------- C: \ Documents and Settings \ Administratör \ Application Data \ Grisoft
2008-02-05 18:00. 2008-02-05 18:00 <KAT> d -------- C: \ Program Files \ RogueRemover GRATIS
2008-02-05 17:57. 2007-09-05 23:22 289.144 - a ------ C: \ WINDOWS \ system32 \ VCCLSID.exe
2008-02-05 17:57. 2006-04-27 16:49 288.417 - a ------ C: \ WINDOWS \ system32 \ SrchSTS.exe
2008-02-05 17:57. 2008-02-05 00:23 85.504 - a ------ C: \ WINDOWS \ system32 \ VACFix.exe
2008-02-05 17:57. 2008-01-27 14:37 81.920 - a ------ C: \ WINDOWS \ system32 \ IEDFix.exe
2008-02-05 17:57. 2003-06-05 20:13 53.248 - a ------ C: \ WINDOWS \ system32 \ Process.exe
2008-02-05 17:57. 2004-07-31 17:50 51.200 - a ------ C: \ WINDOWS \ system32 \ dumphive.exe
2008-02-05 17:57. 2007-10-03 23:36 25.600 - a ------ C: \ WINDOWS \ system32 \ WS2Fix.exe
2008-02-04 19:47. 2008-02-04 19:47 <KAT> d -------- C: \ WINDOWS \ MaxSecureBackup
2008-02-04 19:46. 2008-02-04 19:57 <KAT> d -------- C: \ Program Files \ Max Registry Cleaner
2008-02-04 19:46. 2007-05-24 16:57 143.360 - a ------ C: \ WINDOWS \ system32 \ GetHardDiskNo.dll
2008-02-04 19:46. 2008-02-04 19:46 63 - a ------ C: \ WINDOWS \ SYSTEM \ SYSRegC.dll
2008-02-02 13:49. 2008-02-02 13:49 <KAT> d -------- C: \ Program Files \ Panicware
2008-02-01 20:22. 2008-02-05 22:17 3.352 - a ------ C: \ WINDOWS \ system32 \ tmp.reg
2008-02-01 19:32. 2008-02-01 19:32 <KAT> d -------- C: \ Documents and Settings \ Administratör \ Application Data \ SUPERAntiSpyware.com
2008-02-01 18:42. 2008-02-05 19:56 <KAT> d -------- C: \ Program Files \ HJT
2008-02-01 18:39. 2008-02-01 18:39 <KAT> d -------- C: \ Program Files \ FileASSASSIN
2008-02-01 18:31. 2008-02-01 18:31 100 - a ------ C: \ WINDOWS \ system32 \ ikhcore.cfg
2008-02-01 18:21. 2005-09-23 07:29 626.688 - a ------ C: \ WINDOWS \ system32 \ Msvcr80.dll
2008-01-31 20:28. 2008-01-31 20:28 <KAT> d -------- C: \ VundoFix Backups
2008-01-31 19:34. 2008-02-05 22:26 <KAT> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-31 19:34. 2008-02-02 00:55 <KAT> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SUPERAntiSpyware.com
2008-01-31 19:34. 2008-01-31 19:34 <KAT> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-29 22:28. 2008-01-29 22:28 <KAT> d -------- C: \ Program Files \ Common Files \ Download Manager
2008-01-29 22:08. 2008-02-01 18:49 <KAT> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-01-29 21:15. 2008-02-03 17:03 <KAT> d -------- C: \ Program Files \ SpywareBlaster
2008-01-23 18:08. 2008-01-23 18:08 <KAT> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SuperAdBlocker.com
2008-01-22 18:39. 2008-01-22 18:39 <KAT> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Grisoft
2008-01-22 18:39. 2007-05-30 12:10 10.872 - a ------ C: \ WINDOWS \ system32 \ drivers \ AvgAsCln.sys
2008-01-22 18:18. 2008-01-22 18:18 <KAT> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2008-01-22 18:15. 2008-02-05 21:48 <KAT> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AVG7
2008-01-22 18:15. 2008-01-22 18:15 110.592 - a ------ C: \ WINDOWS \ system32 \ avgfwafu.dll
2008-01-22 17:56. 2008-02-03 08:41 <KAT> d -------- C: \ Documents and Settings \ All Users \ Application Data \ AVG7
2008-01-21 21:10. 2008-01-22 18:14 <KAT> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008-01-20 16:33. 2008-01-20 16:33 <KAT> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ErrorSmart
2008-01-19 10:09. 2008-01-19 10:09 <KAT> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab Setup Files
2008-01-12 11:46. 2008-01-12 11:46 <KAT> d -------- C: \ Program Files \ Common Files \ xing delade
2008-01-12 10:17. 2008-02-02 00:54 <KAT> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-10 19:54. 2008-01-12 10:18 <KAT> d -------- C: \ Program Files \ Lavasoft
2008-01-10 19:38. 2008-01-10 19:38 <KAT> d -------- C: \ Program Files \ AVI Codec Pack
2008-01-10 18:51. 2005-04-05 14:18 135.168 - a ------ C: \ WINDOWS \ system32 \ igfxres.dll
2008-01-09 19:20. 2008-01-09 19:20 <KAT> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Yahoo!
2008-01-09 18:03. 2008-01-09 18:03 <KAT> d - h ----- C: \ WINDOWS \ PIF
2008-01-09 17:52. 2008-01-10 17:51 <KAT> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ dvdcss
2008-01-08 18:20. 2007-03-05 05:00 421.888 - a ------ C: \ WINDOWS \ system32 \ lxcedrs.dll
2008-01-08 18:20. 2007-01-30 10:22 413.696 - a ------ C: \ WINDOWS \ system32 \ lxceinpa.dll
2008-01-08 18:20. 2007-01-30 10:35 397.312 - a ------ C: \ WINDOWS \ system32 \ lxceiesc.dll
2008-01-08 18:20. 2007-02-22 18:32 344.064 - a ------ C: \ WINDOWS \ system32 \ lxcecoin.dll
2008-01-08 18:20. 2006-10-03 23:21 330.030 - a ------ C: \ WINDOWS \ system32 \ lxcehelp.chm
2008-01-08 18:20. 2007-01-30 10:18 323.584 - a ------ C: \ WINDOWS \ system32 \ lxcehcp.dll
2008-01-08 18:20. 2007-01-30 10:35 274.432 - a ------ C: \ WINDOWS \ system32 \ lxceinst.dll
2008-01-08 18:20. 2005-02-24 17:23 61.440 - a ------ C: \ WINDOWS \ system32 \ lxcecnv4.dll
2008-01-07 20:59. 2008-01-07 20:59 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2008-01-06 20:31. 2008-01-06 20:31 <KAT> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ InstallShield
2008-01-06 20:18. 2008-01-06 20:35 <KAT> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ VersionTracker Pro
2008-01-05 16:23. 2008-01-05 16:23 <KAT> d -------- C: \ Program Files \ Windows Media Connect 2
2008-01-05 16:23. 2006-10-04 14:06 1.197.294 --------- C: \ WINDOWS \ system32 \ dllcache \ Sysmain.sdb
2008-01-05 16:23. 2006-10-04 14:06 764.868 --------- C: \ WINDOWS \ system32 \ dllcache \ apph_sp.sdb
2008-01-05 16:23. 2006-10-04 14:06 217.118 --------- C: \ WINDOWS \ system32 \ dllcache \ apphelp.sdb
2008-01-05 16:19. 2008-01-05 16:21 <KAT> d -------- C: \ WINDOWS \ system32 \ drivers \ UMDF
2008-01-05 15:19. 2008-01-05 15:19 <KAT> d -------- C: \ swsetup
2008-01-05 15:09. 2008-01-05 15:08 23.600 - a ------ C: \ WINDOWS \ system32 \ drivers \ TVICHW32.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 23:25 --------- d ----- w C: \ Program Files \ Google
2008-01-31 10:50 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Vso
2008-01-24 17:31 --------- d ----- w C: \ Program Files \ Lx_cats
2008-01-18 19:58 --------- d ----- w C: \ Program Files \ DivX
2008-01-18 19:57 --------- d ----- w C: \ Program \ Java
2008-01-18 19:56 --------- d ----- w C: \ Program Files \ Real
2008-01-12 11:45 --------- d ----- w C: \ Program Files \ Common Files \ Real
2008-01-12 10:26 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008-01-12 10:18 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Lavasoft
2008-01-09 19:24 --------- d ----- w C: \ Program Files \ Yahoo!
2008-01-08 18:20 --------- d ----- w C: \ Program Files \ Lexmark 4300 Series
2008-01-07 21:55 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AdobeUM
2008-01-04 20:45 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2008-01-04 19:57 --------- d ----- w C: \ Program Files \ Analog Devices
2008-01-04 19:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ PC Drivers HeadQuarters
2008-01-04 18:08 --------- d ----- w C: \ Program Files \ Gabest
2008-01-04 18:08 --------- d ----- w C: \ Program Files \ CyberLink
2008-01-02 23:18 --------- d ----- w C: \ Program Files \ Ahead
2008-01-02 23:14 --------- d ----- w C: \ Program Files \ Common Files \ Ahead
2007-12-29 14:16 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ DivX
2007-12-22 11:48 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ vsosdk
2007-12-21 16:06 47.360 ---- aw C: \ WINDOWS \ system32 \ drivers \ pcouffin.sys
2007-12-21 16:06 47.360 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Application Data \ pcouffin.sys
2007-12-21 16:06 --------- d ----- w C: \ Program Files \ VSO
2007-12-11 20:36 --------- d ----- w C: \ Program Files \ Virtual Dub
2007-12-10 20:22 --------- d ----- w C: \ Program Files \ plugins
2007-12-10 20:22 --------- d ----- w C: \ Program Files \ aviproxy
2007-12-10 19:47 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Pegasys Inc
2007-12-10 19:39 33.408 ---- aw C: \ WINDOWS \ system32 \ drivers \ CDRBSDRV.SYS
2007-12-06 01:47 --------- d ----- w C: \ Program Files \ MSN Messenger
2007-05-20 11:28 31.528 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Application Data \ GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Not * tomma poster & legit default poster visas inte
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"DellSupport" = "C: \ Program Files \ Dell Support \ DSAgnt.exe" [2004-07-19 07:51 306688]
"MsnMsgr" = "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"updateMgr" = "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"Uniblue RegistryBooster 2" = "C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe" []
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Persistence" = "C: \ WINDOWS \ system32 \ igfxpers.ex e" [2005-04-05 19:23 114688]
"ISUSScheduler" = "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe" [2004-07-27 16:50 81920]
"IgfxTray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2005-04-05 14:22 94208]
"HotKeysCmds" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2005-04-05 19:19 77824]
"LXCECATS" = "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 05:17 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2005-08-02 17:45 192512]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2005-07-26 12:17 94208]
"FaxCenterServer" = "C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe" [2005-07-12 09:36 299008]
"SpeedTouch USB Diagnostics" = "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" [2004-01-26 11:38 866816]
"PWRISOVM.EXE" = "C: \ Program Files \ PowerISO \ PWRISOVM.EXE" [2007-01-20 07:09 200704]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001-07-09 11:50 155648]
"SunJavaUpdateSched" = "C: \ Program \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-01-22 18:14 579072]
"! AVG Anti-Spyware" = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-01-22 18:14 219136]
C: \ Documents and Settings \ All Users \ Start-meny \ Program \ Autostart \
Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C: \ Program \ Microsoft Office \ Office10 \ OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ System]
"DisableRegistryTools" = 0 (0x0)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmäla \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ securityproviders]
SecurityProviders msapsspc.dll, Schannel.dll, Digest.dll, msnsspc.dll,
S1 SABKUTIL; SABKUTIL, C: \ Program Files \ SuperAdBlocker.com \ Super Ad Blocker \ SABKUTIL.sys []
.
Innehållet i "Schemalagda aktiviteter" mapp
"2008-02-05 21:51:05 C: \ WINDOWS \ Tasks \ Kontrollera uppdateringar för Windows Live Toolbar.job"
- C: \ Program Files \ Windows Live Toolbar \ MSNTBUP.EXE
"2008-02-05 03:30:00 C: \ WINDOWS \ Tasks \ ErrorSmart Schemalagda Scan.job"
- C: \ Program Files \ ErrorSmart \ ErrorSmart.ex
- C: \ Program Files \ ErrorSmart
.
************************************************** ************************
CatchMe 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector av Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 22:35:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning dolda processer ...
scanning dold autostart poster ...
scanning dolda filer ...
scan completed successfully
dolda filer: 0
************************************************** ************************
.
------------------------ Andra pågående processer ----------------------- --
.
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ LOCALS ~ 1 \ Temp \ SSUPDATE.EXE
.
************************************************** ************************
.
Completion time: 2008-02-05 22:38:02 - maskinen rebooted [Ryan Glenn]
ComboFix-quarantined-files.txt 2008-02-05 22:37:46
.
2008-01-06 03:02:26 --- EOF ---
  #10  
Old 5 februari 2008, 15:55
Moderator-gruppen
  
Default Smitfraud Virus

Kör CCleaner.

Lägga upp en ny HijackThis-logg.

Hade ComboFix hjälp?
__________________
Reply
Sida 1 av 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Kontakt -- Integritetspolicy -- Sitemap -- Toppen

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO av vBSEO © 2009, sökningen, Inc.