‹‹ Mærkelige ikoner i process linien     Highjackthis problem.. ››
 
 
 
spayware
    [ Ignorer ]   
  mjm
04.11.2006 14:06:18
Antal indlæg: 70

Hejsa

Hvergang jeg starter min PC, fortæller mit Avg anti-virus at der ligger en fil ved navn setup.exe i mit E drev.Og jeg flytter den hvergang til virus vault. Jeg sender lige en Hijackthis log og en report fra Avg-anti-spayware.(Evido. Jeg har prøvet at slå Systemgendannelsen fra når jeg har kørt et tjek men, den kommer op hele tiden

m.v.h
Morten

————————————————————————————-
AVG Anti-Spyware - Scan Report
————————————————————————————-

+ Created at: 11:47:46 04-11-2006

+ Scan result:

E:\System Volume Information\_restore{ACE08D54-7907-44E7-8867-52A3B933862B}\RP38\A0008161.exe -> Proxy.Horst.lc : No action taken.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 12:03:57, on 04-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\brsvc01a.exe
E:\WINDOWS\system32\brss01a.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programmer\Messenger\msmsgs.exe
E:\Programmer\Internet Explorer\iexplore.exe
E:\WINDOWS\Explorer.EXE
E:\Download\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - E:\Programmer\Fælles filer\{343406CC-07CF-1030-0418-03032703002d}\MyToolBar.dll (file missing)
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - E:\Programmer\Fælles filer\{343406CC-07CF-1030-0418-03032703002d}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [SetDefPrt] E:\Programmer\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] E:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “E:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] “E:\Programmer\Messenger\msmsgs.exe” /background
O4 - Global Startup: Status Monitor.lnk = E:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Windows; Live Search - res://E:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
O12 - Plugin for .UVR: E:\Programmer\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: http://*.tv2.dk
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159631031062
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\system32\brsvc01a.exe

 
    [ Ignorer ]   [ # 1 ]   
  Fromsej TeamSpywarefri
04.11.2006 14:37:43
Administrator
Avatar
Team Spywarefri
Antal indlæg: 55091

Prøv lige at deaktivere systemgendannelse for alle drev, genstart så og aktiver den igen efter genstarten.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.

Din Hijackthislog er ren.

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 2 ]   
  mjm
04.11.2006 22:11:12
Antal indlæg: 70

den kommer stadig med den exe fil og Avg kalder den"trojan horse.hsp”

    [ Ignorer ]   [ # 3 ]   
  mjm
04.11.2006 22:13:47
Antal indlæg: 70

desuden kommer de et billed frem henover mit skrivebord om forskellige former for parameter ved genstart. billed kaldes “instalation”

    [ Ignorer ]   [ # 4 ]   
  Resist TeamSpywarefri
04.11.2006 22:13:54
Redaktør
Avatar
Team Spywarefri
Antal indlæg: 11785

Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpywarePro1241.exe

Start programmet, klik på Check for updates. Når det er opdateret, luk programmet og genstart i fejlsikret tilstand – F8 i opstart.

Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev, der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig, så kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.

Start programmet igen, klik på Preferences, skift til fanebladet Statistics/Logs. I vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log. Den åbner i notesblok, kopier resultatet herind.

Genstart normalt. Hvordan opfører computeren sig nu?

Signatur

Med venlig hilsen
Resist TeamSpywarefri

Member of: Alliance of Security Analysis Professionals

    [ Ignorer ]   [ # 5 ]   
  mjm
05.11.2006 17:43:41
Antal indlæg: 70

her er kog du bad om

SUPERAntiSpyware Scan Log
Generated 11/05/2006 at 03:32 PM

Application Version : 3.3.1020

Core Rules Database Version : 3120
Trace Rules Database Version: 1142

Scan type     : Complete Scan
Total Scan Time : 00:31:02

Memory items scanned     : 385
Memory threats detected   : 0
Registry items scanned   : 5774
Registry threats detected : 21
File items scanned     : 32876
File threats detected   : 7

Adware.Tracking Cookie
E:\Documents and Settings\Anni Steffensen\Cookies\anni steffensen@1071214352[1].txt
E:\Documents and Settings\Anni Steffensen\Cookies\anni steffensen@1070847646[2].txt
E:\Documents and Settings\Anni Steffensen\Cookies\anni steffensen@partypoker[2].txt
E:\Documents and Settings\Anni Steffensen\Cookies\anni steffensen@1070791529[1].txt
E:\Documents and Settings\Anni Steffensen\Cookies\anni steffensen@clicksor[1].txt
E:\Documents and Settings\Anni Steffensen\Cookies\anni steffensen@1071183736[1].txt

Adware.Toolbar888
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version
HKCR\MyToolBar.MyToolBarObj
HKCR\MyToolBar.MyToolBarObj\CLSID
HKCR\MyToolBar.MyToolBarObj\CurVer
HKCR\MyToolBar.MyToolBarObj.1
HKCR\MyToolBar.MyToolBarObj.1\CLSID
HKLM\Software\Classes\MyToolBar.MyToolBarObj
HKLM\Software\Classes\MyToolBar.MyToolBarObj\CLSID
HKLM\Software\Classes\MyToolBar.MyToolBarObj\CurVer
HKLM\Software\Classes\MyToolBar.MyToolBarObj.1
HKLM\Software\Classes\MyToolBar.MyToolBarObj.1\CLSID

Trojan.Security Toolbar
E:\Documents and Settings\Anni Steffensen\Foretrukne\Antivirus Test Online.url
    [ Ignorer ]   [ # 6 ]   
  mjm
05.11.2006 17:45:03
Antal indlæg: 70

den kommer med billed “instalation”
    [ Ignorer ]   [ # 7 ]   
  Fromsej TeamSpywarefri
05.11.2006 18:14:08
Administrator
Avatar
Team Spywarefri
Antal indlæg: 55091

—Hent S!Ri’s SmitfraudFix.zip og pak det ud til dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.

—Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

—Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge “Yes”, ved at taste “y”.

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

—Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra SmitfraudFix (C:\rapport.txt).

NB: Filen “process.exe” som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som “RiskTool”. Det har dog ikke noget på sig!

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 8 ]   
  mjm
05.11.2006 18:45:51
Antal indlæg: 70

SmitFraudFix v2.119

Scan done at 16:34:14,20, 05-11-2006
Run from E:\Download\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 16:45:46, on 05-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\brsvc01a.exe
E:\WINDOWS\system32\brss01a.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programmer\Messenger\msmsgs.exe
E:\Programmer\Internet Explorer\iexplore.exe
E:\WINDOWS\Explorer.EXE
E:\Download\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SetDefPrt] E:\Programmer\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] E:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “E:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] “E:\Programmer\Messenger\msmsgs.exe” /background
O4 - Global Startup: Status Monitor.lnk = E:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
O12 - Plugin for .UVR: E:\Programmer\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: http://*.tv2.dk
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159631031062
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\system32\brsvc01a.exe

 
    [ Ignorer ]   [ # 9 ]   
  Fromsej TeamSpywarefri
05.11.2006 18:59:19
Administrator
Avatar
Team Spywarefri
Antal indlæg: 55091

Der er ikke noget at komme efter, er problemet løst?

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 10 ]   
  mjm
06.11.2006 01:10:33
Antal indlæg: 70

den trojanske hest virker til at være væk, nu er det kun det billede jeg beskrev der popper op, når jeg starter min pc.

    [ Ignorer ]   [ # 11 ]   
  Magic Emeritus
06.11.2006 07:02:56
Administrator
Avatar
Supporter Emeritus
Antal indlæg: 29613

Højreklik på Setup exe filen - egenskaber og fortæl hvor den kommer fra. Eller hvad der står på det billede

    [ Ignorer ]   [ # 12 ]   
  mjm
06.11.2006 12:02:52
Antal indlæg: 70

når jeg højre klikker på filen, står der ikke noget om hvor den kommer fra i egenskaber.

    [ Ignorer ]   [ # 13 ]   
  mjm
06.11.2006 12:26:36
Antal indlæg: 70

angående billede så står der “Installation” aller øverst og nede under komme der et i inde i en taleboble,og derefter står der “tilgængelige parameter” (/help)(/quiet)(/passiv)(/norestart)(/forecast)(/warnestart)(/propmptrestart)(/overwriteoem)(/nobackup)(/forceappaclose)(/integrate:<fuld sti>)(/d:<sti>)(/log:<fuld sti>)
og nedenunder står der /help viser denne meddelse. derefter kommer der en forklaring på hver eneste parameter.

    [ Ignorer ]   [ # 14 ]   
  Magic Emeritus
06.11.2006 14:35:03
Administrator
Avatar
Supporter Emeritus
Antal indlæg: 29613

Det ser mystisk ud [:0]

Download prøve version af Spysweeper
http://www.spywarefri.dk/downloads1.htm
Installer og opdater (check for definition/Program update)

Tryk på - options- fanen, så på - sweep - fanen, sæt den så til - custom sweep, ved - custom sweep settings, trykker du på - change settings, derefter på - what to sweep, så kan du vælge hvad der skal scannes
Sæt flueben ved nedenstående, hvis de ikke er der i forvejen:
Windows registry
Memory objekt
Cookies
Systemrestore folder
Sweep all user accounts
Enable direct disc sweeping
Sweep for rootkits

Luk programmet

Genstart til fejlsikret tilstand


Start Spysweeper

Kør så en Sweep. Når scanningen er færdig, tryk på- Quarintine Selected
Derefter- view session log. Tryk på – Save to file, gem filen på skrivebordet.

Genstart normalt.

Kopier den øverste del af Spysweeper loggen herind, til og med –
Start of Session
********

Og fortæl hvordan tingene ser ud nu
    [ Ignorer ]   [ # 15 ]   
  mjm
07.11.2006 10:30:50
Antal indlæg: 70

Det ser ud til at billede er det kommer ikke op mere.

her er loggen fra spy-sweeper

********
14:05: |    Start of Session, 6. november 2006     |
14:05: Spy Sweeper started
14:05: Sweep initiated using definitions version 795
14:05: Starting Memory Sweep
14:11: Memory Sweep Complete, Elapsed Time: 00:05:39
14:11: Starting Registry Sweep
14:11:  Found Trojan Horse: fastvideoplayer
14:11:  HKCR\interface\{9ff86c1b-7e6f-4a7f-932a-244fe7296dae}\  (8 subtraces) (ID = 126419)
14:11:  HKCR\interface\{ee7e970d-3d17-4645-8660-d7f40b917092}\  (8 subtraces) (ID = 126420)
14:11:  HKLM\software\classes\interface\{9ff86c1b-7e6f-4a7f-932a-244fe7296dae}\  (8 subtraces) (ID = 126426)
14:11:  HKLM\software\classes\interface\{ee7e970d-3d17-4645-8660-d7f40b917092}\  (8 subtraces) (ID = 126427)
14:11:  Found Adware: one2one viewer
14:11:  HKCR\interface\{ab6e26dd-d437-4e0c-8fb9-719e578e113a}\  (8 subtraces) (ID = 136349)
14:11:  HKCR\interface\{de1658ef-7963-47e6-bba3-c952798a5ad9}\  (8 subtraces) (ID = 136350)
14:11:  HKLM\software\classes\interface\{ab6e26dd-d437-4e0c-8fb9-719e578e113a}\  (8 subtraces) (ID = 136363)
14:11:  HKLM\software\classes\interface\{de1658ef-7963-47e6-bba3-c952798a5ad9}\  (8 subtraces) (ID = 136364)
14:11:  HKLM\software\classes\typelib\{a6511cdb-606e-4cb7-b1aa-113fec192aa3}\  (9 subtraces) (ID = 136367)
14:11:  HKCR\typelib\{a6511cdb-606e-4cb7-b1aa-113fec192aa3}\  (9 subtraces) (ID = 136371)
14:11:  Found Adware: maxifiles
14:11:  HKCR\mytoolbar.mytoolbarobj\  (5 subtraces) (ID = 1497797)
14:11:  HKCR\mytoolbar.mytoolbarobj.1\  (3 subtraces) (ID = 1497803)
14:11:  HKLM\software\classes\mytoolbar.mytoolbarobj\  (5 subtraces) (ID = 1498205)
14:11:  HKLM\software\classes\mytoolbar.mytoolbarobj.1\  (3 subtraces) (ID = 1498211)
14:11:  HKLM\software\microsoft\windows\currentversion\uninstall\toolbar888\  (2 subtraces) (ID = 1498367)
14:11:  HKCR\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\  (9 subtraces) (ID = 1530936)
14:11:  HKLM\software\classes\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\  (9 subtraces) (ID = 1530980)
14:11:  HKLM\software\classes\clsid\{c004dec2-2623-438e-9ca2-c9043ab28508}\  (11 subtraces) (ID = 1709983)
14:11:  HKLM\software\microsoft\internet explorer\toolbar\ || {c004dec2-2623-438e-9ca2-c9043ab28508} (ID = 1710004)
14:11:  HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{c004dec2-2623-438e-9ca2-c9043ab28508}\ (ID = 1710005)
14:11:  HKCR\clsid\{c004dec2-2623-438e-9ca2-c9043ab28508}\  (11 subtraces) (ID = 1735496)
14:11:  Found Adware: cws-aboutblank
14:11:  HKU\S-1-5-21-1482476501-562591055-839522115-1003\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
14:11:  HKU\S-1-5-21-1482476501-562591055-839522115-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
14:11:  HKU\S-1-5-21-1482476501-562591055-839522115-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
14:11:  HKU\S-1-5-21-1482476501-562591055-839522115-1003\software\microsoft\windows\currentversion\ext\stats\{c004dec2-2623-438e-9ca2-c9043ab28508}\iexplore\  (3 subtraces) (ID = 1782111)
14:11: Registry Sweep Complete, Elapsed Time:00:00:31
14:11: Starting Cookie Sweep
14:11: Cookie Sweep Complete, Elapsed Time: 00:00:00
14:11: Starting File Sweep
14:14:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\spuninst\spuninst.exe”. Adgang nægtet
14:16:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\cryptui.dll”. Adgang nægtet
14:19:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\$ntuninstallkb821253$\spuninst\spuninst.inf”. Adgang nægtet
14:19:  one2one.ocx (ID = 71505)
14:20:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\$ntuninstallkb821253$\spuninst\spuninst.exe”. Adgang nægtet
14:22:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\usbhub.sys”. Adgang nægtet
14:22:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\spuninst\spuninst.bat”. Adgang nægtet
14:25:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\spuninst\spuninst.inf”. Adgang nægtet
14:25:  services.dll (ID = 376004)
14:26:  rsag726e.dll (ID = 71511)
14:26:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\hccoin.dll”. Adgang nægtet
14:26:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\usbehci.sys”. Adgang nægtet
14:26:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\spuninst\spuninst.inf”. Adgang nægtet
14:26:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\usbuhci.sys”. Adgang nægtet
14:26:  rsag726d.dll (ID = 71510)
14:31:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\spuninst\spuninst.exe”. Adgang nægtet
14:32:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\$ntuninstallkb821253$\faultrep.dll”. Adgang nægtet
14:32:  Warning: Failed to read file “e:\windows\servicepackfiles\i386\ntio404.sys”. Datafejl (cyklisk redundanscheck)
14:32:  Warning: Failed to read file “e:\documents and settings\anni steffensen\lokale indstillinger\application data\im\runtime\skin\e2fee54a-6eb1-47c5-9027-44abeceaf3e3\from.bmp”. Datafejl (cyklisk redundanscheck)
14:32:  Warning: Failed to read file “e:\documents and settings\anni steffensen\lokale indstillinger\application data\im\runtime\skin\e2fee54a-6eb1-47c5-9027-44abeceaf3e3\getmsg.bmp”. Datafejl (cyklisk redundanscheck)
14:33:  Found Adware: instant access
14:33:  tmlpcert2005 (ID = 63918)
14:39:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\usbport.sys”. Adgang nægtet
14:40:  Warning: Failed to open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\$ntuninstallkb821253$\dwwin.exe”. Adgang nægtet
14:50:  Found System Monitor: potentially rootkit-masked files
14:50:  spuninst.exe (ID = 0)
14:50:  cryptui.dll (ID = 0)
14:50:  spuninst.inf (ID = 0)
14:50:  spuninst.exe (ID = 0)
14:50:  usbhub.sys (ID = 0)
14:50:  spuninst.bat (ID = 0)
14:50:  spuninst.inf (ID = 0)
14:50:  hccoin.dll (ID = 0)
14:50:  usbehci.sys (ID = 0)
14:50:  spuninst.inf (ID = 0)
14:50:  usbuhci.sys (ID = 0)
14:50:  spuninst.exe (ID = 0)
14:50:  faultrep.dll (ID = 0)
14:50:  usbport.sys (ID = 0)
14:50:  dwwin.exe (ID = 0)
14:50:  spuninst.bat (ID = 0)
14:50:  spuninst.bat (ID = 0)
14:50: File Sweep Complete, Elapsed Time: 00:39:05
14:50: Full Sweep has completed.  Elapsed time 00:45:16
14:50: Traces Found: 190
14:51: Removal process initiated
14:51:  Quarantining All Traces: cws-aboutblank
14:51:  Quarantining All Traces: potentially rootkit-masked files
14:51:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\$ntuninstallkb821253$\spuninst\spuninst.bat”. Cannot acces files that are encrypted, compressed or sparse
14:51:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\spuninst\spuninst.bat”. Cannot acces files that are encrypted, compressed or sparse
14:51:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\$ntuninstallkb821253$\dwwin.exe”. Cannot acces files that are encrypted, compressed or sparse
14:51:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\usbport.sys”. Cannot acces files that are encrypted, compressed or sparse
14:51:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\$ntuninstallkb821253$\faultrep.dll”. Cannot acces files that are encrypted, compressed or sparse
14:51:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\spuninst\spuninst.exe”. Cannot acces files that are encrypted, compressed or sparse
14:51:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\usbuhci.sys”. Cannot acces files that are encrypted, compressed or sparse
14:51:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\spuninst\spuninst.inf”. Cannot acces files that are encrypted, compressed or sparse
14:51:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\usbehci.sys”. Cannot acces files that are encrypted, compressed or sparse
14:52:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\hccoin.dll”. Cannot acces files that are encrypted, compressed or sparse
14:52:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\spuninst\spuninst.inf”. Cannot acces files that are encrypted, compressed or sparse
14:52:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\spuninst\spuninst.bat”. Cannot acces files that are encrypted, compressed or sparse
14:52:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\usbhub.sys”. Cannot acces files that are encrypted, compressed or sparse
14:52:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\$ntuninstallkb821253$\spuninst\spuninst.exe”. Cannot acces files that are encrypted, compressed or sparse
14:52:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\$ntuninstallkb821253$\spuninst\spuninst.inf”. Cannot acces files that are encrypted, compressed or sparse
14:52:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\cryptui.dll”. Cannot acces files that are encrypted, compressed or sparse
14:52:  Warning: QF[866]: CmprsF(): Cannot open file “e:\windows\$ntuninstallkb823559$\$ntuninstallkb823182$\$ntuninstallkb822603$\spuninst\spuninst.exe”. Cannot acces files that are encrypted, compressed or sparse
14:52:  potentially rootkit-masked files is in use.  It will be removed on reboot.
14:52:    spuninst.exe is in use.  It will be removed on reboot.
14:52:    cryptui.dll is in use.  It will be removed on reboot.
14:52:    spuninst.inf is in use.  It will be removed on reboot.
14:52:    spuninst.exe is in use.  It will be removed on reboot.
14:52:    usbhub.sys is in use.  It will be removed on reboot.
14:52:    spuninst.bat is in use.  It will be removed on reboot.
14:52:    spuninst.inf is in use.  It will be removed on reboot.
14:52:    hccoin.dll is in use.  It will be removed on reboot.
14:52:    usbehci.sys is in use.  It will be removed on reboot.
14:52:    spuninst.inf is in use.  It will be removed on reboot.
14:52:    usbuhci.sys is in use.  It will be removed on reboot.
14:52:    spuninst.exe is in use.  It will be removed on reboot.
14:52:    faultrep.dll is in use.  It will be removed on reboot.
14:52:    usbport.sys is in use.  It will be removed on reboot.
14:52:    dwwin.exe is in use.  It will be removed on reboot.
14:52:    spuninst.bat is in use.  It will be removed on reboot.
14:52:    spuninst.bat is in use.  It will be removed on reboot.
14:52:  Quarantining All Traces: fastvideoplayer
14:52:  Quarantining All Traces: maxifiles
14:52:  Quarantining All Traces: instant access
14:52:  Quarantining All Traces: one2one viewer
14:52:  Preparing to restart your computer. Please wait…
14:52: Removal process completed.  Elapsed time 00:00:56
 
‹‹ Mærkelige ikoner i process linien     Highjackthis problem.. ››
 
Om os | Kontakt os
Copyright © 2003-2010 Spywarefri - Alle rettigheder haves