-Olsen- Skrevet 22. august 2006 Del Skrevet 22. august 2006 (endret) Hei, min morfar har for litt siden fått et popup virus over email, som sa til han at han trengte et program som het Winantivirus Pro 2006, for å slette forskjellige viruser, han lastet ned dette i god tro, (og betalte). Jeg har nå prøvd å slette disse en stund nå, men er usikker på resultatet. Jeg har kjørt Superanti spyware, og ewido, spybot sd, og voundo fix i sikkermodus. kjører nå avg! Men sender inn en hijack this logg, som hvis noen hadde giddi å sett på den, hadde det vært fint. Ewido logg nederst! Logfile of HijackThis v1.99.1 Scan saved at 21:08:42, on 22.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe C:\Programfiler\ewido anti-spyware 4.0\guard.exe C:\Programfiler\Ahead\InCD\InCDsrv.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\QuickTime\qttask.exe C:\Documents and Settings\Eier\Skrivebord\virusjakt\HijackThis.exe C:\Programfiler\Ahead\InCD\InCD.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Real\RealPlayer\RealPlay.exe C:\Programfiler\Common Files\Companion Wizard\compwiz.exe C:\Programfiler\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\3Com\3Com OfficeConnect Wireless 11g USB Adapter Utility\drivers\WINXP\3COMU11GMonitor.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [telenor] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [inCD] C:\Programfiler\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RealTray] C:\Programfiler\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [CompanionWizard] "C:\Programfiler\Common Files\Companion Wizard\compwiz.exe" /silent O4 - HKLM\..\Run: [!ewido] "C:\Programfiler\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: 3Com OfficeConnect Wireless 11g USB Adapter Utility.lnk = C:\Programfiler\3Com\3Com OfficeConnect Wireless 11g USB Adapter Utility\drivers\WINXP\3COMU11GMonitor.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programfiler\Ahead\InCD\InCDsrv.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Ewido Logg --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 20:34:52 22.08.2006 + Scan result: C:\WinAntiVirus Pro 2006\Quarantine\Starware.dllhlugkwuy -> Adware.Comet : No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D49E9D35-254C-4c6a-9D17-95018D228FF5} -> Adware.Starware : No action taken. HKU\S-1-5-21-2256323951-3900374761-4271078853-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : No action taken. HKU\S-1-5-21-2256323951-3900374761-4271078853-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : No action taken. HKU\S-1-5-21-2256323951-3900374761-4271078853-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@2o7[2].txtuisisbju -> TrackingCookie.2o7 : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\[email protected][1].txtvyvchkjr -> TrackingCookie.Adserver : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@adtech[2].txtkczterxh -> TrackingCookie.Adtech : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@adtech[2].txtsrfygebq -> TrackingCookie.Adtech : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@advertising[2].txtlctyobcp -> TrackingCookie.Advertising : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@bfast[2].txtsgdexmef -> TrackingCookie.Bfast : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@casalemedia[1].txtisayhihw -> TrackingCookie.Casalemedia : No action taken. C:\Documents and Settings\Eier\Cookies\eier@com[1].txt -> TrackingCookie.Com : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@com[2].txtftvtdqdr -> TrackingCookie.Com : No action taken. C:\Documents and Settings\Eier\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@doubleclick[1].txtdcewnhfk -> TrackingCookie.Doubleclick : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@doubleclick[1].txthljnopza -> TrackingCookie.Doubleclick : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\[email protected][2].txtfiibomhx -> TrackingCookie.Falkag : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@fastclick[1].txtacnrofpc -> TrackingCookie.Fastclick : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@hitbox[2].txtknbjocpb -> TrackingCookie.Hitbox : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@questionmarket[1].txtshdjxbgs -> TrackingCookie.Questionmarket : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@serving-sys[2].txtfuvhdene -> TrackingCookie.Serving-sys : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@sextracker[2].txtgijuaagc -> TrackingCookie.Sextracker : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@statcounter[1].txtdnpczmjs -> TrackingCookie.Statcounter : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@trafficmp[1].txtawzebllk -> TrackingCookie.Trafficmp : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@tribalfusion[2].txtvnrunspv -> TrackingCookie.Tribalfusion : No action taken. C:\WinAntiVirus Pro 2006\Quarantine\eier@zedo[2].txtthmxjilj -> TrackingCookie.Zedo : No action taken. C:\Documents and Settings\Eier\Lokale innstillinger\Temp\NI.UWA6PH_0001_N91M2107\setup.exe -> Trojan.Fakealert : No action taken. ::Report end Endret 22. august 2006 av bn_olsen Lenke til kommentar
Frigg33 Skrevet 22. august 2006 Del Skrevet 22. august 2006 jeg har samme problemet, men jeg har ikke betalt eller lastet ned noe da. Det sitter som spikret fast! Lenke til kommentar
berxter Skrevet 23. august 2006 Del Skrevet 23. august 2006 Du kan ikke ha mer enn ett AVprogram gående samtidig, de forstyrrer hverandre, så enten Norton eller AVG må vekk fra oppstarten. Ser også noe Normangreier. Ewido og andre antispywareting er greit sammen med andre. Denne kan iht det jeg leser være ekkel. Du har avinstallert greiene i kontrollpanelet, ja? Først må du tømme karantenefolderen til Win Antivirus: C:\WinAntiVirus Pro 2006\Quarantine\. Den må slettes, om nødvendig med Killbox (delete on reboot). Så bruker du HJT til å fixe (do a scan only, lukk alle nettlesere, "fix checked") O4 - HKLM\..\Run: [CompanionWizard] "C:\Programfiler\Common Files\Companion Wizard\compwiz.exe" /silent, for så å fjerne hele Companion Wizardfolderen, gjerne med killbox. HJT fixer også O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file) Du må kjøre ccleaner et par ganger, Spysweeper Trial, og Ewido i safe mode igjen. Så flesker du til med en Panda Activescan og legger ut Pandaloggen sammen med en blodfersk HJTlogg. Håper dette hjelper. Bernt K Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå