smitfraud-c

Hent og dobbeltklik på smitRem.exe

http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

Det vil pakke programmet ud i mappen smitRem. vi skal anvende denne om lidt.

Åbn mappen smitRem, og dobbeltklik på RunThis.bat (Følge vejledningen)


hent også
http://www.fbeej.dk/Programmer/smitfraud1.zip

pak filen ud.. dobbelklik på den og sig ja til at gemme de nye ændringer i registry.

Download hijackthis herfra og gem det i en folder for sig selv på dit skrivebord

http://www.downloadportal.dk/viewinfo.asp?rid=1658
Eller
http://www.arlet.dk/hjt.exe

Start programmet og vælge, at udføre en scan samt gemme en log fil.
Når hijackthis er færdig med, at scanne vil den bede dig om en placering hvor du vil gemme "hijackthis" en tekst fil.
Gem den i samme folder som hijackthis. Når du har sagt okay hopper der et nyt vindue frem nemlig notepad med en masse tekst linjer. Marker alle linjerne og kopir dem herind så jeg kan kigge på dem. Du må ikke selv begynde, at fikse noget i hijackthis.

Hej Kalp

Det prøver jeg snere i aften.

Hilsen Cykleren

Logfile of HijackThis v1.99.1
Scan saved at 20:38:14, on 13-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Documents and Settings\carsten\Skrivebord\den store sikkerhedspakke\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dr.dk/tjenester/programoversigten/w3c/epg.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dr.dk/tjenester/programoversigten/w3c/epg.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Siemens SmartSync - ScheduleSync] D:\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Programmer\Surfapps.com\PopThis! Free Version\PopThis.dll (file missing)
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Programmer\Surfapps.com\PopThis! Free Version\PopThis.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134145095828
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC7E2EEB-46BA-4D90-A2F2-A73003540817}: NameServer = 62.61.130.1,62.61.131.1
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Programmer\STOPzilla!\szntsvc.exe (file missing)

brokker Spybot sig stadig?

Øhhhhh, har ikke tjekket igen, da jeg troede du skulle se på logfilen først. Men efter arbejde scanner jeg lige med Spybot igen - og sender dig et svar

Jeg har skam set på loggen og den ser fin ud:)
så derfor bliver jeg nød til, at finde ud af om de værktøjer i starten fik fjernet smitfrad og det kan vi hurtigt finde ud af hvis vi kan se hvad spybot siger:)

her er hvad spubot siger (den brokker sig stadig):
Smitfraud-C.: Bruger indstilling (Registreringsdatabaseændring, nothing done)
  HKEY_USERS\S-1-5-21-790525478-308236825-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4


--- Spybot - Search && Destroy version: 1.3  ---
2005-12-09 Includes\Cookies.sbi
2005-12-09 Includes\Dialer.sbi
2005-12-09 Includes\Hijackers.sbi
2005-12-09 Includes\Keyloggers.sbi
2005-12-09 Includes\Malware.sbi
2005-12-09 Includes\Revision.sbi
2005-12-09 Includes\Security.sbi
2005-12-09 Includes\Spybots.sbi
2005-12-09 Includes\Trojans.sbi
2005-02-17 Includes\Tracks.uti
2004-11-29 Includes\LSP.sbi
2005-12-09 Includes\PUPS.sbi

tryk start->kør og skriv "regedit"

find dette punkt

HKEY_USERS\S-1-5-21-790525478-308236825-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4


og slet det!

Jamen så er det vist klaret, Spybot sagde:
Tillykke!: Ingen "bots" fundet. ()
 


--- Spybot - Search && Destroy version: 1.3  ---
2005-12-09 Includes\Cookies.sbi
2005-12-09 Includes\Dialer.sbi
2005-12-09 Includes\Hijackers.sbi
2005-12-09 Includes\Keyloggers.sbi
2005-12-09 Includes\Malware.sbi
2005-12-09 Includes\Revision.sbi
2005-12-09 Includes\Security.sbi
2005-12-09 Includes\Spybots.sbi
2005-12-09 Includes\Trojans.sbi
2005-02-17 Includes\Tracks.uti
2004-11-29 Includes\LSP.sbi
2005-12-09 Includes\PUPS.sbi


og jeg siger mange tak for hjælpen.

Du skal selv have tak:)