-Olsen- Skrevet 25. juni 2006 Del Skrevet 25. juni 2006 Hei, Istad fikk pcen min et angrep av virus og spyware. Det så ut som om avg sperret det meste inne i virus vault, men fortsatt var det tydelig noe som ikke ville vekk. jeg begynte med å kjøre spybot sd og Avg free edition.... Mens det angivelige viruset er så snill og stopper Spybot sd testen for meg! Det kom også et program som kjører, (er det vanlige windows spørsmålstegnet, som blinker sammen med et forbudt skilt (rød runding med rød strek på skrå)... fant ikke den gjeldene prosessen. Det kommer opp en melding fra dette programmet med små mellomrom i tid, på denne meldingen står det "Your computer is infected! Critical system error! system detected virus activities. they may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available software" Jeg starter på nytt med sikkerhetsmodus, hvor jeg til min skrekkelige oppdagelse finner ut at programmet nevnt over fortsatt kjører, og når jeg skjekker prosesser, er det bare de normale "trygge" prosessene som kjører. Kjører spybot sd og avg igjen. Spybot sd fant en hel haug jeg sletta, mens avg kun fant 1 virus, som ikke hadde noe med dette programmet å gjøre. Noe jeg kan gjøre nå som hjelper meg... skal jeg poste hijack this rapport? Lenke til kommentar
Pozzolan Skrevet 25. juni 2006 Del Skrevet 25. juni 2006 Det skal stå greit forklart med bilder her hva du må begynne å gjøre:http://siri.urz.free.fr/Fix/SmitfraudFix_En.php Prøv å gå skikkelig gjennom den siden. Får du det til, post en ny logg etterpå. 6316304[/snapback] Prøv å søke før du poster. Det finnes sikker 100 poster som omhandler det samme problemet. Etter at du har gjort det jeg har quotet fra zjulik poster du en hijackthis log. Lenke til kommentar
-Olsen- Skrevet 25. juni 2006 Forfatter Del Skrevet 25. juni 2006 Logfile of HijackThis v1.99.1 Scan saved at 23:57:04, on 25.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe D:\Programfiler\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE D:\Programfiler\NetLimiter 2 Pro\NLClient.exe D:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\windows\ffpext\ffpsrv.exe D:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Windows Media Connect 2\WMCCFG.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\QuickTime\qttask.exe D:\programfiler\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe D:\Programfiler\Skype\Phone\Skype.exe D:\Programfiler\Mozilla Firefox\firefox.exe D:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programfiler\Samurize\Client.exe D:\Programfiler\No-IP\DUC20.exe C:\Programfiler\TightVNC\WinVNC.exe C:\Programfiler\SpeedFan\speedfan.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Documents and Settings\Olsen\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\SYSTEM32\ljjhigg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Programfiler\FlashFXP\IEFlash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CTStartup] C:\Programfiler\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Programfiler\Windows Media Connect 2\WMCCFG.exe" /StartQuiet O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [steam] "d:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "D:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Client Default.lnk = C:\Programfiler\Samurize\Client.exe O4 - Startup: No-IP DUC.lnk = D:\Programfiler\No-IP\DUC20.exe O4 - Startup: Snarvei til WinVNC.lnk = C:\Programfiler\TightVNC\WinVNC.exe O4 - Startup: SpeedFan.lnk = C:\Programfiler\SpeedFan\speedfan.exe O4 - Global Startup: Acrobat Assistant.lnk = D:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: ljjhigg - C:\WINDOWS\SYSTEM32\ljjhigg.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Programfiler\NetLimiter 2 Pro\nlsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Lenke til kommentar
zjulik Skrevet 25. juni 2006 Del Skrevet 25. juni 2006 Ja hvordan virker maskinen? Synes det ser OK ut....ta gjerne og kryss av / fiks denne i HJT: O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\SYSTEM32\ljjhigg.dll Lenke til kommentar
berxter Skrevet 25. juni 2006 Del Skrevet 25. juni 2006 Søtten, hvor var det jeg leste??... Lurer på om den Zjulik nevnte kan være en ny Vundovariant? Den går igjen i O20 - Winlogon Notify: ljjhigg - C:\WINDOWS\SYSTEM32\ljjhigg.dll også. Hmm.. Lavasoft har gitt ut en Beta av en Virtumondoremover; du må registrere deg som betatester her: http://www.lavasoftresearch.com/betaprogram/register.php Jeg ville gjort det, og også kjørt Ewido i safe mode. Bernt K Lenke til kommentar
zjulik Skrevet 25. juni 2006 Del Skrevet 25. juni 2006 http://www.trendmicro.com.au/smb/vinfo/enc...TROJ_CONHOOK.AE Lenke til kommentar
-Olsen- Skrevet 25. juni 2006 Forfatter Del Skrevet 25. juni 2006 (endret) Søtten, hvor var det jeg leste??... Lurer på om den Zjulik nevnte kan være en ny Vundovariant? Den går igjen i O20 - Winlogon Notify: ljjhigg - C:\WINDOWS\SYSTEM32\ljjhigg.dll også. Hmm.. Lavasoft har gitt ut en Beta av en Virtumondoremover; du må registrere deg som betatester her: http://www.lavasoftresearch.com/betaprogram/register.php Jeg ville gjort det, og også kjørt Ewido i safe mode. Bernt K 6383509[/snapback] Den gikk ikke ann å slette via hijack this, og navnet virker veldig kjent fra utallige adaware og spybot sd tester tiligere idag, ville bare ikke slettes... registrert meg som betatester, venter bare på mail fra dem nå! Endret 25. juni 2006 av bn_olsen Lenke til kommentar
berxter Skrevet 26. juni 2006 Del Skrevet 26. juni 2006 Jeg så den, Zjulik, og det er også en annen liten ting (winjyg), som gjør at jeg sterkt anbefaler Ewido i dette tilfellet. Trend sine malwarenavn er nokså unike og jeg synes det er vanskelig å lese hvilke mekaninsmer de bruker fra Trends sider. Årsaken til at jeg antok denne kan være Vundorelatert er måten den vises i HJT, med en 02 og en 020 med samme navn, og det var ihvertfall typisk for den slags bæsj. Bernt K Lenke til kommentar
