Hvordan fjerne spycrush?

[Gjest medlem-75284]

Jeg har fått spycrush og klarer ikke å fjerne det.

 

HJT-logg

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 20:20:10, on 10.06.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ASUS\Asus Probe\AsusProb.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Steam\Steam.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe

C:\Programfiler\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\VideoLAN\VLC\vlc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wpabaln.exe

C:\Documents and Settings\André L. Nicolaysen\Skrivebord\HijackThis\Test2k5.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: RAID Manager.lnk = C:\Programfiler\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: cornerer - {9ff419a8-1748-4ca7-99df-d269465b0e8b} - C:\WINDOWS\system32\iauoi.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

 

SAS-logg

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/10/2007 at 08:10 PM

 

Application Version : 3.8.1002

 

Core Rules Database Version : 3251

Trace Rules Database Version: 1262

 

Scan type : Complete Scan

Total Scan Time : 00:38:13

 

Memory items scanned : 158

Memory threats detected : 0

Registry items scanned : 3473

Registry threats detected : 1

File items scanned : 29538

File threats detected : 5

 

Trojan.Media-Codec

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Programfiler\Security Tools\imsmain.exe ]

 

Adware.MyGlobalSearchBar

C:\PROGRAMFILER\MYGLOBALSEARCH\BAR\1.BIN\MGSBAR

 

Trojan.Media-Codec/V3

C:\PROGRAMFILER\SECURITY TOOLS\IESBUNST.EXE

C:\PROGRAMFILER\SECURITY TOOLS\IESMIN.EXE

C:\PROGRAMFILER\SECURITY TOOLS\IESUNST.EXE

C:\PROGRAMFILER\SECURITY TOOLS\IMSUNST.EXE

 

Har prøvd å google problemet mitt, men jeg fant ikke noe som kunne fikse problemet mitt. Kan noen hjelpe meg?

[norbat]

Hvis mulig, avinstaller spycrush fra legg til / fjern programmer

 

Hent Smitfraudfix, legg det på skrivebordet

 

Restart i sikker modus (tapp F8 under oppstart, velg sikker modus)

 

Kjør Smitfraudfix, velg valg 2.

 

Etter restart til normal modus:

 

Post loggen: Vanligvis å finne i C:\rapport.txt.

 

Last også ned Rootchk og legg det på skrivebordet. Kjør programmet. Det vil lage en loggfil som du kan poste om den finner noe

 

Fortell så hvordan det går med spycrush'n

[Gjest medlem-75284]

Jeg brukte smitfraudFix i sikker modus og det fikset problemet! Tusen takk for hjelpen!

 

Denne tråden kan stenges.

[norbat]

Kunne vært greit og sett en ny HJT-logg