Home > Hijackthis Log > Hijackthis Log Help! "MalwareCrush 3.7" On Taskbar And In Programs

Hijackthis Log Help! "MalwareCrush 3.7" On Taskbar And In Programs

or read our Welcome Guide to learn how to use this site. If you have expertise in working with smartphones, we urge you to contact an administrator about the possibility of becoming part of the staff after we review your credentials. DO NOT use yet. Everything seemed to of come back. his comment is here

Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Please post back this log in your next reply. Once the scan is complete, click on View scan report Now, click on the Save Report as button. C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> No action taken.

A box will pop up asking you if you wish to fix the selected items. Virus Total or Jotti's scan results of the file 3. Hufig gestellte Fragen: XP | Vista Damit das Fenster nach dem Start nicht mehr kommt musst du den Haken setzten: Meldung nicht mehr anzeigen usw..

Copy and Paste that information in your next post. Edited by gort, 10 December 2009 - 03:47 PM. Visit Microsoft's windowsupdate site to download the newest version of the service pack.No firewall activity found. Fever.url C:\Documents and Settings\William Adams\Favorites\Games\Monaco Gold Casino.url C:\Documents and Settings\William Adams\Favorites\Travel\Adventure Travel.url C:\Documents and Settings\William Adams\Favorites\Travel\Air Travel.url C:\Documents and Settings\William Adams\Favorites\Travel\Business Travel.url C:\Documents and Settings\William Adams\Favorites\Travel\Discount Travel.url C:\Documents and Settings\William Adams\Favorites\Travel\Food.url

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO3 - Toolbar: Deutschland Radio Toolbar - {2069a8c8-fad1-424b-b76c-d7f33d77dc4c} - (no file)O3 - Toolbar: Advanced Searchbar - Self Protection; C:\WINDOWS\System32\drivers\aswSP.sys [2008-07-19 78416] R1 aswTdi;avast! Select the View tab. catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-01-15 16:35:17Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ...

If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll - Check if C:\Dokumente und Einstellungen\familie\Lokale Einstellungen\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken. Foren durchsuchen Zeige Themen Zeige Beitrge Stichwortsuche Erweiterte Suche Gehe zu... marco-77, Dec 31, 2007 Replies: 1 Views: 1,439 cybertech Dec 31, 2007 Locked Solved: Please Help with w32trats!inf Virus globtek, Dec 30, 2007 Replies: 10 Views: 964 cybertech Dec 31, 2007

Upload to the Mediafire link. 0petslave0 23 posts since Feb '06 17 Feb `08, 5:43PM http://www.mediafire.com/?8jmzwyjygzm Moderator ndmmxiaomayi 54,017 posts since Aug '05 18 Feb `08, 8:24PM Any other issues? Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe" O4 - HKLM\..\Run: [Verknpfung mit der High Definition Audio-Eigenschaftenseite] "C:\WINDOWS\system32\HDAudPropShortcut.exe" O4 - HKLM\..\Run: [Cmaudio] "C:\WINDOWS\system32\rundll32.exe" cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.--------------------------------------------------------------------Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report this content C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken. scanning hidden files ... ComboFix 08-01-15.4 - Compaq_Administrator 2008-01-15 16:31:55.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.127 [GMT 1:00]Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\Spywarefri\ComboFix.exe * Created a new restore point. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).

button. Nowmycomputerisinamess Belowpostedismyhijackthislogfile Hopesomeproswouldpointoutwhichoneishoulddeleteandadvice.Thanksverymuch ogfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:26:59 PM, on 2/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) C:\Dokumente und Einstellungen\familie\Lokale Einstellungen\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken. weblink a rinoceros is just a big fat, white trash, trailer park unicorn.

Du får et par gode råd om sikker surfing med på vejen: http://www.spywarefri.dk/manualer/sikkerhedspakke.htm God fornøjelse PS. Please copy this set of instructions or print it out as you will not have internet access during the fix. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n).


Seite 1 von 3 1 23 > 24.08.2008, 22:11 #1 fan Warning! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcrbjj0ej17 (Trojan.FakeAlert) -> No action taken. Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. "Potentially unwanted" does not necessarily mean the file is malware or a bad Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast!

Symptoms in a HijackThis Log: O4 - HKLM\..\Run: [MalwareCrush] C:\Program Files\MalwareCrush\MalwareCrush.exe /h O4 - HKLM\..\Run: [Winupdate Engine] C:\WINDOWS\system32\wupeng.exe O21 - SSODL: E404Helper - {68703393-3c37-4811-8b79-ee8f5e6da55c} - e404d.dll (file missing) Tools Needed for die direktantwort option erscheint bei mir nich, daher probier ich diese test postmit dem antworten button. 26.08.2008, 20:01 #11 fan Warning! Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. http://pcialliance.org/hijackthis-log/hijackthis-exe-itself-is-not-opening-cant-able-to-get-the-hijackthis-log-file.html C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.

scanning hidden autostart entries ...scanning hidden files ... Det, du skal gøre, er at sætte et flueben ud for disse filer. SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{917f93bf-6714-4e11-8982-59db2e0f88fc}"="epistylar" [HKEY_CLASSES_ROOT\CLSID\{917f93bf-6714-4e11-8982-59db2e0f88fc}\InProcServer32] @="C:\WINDOWS\system32\eeioq.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{917f93bf-6714-4e11-8982-59db2e0f88fc}\InProcServer32] @="C:\WINDOWS\system32\eeioq.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 -

Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Need help with malware/virus Started by gort , Dec 10 2009 01:39 PM Please log in to reply 13 replies to this topic #1 gort gort Members 7 posts OFFLINE regards emeraldnzl 0 #3 emeraldnzl Posted 05 September 2008 - 12:52 PM emeraldnzl GeekU Instructor GeekU Moderator 19,899 posts Hello again jaxisland,Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast!

C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken. Asynchronous Virus Monitor; C:\WINDOWS\System32\drivers\Aavmker4.sys [2008-07-19 26944] R1 aswSP;avast! Spyware detected on your computer install an antivirus or spyware remover to Vielen Dank fr deine Hilfe!!! C:\DOCUME~1\ADMINI~1\STARTM~1\VirusHeat 3.9.lnk FOUND !

scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-09-08 8:39:33ComboFix-quarantined-files.txt 2008-09-08 12:38:46ComboFix2.txt 2008-09-03 18:05:57Pre-Run: 37,671,129,088 bytes freePost-Run: 37,663,940,608 bytes free203 --- E O F --- 2008-08-14 16:56:46 Edited by jaxisland, 08 September 2008 Contact Us | About Us . a rinoceros is just a big fat, white trash, trailer park unicorn. C:\Program Files\VirusHeat 3.9\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!!

Bonus Pills!.url C:\Documents and Settings\William Adams\Favorites\View ADULT photos of REAL GIRLS!.url C:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url C:\Documents and Settings\William Adams\Favorites\Dating\Adult Gay Personals.url C:\Documents and Settings\William Adams\Favorites\Dating\Adult Personals.url Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. Please choose YES. Spyware Guard, and SuperAntiSpyware   This is very dangerous, as multiple ASs can interfere with one another and actually allow MORE infections to get through.

If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem.