Gå til innhold

Anbefalte innlegg

Hei :)

 

Har fått problemer med litt virus og sånn dritt.

Har problemer med at jeg ikke får spilt BF2 pga. at et virus hindrer PunkBuster tilgang til det den trenger og det ender opp med at jeg blir kicket.

Vet jeg har SSK.exe greiene (SurfSideKick 3), men får ikke sletta det. Har prøvd i sikkerhetsmodus også.

Noen som kunne ha skjekka denne HijackThis loggen for feil? :)

 

Skjult tekst: (Marker innholdet i feltet for å se teksten):

Logfile of HijackThis v1.99.1

Scan saved at 17:13:48, on 30.08.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\Programfiler\Executive Software\Diskeeper\DkService.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\CyberLink\Shared files\RichVideo.exe

D:\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\ZoneLabs\isafe.exe

C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

C:\Programfiler\Fellesfiler\{2C50F643-09F0-1044-1223-05071904002f}\Update.exe

D:\ATI Tray Tools\atitray.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

D:\SpeedFan\speedfan.exe

D:\StatBar\StatBar.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Ole Einar\Skrivebord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programfiler\SurfSideKick 3\SskBho.dll

O1 - Hosts: AmsServer

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\STARDO~1\SDIEInt.dll

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [surfSideKick 3] C:\Programfiler\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [AtiTrayTools] "D:\ATI Tray Tools\atitray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [surfSideKick 3] C:\Programfiler\SurfSideKick 3\Ssk.exe

O4 - Startup: SpeedFan.lnk = D:\SpeedFan\speedfan.exe

O4 - Startup: StatBar.lnk = D:\StatBar\StatBar.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: Download with Star Downloader - D:\Star Downloader\sdie.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: repairs303169590.dll

O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\mvdscli.dll (file missing)

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programfiler\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe

O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared files\RichVideo.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - D:\Sandra Professional 2005\RpcDataSrv.exe (file missing)

O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - D:\Sandra Professional 2005\RpcSandraSrv.exe (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

 

Lenke til kommentar
Videoannonse
Annonse

Har du sett litt her? Du kan da få fjernet dritten fra oppstarten, prøv så å slette alle filene nemt.

 

Ta en kontroll med en online virusscanner for å sjekke om du fikk bort alt event. om det er flere trusler.

 

Etter dette kan du om du ikke allerede har installert antivirus kan det være greit å legge inn dette og forhåpentligvis unngå nye problemer. Noen gratis alternativer finner du her

 

Edit:

Du kan også ta en titt her eller her for flere alternativer til å bli kvitt SurfSideKick.

Lenke til kommentar

Har prøvd 2 regedit metoder for og fjærne SSK (den ene du linka til og en annen) men ingen funka :cry:

Tar nå en Panda ActiveScan:

pandaiy6.png

Ikke helt fritt enda :D

 

 

Er nå ferdig og fikk en logg:

pandaxc4.jpg

Disse fikk jeg ikke slettet:

 

C:\Programfiler\Fellesfiler\{2C50F643-09F0-1044-1223-05071904002f}\services.dll

C:\Programfiler\SurfSideKick 3\Ssk.exe

C:\Programfiler\SurfSideKick 3\SskBho.dll

C:\Programfiler\SurfSideKick 3\SskCore.dll

C:\WINDOWS\system32\repairs303169590.dll

 

Kan jeg starte opp en Ubuntu live! CD og finne de å slette de da? :hmm:

Endret av LockNess
Lenke til kommentar

Slett følgende med hijackthis:

 

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programfiler\SurfSideKick 3\SskBho.dll

O1 - Hosts: AmsServer (Ikke hvis du vet at den er sikker)

O4 - HKLM\..\Run: [surfSideKick 3] C:\Programfiler\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [surfSideKick 3] C:\Programfiler\SurfSideKick 3\Ssk.exe

O4 - Startup: StatBar.lnk = D:\StatBar\StatBar.exe

O20 - AppInit_DLLs: repairs303169590.dll

O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\mvdscli.dll (file missing)

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

 

Dette gjør du i sikkermodus.

 

Så sletter du filene med Killbox

Endret av stealthy
Lenke til kommentar

Da kom jeg tilbake etter helgen :)

Skal prøve disse forslagene ;)

Kommer med resultat senere..

 

 

Edit:

Hmm... De er f**n meg ikke lett å bli kvitt dette forba**a Ssk.exe driten :hrm:

Prøvde i sikkerhetsmodus og alt mulig men, neida.

Er det håp?

Endret av LockNess
Lenke til kommentar

Nå begynner jeg og lure :hmm:

Har prøvd 2 regedit metoder både i og uten sikkerhetmodus, utallige spyware og virus programmer og flere guider på internett, men ingen av de funka.

Så prøvde jeg en hurtig scan i ZoneAlarm og den fandt Ssk.exe+ resten av det og sletta det på 5 sekunder :dribble:

ZoneAlarm :love:

Lenke til kommentar

Tok enda en Panda active scan så nå har jeg problem med disse:

Noen som har noen forslag?

ZoneAlarm eller annet spywareprogram finner de ikke :no:

 

Adware:Adware/CommAd:

C:\WINDOWS\T2xlIEVpbmFy\asappsrv.dll

 

Adware:Adware/CommAd:

C:\WINDOWS\T2xlIEVpbmFy\command.exe

 

Adware:Adware/CommAd:

C:\WINDOWS\T2xlIEVpbmFy\nZU5KHpDvAIV.vbs

 

Edit: Beklager trippel post :dontgetit:

Endret av LockNess
Lenke til kommentar

Ewido fandt 1 feil, men den ordnet det.

Så er PC'en min friskmelt nå?

 

Skjult tekst: (Marker innholdet i feltet for å se teksten):

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\Programfiler\Executive Software\Diskeeper\DkService.exe

D:\ewido anti-spyware 4.0\guard.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\CyberLink\Shared files\RichVideo.exe

D:\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\ZoneLabs\isafe.exe

C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

D:\ewido anti-spyware 4.0\ewido.exe

D:\ATI Tray Tools\atitray.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

D:\SpeedFan\speedfan.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\cidaemon.exe

D:\Opera\Opera.exe

C:\Documents and Settings\Ole Einar\Skrivebord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\STARDO~1\SDIEInt.dll

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [!ewido] "D:\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [AtiTrayTools] "D:\ATI Tray Tools\atitray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: SpeedFan.lnk = D:\SpeedFan\speedfan.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: Download with Star Downloader - D:\Star Downloader\sdie.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programfiler\Executive Software\Diskeeper\DkService.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe

O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared files\RichVideo.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - D:\Sandra Professional 2005\RpcDataSrv.exe (file missing)

O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - D:\Sandra Professional 2005\RpcSandraSrv.exe (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Lenke til kommentar

Tror at pcen er friskmeldt nå, men det er bare hvis du har stilt inn alle disse selv:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

 

Til about:blank

 

Hvis ikke så anbefaler jeg deg til å laste ned Remove about:blank Buddy 4.89

 

Så var det ett par oppføringer du kan slette med hijackthis:

 

O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - D:\Sandra Professional 2005\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - D:\Sandra Professional 2005\RpcSandraSrv.exe (file missing)

 

Hvis du har en about:blank infeksjon så vil jeg anbefale at du poster en blodfersk hjt logg etter at du har lastet ned og kjørt programmet ovenfor.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...