-Olsen- Skrevet 26. juni 2006 Forfatter Del Skrevet 26. juni 2006 Hei igjen, gikk lei på å vente på mail fra lavasoft, eller hva det nå var igjen, så tok meg en tur på google med nyere opplysninger, jeg fant fra til noe som het "VundoFix.exe". Denne tok knekken på jævelskapen tror jeg. når jeg nå kjører Spybot sd er jævelskapen hvertfall borte, linja er borte fra hijack this loggen også. Men poster en ny log bare for å forsikre meg om at det er borte. Logfile of HijackThis v1.99.1 Scan saved at 11:45:45, on 26.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe D:\Programfiler\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\Programfiler\NetLimiter 2 Pro\NLClient.exe C:\WINDOWS\system32\MsPMSPSv.exe D:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\windows\ffpext\ffpsrv.exe D:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Windows Media Connect 2\WMCCFG.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Windows Defender\MSASCui.exe D:\programfiler\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe D:\Programfiler\Skype\Phone\Skype.exe D:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programfiler\Samurize\Client.exe D:\Programfiler\No-IP\DUC20.exe C:\Programfiler\TightVNC\WinVNC.exe C:\Programfiler\SpeedFan\speedfan.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe D:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Winamp\winamp.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Documents and Settings\Olsen\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Programfiler\FlashFXP\IEFlash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CTStartup] C:\Programfiler\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Programfiler\Windows Media Connect 2\WMCCFG.exe" /StartQuiet O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [steam] "d:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "D:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Client Default.lnk = C:\Programfiler\Samurize\Client.exe O4 - Startup: No-IP DUC.lnk = D:\Programfiler\No-IP\DUC20.exe O4 - Startup: Snarvei til WinVNC.lnk = C:\Programfiler\TightVNC\WinVNC.exe O4 - Startup: SpeedFan.lnk = C:\Programfiler\SpeedFan\speedfan.exe O4 - Global Startup: Acrobat Assistant.lnk = D:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Programfiler\NetLimiter 2 Pro\nlsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Lenke til kommentar
berxter Skrevet 26. juni 2006 Del Skrevet 26. juni 2006 (endret) Flott, vurderte å anbefale VundoFix, men tenkte vi skulle gjøre deg til "prøvekanin" for Lavasoft sin sak. Det står igjen en liten greie: O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll Den er definert som " Trojan.Agent.qt" Du kan prøve å slette den i safe mode etter å ha bedt HJT om å fixe, men jeg vil anbefale deg en full runde med Ewido i safe mode. Du finner den og instruks om oppsett her: http://rstones12.geekstogo.com/ewidosetup.htm Den pleier å ta'n. En omgang eller to med ccleaner ((google) husk å se etter at det ikke er noen hake ved "only delete temp files older than 48 hours" i advanced options) underveis er bare bra. Bernt K Endret 26. juni 2006 av berxter Lenke til kommentar
-Olsen- Skrevet 26. juni 2006 Forfatter Del Skrevet 26. juni 2006 Nå har jeg kjørt alle tenkelelige og utenkelige spyware og virus programmer i både vanlig windows, og i sikkermodus. Håper på at pcen er "rein" nå. Ewido brukte 4 timer i sikkermodus, ble 4 lange timer, men det gikk. Poster en Hijack this log for siste gang (bare mer jobb for dere), men bare for å forsikre meg. Men jeg vil takke dere for å ha hjulpet meg, trur ikke jeg hadde blitt kvitt alt på egen hånd, Var veldig hjelpsomt. Så en Stor takk til dere! Logfile of HijackThis v1.99.1 Scan saved at 20:07:28, on 26.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe D:\Programfiler\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\Programfiler\NetLimiter 2 Pro\NLClient.exe C:\WINDOWS\system32\MsPMSPSv.exe D:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\windows\ffpext\ffpsrv.exe D:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Windows Media Connect 2\WMCCFG.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Windows Defender\MSASCui.exe D:\programfiler\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe D:\Programfiler\Skype\Phone\Skype.exe D:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programfiler\Samurize\Client.exe D:\Programfiler\No-IP\DUC20.exe C:\Programfiler\TightVNC\WinVNC.exe C:\Programfiler\SpeedFan\speedfan.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe D:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Grisoft\AVG Free\avgwb.dat C:\Documents and Settings\Olsen\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Programfiler\FlashFXP\IEFlash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CTStartup] C:\Programfiler\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Programfiler\Windows Media Connect 2\WMCCFG.exe" /StartQuiet O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [steam] "d:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "D:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Client Default.lnk = C:\Programfiler\Samurize\Client.exe O4 - Startup: No-IP DUC.lnk = D:\Programfiler\No-IP\DUC20.exe O4 - Startup: Snarvei til WinVNC.lnk = C:\Programfiler\TightVNC\WinVNC.exe O4 - Startup: SpeedFan.lnk = C:\Programfiler\SpeedFan\speedfan.exe O4 - Global Startup: Acrobat Assistant.lnk = D:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Programfiler\NetLimiter 2 Pro\nlsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Lenke til kommentar
berxter Skrevet 27. juni 2006 Del Skrevet 27. juni 2006 Rein den, du kan få HJT til å fixe O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing), da dette er ruinene; den skader ikke, men forarger min estetiske sans... Bernt K Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå