Avatar billede wormheart Nybegynder
06. december 2006 - 21:32 Der er 3 kommentarer og
1 løsning

winstall på computeren

Ja, jeg er ramt af winstall og har et par log-filer.


HighjackThis:
http://peecee.dk/?id=15476

ComboFix:
Eva Rasmussen - 06-12-06 21:01:15,68    Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Eva Rasmussen\Skrivebord"

((((((((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programmer\F‘lles filer\{34D4C6D6-07DA-1030-0317-05041029002d}
C:\Programmer\F‘lles filer\{D4D4C6D6-07DA-1030-0317-05041029002d}


(((((((((((((((((((((((((((((((  Files Created from 2006-11-06 to 2006-12-06  ))))))))))))))))))))))))))))))))))


2006-12-06    19:34    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2006-12-06    19:34    <DIR>    d--------    C:\Documents and Settings\Eva Rasmussen\Application Data\SUPERAntiSpyware.com
2006-12-03    01:07    77,824    --a------    C:\WINDOWS\system32\gotgo.exe
2006-12-03    01:07    122,880    --a------    C:\WINDOWS\system32\winstall.exe
2006-11-18    15:01    <DIR>    d--------    C:\Programmer\MSXML 4.0
2006-11-18    15:01    <DIR>    d--------    C:\6c2f5cb3238b67e4196407c089
2006-11-08    00:49    <DIR>    d--------    C:\DVDVolume


((((((((((((((((((((((((((((((((((((((((((((((((  Find3M Report  )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-06 21:02    --------    d--------    C:\Programmer\F‘lles filer
2006-12-06 20:57    17408    --a------    C:\WINDOWS\system32\drivers\USBCRFT.SYS
2006-12-06 19:34    --------    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2006-12-06 19:33    --------    d--------    C:\Programmer\MSN Messenger
2006-12-06 19:33    --------    d--------    C:\Programmer\F‘lles filer\Microsoft Shared
2006-12-06 19:32    --------    d--------    C:\Programmer\AbiSuite2
2006-12-04 19:32    --------    d--------    C:\Programmer\eGames
2006-12-03 16:11    --------    d--------    C:\Documents and Settings\Eva Rasmussen\Application Data\AVG7
2006-12-03 01:15    16197928    --a------    C:\Programmer\Install_Messenger.exe
2006-12-03 01:13    --------    d--h-----    C:\Programmer\InstallShield Installation Information
2006-11-18 15:00    --------    d--------    C:\Programmer\Internet Explorer
2006-11-04 14:14    1245696    --a------    C:\WINDOWS\system32\msxml4.dll
2006-11-02 11:06    816672    --a------    C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-26 17:18    4960    --a------    C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-26 17:18    4224    --a------    C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-26 17:18    3968    --a------    C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-26 17:18    28416    --a------    C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-26 17:17    17207032    --a------    C:\Programmer\avg75free_428a818.exe
2006-10-26 17:17    --------    d---s----    C:\Documents and Settings\Eva Rasmussen\Application Data\Microsoft
2006-10-22 15:41    --------    d--------    C:\Programmer\Google
2006-10-13 13:39    142848    --a------    C:\WINDOWS\system32\nwprovau.dll
2006-10-06 13:25    98304    --a------    C:\WINDOWS\system32\CmdLineExt.dll
2006-10-06 13:20    --------    d--------    C:\Programmer\Ubisoft
2006-09-13 06:06    1084416    --a------    C:\WINDOWS\system32\msxml3.dll


((((((((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Programmer\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"NBJ"="\"C:\\Programmer\\Ahead\\Nero BackItUp\\NBJ.exe\""
"SUPERAntiSpyware"="C:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Programmer\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Dit"="Dit.exe"
"CHotkey"="zHotkey.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"LogitechVideoRepair"="C:\\Programmer\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Programmer\\Logitech\\Video\\LogiTray.exe"
"DAEMON Tools-1033"="\"C:\\Programmer\\D-Tools\\daemon.exe\"  -lang 1033"
"TkBellExe"="\"C:\\Programmer\\Fælles filer\\Real\\Update_OB\\realsched.exe\"  -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Ad-Aware"="\"C:\\Programmer\\Lavasoft\\Ad-Aware SE Professional\\Ad-Aware.exe\" +c"
"QuickTime Task"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuelle startside"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,c0,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
  00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
  00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{D4D4C6D6-07DA-1030-0317-05041029002d}"="\"C:\\Programmer\\Fælles filer\\{D4D4C6D6-07DA-1030-0317-05041029002d}\\Update.exe\" mc-110-12-0001411"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-06 21:02:56.00
C:\ComboFix.txt ... 06-12-06 21:02




SUPERAntiSpyware Scan Log
Generated 12/06/2006 at 08:55 PM

Application Version : 3.3.1020

Core Rules Database Version : 0
Trace Rules Database Version: 0

Scan type      : Complete Scan
Total Scan Time : 00:18:43

Memory items scanned      : 162
Memory threats detected  : 0
Registry items scanned    : 4762
Registry threats detected : 5
File items scanned        : 25468
File threats detected    : 0

Adware.Toolbar888
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version



Ehh... Hjælp!

MVH
Michael
Avatar billede mtj Nybegynder
06. december 2006 - 23:24 #1
lidt om filen ;)
http://www.symantec.com/security_response/writeup.jsp?docid=2006-021412-2641-99&tabid=2

og her er nortons manual om at fjerne den
http://www.symantec.com/security_response/writeup.jsp?docid=2006-021412-2641-99&tabid=3

men formoder du ikke har norton, så start med at fjerne den fra regedit og så fjern filerne manuelt :-)
Avatar billede nva Praktikant
07. december 2006 - 08:00 #2
Du kan først følge denne vejledning http://www.eksperten.dk/artikler/954
Avatar billede wormheart Nybegynder
07. december 2006 - 08:59 #3
Tak for responsen begge to.

Jeg har løst problemet ved at tygge en masse on-line vejledninger igennem. Læg et svar og del pointene! :)

MVH
Michael
Avatar billede mtj Nybegynder
07. december 2006 - 12:02 #4
Jeg er glad for at du fik det løst, :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester