S-A Skrevet 22. desember 2006 Del Skrevet 22. desember 2006 Jeg har kjørt ad-aware, spyboot s&d og norton antivirus. De finner ingenting galt, og jeg er usikker på om jeg i det hele tatt har trojaner. Maskinen ser ut til åvirke som normalt. Spyware Doctor finner at jeg har Trojan.Popuper. Disse får jeg ikke fjernet. Jeg blir meget takknemlig hvis noen kan se på dette og hjelpe meg! Jeg får opp at Spyware Doctor finner følgende: C:\System Volume Information\_restore{92C00012-92DE-49DD-B826-3ACDADB2C779}\RP127\A0010625.exe C:\System Volume Information\_restore{92C00012-92DE-49DD-B826-3ACDADB2C779}\RP127\A0010647.exe C:\System Volume Information\_restore{92C00012-92DE-49DD-B826-3ACDADB2C779}\RP127\A0010662.exe C:\System Volume Information\_restore{92C00012-92DE-49DD-B826-3ACDADB2C779}\RP127\A0010682.exe C:\System Volume Information\_restore{92C00012-92DE-49DD-B826-3ACDADB2C779}\RP127\A0010819.exe C:\System Volume Information\_restore{92C00012-92DE-49DD-B826-3ACDADB2C779}\RP127\A0010820.dll HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser##{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}## HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\iexplore HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\iexplore## HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\iexplore##Count HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\iexplore##Time HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\iexplore##Type ____________________________________________________________________ HijackThis viser følgende: Logfile of HijackThis v1.99.1 Scan saved at 20:43:42, on 22.12.06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\Spyware Doctor\swdoctor.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Microsoft Office\Office10\WINWORD.EXE C:\Programfiler\Messenger\msmsgs.exe C:\DOCUME~1\Eier\LOKALE~1\Temp\Midlertidig mappe 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startporten.no/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [spyware Doctor] "C:\Programfiler\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Lenke til kommentar
norbat Skrevet 22. desember 2006 Del Skrevet 22. desember 2006 HJT-loggen din ser grei ut. Spyware Doctor (SD) finner spor av spywarequake så du kan prøve følgende: Last ned Smitfraudfix og pakk det ut på skrivebordet. Kjør smitfraudfix.cmd, og tast 1. Det lages en rapport som finnes på C:\rapport.txt Hvis det står at det er funnet noe, restarter du i sikker modus (tapp f8 under oppstart) og kjør smitfraudfix.cmd, og tast 2. Det ligger også noe rammel i _restore, dette kan fjernes ved at du deaktiverer systemgjenopprettingen, restarter pc'n og slå systemgjenopprettigen på igjen (kontrollpanel->system->systemgjenoppretting) Kjør deretter en runde med SD igjen og se om det da ikke har ordnet seg Lenke til kommentar
S-A Skrevet 22. desember 2006 Forfatter Del Skrevet 22. desember 2006 (endret) Jeg har gjort som du beskrev, men fikk fremdeles opp trojan.popuper i SD. Hva kan det da være? SmitFraudFix v2.131 Scan done at 0:15:11,29, 23.12.06 Run from C:\Documents and Settings\Eier\Skrivebord\Ubrukte skrivebordssnarveier\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Eier »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Eier\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Eier\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programfiler »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End SD finner dette: Trojan.Popuper (AdClick Trojan.FakeSpy Smitfraud Quicknavigate Trojan.Puper Trojan-Clicker.Win32.Agent.cr[Kaspersky] Downloader-ACZ[McAfee] Troj/AdClick-BE[sophos] Trojan.Emcodec.G Ny SD logg viser dette: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser##{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} High Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} High Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}## High Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\iexplore High Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\iexplore## High Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\iexplore##Count High Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\iexplore##Time High Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\iexplore##Type ____________________________________________________________________ Ny HJT: Logfile of HijackThis v1.99.1 Scan saved at 23:58:15, on 22.12.06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\Spyware Doctor\swdoctor.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Messenger\msmsgs.exe C:\DOCUME~1\Eier\LOKALE~1\Temp\Midlertidig mappe 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startporten.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [spyware Doctor] "C:\Programfiler\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Endret 22. desember 2006 av S-A Lenke til kommentar
norbat Skrevet 22. desember 2006 Del Skrevet 22. desember 2006 Last ned CCleaner og kjør en rens. Oppdater AVG antispyware, restart i sikker modus og kjør en full scan. Legg ut loggen. Lenke til kommentar
S-A Skrevet 23. desember 2006 Forfatter Del Skrevet 23. desember 2006 --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 01:21:55 23.12.06 + Scan result: HKU\S-1-5-21-1801674531-1604221776-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} -> Adware.Generic : Ignored. C:\Documents and Settings\Eier\Cookies\eier@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignored. ::Report end ____________________________________________________________________ CCleaner: Rensing komplett - (2,256 sek) ------------------------------------------------------------------------------------------ 2,37MB slettet. ------------------------------------------------------------------------------------------ Detaljer om filene som har blitt slettet ------------------------------------------------------------------------------------------ IE Midlertidige Internet Filer (105 filer) 0,41MB C:\Documents and Settings\Eier\Cookies\[email protected][1].txt 104 bytes C:\Documents and Settings\Eier\Cookies\eier@statistik-gallup[1].txt 119 bytes C:\Documents and Settings\Eier\Cookies\eier@tradedoubler[2].txt 210 bytes C:\Documents and Settings\Eier\Cookies\[email protected][1].txt 138 bytes Merket for fjerning: C:\Documents and Settings\Eier\Cookies\index.dat C:\DOCUME~1\Eier\LOKALE~1\Temp\jusched.log 173 bytes C:\WINDOWS\system32\wbem\Logs\wbemess.log 11,71KB C:\WINDOWS\system32\wbem\Logs\wmiprov.log 442 bytes C:\WINDOWS\0.log 0 bytes C:\WINDOWS\setupapi.log 459 bytes C:\WINDOWS\WindowsUpdate.log 1,84MB C:\WINDOWS\ntbtlog.txt 89,03KB C:\WINDOWS\SchedLgU.Txt 31,82KB C:\Documents and Settings\Eier\Programdata\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 120 bytes ------------------------------------------------------------------------------------------ Lenke til kommentar
norbat Skrevet 23. desember 2006 Del Skrevet 23. desember 2006 (endret) Vet ikke hvilke innstillinger du har satt i AVG, det skal i allefall under "how to act" og "recommended action" settes til delete Ellers skulle jeg anta at dette kan fjernes via regedit (Start->kjør, skriv: regedit), men vi kan først prøve en runde med SAS. Last ned, installer og oppdater. Kjør en full scan og slett alt den finner. SAS-loggen finner du i Preferences->statistics/logs. Ved en evt. manuell fjerning fra registeret er det registernøkkelen: {5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} som skal fjernes fra disse to plassene: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats Endret 23. desember 2006 av norbat Lenke til kommentar
S-A Skrevet 23. desember 2006 Forfatter Del Skrevet 23. desember 2006 Da har jeg kjørt SAS: SUPERAntiSpyware Scan Log Generated 12/23/2006 at 01:35 PM Application Version : 3.3.1020 Core Rules Database Version : 3153 Trace Rules Database Version: 1170 Scan type : Complete Scan Total Scan Time : 00:11:42 Memory items scanned : 620 Memory threats detected : 0 Registry items scanned : 5456 Registry threats detected : 0 File items scanned : 10386 File threats detected : 2 Adware.Tracking Cookie C:\Documents and Settings\Eier\Cookies\eier@tradedoubler[2].txt C:\Documents and Settings\Eier\Cookies\[email protected][1].txt Slettet dette og kjørte ny scan i SAS. Fant da ingenting. Fjernet deretter manuelt {5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} fra HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser Jeg fant ikke {5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} i HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats. Kjørte ny scan med SD. Fant da ingenting. Vil det si at problemet er løst? Lenke til kommentar
norbat Skrevet 23. desember 2006 Del Skrevet 23. desember 2006 Ja, dette ser bra ut. Du kan samtidig slå av systemgjenopprettingen, restarte pc'n og slå den på igjen (på tilsvarende måte som du har gjort tidligere). Lag deg gjerne et nytt gjenopprettingspunkt manuelt. Lenke til kommentar
S-A Skrevet 23. desember 2006 Forfatter Del Skrevet 23. desember 2006 Genialt! Tusen takk for hjelpen!! Ser at AVG er en trial version. Bør man kjøpe dette programmet? Lenke til kommentar
norbat Skrevet 23. desember 2006 Del Skrevet 23. desember 2006 AVG fås i en free edition, altså gratis. Lenke til kommentar
roydan Skrevet 6. februar 2007 Del Skrevet 6. februar 2007 Hvis du får dette opp når du starter internett explorer, er det Spyware Doctor som har lagt seg inn som startside, og vill du skal kjøpe dies produkt. Du vill få problemer med å fjerne dette. Har fjernet dette med å kjøre Ewido anti-spyware. kan lastes ned på denne linken. Lenke til kommentar
zonko Skrevet 7. februar 2007 Del Skrevet 7. februar 2007 Hei roydan. Det første rådet ditt om fjerning av startside, samt de tre siste, om ikke laste ned cracker eller p***n, og bruke Opera er gode råd. Det som ikke er lurt er å linke til warez-sider i dette forumet. Slikt er ulovlig, og jeg vil rapportere denne til mod. Lenke til kommentar
Jarmo Skrevet 7. februar 2007 Del Skrevet 7. februar 2007 Brukte dette prog. jeg..... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå