Gjest Slettet+1242 Skrevet 17. august 2006 Del Skrevet 17. august 2006 Hei. Jeg har ingen anelse hvordan det skjedde, men i dag begynte det å komme popups på pcn min. javell tenkte jeg og brukte spybot, Ad-Aware, CWshredder og kasperz. Jeg ble kvitt 2 av de 3 hovedplageåndene. nemlig look2me og en annen som het ettelleranet med error (et blått browservindu som forteller deg at du har infection på pcn.) Men jeg måtte fjerne de i safe-mode. den eneste jeg ikke klarer å fjerne er Project 1, som ligger på ctrl +alt +del listen over programmer som kjører. jeg har skjønt at jeg trenger hijackthis for å bli kvitt den, men kunne noen være så snill og fortelle meg skritt for skritt hvordan jeg fjerner den? Tusen takk Lenke til kommentar
berxter Skrevet 17. august 2006 Del Skrevet 17. august 2006 HijackThis er hovedsakelig et analyseverktøy. Legg ut loggen derfra så får vi se. Bernt K Lenke til kommentar
Gjest Slettet+1242 Skrevet 17. august 2006 Del Skrevet 17. august 2006 Logfile of HijackThis v1.99.1 Scan saved at 22:41:43, on 17.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\kybrdff_11.exe C:\dfndrff_11.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\{E0B6A30F-0456-1044-0902-05031017002f}\Update.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Torstein 1\Desktop\hijackthis\HijackThis.exe R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_11.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_11.exe O4 - HKLM\..\Run: [efl22623] RUNDLL32.EXE w1e66a66.dll,n 003226200000000a1e66a66 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "D:\Steam\Steam.exe" -silent O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Google-søk - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Koblinger bakover - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Lignende sider - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: repairs303169590.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: WUSB54GSv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe (file missing) Lenke til kommentar
berxter Skrevet 17. august 2006 Del Skrevet 17. august 2006 (endret) OK, jeg ser problemet, men ikke akkurat hvor hovedsynderen ligger, der er en variant av Alcan-ormen på ferde. Du må være så snill og kjøre 3 verktøy: Begynn med ccleaner (google, husk å fjerne haka i options->advanced "only remove temp files older than 48 hours") Så Ewido, sett den opp og kjør i safe mode som angitt. Sett en Panda Activescan (google) til koking i natt, husk see report og save report. EDIT: Jeg ser de skryter av at Spysweeper skal ta den, så kjør trialversjonen av den også. Legg så ut Ewidologgen, Pandaloggen og en blodfersk HJTlogg i morra, så tenker jeg vi finner ut hvor'n har gjemt seg. Unnskyld capslock: SKAFF DEG ET ANTIVIRUSPROGRAM! AVG og Avast! er gratis og bra. Installer og kjør i safe mode. Bernt K Endret 17. august 2006 av berxter Lenke til kommentar
Gjest Slettet+1242 Skrevet 17. august 2006 Del Skrevet 17. august 2006 Jepp. det skal jeg gjøre. Du kan sannelig ditt Lenke til kommentar
pumba50 Skrevet 18. august 2006 Del Skrevet 18. august 2006 (endret) Oppdater din java runtime environment når du er ferdig med alt, den er utdatert, hehe. Gå på kontrollpanel og på venstre siden velger du "Andre kontrollpanelalternativer" og så velger du java og klikker på Update fanen og så "Update now". Eventuelt trykk "Windowstast + R" og så skriver du inn i boksen der: C:\Program Files\Java\jre1.5.0_03\bin\javacpl.exe og trykker enter Endret 18. august 2006 av Databamse Lenke til kommentar
Gjest Slettet+1242 Skrevet 19. august 2006 Del Skrevet 19. august 2006 Logfile of HijackThis v1.99.1 Scan saved at 09:47:59, on 19.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\kybrdff_11.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\{E0B6A30F-0456-1044-0902-05031017002f}\Update.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\kybrdff_11a.exe c:\dfndrff_11a.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Torstein 1\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_11a.exe O4 - HKLM\..\Run: [defender] c:\\dfndrff_11a.exe O4 - HKLM\..\Run: [efl22623] RUNDLL32.EXE w1e66a66.dll,n 003226200000000a1e66a66 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "D:\Steam\Steam.exe" -silent O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Google-søk - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Koblinger bakover - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Lignende sider - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: repairs303169590.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: WUSB54GSv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe (file missing) Incident Status Location Adware:Adware/SecurityError Not disinfected C:\Program Files\Common Files\{E0B6A30F-0456-1044-0902-05031017002f}\services.dll Adware:adware/sqwire Not disinfected c:\windows\system32\tsuninst.exe Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat Adware:adware/ucmore Not disinfected Windows Registry Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Torstein 1\Cookies\torstein 1@errorsafe[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Torstein 1\Cookies\torstein [email protected][1].txt Possible Virus. Not disinfected C:\Documents and Settings\Torstein 1\Desktop\kill2me\Kill2Me.exe Possible Virus. Not disinfected C:\Documents and Settings\Torstein 1\Desktop\kill2me.zip[Kill2Me.exe] Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\dr.exe Virus:Trj/Downloader.JXQ Disinfected C:\WINDOWS\system32\efl22623.dll Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\install.exe[²ÜÇ\nsProcess.dll] Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\install.exe[¦++\²íÇ\services.dll] Adware:Adware/Mytoolbar Not disinfected C:\WINDOWS\system32\install.exe[MyToolBar.dll] Adware:Adware/Mytoolbar Not disinfected C:\WINDOWS\system32\install.exe[Activate.exe] Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\mv4ql9h51.dll Adware:Adware/CommAd Not disinfected C:\WINDOWS\VG9yc3RlaW4gT25h\p36Vwal5uqb0nZc1.vbs var det de riktige opplysningene? Lenke til kommentar
Gjest Slettet+1242 Skrevet 19. august 2006 Del Skrevet 19. august 2006 + Created at: 01:39:20 18.08.2006 + Scan result: C:\WINDOWS\system32\mv4ql9h51.dll -> Adware.Look2Me : No action taken. C:\WINDOWS\system32\dr.exe -> Downloader.Adload.ee : No action taken. C:\Program Files\Common Files\kumi\kumil.exe -> Downloader.TSUpdate.r : No action taken. ::Report end Lenke til kommentar
Pozzolan Skrevet 20. august 2006 Del Skrevet 20. august 2006 Bruk Kilbox (google it) og slett filene: C:\WINDOWS\system32\mv4ql9h51.dll C:\WINDOWS\system32\dr.exe C:\Program Files\Common Files\kumi\kumil.exe C:\kybrdff_11.exe c:\kybrdff_11a.exe c:\dfndrff_11a.exe og slett følgende med hjt: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_11a.exe O4 - HKLM\..\Run: [defender] c:\\dfndrff_11a.exe O4 - HKLM\..\Run: [efl22623] RUNDLL32.EXE w1e66a66.dll,n 003226200000000a1e66a66 O20 - AppInit_DLLs: repairs303169590.dll Post så en ny hijackthis logg. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå