Avatar billede dansekongen Nybegynder
29. august 2007 - 22:27 Der er 8 kommentarer og
1 løsning

kan ikke fjerne spyware med program

Hej eksperter, jeg får rimelig tit popups fra 888, partypoker osv og mit spyware program kan ikke fjerne det er der nogen som er flinke kigge denne log igennem, Tak :-)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Avatar billede arlet Juniormester
29. august 2007 - 22:29 #1
Vi skal have en hel hijackthis,følg denne vejledning: http://www.malwarecheck.dk/forum/viewtopic.php?t=9
Avatar billede dansekongen Nybegynder
29. august 2007 - 22:33 #2
ok prøver igen:

Logfile of HijackThis v1.99.1
Scan saved at 22:32:36, on 29-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\NoAdware5.0\NoAdware5.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MiGoi\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Avatar billede arlet Juniormester
29. august 2007 - 22:43 #3
Du skal nu til at i gang med at fixe:
Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

----------

Kør trin 1 og 2 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Genstart og ny hijackthis log sam log´ne fra SAS og Ewido
Avatar billede dansekongen Nybegynder
30. august 2007 - 07:38 #4
hej igen så er de kørt igennem
ny hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 07:36:51, on 30-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MiGoi\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Superantispyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/29/2007 at 11:57 PM

Application Version : 3.9.1008

Core Rules Database Version : 3295
Trace Rules Database Version: 1305

Scan type      : Complete Scan
Total Scan Time : 01:03:37

Memory items scanned      : 313
Memory threats detected  : 0
Registry items scanned    : 4121
Registry threats detected : 0
File items scanned        : 24084
File threats detected    : 61

Adware.Tracking Cookie
    C:\Documents and Settings\MiGoi\Cookies\migoi@fastclick[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@ad.yieldx[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@advertising[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@serving-sys[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@eas.apm.emediate[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@ads.adbrite[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@bs.serving-sys[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@adfair[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@edsa.122.2o7[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@pacificpoker[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@ad1.emediate[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@ilead.itrack[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@a2d14everteen[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@banner.fynskemedier[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@specificclick[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@ads.pointroll[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@new-pcp[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@888[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@adbrite[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@cpvfeed[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@angleinteractive.directtrack[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@track.adform[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@ads.pcper[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@ad.zanox[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@msnportal.112.2o7[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@xiti[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@ads.maxecpm[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@myadultimages[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@bizrate[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@adtech[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@empornium[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@www.burstnet[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@clicktorrent[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@3.adbrite[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@playnetwork.112.2o7[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@zedo[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@cgi-bin[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@casalemedia[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@statcounter[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@atdmt[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@cassava[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@www.burstbeacon[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@partygaming.122.2o7[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@overture[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@adserver.easyad[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@hotlog[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@tradedoubler[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@cgi-bin[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@indextools[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@ad.yieldmanager[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@valueclick[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@doubleclick[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@directtrack[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@adserver.filefront[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@tacoda[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@tribalfusion[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@mediaplex[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@adserving.cpxinteractive[2].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@partypoker[1].txt
    C:\Documents and Settings\MiGoi\Cookies\migoi@date.ventivmedia[2].txt

Trace.Known Threat Sources
    C:\Documents and Settings\MiGoi\Lokale indstillinger\Temporary Internet Files\Content.IE5\CN0N4945\index3[1].htm


Ewido-report:

__________________________________________________
ewido anti-spyware online scanner
    http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Statistik-gallup
Path: C:\Documents and Settings\MiGoi\Cookies\migoi@statistik-gallup[1].txt
Risk: Medium

Name: Backdoor.Agent.ark
Path: C:\WINDOWS\system32\oQe4B36G.exe
Risk: High

Name: Backdoor.Agent.ark
Path: C:\WINDOWS\Temp\svcipa.exe
Risk: High
Avatar billede arlet Juniormester
30. august 2007 - 07:48 #5
Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet ud for installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Register/Problemer ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.

Hjalp kuren??
Avatar billede dansekongen Nybegynder
30. august 2007 - 20:04 #6
hej igen ja jeg tror det hjalp, så point og tak for hjælp fra mig ;)
Avatar billede arlet Juniormester
30. august 2007 - 20:10 #7
Kør lige trin 5 og 6 herfra: http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Her kan du læse om vores skudsikre sikkerhedspakke: http://www.malwarecheck.dk/forum/viewtopic.php?t=156 . Hvis du har nogle spørgsmål, så spørger du bare..
Avatar billede dansekongen Nybegynder
30. august 2007 - 20:35 #8
ok tak for det, jeg er har tilmeldt og tilføjet siden får nok brug for hjælp igen
Avatar billede arlet Juniormester
30. august 2007 - 20:40 #9
Du skal være velkommen..
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester