Fjerning av Spyware med Hijack This

[insider]

hei har en pc her som det var endeløst med spyware på.

 

fjernet det jeg kunne med adaware (380 ting)

 

og har lastet med spybot.

 

men problemet er at jeg får ikke åpnet det i det hetatt og får ikke trykt ctr + alt + del

 

får også opp popups fra ie hele tiden

 

lastet så ned Hijack This og fikk en endeløs Logg

 

Logfile of HijackThis v1.99.1

Scan saved at 19:13:42, on 25.12.2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Programfiler\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\IME\TINTLGNT\CTSVCUDA\sense.exe

C:\WINDOWS\system32\IME\TINTLGNT\CTSVCUDA\hopmon.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\IME\TINTLGNT\CTSVCUDA\helpsvc.exe

C:\WINDOWS\system32\IME\TINTLGNT\CTSVCUDA\jobsvc.exe

C:\WINDOWS\system32\IME\TINTLGNT\CTSVCUDA\printsvc.exe

C:\WINDOWS\system32\IME\TINTLGNT\CTSVCUDA\rsrc.exe

C:\WINDOWS\system32\dllcache\inflate.exe

C:\WINDOWS\system32\IME\TINTLGNT\CTSVCUDA\webapp.exe

C:\WINDOWS\Explorer.EXE

C:\ATI-CPanel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Ahead\InCD\InCD.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\System32\bnkozcoq.exe

C:\Programfiler\winupdates\winupdates.exe

C:\WINDOWS\System32\service.exe

C:\Programfiler\winsupdater\winsupdater.exe

C:\WINDOWS\System32\winlog.exe

C:\WINDOWS\System32\elite.exe

C:\Programfiler\MsMovies\MsMovies.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\IEXPLORE.EXE

C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Opera\Opera.exe

C:\Documents and Settings\Jørgen\Lokale innstillinger\Temp\Midlertidig mappe 2 for hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [inCD] C:\Programfiler\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe

O4 - HKLM\..\Run: [Win32 USB2.0 Driver] service.exe

O4 - HKLM\..\Run: [A1B02B1D] C:\WINDOWS\System32\dtilz.exe

O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe

O4 - HKLM\..\Run: [Win32 USB2 Driver] elite.exe

O4 - HKLM\..\Run: [Microsoft IE] IEXPLORE.EXE

O4 - HKLM\..\Run: [fgd] C:\WINDOWS\fgd.exe

O4 - HKLM\..\Run: [xqfazlnz] C:\WINDOWS\System32\bnkozcoq.exe

O4 - HKLM\..\Run: [winupdates] C:\Programfiler\winupdates\winupdates.exe /auto

O4 - HKLM\..\Run: [winsupdater] C:\Programfiler\winsupdater\winsupdater.exe /auto

O4 - HKLM\..\Run: [] winlog.exe

O4 - HKLM\..\Run: [MsMovies] C:\Programfiler\MsMovies\MsMovies.exe /auto

O4 - HKLM\..\Run: [system service78] C:\WINDOWS\etb\pokapoka78.exe

O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe

O4 - HKLM\..\RunServices: [Win32 USB2.0 Driver] service.exe

O4 - HKLM\..\RunServices: [D0F15D37] C:\WINDOWS\System32\dtilz.exe

O4 - HKLM\..\RunServices: [Microsoft IE] IEXPLORE.EXE

O4 - HKLM\..\RunServices: [] winlog.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe

O4 - HKCU\..\Run: [Win32 USB2.0 Driver] service.exe

O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe

O4 - HKCU\..\Run: [Microsoft IE] IEXPLORE.EXE

O4 - HKCU\..\Run: [sOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj

O4 - HKCU\..\RunOnce: [Microsoft IE] IEXPLORE.EXE

O4 - HKCU\..\RunOnce: [Win32 USB2.0 Driver] service.exe

O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] elite.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PC-søk i Windows.lnk = C:\Programfiler\MSN Toolbar Suite\DS\02.05.0001.1119\nb-no\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/ins...ckerutility.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab

O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\irnql5551.dll

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programfiler\Ahead\InCD\InCDsrv.exe

O23 - Service: Universal Job Service (jobsvc) - Unknown owner - C:\WINDOWS\system32\IME\TINTLGNT\CTSVCUDA\sense.exe

O23 - Service: Universal Print Service (printsvcu) - Unknown owner - C:\WINDOWS\system32\IME\TINTLGNT\CTSVCUDA\hopmon.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SpywareCleanerService - Unknown owner - C:\Programfiler\Spyware Cleaner\SCService.exe (file missing)

O23 - Service: TCPSVC FTP Server (TCPSVC) - Unknown owner - C:\WINDOWS\system32\IME\TINTLGNT\CTSVCUDA\helpsvc.exe

O23 - Service: Universal Paper Service (UPSVC) - Unknown owner - C:\WINDOWS\system32\IME\TINTLGNT\CTSVCUDA\rsrc.exe

O23 - Service: Website Monitoring (WebMON) - Unknown owner - C:\WINDOWS\system32\dllcache\inflate.exe

 

 

 

 

Spørsmålet er da hva som kan fjernes her `?

[b21a]

http://hjt.iamnotageek.com/parse.php?log=148904

[berxter]

Dette er ikke bare spyware....

 

Kjør http://housecall.trendmicro.com/

 

Kjør http://vil.nai.com/vil/stinger/

 

og http://www.kaspersky.com/virusscanner

 

Last ned http://www.networktechs.com/download-77/

 

Installer, og oppdater. IKKE kjør!

 

Oppdater Spybot, adaware. IKKE kjør!

 

Restart maskina i safe mode (F8 under oppstart)

Kjør MS Antispyware, spybot og adaware i safe mode.

 

EDIT:

DU har W32.Alcra.B

og W32/Forbot-BD

og W32/SDBOT-QF

og BEAGLE -M eller BEAGLE-N

 

Så får vi se....

 

Nok en EDIT:

Har du ikke Antivirusprogram på maskina?

 

http://www.grisoft.com/doc/289/lng/us/tpl/tpl01

 

Bernt K

Endret 28. desember 2005 av berxter

[insider]

takk for svar - endte med at jeg formaterte markinen samme kvelden.