Olaff Skrevet 23. juni 2006 Del Skrevet 23. juni 2006 Trenger hjelp ganske kvikt. Fikk en trojan på Pcen i går når jeg surfet. Husker ikke om jeg lastet ned noe, men jeg fikk den ihvertfall. Jeg prøvde i hele går å fjerne det med Search and destroy, Norman antivirus (som alltid er opperativt på min pc) og Ad-aware og mange andre online programmer, men pcen min viser fortsatt masse uhyggelige meldinger som: System Alert: Adware and Spyware Yoru computer is infected (i en rød ramme ved klokken som kommer opp når jeg trykker på et "?" ikon som blinker med et stoppskilt. Normann viser ingen ting, og de fleste virusprogrammene finner ikke noe særlig untatt enkelt ting her og nå. Mange online programmer viser at jeg har megahøy risiko for pcen, men jeg aner ikke hva jeg skal gjøre. Hittil har jeg ikke merket noen feil annet en noe tregere internett (som betyr at jeg antakelig har spyware/adware), uønskede "casino" popups selv om jeg ikke bruker explorer, popups av andre sorter og at pcen går en smule saktere. HJELP! Hva skal jeg gjøre? Lenke til kommentar
Olaff Skrevet 23. juni 2006 Forfatter Del Skrevet 23. juni 2006 vedlegget viser feilen: (er et bilde) infected.bmp Lenke til kommentar
Olaff Skrevet 23. juni 2006 Forfatter Del Skrevet 23. juni 2006 Jeg brukte "hijackthis" nå nettop og dette er loggen fra programmet: Logfile of HijackThis v1.99.1 Scan saved at 16:33:48, on 23.06.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Billionton\Bluetooth-programvare\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norman\bin\ZANDA.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Norman\bin\NJEEVES.EXE C:\PROGRAM FILES\NORMAN\nvc\BIN\NVCSCHED.EXE C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoas.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norman\bin\ZLH.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Billionton\Bluetooth-programvare\BTTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\ishost.exe C:\WINDOWS\System32\ismon.exe C:\WINDOWS\System32\isnotify.exe C:\WINDOWS\System32\issearch.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Magnus Kraft Breivik\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...bwKriWOGXEyCa2k R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.snebrett.tk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt0.dll O2 - BHO: ohb - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nso4.dll O2 - BHO: Log.Full - {B7B0089A-FAF6-43FB-A33D-657E416AE259} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Log\log.dll O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKCU\..\Run: [The Spy Guard] C:\Program Files\SpyGuard\spyguard.exe O4 - HKCU\..\Run: [The Spy Guard Monitor] C:\Program Files\SpyGuard\spyguard_monitor.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/no/games4.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} (iiittt Class) - http://www.hotsearchbar.com/toolbar30/hsrb.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth-programvare\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\PROGRAM FILES\NORMAN\nvc\BIN\NVCSCHED.EXE O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Lenke til kommentar
Thor. Skrevet 23. juni 2006 Del Skrevet 23. juni 2006 Fjern: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...bwKriWOGXEyCa2k O2 - BHO: ohb - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nso4.dll O2 - BHO: Log.Full - {B7B0089A-FAF6-43FB-A33D-657E416AE259} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Log\log.dll O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} (iiittt Class) - http://www.hotsearchbar.com/toolbar30/hsrb.cab PRøv å fjerne disse og start maskinen på nytt Lenke til kommentar
Olaff Skrevet 23. juni 2006 Forfatter Del Skrevet 23. juni 2006 (endret) Det er den nye logen. Jeg kjørte hijack og fjernet de ambefalte filene og restartet. Så tok jeg denne: Logfile of HijackThis v1.99.1 Scan saved at 17:00:37, on 23.06.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\System32\ishost.exe C:\WINDOWS\System32\isnotify.exe C:\WINDOWS\System32\ismon.exe C:\WINDOWS\System32\issearch.exe C:\Program Files\Norman\bin\ZLH.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\The Cleaner\tca.exe C:\Program Files\The Cleaner\tcm.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Billionton\Bluetooth-programvare\bin\btwdins.exe C:\Program Files\Billionton\Bluetooth-programvare\BTTray.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norman\bin\ZANDA.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\iPod\bin\iPodService.exe C:\PROGRAM FILES\NORMAN\nvc\BIN\NVCSCHED.EXE C:\Program Files\Norman\bin\NJEEVES.EXE C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoas.exe C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\Documents and Settings\Magnus Kraft Breivik\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.snebrett.tk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt0.dll O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKCU\..\Run: [The Spy Guard] C:\Program Files\SpyGuard\spyguard.exe O4 - HKCU\..\Run: [The Spy Guard Monitor] C:\Program Files\SpyGuard\spyguard_monitor.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/no/games4.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth-programvare\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\PROGRAM FILES\NORMAN\nvc\BIN\NVCSCHED.EXE O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Endret 23. juni 2006 av Olaff Lenke til kommentar
berxter Skrevet 23. juni 2006 Del Skrevet 23. juni 2006 [tørt] Tja, det var en del her, du[/tørt] Kan ikke garantere resultatet, men dette skulle hjelpe noe: Last ned Ewido og sett den opp slik. Ikke kjør den ennå. Oppdater SpyBot; ikke kjør den heller. Plukk ned ccleaner. Ta ned Winsockfix og LSPFix (google). Det er ikke sikkert du trenger dem, men hvis det vi gjør først krøller til nettilgangen din kan du kjøre dem. Start HJT, do a scan only; sett en hake ved følgende: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.snebrett.tk/ O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt0.dll O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file) O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [The Spy Guard] C:\Program Files\SpyGuard\spyguard.exe O4 - HKCU\..\Run: [The Spy Guard Monitor] C:\Program Files\SpyGuard\spyguard_monitor.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/no/games4.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab Lukk alle nettleservinduer; dette inkludert, og trykk "fix checked" Så avinstallerer du enten AVG eller Norman (de roter det til for hverandre). Kjør ccleaner (husk å fjerne haka i advanced options for "only delete temp files older than 48 hours). Reboot i safe mode (f8 under oppstart), kjører Ewido og SpyBot. Kjør begge 2 ganger! Kjør ccleaner Reboot normalt, kjør en Panda Activescan (google). Legg så ut loggen fra Panda sammen med en blodfersk HJTlogg. Skulle vært i kategori "sikkerhet" Bernt K Lenke til kommentar
alexkl Skrevet 23. juni 2006 Del Skrevet 23. juni 2006 Formater pcen om du har mulighet.. Husk backup av det du vill ha.. Lenke til kommentar
berxter Skrevet 24. juni 2006 Del Skrevet 24. juni 2006 Mnja, formatering er jo alltid en 100%-løsning, men det er jo artig å holde på litt med herk, og lærerikt er det også da. Bernt K Lenke til kommentar
alexkl Skrevet 24. juni 2006 Del Skrevet 24. juni 2006 ja om han vill bli kvitt det med en gang så formaterer du.. Lenke til kommentar
Narkolepsi Skrevet 24. juni 2006 Del Skrevet 24. juni 2006 (endret) Mener jeg kjenner igjen look2me, som installerer og laster ned enda mere spyware med mere. Det finnes et glimrende program som fjerner greia. kan lastes ned her(kan ikke skade å kjøre det uansett): http://www.atribune.org/ccount/click.php?id=7 Følg følgende instruksjoner: [*]Close all windows before continuing. [*]Double-click Look2Me-Destroyer.exe to run it. [*]Put a check next to Run this program as a task. [*]You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK [*]When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. [*]Once it's done scanning, click the Remove L2M button. [*]You will receive a Done Scanning message, click OK. [*]When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. [*]Your computer will then shutdown. [*]Turn your computer back on. Isearch toolbar nevnes hos symantec http://www.symantec.com/avcenter/venc/data...re.isearch.html Jeg ser at du har et program som heter spyguard. Les om svineriet her: http://www.symantec.com/avcenter/venc/data/punisher.html De winsock-entryene dine kan bety at noe prøver å overta internetttilgangen din. Du kan sjekke dette og fikse winsock med LSPfix (som andre har nevnt tidligere). Endret 24. juni 2006 av Narkolepsi Lenke til kommentar
berxter Skrevet 24. juni 2006 Del Skrevet 24. juni 2006 Mener jeg kjenner igjen look2me, som installerer og laster ned enda mere spyware med mere. Det finnes et glimrende program som fjerner greia. kan lastes ned her(kan ikke skade å kjøre det uansett): http://www.atribune.org/ccount/click.php?id=7 Hvor ser du L2M? Ikke fordi jeg tviler, men dersom du har en kjapp metode å identifisere den på vil jeg gjerne høre. Jeg ser Starware, Spyguard, mulig en lop.com, issearch og noe annet rask, men L2M hopper ikke fram og skriker "her er jeg". Som du sier gjør ikke L2MFix/destroyer noen skade, så det er vel verdt å prøve.Uansett tenker jeg Ewido og Spybot, muligens kombinert med WinsockFix/ LSPFix og evt L2MDestroyer rydder opp i det meste slik at vi får bedre oversikt. Bernt K Lenke til kommentar
Grimmy Skrevet 24. juni 2006 Del Skrevet 24. juni 2006 Jeg fikk i dag noe spyware dritt på maskinen min. Vet ikke helt om det er det samme som du har, men du kan jo prøve min løsning. Spyware drittet jeg fikk ble fjernet med ad-aware og Trend Anti-Spyware, men det dukket opp igjen kanskje 10 sekunder etterpå, så jeg ble visst ikke kvitt det likevel. Det som ble løsningen var et program som heter SmitFraudFix. 1.Last ned programmet: http://siri.geekstogo.com/SmitfraudFix.php 2.Pakk det ut 3.Start maskinen i sikkermodus 4.Kjør filen SmitfraudFix.cmd 5. Trykk 2 og enter (clean), så venter du, så Y på alt annet. Lykke til. Lenke til kommentar
Kontorstol Skrevet 24. juni 2006 Del Skrevet 24. juni 2006 last ned awast antivirus/adaware/brannmur på www.awast.com so teke du full scan..du må laste ned home edition da..d e heilt gratis me nesten daglige update for virus database Lenke til kommentar
berxter Skrevet 24. juni 2006 Del Skrevet 24. juni 2006 (endret) Joa, den ene 04'ern: O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt0.dll er SmitFraudrelatert, og SmitFraudFix ville vært en naturlig del av kuren. EDIT: Norman er like god som noen andre AV-programmer; ett av problemene trådstarter har/ hadde var at han kjørte 2 AVprogrammer samtidig, og det blir bare krøll. Det ville ikke ha hjulpet det minste å smelle ett til ned i smørja. Bernt K Endret 24. juni 2006 av berxter Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå