/ Forside/ Teknologi / Internet / Sikkerhed / Spørgsmål
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
MEGA led HiJack !!!
Fra : molokyle
Vist : 1093 gange
350 point
Dato : 20-10-07 16:55

ØV, ØV ..og 3 gange ØV !!!
Jeg har 'reddet' mig en MEGA led HiJack som sætter Google ind som startside
Den forhindre mig i at køre 'Joblisten' med en meddelelse om;
at funktionen er spærret af administrator !!!

ActiveX tilladelser er totalt 'fucked' op !

Med jævne mellemrum dukker en dialogbox op:
Citat
[Windows Security Alert]

Warning! Potential Spyware Operation!

Your computor is making unathorized copies of your system and
Internet files. Run full scan to prevent any unathorized access
to your files. Click YES to download spyware remover...

[Ja] [Nej]


Gu' vil jeg røv...

Det er en trojaner: Trojan.Qhost.my

..som hverken Superantispyware, AVG eller Ewido kan fjerne !!!
..ej heller vil Superantispyware og SpywareBlaster forhindre den i, at skifte startside

Den ligger i : C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts biblioteket.

Skidtet er kommet via en JAVA 'ting' som jeg uforvarende 'kom til' at klikke [Ja] til ..noget med en autorisation som så ud til at komme fra Sun !

Intallerede sig vha. (3) ... Simple...???...AL fil/-er

Hva' nu ???

HJÆLP !

</MOLOKYLE>

 
 
Kommentar
Fra : arlet


Dato : 20-10-07 16:58

Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind

derudover skal du hente:
Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.


Jeg er først på igen i aften, så hvis stl_s eller en anden kommer forbi, så kan de bare hjælpe videre..

Kommentar
Fra : the1best


Dato : 20-10-07 17:18

Ikke godt det der molokyle, håber da du får den fikset.

the1best


Kommentar
Fra : molokyle


Dato : 20-10-07 17:31

arlet ->

SuperAntiSpyware log ...fra tidligere scanning idag:
Citat
SUPERAntiSpyware Scan Log
Generated 10/20/2007 at 04:08 PM

Application Version : 3.5.1016

Core Rules Database Version : 3328
Trace Rules Database Version: 1329

Scan type : Complete Scan
Total Scan Time : 01:10:27

Memory items scanned : 173
Memory threats detected : 0
Registry items scanned : 4919
Registry threats detected : 2
File items scanned : 31988
File threats detected : 0

Trojan.Net-AVP/AVT
   HKLM\Software\Microsoft\Windows\CurrentVersion\Run#WinAVX [ C:\WINDOWS\system32\WinAvXX.exe ]
   HKU\S-1-5-21-1844237615-813497703-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Run#WinAVX [ C:\WINDOWS\system32\WinAvXX.exe ]


Kører lige Combofix...

the1best -> Kryds fingre...

Alt er KAOS her i butikken ...ikke engang animerede GIF'er virker ..og der spørges konstant efter div. ActiveX og andre 'services' ..selv hér på kandu.dk

</MOLOKYLE>


Kommentar
Fra : IPM


Dato : 20-10-07 17:46
Kommentar
Fra : molokyle


Dato : 20-10-07 18:00

Her er mine underbukser hængt til tørre:
Citat
ComboFix 07-10-17.8@ - Molo 2007-10-20 17:47:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.242 [GMT 2:00]
Running from: C:\Documents and Settings\Henrik Motensen\Skrivebord\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\autorun.exe
C:\Documents and Settings\Henrik Motensen\Menuen Start\Programmer\Start\system.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP


((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.

2007-10-20 17:44   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-20 12:54   <DIR>   d--------   C:\Programmer\SUPERAntiSpyware
2007-10-20 10:02   15,155   --a------   C:\WINDOWS\rofs115.exe
2007-10-20 09:44   15,155   --a------   C:\WINDOWS\rofs175.exe
2007-10-20 09:43   15,155   --a------   C:\WINDOWS\rofs163.exe
2007-10-20 09:43   15,155   --a------   C:\WINDOWS\rofs137.exe
2007-10-20 08:12   15,155   --a------   C:\WINDOWS\rofs162.exe
2007-10-20 08:12   7,432   --a------   C:\WINDOWS\xlavra3.exe
2007-09-20 05:21   4,382,752   --ahs----   C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-09-20 05:17   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\MailFrontier

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 15:54   54,476   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-20 10:54   ---------   d-----w   C:\Programmer\Fælles filer\Wise Installation Wizard
2007-10-20 10:54   ---------   d-----w   C:\Documents and Settings\Henrik Motensen\Application Data\SUPERAntiSpyware.com
2007-10-20 07:45   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-20 07:43   ---------   d-----w   C:\Programmer\SpywareBlaster
2007-10-04 19:50   ---------   d-----w   C:\Programmer\Java
2007-09-14 15:13   ---------   d-----w   C:\Programmer\Apple Software Update
2007-09-06 16:19   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-06 15:54   ---------   d-----w   C:\Programmer\Fælles filer\Apple
2007-09-06 15:54   ---------   d-----r   C:\Programmer\Fælles filer
2007-09-06 14:14   75,248   ----a-w   C:\WINDOWS\zllsputility.exe
2007-09-06 14:14   1,086,952   ----a-w   C:\WINDOWS\SYSTEM32\zpeng24.dll
2007-09-02 14:08   ---------   d-----w   C:\Programmer\Mp3Rec
2007-08-24 05:54   ---------   d-----w   C:\Programmer\Opera
2007-08-21 06:17   683,520   ----a-w   C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-20 16:39   ---------   d--h--w   C:\Programmer\InstallShield Installation Information
2007-08-20 16:16   ---------   d-----w   C:\Programmer\Infogrames Interactive
2007-07-30 17:19   92,504   -c--a-w   C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 17:19   549,720   ----a-w   C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 17:19   53,080   ----a-w   C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 17:19   43,352   ----a-w   C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 17:19   325,976   ----a-w   C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 17:19   271,224   ----a-w   C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 17:19   207,736   ----a-w   C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 17:19   203,096   ----a-w   C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 17:19   1,712,984   ----a-w   C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 17:18   33,624   ----a-w   C:\WINDOWS\SYSTEM32\wups.dll
2005-05-10 18:54   266   --sh--w   C:\Programmer\desktop.ini
2005-05-10 18:54   10,984   -c-ha-w   C:\Programmer\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-14 16:07]
"Zone Labs Client"="C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-10-20 17:26]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Post-it© Software Notes Lite.lnk - C:\Programmer\3M\PSNLite\PsnLite.exe [2003-10-09 15:08:32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL 2007-10-20 17:27 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\sulimo.dat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Pinnacle Scheduler.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Pinnacle Scheduler.lnk
backup=C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Henrik Motensen^Menuen Start^Programmer^Start^Registration-PCTV.lnk]
path=C:\Documents and Settings\Henrik Motensen\Menuen Start\Programmer\Start\Registration-PCTV.lnk
backup=C:\WINDOWS\pss\Registration-PCTV.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programmer\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"

R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 15:13:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-10-20 03:57:50 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D2D8FA16-FC69-4CB1-9A04-1FE51CD498AB}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 17:57:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-20 18:04:02 - machine was rebooted
.
   --- E O F ---


</COMBOFIX LOG>

Kommentar
Fra : molokyle


Dato : 20-10-07 18:01

IPM ->
Citat
Webstedet afviste at vise denne webside.
HTTP 403
Mest sandsynlige årsager:
Dette websted kræver, at du logger på.

Prøv at:
Gå tilbage til den forrige side.

Flere oplysninger

Fejlen (HTTP 403 - forbudt) betyder, at Internet Explorer kunne oprette forbindelse til webstedet, men programmet har ikke tilladelse til at vise websiden.

Hvis du vil have flere oplysninger om HTTP-fejl, skal du se i Hjælp.


</MOLOKYLE>

Kommentar
Fra : molokyle


Dato : 20-10-07 18:15

..og mine G-strengs Herre-trusser
Citat
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:19:34, on 20-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Programmer\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Henrik Motensen\Skrivebord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmer\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129889235747
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37610.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmer\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe

--
End of file - 6497 bytes


</HIJACKTHIS LOG>


Kommentar
Fra : molokyle


Dato : 20-10-07 18:46

Hmmm.... ser ud til at problemet 'gik væk' ..efter, at ha' kørt combofix

..og sat Internet Explorers' sikkerhedsindstillinger til standard : Mellem-Høj

</MOLOKYLE>

Kommentar
Fra : stl_s


Dato : 20-10-07 20:50

Det er IKKE væk. Gør dette:

1. Download http://siri.urz.free.fr/Fix/SmitfraudFix.exe (by S!Ri)
Eller her:
http://72.232.135.12/siri/SmitfraudFix.exe


2. Genstart i fejlsikret tilstand. Hvis du ikke ved hvordan, så kig her (Scroll ned til "Sådan får du adgang til fejlsikret tilstand") http://kimludvigsen.dk/tips-windows-fejlsikret.html


3. Dobbeltklik på SmitfraudFix, tast 2 og tryk på <enter>. Lad programmet gennemføre en rensning. Fixet genstarter muligvis computeren.


SmitfraudFix laver også en lille tekstfil (C:\rapport.txt). Kopier den her ind, sammen med en frisk HijackThis log.


Kommentar
Fra : Caine


Dato : 21-10-07 01:21

Hej

jeg vil hente en anden task manger hvis jeg var dig fx. den glimernede "Process Explorer"
http://www.microsoft.com/technet/sysinternals/utilities/processexplorer.mspx
http://download.sysinternals.com/Files/ProcessExplorer.zip

En mega fed task manager, der tillader at lukke nogle enkelte handles fx. en "træls" exe-fil du ikke kan se i MS egen task manager...

Derefter vil jeg søge på de nyeste oprettede filer og så undersøge hvilke der kunne se lidt suspekte ud der.

og så prøve at slette disse... hvid du ikke kan dette søg da efter dem i process explorer.... og luk dem der først

/Caine



Kommentar
Fra : molokyle


Dato : 21-10-07 07:43

Rapport fra SmitFraudFix i fejlsikret tilstand:
Citat
SmitFraudFix v2.240

Scan done at 6:56:13,58, 21-10-2007
Run from C:\Documents and Settings\Henrik Motensen\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{481F7913-DA7C-4628-813C-773C93836916}: DhcpNameServer=193.162.159.194 193.162.145.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{481F7913-DA7C-4628-813C-773C93836916}: DhcpNameServer=193.162.159.194 193.162.145.130
HKLM\SYSTEM\CS2\Services\Tcpip\..\{481F7913-DA7C-4628-813C-773C93836916}: DhcpNameServer=193.162.159.194 193.162.145.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.162.159.194 193.162.145.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.162.159.194 193.162.145.130
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=193.162.159.194 193.162.145.130


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


..og fra HiJackThis i normal tilstand:
Citat
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 07:46:41, on 21-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\3M\PSNLite\PsnLite.exe
C:\Programmer\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\Documents and Settings\Henrik Motensen\Skrivebord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmer\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129889235747
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37610.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmer\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe

--
End of file - 5897 bytes


</MOLOKYLE>

Kommentar
Fra : arlet


Dato : 21-10-07 10:09

Hej Molokyle.

Så er jeg tilbage.. Kan jeg også få en ny combofix log, så vi kan få de evt sidste rester væk..

Kommentar
Fra : molokyle


Dato : 21-10-07 14:40

arlet -> Yes 'deer' ...of course ..my little dove ... ( Citat: W.C. Fields )

Here U R :

Citat
ComboFix 07-10-17.8@ - Molo 2007-10-21 14:05:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.248 [GMT 2:00]
Running from: C:\Documents and Settings\Henrik Motensen\Skrivebord\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.

2007-10-21 06:37   1,954   --a------   C:\WINDOWS\SYSTEM32\tmp.reg
2007-10-20 17:44   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-20 12:54   <DIR>   d--------   C:\Programmer\SUPERAntiSpyware
2007-10-20 10:02   15,155   --a------   C:\WINDOWS\rofs115.exe
2007-10-20 09:44   15,155   --a------   C:\WINDOWS\rofs175.exe
2007-10-20 09:43   15,155   --a------   C:\WINDOWS\rofs163.exe
2007-10-20 09:43   15,155   --a------   C:\WINDOWS\rofs137.exe
2007-10-20 08:12   15,155   --a------   C:\WINDOWS\rofs162.exe
2007-10-20 08:12   7,432   --a------   C:\WINDOWS\xlavra3.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 12:11   4,712,480   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-21 06:50   58,100   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-20 10:54   ---------   d-----w   C:\Programmer\Fælles filer\Wise Installation Wizard
2007-10-20 10:54   ---------   d-----w   C:\Documents and Settings\Henrik Motensen\Application Data\SUPERAntiSpyware.com
2007-10-20 07:45   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-20 07:43   ---------   d-----w   C:\Programmer\SpywareBlaster
2007-10-04 19:50   ---------   d-----w   C:\Programmer\Java
2007-09-20 03:17   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-14 15:13   ---------   d-----w   C:\Programmer\Apple Software Update
2007-09-06 16:19   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-06 15:54   ---------   d-----w   C:\Programmer\Fælles filer\Apple
2007-09-06 15:54   ---------   d-----r   C:\Programmer\Fælles filer
2007-09-06 14:14   75,248   ----a-w   C:\WINDOWS\zllsputility.exe
2007-09-06 14:14   1,086,952   ----a-w   C:\WINDOWS\SYSTEM32\zpeng24.dll
2007-09-02 14:08   ---------   d-----w   C:\Programmer\Mp3Rec
2007-08-24 05:54   ---------   d-----w   C:\Programmer\Opera
2007-08-21 06:17   683,520   ----a-w   C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-07-30 17:19   92,504   -c--a-w   C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 17:19   549,720   ----a-w   C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 17:19   53,080   ----a-w   C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 17:19   43,352   ----a-w   C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 17:19   325,976   ----a-w   C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 17:19   271,224   ----a-w   C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 17:19   207,736   ----a-w   C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 17:19   203,096   ----a-w   C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 17:19   1,712,984   ----a-w   C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 17:18   33,624   ----a-w   C:\WINDOWS\SYSTEM32\wups.dll
2005-05-10 18:54   266   --sh--w   C:\Programmer\desktop.ini
2005-05-10 18:54   10,984   -c-ha-w   C:\Programmer\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-14 16:07]
"Zone Labs Client"="C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Post-it© Software Notes Lite.lnk - C:\Programmer\3M\PSNLite\PsnLite.exe [2003-10-09 15:08:32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL 2007-10-20 17:27 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Pinnacle Scheduler.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Pinnacle Scheduler.lnk
backup=C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Henrik Motensen^Menuen Start^Programmer^Start^Registration-PCTV.lnk]
path=C:\Documents and Settings\Henrik Motensen\Menuen Start\Programmer\Start\Registration-PCTV.lnk
backup=C:\WINDOWS\pss\Registration-PCTV.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programmer\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"

R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 15:13:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-10-21 05:33:36 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D2D8FA16-FC69-4CB1-9A04-1FE51CD498AB}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 14:11:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-21 14:14:13
C:\ComboFix2.txt ... 2007-10-20 18:04
.
   --- E O F ---


..og jeg kan STADIG ik' se animerede GIF'er i IE7 !

I andre billedvisningsprogrammer (XnView og det 'indbyggede': Windows Billed- og faxfremviser) virker det ok.

..min skrivebords-baggrundsfarve er skiftet tilbage til Windows Classic' blå (..jeg kører også Windows layout klassisk 'skrivebordstema') i stedet for sort som jeg havde valgt før, men betyder intet.

Startsiden ændrede sig ved kørsel af føromtalte SmitFraudFix til Windows MSN's startside, men den har jeg uden problemer atter sat tilbage til about:blank

Hold da kæft en masse bøvl for såd'n et enkelt lille uopmærksomt klik

Hva' handler Trojan.Qhost.my skidtet iøvrigt om? ..og hvem står bag?

</MOLOKYLE>

Kommentar
Fra : arlet


Dato : 21-10-07 14:50

Ja, og der er stadig noget..

Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------

File::
C:\WINDOWS\rofs115.exe
C:\WINDOWS\rofs175.exe
C:\WINDOWS\rofs163.exe
C:\WINDOWS\rofs137.exe
C:\WINDOWS\rofs162.exe
C:\WINDOWS\xlavra3.exe
-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind sammen med en ny hijackthis log

Vi renser først computeren helt, så må vi kigge på de andre problemer bagefter, okay??

Kommentar
Fra : molokyle


Dato : 21-10-07 15:14

Citat
Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.


Øehh.... Combofix.exe ligge da ikke i en mappe

Den ligger på skrivebordet!

Citat
Combofix fra et af disse links, og gem den på dit skrivebord


</MOLOKYLE>

Kommentar
Fra : arlet


Dato : 21-10-07 15:22

Så læg den nye fil også på skrivebordet og træk dem over der..

Kommentar
Fra : molokyle


Dato : 21-10-07 15:44

Hø hø... Dét ku' jeg da godt selv regne ud ...altså

Præcis som dén 'flabethed' stl_s kom med tidligere:
Citat
2. Genstart i fejlsikret tilstand. Hvis du ikke ved hvordan, så kig her (Scroll ned til "Sådan får du adgang til fejlsikret tilstand") http://kimludvigsen.dk/tips-windows-fejlsikret.html




Ok. Back to basic...

ComboFix log ...MED opstart vha. CFScript.txt:
Citat
ComboFix 07-10-17.8@ - Molo 2007-10-21 15:26:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.228 [GMT 2:00]
Running from: C:\Documents and Settings\Henrik Motensen\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Henrik Motensen\Skrivebord\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\rofs115.exe
C:\WINDOWS\rofs137.exe
C:\WINDOWS\rofs162.exe
C:\WINDOWS\rofs163.exe
C:\WINDOWS\rofs175.exe
C:\WINDOWS\xlavra3.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\rofs115.exe
C:\WINDOWS\rofs137.exe
C:\WINDOWS\rofs162.exe
C:\WINDOWS\rofs163.exe
C:\WINDOWS\rofs175.exe
C:\WINDOWS\xlavra3.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.

2007-10-21 06:37   1,954   --a------   C:\WINDOWS\SYSTEM32\tmp.reg
2007-10-20 17:44   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-20 12:54   <DIR>   d--------   C:\Programmer\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 13:31   4,771,872   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-21 12:15   58,436   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-20 10:54   ---------   d-----w   C:\Programmer\Fælles filer\Wise Installation Wizard
2007-10-20 10:54   ---------   d-----w   C:\Documents and Settings\Henrik Motensen\Application Data\SUPERAntiSpyware.com
2007-10-20 07:45   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-20 07:43   ---------   d-----w   C:\Programmer\SpywareBlaster
2007-10-04 19:50   ---------   d-----w   C:\Programmer\Java
2007-09-20 03:17   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-14 15:13   ---------   d-----w   C:\Programmer\Apple Software Update
2007-09-06 16:19   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-06 15:54   ---------   d-----w   C:\Programmer\Fælles filer\Apple
2007-09-06 15:54   ---------   d-----r   C:\Programmer\Fælles filer
2007-09-06 14:14   75,248   ----a-w   C:\WINDOWS\zllsputility.exe
2007-09-06 14:14   1,086,952   ----a-w   C:\WINDOWS\SYSTEM32\zpeng24.dll
2007-09-02 14:08   ---------   d-----w   C:\Programmer\Mp3Rec
2007-08-24 05:54   ---------   d-----w   C:\Programmer\Opera
2007-08-21 06:17   683,520   ----a-w   C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-07-30 17:19   92,504   -c--a-w   C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 17:19   549,720   ----a-w   C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 17:19   53,080   ----a-w   C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 17:19   43,352   ----a-w   C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 17:19   325,976   ----a-w   C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 17:19   271,224   ----a-w   C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 17:19   207,736   ----a-w   C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 17:19   203,096   ----a-w   C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 17:19   1,712,984   ----a-w   C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 17:18   33,624   ----a-w   C:\WINDOWS\SYSTEM32\wups.dll
2005-05-10 18:54   266   --sh--w   C:\Programmer\desktop.ini
2005-05-10 18:54   10,984   -c-ha-w   C:\Programmer\folder.htt
.

((((((((((((((((((((((((((((( snapshot@2007-10-20_18.02.50.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-21 12:18:18   16,384   ----atw   C:\WINDOWS\TEMP\Perflib_Perfdata_14c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-14 16:07]
"Zone Labs Client"="C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Post-it© Software Notes Lite.lnk - C:\Programmer\3M\PSNLite\PsnLite.exe [2003-10-09 15:08:32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL 2007-10-20 17:27 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Pinnacle Scheduler.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Pinnacle Scheduler.lnk
backup=C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Henrik Motensen^Menuen Start^Programmer^Start^Registration-PCTV.lnk]
path=C:\Documents and Settings\Henrik Motensen\Menuen Start\Programmer\Start\Registration-PCTV.lnk
backup=C:\WINDOWS\pss\Registration-PCTV.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programmer\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"

R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 15:13:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-10-21 05:33:36 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D2D8FA16-FC69-4CB1-9A04-1FE51CD498AB}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 15:33:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-21 15:36:03
C:\ComboFix2.txt ... 2007-10-21 14:14
C:\ComboFix3.txt ... 2007-10-20 18:04
.
   --- E O F ---


..OG en HiJackThis log ..EFTER en obligatorisk genstart:
Citat
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:42:17, on 21-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Programmer\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Henrik Motensen\Skrivebord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmer\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129889235747
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37610.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmer\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe

--
End of file - 6115 bytes


</MOLOKYLE>

Kommentar
Fra : arlet


Dato : 21-10-07 15:51

Så ser det noget bedre ud..

Hvordan står det så til med dine problemer??

Kommentar
Fra : stl_s


Dato : 21-10-07 16:02

Citat
Præcis som dén 'flabethed' stl_s kom med tidligere:


OHOOH, fornærmet HEHE . Ja, du må også lide under mine standardvejledninger. Ingen særbehandling her .

Og nu har jeg snart sagt det så mange gange til dig. AVG SUCKS!!! Kyl det ud, og smut ind og kig på vores sikkerhedspakke, så vi ikke skal ligge og rense dig i tide og utide http://www.malwarecheck.dk/forum/viewtopic.php?t=156


Kommentar
Fra : molokyle


Dato : 21-10-07 16:10

arlet -> Tjaeh... det kører sgu meget gnidningsløst, men STADIG ingen understøttelse af animerede GIF89a i IE. De vises præcis som GIF87 ..altså 1. frame.

Noget jeg har overset?

stl_s -> Tjaeh... efter dagens morderligt 'spændende' begivenheder, så ka' det da overvejes ...måske, at kigge efter en anden sikkerheds-'ting' end AVG.

Avast evt.?



</MOLOKYLE>

Accepteret svar
Fra : arlet

Modtaget 350 point
Dato : 21-10-07 16:18

Jeg havde et meget lille håb at dit problem måske bare forsvandt, når vi rensede dig, for jeg har ikke umiddelbart noget løsning på det problem..

Måske stl_s har et løsningsforslag eller andre??

Kommentar
Fra : stl_s


Dato : 21-10-07 16:19

Avast vil være en stor forbedring, og så med ThreatFire som bagstopper.

Kommentar
Fra : stl_s


Dato : 21-10-07 16:28

Kører joblisten igen ? Ellers kør denne her http://freeweb.siol.net/razor256/downloads/InfiltrationRecoveryTool.zip

Mht til GIF osv, tror jeg det nemmeste vil være, at geninstallere IE7 http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=da


Kommentar
Fra : molokyle


Dato : 21-10-07 16:28

Det har jeg selv !

Flueben ved: 'Afspil animationer på websider' *

(* Kræver genstart af Explorer.)

..under:

Funktioner (Værktøjer ALT + u) -> Internetindstillinger -> fanen; "Avanceret"

</MOLOKYLE>

Kommentar
Fra : molokyle


Dato : 21-10-07 16:31

stl_s -> Avast vil være en stor forbedring... læste jeg som:

ALT vil være en stor forbedring

..men for gammelt venskab skyld ?

..vil jeg lade arlet få påængårnø !

</MOLOKYLE>

Godkendelse af svar
Fra : molokyle


Dato : 21-10-07 16:33

arlet - Giv lidt påængår til stl_s

..men behold bare stjernerne

</MOLOKYLE>

Kommentar
Fra : arlet


Dato : 21-10-07 16:36

Selvfølgelig...

Point til stl_s ligger her: http://www.kandu.dk/QuestionHist.aspx?qid=111328

Du har følgende muligheder
Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.
Søg
Reklame
Statistik
Spørgsmål : 177580
Tips : 31968
Nyheder : 719565
Indlæg : 6409076
Brugere : 218888

Månedens bedste
Årets bedste
Sidste års bedste