raggur Skrevet 2. juni 2006 Del Skrevet 2. juni 2006 hei! da har jeg fått noe dritt på dataen min og siden jeg ikke er noe dataekspert kunne jeg trenge litt hjelp. jeg tror jeg har fått noe spyware. har brukt Ad-Aware og spybot men ingen av programmene klarer å slette alle filene. jeg setter utrolig stor pris på om noen kunne hjulpet meg dette er logen etter at jeg kjørte hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 00:01:35, on 03.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\dcomcfg.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\atmclk.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE I:\Diverse\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138046121812 O17 - HKLM\System\CCS\Services\Tcpip\..\{1FF14BAC-896C-4CFC-9E19-19BA42172EE3}: NameServer = 130.67.15.198 130.67.60.68 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winhoq32 - C:\WINDOWS\SYSTEM32\winhoq32.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Atmacuv - ATI Technologies Inc. - (no file) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Lenke til kommentar
zjulik Skrevet 2. juni 2006 Del Skrevet 2. juni 2006 Huff, her var det mye stygt. Vurder internettvanene dine...pass på hvilke sider du er på, og ikke klikk på alt som popper opp... Vi begynner med denne: C:\WINDOWS\system32\dcomcfg.exe "dcomfg er en komponent i en SmitFraudvariant, vanligvis Spyfalcon/Axe. Den finnes det god medisin mot her: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php Når du kjører programmet må du være i safe mode, og du kan like gjerne velge alternativ 2 med en gang, da diagnosen er sikker." (sitat berxter ) Så har du en masse browser-kaprere, og de prøver du å fjerne med denne: http://www.majorgeeks.com/AboutBuster_d4289.html Ta deg god tid og kjør CCleaner ofte mellom slagene (link i signatur). Etter arbeidet, post en ny logg. Lenke til kommentar
Tore Skrevet 2. juni 2006 Del Skrevet 2. juni 2006 Sophus kan kanskje hjelpe her.? Om du bruker Explorer så vurder og bytte til noe som ikke suger til seg virus & spyware, som FireFox... Har du virusprogram og brannmur installert...? Lenke til kommentar
raggur Skrevet 2. juni 2006 Forfatter Del Skrevet 2. juni 2006 (endret) Huff, her var det mye stygt. Vurder internettvanene dine...pass på hvilke sider du er på, og ikke klikk på alt som popper opp... Vi begynner med denne: C:\WINDOWS\system32\dcomcfg.exe "dcomfg er en komponent i en SmitFraudvariant, vanligvis Spyfalcon/Axe. Den finnes det god medisin mot her: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php Når du kjører programmet må du være i safe mode, og du kan like gjerne velge alternativ 2 med en gang, da diagnosen er sikker." (sitat berxter ) Så har du en masse browser-kaprere, og de prøver du å fjerne med denne: http://www.majorgeeks.com/AboutBuster_d4289.html Ta deg god tid og kjør CCleaner ofte mellom slagene (link i signatur). Etter arbeidet, post en ny logg. 6232387[/snapback] ok, hva er safe mode? vet jeg ikke har peiling, men vil bare ikke gjøre noe feil. hertlig takk for hjelp forresten en ting til: ccleaner. er det bare å kjøre? eller sletter det noen viktige filer? Endret 2. juni 2006 av raggur Lenke til kommentar
zjulik Skrevet 2. juni 2006 Del Skrevet 2. juni 2006 Safe mode er som å starte maskinen ellers og bruken er den samme, men for å komme inn på den måten må du sørge for å få opp en startmeny akkurat i det du starte maskinen. Skru den helt av, og så på igjen, mens du raskt trykker på F8-knappen noen ganger til du får en meny. Der velger du Sikker modus (eller safe mode hvis det står på engelsk). I safe mode har du har ikke internett, men du kan bla omkring som vanlig. Du kommer tilbake i vanlig modus ved å skru av og på igjen og la maskinen starte av seg selv på vanlig måte uten F8. Ccleaner er det bare å dure i vei med. Lenke til kommentar
raggur Skrevet 2. juni 2006 Forfatter Del Skrevet 2. juni 2006 har kanskje litt trangt for det, men... når jeg pakket ut smitfraud fikk jeg en mappe med masse .exe filer. hvilken av disse er det jeg skal bruke når jeg er i safe mode? Lenke til kommentar
zjulik Skrevet 2. juni 2006 Del Skrevet 2. juni 2006 smitfraudfix.cmd (kanskje den bare heter smitfraud) Det er ellers forklart m illustrasjoner på den siden du fant den. Lenke til kommentar
raggur Skrevet 2. juni 2006 Forfatter Del Skrevet 2. juni 2006 da har jeg gjort det du anbefalte. her er log fra smitfraud: SmitFraudFix v2.53 Scan done at 1:41:18,90, 03.06.2006 Run from I:\Diverse\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}"="alongshore" [HKEY_CLASSES_ROOT\CLSID\{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}\InProcServer32] @="C:\WINDOWS\system32\yhbdupd.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}\InProcServer32] @="C:\WINDOWS\system32\yhbdupd.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\atmclk.exe Deleted C:\WINDOWS\system32\dcomcfg.exe Deleted C:\WINDOWS\system32\hp?.tmp Deleted C:\WINDOWS\system32\ld??.tmp Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\regperf.exe Deleted C:\WINDOWS\system32\simpole.tlb Deleted C:\WINDOWS\system32\stdole3.tlb Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\yhbdupd.dll Deleted C:\WINDOWS\system32\1024\ Deleted C:\DOCUME~1\Martin\FAVORI~1\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\yhbdupd.dll -> Missing File »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End her er log fra aboutbuster: AboutBuster 6.02 Scan started on [03.06.2006] at [01:50:46] ------------------------------------------------------------- Internet Explorer Instances Terminated! HomeSearch Service stopped if present ------------------------------------------------------------- No Ads Found! ------------------------------------------------------------- No Files Found! ------------------------------------------------------------- Scan was COMPLETED SUCCESSFULLY at 01:51:39 så log fra hijackthis, som jeg kjørte etter de to forrigje prog.: Logfile of HijackThis v1.99.1 Scan saved at 01:53:34, on 03.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE I:\Diverse\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138046121812 O17 - HKLM\System\CCS\Services\Tcpip\..\{1FF14BAC-896C-4CFC-9E19-19BA42172EE3}: NameServer = 130.67.15.198 130.67.60.68 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winhoq32 - C:\WINDOWS\SYSTEM32\winhoq32.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Atmacuv - ATI Technologies Inc. - (no file) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe hvordan ser det ut nå? Lenke til kommentar
berxter Skrevet 3. juni 2006 Del Skrevet 3. juni 2006 (endret) Du har fortsatt en god del, men SmitFraudsaken er så godt som borte. Du trenger Ewido og cwshredder, muligens også Killbox. 1. Install Ewido Security Suite. 2. When installing, under 'Additional Options' uncheck: * Install background guard * Install scan via context menu 3. Launch Ewido, there should be an icon on your desktop, double click it. 4. The program will now open to the main screen. 5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment. 6. You will need to update Ewido to the latest definition files. * On the left hand side of the main screen click update. * Then click on Start Update. 7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'. 8. Exit Ewido. DO NOT scan yet. Last ned cwshredder, installer og kjør. Restart i safe mode; kjør HijackThis, scan only, hak av følgende: O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com O20 - Winlogon Notify: winhoq32 - C:\WINDOWS\SYSTEM32\winhoq32.dll og velg "Fix Checked" Slett C:\WINDOWS\SYSTEM32\winhoq32.dll Hvis den ikke vil vekk, bruk Killbox. Kjør en scan med Ewido, husk hvor den lagret rapporten Restart på vanlig vis, ta ut en ny HJTlogg og legg den ut sammen med Ewidologgen.. Bernt K Endret 3. juni 2006 av berxter Lenke til kommentar
raggur Skrevet 6. juni 2006 Forfatter Del Skrevet 6. juni 2006 sorry at det tok litt tid, vært borte noen dager. nå har jeg gjort som du ba meg om. Killbox klarte ikke slette winhoq32.dill, men jeg tror Ewido gjorde det. HJT logg: Logfile of HijackThis v1.99.1 Scan saved at 02:25:18, on 06.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe I:\Diverse\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138046121812 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Atmacuv - ATI Technologies Inc. - (no file) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Ewido logg: -------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 02:16:08, 06.06.2006 + Report-Checksum: 235A8D81 + Scan result: [252] C:\WINDOWS\system32\winhoq32.dll -> Trojan.Agent.qt : Cleaned with backup C:\!KillBox\winhoq32.dll -> Trojan.Agent.qt : Cleaned with backup :mozilla.9:C:\Documents and Settings\Arulf\Application Data\Mozilla\Firefox\Profiles\lqex961f.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup :mozilla.37:C:\Documents and Settings\Arulf\Application Data\Mozilla\Firefox\Profiles\lqex961f.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.38:C:\Documents and Settings\Arulf\Application Data\Mozilla\Firefox\Profiles\lqex961f.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.44:C:\Documents and Settings\Arulf\Application Data\Mozilla\Firefox\Profiles\lqex961f.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup :mozilla.45:C:\Documents and Settings\Arulf\Application Data\Mozilla\Firefox\Profiles\lqex961f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.46:C:\Documents and Settings\Arulf\Application Data\Mozilla\Firefox\Profiles\lqex961f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.13:C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\2lcvdv4l.