sindrejibb Skrevet 21. mai 2006 Del Skrevet 21. mai 2006 Får noen ganger popups med pornografisk innhold. Nede i "system tray" er det hele tiden et utropstegn som blinker og det popper opp slik tekst: Har en HijackThis-log hvis noen kan sjekke den: Skjult tekst: (Marker innholdet i feltet for å se teksten): Logfile of HijackThis v1.99.1Scan saved at 19:06:07, on 21.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe E:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe E:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe E:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Norton Internet Security 2006\Norton AntiVirus\navapsvc.exe C:\Programfiler\NetLimiter 2 Monitor\nlsvc.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\atmclk.exe C:\Programfiler\NetLimiter 2 Monitor\NLClient.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\iTunes\iTunesHelper.exe E:\WINDOWS\system32\qttask.exe E:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe E:\Programfiler\Messenger\msmsgs.exe E:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe E:\WINDOWS\system32\devldr32.exe E:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe C:\Programfiler\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe D:\Software\HijackThis.exe C:\Programfiler\Mozilla\Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.friflyt.no R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.friflyt.no R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {31CF3F8A-D34E-87EF-6653-F96A61AB8BEF} - E:\WINDOWS\system32\bkn.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - E:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security 2006\Norton AntiVirus\NavShExt.dll O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - E:\WINDOWS\system32\hp4DDE.tmp O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - E:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security 2006\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "E:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [MSMSGS] "E:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 7.0.7\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security 2006\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security 2006\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - E:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security 2006\Norton AntiVirus\navapsvc.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Monitor\nlsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security 2006\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Har kjørt gjennom Ad-Aware, Spybot, CCleaner, Microsoft AntiSpyware +++ Forstår ikke hvordan jeg skal få løst dette! Lenke til kommentar
zjulik Skrevet 21. mai 2006 Del Skrevet 21. mai 2006 E:\WINDOWS\system32\atmclk.exe Uff da... DEFINITION OF: ATMCLK.EXE * Safety Rating: Known Spyware, do not run * Spyware Family: Part of Spyware group - Spyware SpyFalcon * Malware Form: EXPLOIT * Additional Info: Bogus antispyware application Ingen vits i å begynne å ta bort ting manuelt med HijackThis. Det du skal gjøre er å kjøre gjennom denne siden: http://www.bleepingcomputer.com/forums/topic43659.html Virker den vrien, prøv denne: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php Får du gått gjennom dette, så poster du en ny logg etterpå. Lenke til kommentar
sindrejibb Skrevet 21. mai 2006 Forfatter Del Skrevet 21. mai 2006 Skjønner ikke helt den der jeg. Må jeg laste ned det SpyFalocnprogrammet først? Hvor finner jeg det? Har ikke lastet det ned. Også når jeg tar den automatiske metoden, vil den ikke laste ned de filene den skal fra nettet eller noe sånt. Når jeg tar den manuelle kommer jeg til der jeg skal fjerne programmet SpyFalcon. Men jeg har ikke noe program som heter det! Lenke til kommentar
zjulik Skrevet 21. mai 2006 Del Skrevet 21. mai 2006 Du må følge instruksjonene på denne siden: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php Du skal altså laste ned zipen, pakke opp, deretter starte maskinen i sikker modus (trykk F8 rett ved oppstart så du får opp boot-menyen). Så dobbeltklikker du på smitfraudfix.cmd, velger 2 og tar det derfra. Du har kanskje ikke fått hele SpyFalcon, men du er langt på vei, og det er et skadedyr av verste sort. Ikke rør ikonet i systemtray! Lenke til kommentar
sindrejibb Skrevet 21. mai 2006 Forfatter Del Skrevet 21. mai 2006 Skjult tekst: (Marker innholdet i feltet for å se teksten): Logfile of HijackThis v1.99.1Scan saved at 20:55:15, on 21.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe E:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe E:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe E:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\spoolsv.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\iTunes\iTunesHelper.exe E:\WINDOWS\system32\qttask.exe E:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe E:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe C:\Programfiler\Norton Internet Security 2006\Norton AntiVirus\navapsvc.exe C:\Programfiler\NetLimiter 2 Monitor\nlsvc.exe E:\WINDOWS\System32\svchost.exe C:\Programfiler\NetLimiter 2 Monitor\NLClient.exe E:\Programfiler\iPod\bin\iPodService.exe E:\WINDOWS\system32\devldr32.exe E:\WINDOWS\system32\wuauclt.exe E:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE D:\Software\HijackThis.exe C:\Programfiler\Mozilla\Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {31CF3F8A-D34E-87EF-6653-F96A61AB8BEF} - E:\WINDOWS\system32\bkn.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - E:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security 2006\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - E:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security 2006\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "E:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [MSMSGS] "E:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 7.0.7\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security 2006\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security 2006\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - E:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security 2006\Norton AntiVirus\navapsvc.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Monitor\nlsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security 2006\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Hva nå? Brukte det andre programmet. Det SmitfraudFix. Og det fant den filen du snakket om ja, pluss noen til. Nå er alt slettet og rengjort. Skal bare kjøre litt CCleaner osv. nå, så går det sikkert bra. Lenke til kommentar
zjulik Skrevet 21. mai 2006 Del Skrevet 21. mai 2006 Grattis - det ser meget bra ut Du rydder opp litt til slutt ved å krysse av for å fjerne disse i HijackThis: R3 - URLSearchHook: (no name) - {31CF3F8A-D34E-87EF-6653-F96A61AB8BEF} - E:\WINDOWS\system32\bkn.dll (file missing) - Søppel fra før rensingen. Filen er borte, så da tar du denne linjen og. O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 - Vet ikke hva dette er - er det ukjent, kryss av for fiks. Alt er som normalt nå ellers? Lenke til kommentar
sindrejibb Skrevet 21. mai 2006 Forfatter Del Skrevet 21. mai 2006 Da har jeg slettet de to. Tusen takk for all hjelp, zjulik. Å, nå ble jeg glad. TUSEN TAKK! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå