/ Forside/ Teknologi / Operativsystemer / MS Windows / Spørgsmål
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
MS Windows
#NavnPoint
Klaudi 76474
o.v.n. 67550
refi 58409
tedd 45557
Manse9933 45149
molokyle 40687
miritdk 38357
briani 27239
BjarneD 26414
10  pallebhan.. 24310
virus
Fra : popo
Vist : 985 gange
100 point
Dato : 29-09-06 08:56

Hej er der nogen der har prøvet at der hele tiden popper en advarsel op, om at jeg er angrebet af en orm der heder W32.Myzor.FK@yf.Og så kommer der et et virus program frem som hedder Win Antivirus pro som man skal købe,har jeg en virus eller er det spam??

 
 
Kommentar
Fra : jkrjk2


Dato : 29-09-06 09:10

Jeg har spurgt om det samme:

http://www.kandu.dk/Spg94075.aspx
(Du skal IKKE bruge programmet)

Jeg lod Norton køre en skanning, og så forsvandt problemet.

Jeannie

Kommentar
Fra : stl_s


Dato : 29-09-06 09:40

Det er snavs af værste skuffe. Gør dette:

1. Hent og pak SmitfraudFix.zip ud til dit Skrivebord.

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.


2. Hent denne scanner http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Installer scanneren, og opdater den manuelt. OBS, ved installationen bliver det foreslået at du registrerer med din email. Det behøver du ikke at gøre.

Du skal ikke scanne endnu.


3. Genstart i fejlsikret (tast f8 flere gange under opstart), hvis du ikke kan, så kig her:

http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1


4. Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Hvis fixet genstarter computeren, så skal du bagefter starte op i fejlsikret igen, og fortsætte proceduren med SuperAntiSpyware.


5. Start SuperantiSpyware, og klik "Scan your computer". Sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scanneren fjerne det.

Genstart til normal tilstand (scanneren tilbyder måske at gøre det).


6. Åbn scanneren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden, sammen med en frisk HijackThis log. SmitfraudFix laver også en lille tekstfil (log). Kopier også denne log ind.

----------------------------------------------

Og bagefter dette:

Hent HijackThis her http://www.spywarefri.dk/downloads1/hijackthis.exe Opret en selvstændig mappe til HijackThis, kald den f,eks HJT. Kør Hijackthis, klik "Do a systemscan and save a logfile". Kopier loggen og sæt den her ind i tråden, så kigger jeg på den. Du må ikke slette noget selv med HijackThis. Jeg skal nok give dig en vejledning til hvad du skal gøre.




Kommentar
Fra : popo


Dato : 29-09-06 13:38

Logfile of HijackThis v1.99.1
Scan saved at 13:06:52, on 29-09-2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ismserv.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Boedtgervej8.net
O17 - HKLM\Software\..\Telephony: DomainName = Boedtgervej8.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Boedtgervej8.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Boedtgervej8.net
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

SUPERAntiSpyware Scan Log
Generated 09/29/2006 at 12:07 PM

Core Rules Database Version : 3094
Trace Rules Database Version: 1122

Memory threats detected : 1
Registry threats detected : 187
File threats detected : 54

Adware.Vundo Variant
   C:\WINDOWS\SYSTEM32\NNNNK.DLL
   C:\WINDOWS\SYSTEM32\NNNNK.DLL
   HKLM\Software\Classes\CLSID\{52CEA582-B00F-4366-BE95-562484C69EEB}
   HKCR\CLSID\{52CEA582-B00F-4366-BE95-562484C69EEB}
   HKCR\CLSID\{52CEA582-B00F-4366-BE95-562484C69EEB}\InprocServer32
   HKCR\CLSID\{52CEA582-B00F-4366-BE95-562484C69EEB}\InprocServer32#ThreadingModel
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52CEA582-B00F-4366-BE95-562484C69EEB}
   Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\nnnnk

Adware.Director
   [{509503AB-067C-1030-0912-01092800002d}] C:\Program Files\Common Files\{509503AB-067C-1030-0912-01092800002d}\Update.exe
   C:\Program Files\Common Files\{509503AB-067C-1030-0912-01092800002d}\Update.exe

Trojan.URLChanger-Gen
   HKLM\Software\Classes\CLSID\{1D4C7057-EAD2-44C6-AD18-9092905F28F1}
   HKCR\CLSID\{1D4C7057-EAD2-44C6-AD18-9092905F28F1}
   HKCR\CLSID\{1D4C7057-EAD2-44C6-AD18-9092905F28F1}
   HKCR\CLSID\{1D4C7057-EAD2-44C6-AD18-9092905F28F1}\InprocServer32
   HKCR\CLSID\{1D4C7057-EAD2-44C6-AD18-9092905F28F1}\InprocServer32#ThreadingModel
   HKCR\CLSID\{1D4C7057-EAD2-44C6-AD18-9092905F28F1}\ProgID
   HKCR\CLSID\{1D4C7057-EAD2-44C6-AD18-9092905F28F1}\Programmable
   HKCR\CLSID\{1D4C7057-EAD2-44C6-AD18-9092905F28F1}\TypeLib
   HKCR\CLSID\{1D4C7057-EAD2-44C6-AD18-9092905F28F1}\VersionIndependentProgID
   C:\WINDOWS\system32\authzb.dll

Browser Hijacker.BestSafetyGuide
   HKLM\Software\Classes\CLSID\{a43385f0-7113-496d-96d7-b9b550e3fcca}
   HKCR\CLSID\{a43385f0-7113-496d-96d7-b9b550e3fcca}
   HKCR\CLSID\{a43385f0-7113-496d-96d7-b9b550e3fcca}
   HKCR\CLSID\{a43385f0-7113-496d-96d7-b9b550e3fcca}\InprocServer32
   HKCR\CLSID\{a43385f0-7113-496d-96d7-b9b550e3fcca}\InprocServer32#ThreadingModel
   C:\WINDOWS\system32\ixt1.dll
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a43385f0-7113-496d-96d7-b9b550e3fcca}

Trojan.Downloader-Bot
   HKLM\Software\Classes\CLSID\{A97B5EF1-CA64-466F-AC40-F770ED52DB92}
   HKCR\CLSID\{A97B5EF1-CA64-466F-AC40-F770ED52DB92}
   HKCR\CLSID\{A97B5EF1-CA64-466F-AC40-F770ED52DB92}
   HKCR\CLSID\{A97B5EF1-CA64-466F-AC40-F770ED52DB92}\InprocServer32
   HKCR\CLSID\{A97B5EF1-CA64-466F-AC40-F770ED52DB92}\InprocServer32#ThreadingModel
   HKCR\CLSID\{A97B5EF1-CA64-466F-AC40-F770ED52DB92}\ProgID
   HKCR\CLSID\{A97B5EF1-CA64-466F-AC40-F770ED52DB92}\Programmable
   HKCR\CLSID\{A97B5EF1-CA64-466F-AC40-F770ED52DB92}\TypeLib
   HKCR\CLSID\{A97B5EF1-CA64-466F-AC40-F770ED52DB92}\VersionIndependentProgID
   C:\WINDOWS\system32\mscoriezz.dll

Unclassified.Unknown Origin
   HKLM\Software\Classes\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}
   HKCR\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}
   HKCR\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}\InprocServer32
   HKCR\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}\InprocServer32#ThreadingModel
   C:\WINDOWS\system32\dfgsxuer.dll
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}
   HKCR\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}
   C:\WINDOWS\system32\ljjgeeb.dll

Adware.Tracking Cookie
   C:\Documents and Settings\Administrator\Cookies\administrator@adsrevenue[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@partypoker[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@www.thespyguard[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@winantivirus[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@scanner[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@e2.emediate[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@amaena[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@scanner[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@dk.winantivirus[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@secure.winantivirus[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@2006[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@2006[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@securityworm5[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@www.winantivirus[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@indexstats[2].txt
   C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@dk.winantivirus[2].txt
   C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@indexstats[2].txt
   C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@secure.winantivirus[2].txt
   C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@stats1.reliablestats[2].txt
   C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@winantivirus[1].txt
   C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@www.winantivirus[1].txt

Adware.Ezula
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#OLEDB_SERVICES
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#hlOpkmnykym
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#Wvgycmd
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#qqshbWi
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#dBIxvnfgYzmC
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#byfugepv
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#Gyxgwx
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#fkocgdrk
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#vzhcgW
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\ExtendedErrors
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\ExtendedErrors\{C0932C62-38E5-11d0-97AB-00C04FC2AD98}
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\Implemented Categories
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\Implemented Categories\{D267E19A-0B97-11D2-BB1C-00C04FC9B532}
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\InprocServer32
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\InprocServer32#ThreadingModel
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\OLE DB Provider
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\ProgID
   HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\VersionIndependentProgID

Trojan.WinAntiSpyware/WinAntiVirus 2006
   HKCR\WAP6.PCheck
   HKCR\WAP6.PCheck\CLSID
   HKCR\WAP6.PCheck\CurVer
   HKCR\WAP6.PCheck.1
   HKCR\WAP6.PCheck.1\CLSID
   HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
   HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories
   HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
   HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
   HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32
   HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32#ThreadingModel
   HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\ProgID
   HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Programmable
   HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\VersionIndependentProgID
   HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
   HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0
   HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0
   HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32
   HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS
   HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR
   HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
   HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid
   HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid32
   HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib
   HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib#Version
   HKU\S-1-5-21-2524286694-2725083961-3309853347-500\Software\WinAntiVirus Pro 2006
   HKLM\SYSTEM\CurrentControlSet\Services\vspf
   HKLM\SYSTEM\CurrentControlSet\Services\vspf#Type
   HKLM\SYSTEM\CurrentControlSet\Services\vspf#Start
   HKLM\SYSTEM\CurrentControlSet\Services\vspf#ErrorControl
   HKLM\SYSTEM\CurrentControlSet\Services\vspf#Tag
   HKLM\SYSTEM\CurrentControlSet\Services\vspf#ImagePath
   HKLM\SYSTEM\CurrentControlSet\Services\vspf#DisplayName
   HKLM\SYSTEM\CurrentControlSet\Services\vspf#Group
   HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnService
   HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnGroup
   HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security
   HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security#Security
   HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
   HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Type
   HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Start
   HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ErrorControl
   HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Tag
   HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ImagePath
   HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#DisplayName
   HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Group
   HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security
   HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security#Security
   C:\WINDOWS\system32\stera.job
   C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll
   C:\Program Files\Common Files\WinAntiVirus Pro 2006
   C:\Documents and Settings\Administrator\Application Data\WinAntiVirus Pro 2006\Logs\update.log
   C:\Documents and Settings\Administrator\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
   C:\Documents and Settings\Administrator\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
   C:\Documents and Settings\Administrator\Application Data\WinAntiVirus Pro 2006\Logs
   C:\Documents and Settings\Administrator\Application Data\WinAntiVirus Pro 2006\PGE.dat
   C:\Documents and Settings\Administrator\Application Data\WinAntiVirus Pro 2006
   C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\IZ416TYP\WinAntiVirusPro2006FreeInstall[1].exe
   C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe

Trojan.Unknown Origin
   HKLM\SOFTWARE\Microsoft\MSSMGR
   HKLM\SOFTWARE\Microsoft\MSSMGR#Data
   HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
   HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
   HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
   HKLM\SOFTWARE\Microsoft\MSSMGR#LID
   HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
   HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
   HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
   HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
   HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
   HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
   HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
   C:\Program Files\Common Files\{509503AB-067C-1030-0912-01092800002d}\services.dll
   C:\WINDOWS\Q2Fyc3RlbiBQb3Vsc2Vu\kZIVwal5v21kvapPwZpR.vbs
   C:\WINDOWS\system32\ghffb7b4.dll

Adware.Toolbar888
   HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}
   HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0
   HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0
   HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS
   HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR
   HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
   HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
   HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
   HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
   HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version
   HKU\S-1-5-21-2524286694-2725083961-3309853347-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}

Trojan.Malware
   HKCR\MezziaCodec.Chl
   HKCR\MezziaCodec.Chl\CLSID

Adware.IST/ISTBar (Slotch Bar)
   HKU\S-1-5-21-2524286694-2725083961-3309853347-500\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Browser Hijacker.Deskbar
   HKCR\DBTB00001.DBTB00001
   HKCR\DBTB00001.DBTB00001\CLSID
   HKCR\DBTB00001.DBTB00001\CurVer
   HKCR\DBTB00001.DBTB00001.1
   HKCR\DBTB00001.DBTB00001.1\CLSID
   HKCR\DBTB00001.DeskBar
   HKCR\DBTB00001.DeskBar\CLSID
   HKCR\DBTB00001.DeskBar\CurVer
   HKCR\DBTB00001.DeskBar.1
   HKCR\DBTB00001.DeskBar.1\CLSID
   HKCR\DBTB00001.deskbarBHO
   HKCR\DBTB00001.deskbarBHO\CLSID
   HKCR\DBTB00001.deskbarBHO\CurVer
   HKCR\DBTB00001.deskbarBHO.1
   HKCR\DBTB00001.deskbarBHO.1\CLSID
   HKCR\DBTB00001.DeskbarEnabler
   HKCR\DBTB00001.DeskbarEnabler\CLSID
   HKCR\DBTB00001.DeskbarEnabler.1
   HKCR\DBTB00001.DeskbarEnabler.1\CLSID
   HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}
   HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\Implemented Categories
   HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
   HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
   HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\ProgID
   HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\Programmable
   HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\TypeLib
   HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\VersionIndependentProgID
   HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}
   HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\ProgID
   HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\Programmable
   HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\TypeLib
   HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\VersionIndependentProgID
   HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}
   HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}\ProgID
   HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}\VersionIndependentProgID
   HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}
   HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0
   HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0\0
   HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0\FLAGS
   HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0\HELPDIR
   HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}
   HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid
   HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid32
   HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib
   HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib#Version
   HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}
   HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid
   HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid32
   HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib
   HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib#Version
   HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}
   HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid
   HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid32
   HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib
   HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib#Version

Trojan.WindowsUpdate
   C:\Program Files\Common Files\System\EService\svchost.exe

Adware.WhenU
   C:\Program Files\DAEMON Tools\SetupDTSB.exe

Trojan.TLoad
   C:\WINDOWS\Downloaded Program Files\tload.inf

Adware.TrustInCash
   C:\WINDOWS\system32\autodiscb.dll
   C:\WINDOWS\system32\bitsprx2b.dll

Trojan.Downloader-BHO/Gen
   C:\WINDOWS\system32\cryqtdlg.dll

Adware.IEEXEC
   C:\WINDOWS\system32\dllcache\ieexec.exe

Adware.NicTech Networks
   C:\WINDOWS\system32\gpl0l33m1.dll
   C:\WINDOWS\system32\mv48l9hu1.dll

Trojan.Unknown Origin/System
   C:\WINDOWS\system32\w300be9b.dll
Hej igen her er de 2 log filer jeg ved ikke om du kan få noget ud af det.Men jeg har gjort som du skrev,troer nok det har hjulpet.

Kommentar
Fra : stl_s


Dato : 29-09-06 17:12

Det ser godt ud. Der blev muget godt ud, men der er lidt tegn på, at der godt kan ligge lidt mere som skal væk.


Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

----------------------------------------------------------

Hent denne scanner ned til skrivebordet ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Vent med at køre den.


Start op i fejlsikret tilstand (tast f8 flere gange under opstart). Hvis du ikke kan det, så se her
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1


Dobbeltklik på drweb-cureit.exe. Den vil køre en express scan, og det siger du ja til.

Når den skriver "Select object for scanning" nederst til venstre, skal du klikke på Options->Change settings.

Skift til fanebladet SCAN, og fjern fluebenet ved "Heuristic analysis".

Skift til fanebladet Actions. Under ADWARE indstiller du til DELETE. Alle andre punkter under MALWARE sættes til MOVE. Fjern fluebenet ved PROMPT ON ACTION. Klik ANVEND og OK.

Klik på de drev du vil have scannet. Der kommer en rød prik, som viser at de er valgt.

Klik på den grønne pil ovre til højre på siden, for at starte scanningen.


Når scanningen er færdig, så find mappen Dr Web som ligger på dit hoveddrev, typisk C drevet, og find CUREIT.LOG. Scroll helt ned i bunden af loggen, hvor der står SCAN PATH og SCAN STATISTICS (KUN de nederste) og kopier det her ind.


Kommentar
Fra : popo


Dato : 29-09-06 20:42

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] C:\WINDOWS\system32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\explorer.exe
[Scan path] C:\WINDOWS\System32\Wbem\wmiprvse.exe
[Scan path] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\_start.exe
[Scan path] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.exe
[Scan path] c:\program files\canon\easy-printtoolbox\bjpsmain.exe
[Scan path] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[Scan path] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
[Scan path] C:\WINDOWS\system32\CTFMON.EXE
[Scan path] c:\progra~1\grisoft\avg7\avgw.exe
[Scan path] C:\WINDOWS\system32\mmsys.cpl
[Scan path] C:\WINDOWS\system32\icmui.dll
[Scan path] C:\WINDOWS\system32\rshx32.dll
[Scan path] C:\WINDOWS\system32\docprop.dll
[Scan path] C:\WINDOWS\system32\ntshrui.dll
[Scan path] C:\WINDOWS\system32\themeui.dll
[Scan path] C:\WINDOWS\system32\deskadp.dll
[Scan path] C:\WINDOWS\system32\deskmon.dll
[Scan path] C:\WINDOWS\system32\dssec.dll
[Scan path] C:\WINDOWS\system32\SlayerXP.dll
[Scan path] C:\WINDOWS\system32\shscrap.dll
[Scan path] C:\WINDOWS\system32\diskcopy.dll
[Scan path] C:\WINDOWS\system32\ntlanui2.dll
[Scan path] C:\WINDOWS\system32\printui.dll
[Scan path] C:\WINDOWS\system32\dskquoui.dll
[Scan path] C:\WINDOWS\system32\syncui.dll
[Scan path] C:\WINDOWS\system32\fontext.dll
[Scan path] C:\WINDOWS\system32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\system32\wiashext.dll
[Scan path] C:\WINDOWS\system32\remotepg.dll
[Scan path] C:\WINDOWS\system32\mscoree.dll
[Scan path] C:\WINDOWS\system32\wshext.dll
[Scan path] C:\Program Files\Common Files\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\system32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\system32\wuaucpl.cpl
[Scan path] C:\WINDOWS\system32\shmedia.dll
[Scan path] C:\WINDOWS\system32\browseui.dll
[Scan path] C:\WINDOWS\system32\sendmail.dll
[Scan path] C:\WINDOWS\system32\occache.dll
[Scan path] C:\WINDOWS\system32\webcheck.dll
[Scan path] C:\WINDOWS\system32\appwiz.cpl
[Scan path] C:\WINDOWS\system32\shimgvw.dll
[Scan path] C:\WINDOWS\system32\netplwiz.dll
[Scan path] C:\WINDOWS\system32\zipfldr.dll
[Scan path] C:\WINDOWS\system32\extmgr.dll
[Scan path] C:\WINDOWS\system32\twext.dll
[Scan path] C:\WINDOWS\system32\msieftp.dll
[Scan path] C:\WINDOWS\system32\docprop2.dll
[Scan path] C:\WINDOWS\system32\dsquery.dll
[Scan path] C:\WINDOWS\system32\dsuiext.dll
[Scan path] C:\WINDOWS\system32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\system32\dfsshlex.dll
[Scan path] C:\WINDOWS\system32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\system32\cabview.dll
[Scan path] C:\WINDOWS\system32\vssui.dll
[Scan path] C:\Program Files\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\system32\audiodev.dll
[Scan path] C:\WINDOWS\system32\wmpshell.dll
[Scan path] C:\WINDOWS\system32\dfshim.dll
[Scan path] C:\Program Files\WinRAR\rarext.dll
[Scan path] C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[Scan path] C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
[Scan path] C:\Program Files\Grisoft\AVG7\avgse.dll
[Scan path] C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
[Scan path] C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
[Scan path] C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
[Scan path] C:\Program Files\Microsoft Office\Office12\msohev.dll
[Scan path] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
[Scan path] C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll
[Scan path] C:\WINDOWS\system32\cdfview.dll
[Scan path] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
[Scan path] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
[Scan path] C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\system32\stobject.dll
[Scan path] C:\WINDOWS\system32\crypt32.dll
[Scan path] C:\WINDOWS\system32\cryptnet.dll
[Scan path] C:\WINDOWS\system32\cscdll.dll
[Scan path] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
[Scan path] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[Scan path] C:\WINDOWS\system32\wlnotify.dll
[Scan path] C:\WINDOWS\system32\sclgntfy.dll
[Scan path] C:\WINDOWS\system32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] c:\windows\system32\svchost.exe
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\WINDOWS\System32\alg.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\amdk7.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sfmatalk.sys
[Scan path] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\audstub.sys
[Scan path] C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
[Scan path] C:\WINDOWS\System32\Drivers\avg7core.sys
[Scan path] C:\WINDOWS\System32\Drivers\avg7rsw.sys
[Scan path] C:\WINDOWS\System32\Drivers\avg7rsxp.sys
[Scan path] C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ClusDisk.sys
[Scan path] C:\WINDOWS\system32\drivers\cmaudio.sys
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\cpqarray.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\crcdisk.sys
[Scan path] C:\WINDOWS\System32\Drivers\ET251.sys
[Scan path] C:\WINDOWS\system32\Dfssvc.exe
[Scan path] C:\WINDOWS\system32\drivers\Dfs.sys
[Scan path] C:\WINDOWS\system32\tcpsvcs.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\disk.sys
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\System32\dns.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\Dot4.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\WINDOWS\System32\Drivers\dtscsi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\flpydisk.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\fltMgr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\gameenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\i8042prt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\system32\imapi.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipnat.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\System32\ismserv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\System32\llssrv.exe
[Scan path] C:\WINDOWS\system32\mnmsrvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\system32\drivers\mqac.sys
[Scan path] C:\WINDOWS\system32\mqdssvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\system32\msdtc.exe
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\mqsvc.exe
[Scan path] C:\WINDOWS\system32\mqtgsvc.exe
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mssmbios.sys
[Scan path] C:\WINDOWS\system32\drivers\MSTEE.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\NdisIP.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\NMnt.sys
[Scan path] C:\WINDOWS\system32\ntfrs.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
[Scan path] C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
[Scan path] C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[Scan path] C:\WINDOWS\system32\DRIVERS\parport.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\parvdm.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rdpdr.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\system32\locator.exe
[Scan path] C:\WINDOWS\system32\RSoPProv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\s3mt3d.sys
[Scan path] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS
[Scan path] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
[Scan path] C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
[Scan path] C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\drivers\scsiport.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\serial.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sis.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\SLIP.sys
[Scan path] C:\WINDOWS\System32\snmp.exe
[Scan path] C:\WINDOWS\System32\snmptrap.exe
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\System32\Drivers\sptd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\StreamIP.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\system32\tlntsvr.exe
[Scan path] C:\WINDOWS\System32\tssdis.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ultra.sys
[Scan path] C:\WINDOWS\system32\wdfmgr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbprint.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\usbuhci.sys
[Scan path] C:\WINDOWS\System32\vds.exe
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\viaagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\viaide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\volsnap.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\Program Files\Windows Defender\MsMpEng.exe
[Scan path] C:\WINDOWS\system32\nvsvcd.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\wlbs.sys
[Scan path] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\system32\Windows Media\Server\WMServer.exe
[Scan path] C:\WINDOWS\System32\drivers\ws2ifsl.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
[Scan path] C:\WINDOWS\system32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 260
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1482 Kb/s
Scan time: 00:00:35
-----------------------------------------------------------------------------

[Scan path] C:\
C:\Documents and Settings\Administrator\NTUSER.DAT - read error
C:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
>C:\Documents and Settings\Administrator\Desktop\CrackSearcher.exe is hacktool program Tool.CrackSearch
C:\Documents and Settings\Administrator\Desktop\BPS Spyware Remover\smitfrau\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
C:\Documents and Settings\Administrator\Desktop\BPS Spyware Remover\smitfrau\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error

Invalid path to file C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G5I7OPMZ\lor_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699&ad_type=text_image&cc=199&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_java=true
Invalid path to file C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\IZ416TYP\lor_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699&ad_type=text_image&cc=199&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_java=true
Invalid path to file C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\IZ416TYP\tml&color_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699&ad_type=text&cc=199&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_java=true
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\mso3.tmp - read error
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\mso4.tmp - read error
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{1~1.TMP - read error
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{2~1.TMP - read error
>C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\setup.exe infected with Trojan.Popuper - deleted
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 17208
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 3
Objects cured: 0
Objects deleted: 1
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1349 Kb/s
Scan time: 00:26:51
-----------------------------------------------------------------------------

Scanning interrupted by user! - viruses found
[Scan path] F:\
F:\mix games\120 games\more than 120 games cracked(popcap,alaware,GameHouse,luxor,Zuma,Chainz,Tetris,Ricochet,Equilibria,Kahuna Reef,Rocket Mania,Brick,Shooter,zib, Etc)\Bomberman vs Digger\trainer.exe is hacktool program Tool.GameCrack

[Scan path] G:\
>G:\incomming emule\Microsoft Digital Image Suite 2006 Crack and Serial.exe infected with Trojan.Popuper - deleted

[Scan path] H:\
H:\Downloads\stresscure.exe is joke program Joke.Puncher
H:\FTP\Programs\fjernsuport pc\vnc-3.3.7-x86_win32_viewer.exe is riskware program Program.RemoteAdmin
>H:\FTP\Programs\paragon\2_Paragon Partition Manager 5.0 crack.exe is dialer program Dialer.Star

[Scan path] I:\
I:\System Volume Information\_restore{975ED00A-C72E-45A7-833F-AFF8811040D1}\RP119\A0031837.exe is riskware program Program.RemoteAdmin
I:\System Volume Information\_restore{975ED00A-C72E-45A7-833F-AFF8811040D1}\RP119\A0031839.exe is riskware program Program.RemoteAdmin
I:\System Volume Information\_restore{975ED00A-C72E-45A7-833F-AFF8811040D1}\RP119\A0031878.exe infected with BackDoor.Servu.4100 - deleted
I:\System Volume Information\_restore{975ED00A-C72E-45A7-833F-AFF8811040D1}\RP119\A0033886.EXE is riskware program Program.RemoteAdmin
I:\System Volume Information\_restore{975ED00A-C72E-45A7-833F-AFF8811040D1}\RP119\A0034098.dll is adware program Adware.Surfside

[Scan path] K:\
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 71209
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 1
Dialer programs found: 1
Joke programs found: 1
Riskware programs found: 4
Hacktool programs found: 1
Objects cured: 0
Objects deleted: 2
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 459 Kb/s
Scan time: 00:56:27
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 88677
Infected objects found: 3
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 1
Dialer programs found: 1
Joke programs found: 1
Riskware programs found: 4
Hacktool programs found: 4
Objects cured: 0
Objects deleted: 3
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 751 Kb/s
Scan time: 01:23:53
=============================================================================

jeg kunne ikke kører combo.fix på server2003

Accepteret svar
Fra : stl_s

Modtaget 100 point
Dato : 29-09-06 23:24

Det er helt ok. Der burde være ryddet op nu.



Godkendelse af svar
Fra : popo


Dato : 30-09-06 07:52

Tak for svaret stl_s.Mange tak glad når nogen kan hjælpe,ser ud til at den er clean nu.

Du har følgende muligheder
Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.
Søg
Reklame
Statistik
Spørgsmål : 177578
Tips : 31968
Nyheder : 719565
Indlæg : 6409073
Brugere : 218888

Månedens bedste
Årets bedste
Sidste års bedste