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.22:C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\2lcvdv4l.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.23:C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\2lcvdv4l.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.53:C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\2lcvdv4l.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup :mozilla.74:C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\2lcvdv4l.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.85:C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\2lcvdv4l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Martin\Cookies\martin@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Martin\Cookies\martin@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.22:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.23:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.24:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.29:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.30:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.31:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.32:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.33:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.34:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.35:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.36:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.37:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.38:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.39:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.40:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.44:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.54:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.55:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.65:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.66:C:\Documents and Settings\Sigrid\Application Data\Mozilla\Firefox\Profiles\yfauho14.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.33:C:\Documents and Settings\Tore\Application Data\Mozilla\Firefox\Profiles\nfjx2ocj.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.54:C:\Documents and Settings\Tore\Application Data\Mozilla\Firefox\Profiles\nfjx2ocj.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.55:C:\Documents and Settings\Tore\Application Data\Mozilla\Firefox\Profiles\nfjx2ocj.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.56:C:\Documents and Settings\Tore\Application Data\Mozilla\Firefox\Profiles\nfjx2ocj.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.76:C:\Documents and Settings\Tore\Application Data\Mozilla\Firefox\Profiles\nfjx2ocj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Tore\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\WINDOWS\system32\winhoq32.dll -> Trojan.Agent.qt : Cleaned with backup ::Report End venter i spenning på svar Lenke til kommentar
berxter Skrevet 6. juni 2006 Del Skrevet 6. juni 2006 Åssen virker det nå? Jeg synes loggen er rein og fin. Jeg ville kjørt ccleaner (google) Få HJT til å fikse denne ruinen: O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing) Som en avslutning ville jeg nå ha kjørt en Panda Activescan (etter å ha brukt ccleaner) og sett etter om den kommer med noen "not disinfected" (det kan hende du må bruke IE med Active-X påslått) Installer så Spybot, Adaware SE eller MS Windows Defender, og fortsett med bruken av Firefox. Dersom Pandaloggen viser fortsatte spor av grums; legg den ut her. Bernt K Lenke til kommentar
raggur Skrevet 6. juni 2006 Forfatter Del Skrevet 6. juni 2006 Incident Status Location Adware:adware/ist.istbar Not disinfected C:\Documents and Settings\Martin\Favorites\~ VIP Free Porn ~.url Adware:adware/yazzlesudoku Not disinfected Windows Registry Adware:adware/ncase Not disinfected Windows Registry Potentially unwanted tool:Application/Processor Not disinfected I:\Diverse\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected I:\Diverse\SmitfraudFix.zip[smitfraudFix/Process.exe] Lenke til kommentar
berxter Skrevet 6. juni 2006 Del Skrevet 6. juni 2006 Denne istbarsaken tar du ved å slette C:\Documents and Settings\Martin\Favorites\~ VIP Free Porn ~.url Det er ingen vits i å søke etter den, du må bla deg fram. Adwaretingene vil jeg tro en oppdatert Spybot S&D tar seg av. Ingen av disse er aktive, det ligger bare rester hist og pist, men det er like greit å fjerne dem. Du kan nå slette både I:\Diverse\SmitfraudFix og I:\Diverse\SmitfraudFix.zip da den har gjort jobben sin. Bernt K Lenke til kommentar
raggur Skrevet 6. juni 2006 Forfatter Del Skrevet 6. juni 2006 ok, da er det gjort. tusen hjertlig takk for all hjelp. veldig behagelig å slippe å omformatere hele pc'en;) så igjen tusen TAKK!! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå