idjut2 Skrevet 10. februar 2006 Del Skrevet 10. februar 2006 (endret) Fikk opp noen feilmeldinger i Win-XP i dag som lagde noen log-filer som la seg på skrivebordet. Har mistanke om at maskinen er infisert av spyware eller noe, så legger ut HiJackThis-loggen i håp om at noen med erfaring gidder å ta en kikk: Logfile of HijackThis v1.99.1Scan saved at 19:50:20, on 10.02.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\eMule\emule.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Trond Inge\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {B6223165-EC49-4981-DCEC-A2E3C72ABA2F} - C:\WINDOWS\system32\sdkui.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [5.tmp] C:\DOCUME~1\TRONDI~1\LOCALS~1\Temp\5.tmp.exe O4 - HKLM\..\Run: [syszo.exe] C:\WINDOWS\system32\syszo.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) Endret 10. februar 2006 av idjut2 Lenke til kommentar
idjut2 Skrevet 10. februar 2006 Forfatter Del Skrevet 10. februar 2006 Her er loggen som la seg på skrivebordet: ## An unexpected error has been detected by HotSpot Virtual Machine: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0xf93bbe10, pid=2464, tid=3168 # # Java VM: Java HotSpot Client VM (1.5.0_06-b05 mixed mode, sharing) # Problematic frame: # C 0xf93bbe10 # --------------- T H R E A D --------------- Current thread (0x02cb8838): JavaThread "CompilerThread0" daemon [_thread_in_native, id=3168] siginfo: ExceptionCode=0xc0000005, reading address 0xf93bbe10 Registers: EAX=0x00000006, EBX=0x05f6fa0c, ECX=0x00000001, EDX=0x00000001 ESP=0x05f6f90c, EBP=0x05f6f954, ESI=0x00000080, EDI=0x00000085 EIP=0xf93bbe10, EFLAGS=0x00010246 Top of Stack: (sp=0x05f6f90c) 0x05f6f90c: 000018b9 000000bd 00000007 00000005 0x05f6f91c: ffffffff 6d676d65 00000039 06bf7890 0x05f6f92c: 00000003 05f6f97c 6d677b85 00000081 0x05f6f93c: 000000f8 00000006 00000039 6d69c0a8 0x05f6f94c: 00000006 00000039 05f6f978 6d695e16 0x05f6f95c: 000018b9 000000bd 00000007 05f6f9ec 0x05f6f96c: 06bf79b8 05f6fa0c 05f6fa0c 05f6f9a4 0x05f6f97c: 6d695500 00000001 000000bd 00000007 Instructions: (pc=0xf93bbe10) 0xf93bbe00: [error occurred during error reporting, step 100, id 0xc0000005] Stack: [0x05e70000,0x05f70000), sp=0x05f6f90c, free space=1022k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) C 0xf93bbe10 V [jvm.dll+0x25e16] V [jvm.dll+0x25500] V [jvm.dll+0x236aa] V [jvm.dll+0x22964] Current CompileTask: HotSpot Client Compiler: 72 b java.io.StreamTokenizer.nextToken()I (1295 bytes) --------------- P R O C E S S --------------- Java Threads: ( => current thread ) 0x061f45b8 JavaThread "Thread-2" [_thread_blocked, id=864] 0x061ec770 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=3084] 0x061dff28 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=1032] 0x061d9718 JavaThread "AWT-Windows" daemon [_thread_in_native, id=424] 0x061d9298 JavaThread "AWT-Shutdown" [_thread_blocked, id=1732] 0x061d7ed0 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=884] 0x02ceb060 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=4028] =>0x02cb8838 JavaThread "CompilerThread0" daemon [_thread_in_native, id=3168] 0x02d03888 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2868] 0x02cd8a18 JavaThread "Finalizer" daemon [_thread_blocked, id=3488] 0x02cbdaa0 JavaThread "Reference Handler" daemon [_thread_blocked, id=2752] 0x02ccb698 JavaThread "main" [_thread_in_native, id=2940] Other Threads: 0x02d9d698 VMThread [id=2460] 0x02cfd268 WatcherThread [id=2352] VM state:not at safepoint (normal execution) VM Mutex/Monitor currently owned by a thread: None Heap def new generation total 576K, used 115K [0x20ad0000, 0x20b70000, 0x21230000) eden space 512K, 10% used [0x20ad0000, 0x20adcf78, 0x20b50000) from space 64K, 100% used [0x20b50000, 0x20b60000, 0x20b60000) to space 64K, 0% used [0x20b60000, 0x20b60000, 0x20b70000) tenured generation total 1408K, used 722K [0x21230000, 0x21390000, 0x26ad0000) the space 1408K, 51% used [0x21230000, 0x212e4b20, 0x212e4c00, 0x21390000) compacting perm gen total 8192K, used 1003K [0x26ad0000, 0x272d0000, 0x2aad0000) the space 8192K, 12% used [0x26ad0000, 0x26bcac68, 0x26bcae00, 0x272d0000) ro space 8192K, 63% used [0x2aad0000, 0x2afdb178, 0x2afdb200, 0x2b2d0000) rw space 12288K, 46% used [0x2b2d0000, 0x2b869fa8, 0x2b86a000, 0x2bed0000) Dynamic libraries: 0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\IEXPLORE.EXE 0x77f50000 - 0x77ff9000 C:\WINDOWS\System32\ntdll.dll 0x77e60000 - 0x77f45000 C:\WINDOWS\system32\kernel32.dll 0x77c10000 - 0x77c63000 C:\WINDOWS\system32\msvcrt.dll 0x77d40000 - 0x77dcd000 C:\WINDOWS\system32\USER32.dll 0x77c70000 - 0x77cae000 C:\WINDOWS\system32\GDI32.dll 0x77dd0000 - 0x77e5b000 C:\WINDOWS\system32\ADVAPI32.dll 0x78000000 - 0x7806f000 C:\WINDOWS\system32\RPCRT4.dll 0x772d0000 - 0x77334000 C:\WINDOWS\system32\SHLWAPI.dll 0x71700000 - 0x71848000 C:\WINDOWS\System32\SHDOCVW.dll 0x71950000 - 0x71a34000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 0x773d0000 - 0x77bc4000 C:\WINDOWS\system32\SHELL32.dll 0x77340000 - 0x773cb000 C:\WINDOWS\system32\comctl32.dll 0x771b0000 - 0x772c3000 C:\WINDOWS\system32\ole32.dll 0x5ad70000 - 0x5ada4000 C:\WINDOWS\system32\uxtheme.dll 0x71500000 - 0x715fd000 C:\WINDOWS\System32\BROWSEUI.dll 0x72430000 - 0x72442000 C:\WINDOWS\System32\browselc.dll 0x75f40000 - 0x75f5d000 C:\WINDOWS\system32\appHelp.dll 0x7c620000 - 0x7c6a1000 C:\WINDOWS\System32\CLBCATQ.DLL 0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll 0x77050000 - 0x77115000 C:\WINDOWS\System32\COMRes.dll 0x77c00000 - 0x77c07000 C:\WINDOWS\system32\VERSION.dll 0x63000000 - 0x63095000 C:\WINDOWS\system32\WININET.dll 0x762c0000 - 0x76348000 C:\WINDOWS\system32\CRYPT32.dll 0x762a0000 - 0x762b0000 C:\WINDOWS\system32\MSASN1.dll 0x76f90000 - 0x76fa0000 C:\WINDOWS\System32\Secur32.dll 0x76620000 - 0x7666e000 C:\WINDOWS\System32\cscui.dll 0x76600000 - 0x7661b000 C:\WINDOWS\System32\CSCDLL.dll 0x76670000 - 0x76754000 C:\WINDOWS\System32\SETUPAPI.dll 0x10000000 - 0x1000e000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 0x7c340000 - 0x7c396000 C:\WINDOWS\System32\MSVCR71.dll 0x1a400000 - 0x1a47a000 C:\WINDOWS\system32\urlmon.dll 0x75e90000 - 0x75f31000 C:\WINDOWS\System32\SXS.DLL 0x01d80000 - 0x01e08000 C:\WINDOWS\System32\shdoclc.dll 0x74770000 - 0x747ff000 C:\WINDOWS\System32\mlang.dll 0x71ad0000 - 0x71ad8000 C:\WINDOWS\System32\wsock32.dll 0x71ab0000 - 0x71ac5000 C:\WINDOWS\System32\WS2_32.dll 0x71aa0000 - 0x71aa8000 C:\WINDOWS\System32\WS2HELP.dll 0x71a50000 - 0x71a8b000 C:\WINDOWS\system32\mswsock.dll 0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll 0x76ee0000 - 0x76f17000 C:\WINDOWS\System32\RASAPI32.DLL 0x76e90000 - 0x76ea1000 C:\WINDOWS\System32\rasman.dll 0x71c20000 - 0x71c6d000 C:\WINDOWS\System32\NETAPI32.dll 0x76eb0000 - 0x76eda000 C:\WINDOWS\System32\TAPI32.dll 0x76e80000 - 0x76e8d000 C:\WINDOWS\System32\rtutils.dll 0x76b40000 - 0x76b6c000 C:\WINDOWS\System32\WINMM.dll 0x722b0000 - 0x722b5000 C:\WINDOWS\System32\sensapi.dll 0x75a70000 - 0x75b13000 C:\WINDOWS\system32\USERENV.dll 0x76400000 - 0x765fb000 C:\WINDOWS\System32\msi.dll 0x76f20000 - 0x76f45000 C:\WINDOWS\System32\DNSAPI.dll 0x76fb0000 - 0x76fb7000 C:\WINDOWS\System32\winrnr.dll 0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll 0x76fc0000 - 0x76fc5000 C:\WINDOWS\System32\rasadhlp.dll 0x63580000 - 0x63828000 C:\WINDOWS\System32\mshtml.dll 0x746f0000 - 0x74719000 C:\WINDOWS\System32\msimtf.dll 0x74720000 - 0x7476b000 C:\WINDOWS\System32\MSCTF.dll 0x76390000 - 0x763aa000 C:\WINDOWS\System32\IMM32.DLL 0x6b700000 - 0x6b790000 C:\WINDOWS\System32\jscript.dll 0x746c0000 - 0x746e7000 C:\WINDOWS\System32\MSLS31.DLL 0x66e50000 - 0x66e8b000 C:\WINDOWS\System32\iepeers.dll 0x73000000 - 0x73023000 C:\WINDOWS\System32\WINSPOOL.DRV 0x73300000 - 0x73375000 C:\WINDOWS\System32\vbscript.dll 0x30000000 - 0x30222000 C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx 0x763b0000 - 0x763f5000 C:\WINDOWS\system32\comdlg32.dll 0x72d20000 - 0x72d29000 C:\WINDOWS\System32\wdmaud.drv 0x72d10000 - 0x72d18000 C:\WINDOWS\System32\msacm32.drv 0x77be0000 - 0x77bf4000 C:\WINDOWS\System32\MSACM32.dll 0x77bd0000 - 0x77bd7000 C:\WINDOWS\System32\midimap.dll 0x65000000 - 0x65009000 C:\WINDOWS\System32\ddrawex.dll 0x51000000 - 0x51050000 C:\WINDOWS\System32\DDRAW.dll 0x73bc0000 - 0x73bc6000 C:\WINDOWS\System32\DCIMAN32.dll 0x66880000 - 0x6688a000 C:\WINDOWS\System32\imgutil.dll 0x71b20000 - 0x71b31000 C:\WINDOWS\system32\MPR.dll 0x75f60000 - 0x75f66000 C:\WINDOWS\System32\drprov.dll 0x71c10000 - 0x71c1d000 C:\WINDOWS\System32\ntlanman.dll 0x71cd0000 - 0x71ce6000 C:\WINDOWS\System32\NETUI0.dll 0x71c90000 - 0x71ccc000 C:\WINDOWS\System32\NETUI1.dll 0x71c80000 - 0x71c86000 C:\WINDOWS\System32\NETRAP.dll 0x71bf0000 - 0x71c01000 C:\WINDOWS\System32\SAMLIB.dll 0x75f70000 - 0x75f79000 C:\WINDOWS\System32\davclnt.dll 0x73d70000 - 0x73d82000 C:\WINDOWS\System32\shgina.dll 0x75970000 - 0x75a61000 C:\WINDOWS\System32\MSGINA.dll 0x76360000 - 0x7636f000 C:\WINDOWS\System32\WINSTA.dll 0x1f7b0000 - 0x1f7e1000 C:\WINDOWS\System32\ODBC32.dll 0x1f850000 - 0x1f866000 C:\WINDOWS\System32\odbcint.dll 0x092d0000 - 0x09349000 C:\WINDOWS\System32\Audiodev.dll 0x086c0000 - 0x08904000 C:\WINDOWS\System32\WMVCore.DLL 0x070d0000 - 0x0710b000 C:\WINDOWS\System32\WMASF.DLL 0x74cb0000 - 0x74d1f000 C:\WINDOWS\System32\mshtmled.dll 0x76c30000 - 0x76c5b000 C:\WINDOWS\System32\wintrust.dll 0x76c90000 - 0x76cb2000 C:\WINDOWS\system32\IMAGEHLP.dll 0x767f0000 - 0x76814000 C:\WINDOWS\System32\schannel.dll 0x0ffd0000 - 0x0fff2000 C:\WINDOWS\System32\rsaenh.dll 0x0ffa0000 - 0x0ffc1000 C:\WINDOWS\System32\dssenh.dll 0x73d50000 - 0x73d60000 C:\WINDOWS\System32\cryptnet.dll 0x6d590000 - 0x6d5a2000 C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll 0x5edd0000 - 0x5edea000 C:\WINDOWS\System32\OLEPRO32.DLL 0x6d400000 - 0x6d417000 C:\Program Files\Java\jre1.5.0_06\bin\jpiexp32.dll 0x6d450000 - 0x6d468000 C:\Program Files\Java\jre1.5.0_06\bin\jpishare.dll 0x6d670000 - 0x6d804000 C:\PROGRA~1\Java\JRE15~2.0_0\bin\client\jvm.dll 0x6d280000 - 0x6d288000 C:\PROGRA~1\Java\JRE15~2.0_0\bin\hpi.dll 0x76bf0000 - 0x76bfb000 C:\WINDOWS\System32\PSAPI.DLL 0x6d640000 - 0x6d64c000 C:\PROGRA~1\Java\JRE15~2.0_0\bin\verify.dll 0x6d300000 - 0x6d31d000 C:\PROGRA~1\Java\JRE15~2.0_0\bin\java.dll 0x6d660000 - 0x6d66f000 C:\PROGRA~1\Java\JRE15~2.0_0\bin\zip.dll 0x6d000000 - 0x6d167000 C:\Program Files\Java\jre1.5.0_06\bin\awt.dll 0x5c000000 - 0x5c0c8000 C:\WINDOWS\System32\D3DIM700.DLL 0x6d240000 - 0x6d27d000 C:\Program Files\Java\jre1.5.0_06\bin\fontmanager.dll 0x6d1f0000 - 0x6d203000 C:\Program Files\Java\jre1.5.0_06\bin\deploy.dll 0x6d5d0000 - 0x6d5ef000 C:\Program Files\Java\jre1.5.0_06\bin\RegUtils.dll 0x6d3e0000 - 0x6d3f5000 C:\Program Files\Java\jre1.5.0_06\bin\jpicom32.dll VM Arguments: jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~2.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~2.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_06 -Djavaplugin.nodotversion=150_06 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~2.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE15~2.0_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~2.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~2.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_06 -Djavaplugin.nodotversion=150_06 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~2.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol vfprintf java_command: <unknown> Launcher Type: generic Environment Variables: PATH=C:\PROGRA~1\Java\JRE15~2.0_0\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Internet Explorer;;. USERNAME= OS=Windows_NT PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD --------------- S Y S T E M --------------- OS: Windows XP Build 2600 CPU:total 1 family 6, cmov, cx8, fxsr, mmx, sse Memory: 4k page, physical 392688k(87204k free), swap 943716k(683656k free) vm_info: Java HotSpot Client VM (1.5.0_06-b05) for windows-x86, built on Nov 10 2005 11:12:14 by "java_re" with MS VC++ 6.0 Lenke til kommentar
berxter Skrevet 10. februar 2006 Del Skrevet 10. februar 2006 OK, vi starter med dette: Last ned CrapCleaner , installer og kjør. Sjekk at under options-advanced at det ikke står noen hake i "fjern kun filer eldre enn 48 timer". Last ned AboutBuster , unzip, men ikke kjør ennå. Last ned AdAware SE, start det, oppdater, og steng ned uten å kjøre. Last ned Delfkil og installer det. Reboot i safe mode og kjør alle de 3 siste. Kjør HJT også i safe mode, og hak av R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [5.tmp] C:\DOCUME~1\TRONDI~1\LOCALS~1\Temp\5.tmp.exe O4 - HKLM\..\Run: [syszo.exe] C:\WINDOWS\system32\syszo.exe O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll og be HJT fikse dem. Reboot og kjør Panda Activescan ; de er pålitelige så svar på spørsmålene. Pass på at du velger See Report, og Save Report. Legg ut denne rapporten og en fersk HJT-logg. Bernt K Lenke til kommentar
idjut2 Skrevet 10. februar 2006 Forfatter Del Skrevet 10. februar 2006 (endret) Hei, og takk for hjelpen. Fulgte prosedyren din steg for steg. Panda Activescan logg: Incident Status Location Adware:adware program Not disinfected C:\WINDOWS\SYSTEM32\logs1.ini Adware:adware/searchexe Not disinfected Windows Registry Adware:Adware/PestTrap Not disinfected C:\ntnc.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\delfkil\win32delfkil\Process.exe Virus:W32/Smitfraud.D Disinfected C:\WINDOWS\system32\wininet.dll.mwt Adware:Adware/Spywad Not disinfected C:\winstall.exe.bak Og fersk HiJackThis-logg: Running processes:C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\wuauclt.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {B6223165-EC49-4981-DCEC-A2E3C72ABA2F} - C:\WINDOWS\system32\sdkui.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) Endret 10. februar 2006 av idjut2 Lenke til kommentar
zjulik Skrevet 11. februar 2006 Del Skrevet 11. februar 2006 Dette ser jo veldig bra ut. To ting: O2 - BHO: Class - {B6223165-EC49-4981-DCEC-A2E3C72ABA2F} - C:\WINDOWS\system32\sdkui.dll (file missing) Kryss av og fiks - filen mangler og det er ikke godt å si hva den gjorde - Google sier ingenting. Så bør du reinstallere Avast, se på dette: O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) Da skulle du være i boks. Post gjerne enda en logg etter dette. Lenke til kommentar
berxter Skrevet 11. februar 2006 Del Skrevet 11. februar 2006 Loggen ser fin ut. Zjulik, hva synes du, skal han slette C:\winstall.exe.bak C:\WINDOWS\SYSTEM32\logs1.ini C:\ntnc.exe ? (For alle 3 må enten HJTs funksjon Delete a file on reboot brukes, eller Killbox .) En ting til: SP 2 for xp og IE er av det gode.... Bernt K Lenke til kommentar
zjulik Skrevet 11. februar 2006 Del Skrevet 11. februar 2006 Å ja sorry - så ikke nøye nok på posten over Yep de må vekk. Alt Panda har funnet men ikke fått fjernet. Som berxter sier - bruk HJT eller Killbox hvis de ikke lar seg slette uten videre. Lenke til kommentar
idjut2 Skrevet 11. februar 2006 Forfatter Del Skrevet 11. februar 2006 Ok, har: - fikset denne: O2 - BHO: Class - {B6223165-EC49-4981-DCEC-A2E3C72ABA2F} - C:\WINDOWS\system32\sdkui.dll (file missing) - Slettet disse med Killbox: C:\winstall.exe.bak C:\WINDOWS\SYSTEM32\logs1.ini C:\ntnc.exe - Installert Avast på nytt. - Kjørt Panda Activescan på nytt. Logg: Adware:adware program Not disinfected C:\WINDOWS\SYSTEM32\stub1.ini Adware:adware/searchexe Not disinfected Windows Registry Adware:Adware/PestTrap Not disinfected C:\!KillBox\ntnc.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\delfkil\win32delfkil\Process.exe Ny HJT logg: Running processes:C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {B6223165-EC49-4981-DCEC-A2E3C72ABA2F} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) Lenke til kommentar
berxter Skrevet 11. februar 2006 Del Skrevet 11. februar 2006 Nu ser det meget bedre ut.Dog er det noe CoolWebgreier Panda rapporterer. Her må vi til med CoolWebShredder Få HJT til å fikse O2 - BHO: (no name) - {B6223165-EC49-4981-DCEC-A2E3C72ABA2F} - (no file) og bruk Killbox på C:\WINDOWS\SYSTEM32\stub1.ini. Prøv også Trojanscan . Bernt K Lenke til kommentar
idjut2 Skrevet 12. februar 2006 Forfatter Del Skrevet 12. februar 2006 Nu ser det meget bedre ut.Dog er det noe CoolWebgreier Panda rapporterer. Her må vi til med CoolWebShredder Få HJT til å fikse O2 - BHO: (no name) - {B6223165-EC49-4981-DCEC-A2E3C72ABA2F} - (no file) og bruk Killbox på C:\WINDOWS\SYSTEM32\stub1.ini. Prøv også Trojanscan . Bernt K 5589820[/snapback] Det er gjort, men fant ingenting med CWShredder. Igjen takk for hjelpen. Noen andre preventive tiltak jeg bør gjøre bortsett fra å installere SP2? Lenke til kommentar
berxter Skrevet 12. februar 2006 Del Skrevet 12. februar 2006 Tjnei, annet enn å sky IE som pesten (Opera er min favoritt siden 3.1), bruke både hardware og softwarebrannvegg, sile posten gjennom f eks Mailwasher, kjøre et godt antispywareprogram, f eks MS Antispyware (finner du hos Majorgeeks uten å tenke på noen validering av Windows), Adaware, spybot, spysweeper e l, scanne pcen ukentlig for svineri, ikke trykke ok på pornopopups, ikke drive med P2P, anse MSNplus for djevelens verk, så nei..... Bernt K Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå