veskri Skrevet 17. januar 2007 Del Skrevet 17. januar 2007 (endret) Hei. Jeg har i det siste hatt en del problemer med div. reklamer, trojaner & irriterende melding om å kjøre DriveCleaner på min pc Har fulgt guiden fra janfredrik Bli kvitt spyware/adaware, men opplever fremdeles det samme problemet. Se bilder for feilmeldinger. Har installert, og kjørt gjennom alle disse programmene * CWShredder * AdAware SE * Spybot-S&D * Micorosoft AntiSpyware ....samt at jeg kjører Norman Anti Virus Kontrol på PCen, men jeg blir allikevel ikke kvitt disse irriterende pop-ups. Noen gode råd om hva jeg kan gjøre, og hva som kan slettes? Legger også ved Hijackthis log Endret 23. januar 2007 av veskri Lenke til kommentar
norbat Skrevet 17. januar 2007 Del Skrevet 17. januar 2007 Lag en ny HJT-logg. Før du kjører programmet, forandrer du programnavnet, hijackthis.exe til noe annet, f.eks: test.exe Lenke til kommentar
veskri Skrevet 17. januar 2007 Forfatter Del Skrevet 17. januar 2007 Lag en ny HJT-logg. Før du kjører programmet, forandrer du programnavnet, hijackthis.exe til noe annet, f.eks: test.exe 7746159[/snapback] Logfile of HijackThis v1.99.1 Scan saved at 22:49:12, on 17.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ACS.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\DVDRAMSV.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Norman\bin\ZANDA.EXE C:\WINDOWS\system32\wdfmgr.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\bin\NJEEVES.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TPSMain.exe C:\Programfiler\Toshiba\Toshiba Applet\thotkey.exe C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Norman\bin\ZLH.EXE C:\Programfiler\Windows Defender\MSASCui.exe C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\TPSBattM.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\WinRAR\WinRAR.exe C:\DOCUME~1\ANNEGR~1\LOKALE~1\Temp\Rar$EX00.672\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.nor.chello.no/ssi/welcome/welcome.php?url=search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1044&id=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nor.chello.no/ssi/welcome/welcome.php?url=home R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.online.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fra chello broadband n.v. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - Default URLSearchHook is missing O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [THotkey] C:\Programfiler\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [smoothView] C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [TOSCDSPD] C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.nor.chello.no/ssi/welcome/welcome.php?url=home O16 - DPF: ImageUploader - http://www.direktefoto.no/df/Aurigma/ImageUploader.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwa...director/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.no/QuickFix2/asp/chelloInstall.CAB O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.direktefoto.no/df/saxfiles/saxfile.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://nettbank.fokus.no/html/activex/FOK/Menu.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093347244265 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.no/quickfix2/asp/LaunchApp.CAB O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE Lenke til kommentar
norbat Skrevet 17. januar 2007 Del Skrevet 17. januar 2007 (endret) Ut fra bildene, har du noen ekle kryp. Følg derfor langversjonen av veiledningen i følgnede post: https://www.diskusjon.no/index.php?showtopic=691246 Før du poster en ny HJT-logg, forandrer du som nevnt programnavnet (hijackthis.exe) til noe annet (f.eks: test.exe ) Pakk HJT ut i en egen mappe på skrivebordet. Endret 17. januar 2007 av norbat Lenke til kommentar
veskri Skrevet 21. januar 2007 Forfatter Del Skrevet 21. januar 2007 (endret) Hei. Jeg har nå fulgt veiledningen din i "langversjonen" pkt.1-4 HTJ-logg Logfile of HijackThis v1.99.1 Scan saved at 22:13:04, on 21.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ACS.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\DVDRAMSV.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Norman\bin\ZANDA.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TPSMain.exe C:\Programfiler\Toshiba\Toshiba Applet\thotkey.exe C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Norman\bin\ZLH.EXE C:\Programfiler\Windows Defender\MSASCui.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\QuickTime\qttask.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\NORMAN\Nvc\BIN\nipsvc.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RAMASST.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Anne Grete\Skrivebord\Spam_downloads\Spam_langversjonen\Test.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.nor.chello.no/ssi/welcome/welcome.php?url=search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1044&id=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nor.chello.no/ssi/welcome/welcome.php?url=home R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.online.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fra chello broadband n.v. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - Default URLSearchHook is missing O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2810AAE0-EDAA-41F6-86F3-FF420FF9052F} - C:\WINDOWS\system32\gebxyvs.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {E910D371-BFD1-4277-9651-AA69E0257613} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [THotkey] C:\Programfiler\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [smoothView] C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [TOSCDSPD] C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.nor.chello.no/ssi/welcome/welcome.php?url=home O16 - DPF: ImageUploader - http://www.direktefoto.no/df/Aurigma/ImageUploader.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwa...director/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.no/QuickFix2/asp/chelloInstall.CAB O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.direktefoto.no/df/saxfiles/saxfile.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093347244265 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.no/quickfix2/asp/LaunchApp.CAB O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com/activex/HMAtchmt.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE _____________________________________________________________________ Logg fra SAS: SUPERAntiSpyware Scan Log Generated 01/21/2007 at 08:00 PM Application Version : 3.5.1016 Core Rules Database Version : 3168 Trace Rules Database Version: 1179 Scan type : Complete Scan Total Scan Time : 00:56:13 Memory items scanned : 177 Memory threats detected : 2 Registry items scanned : 5966 Registry threats detected : 7 File items scanned : 35720 File threats detected : 35 Adware.Vundo Variant C:\WINDOWS\SYSTEM32\SSTTS.DLL C:\WINDOWS\SYSTEM32\SSTTS.DLL HKLM\Software\Classes\CLSID\{E910D371-BFD1-4277-9651-AA69E0257613} HKCR\CLSID\{E910D371-BFD1-4277-9651-AA69E0257613} HKCR\CLSID\{E910D371-BFD1-4277-9651-AA69E0257613}\InprocServer32 HKCR\CLSID\{E910D371-BFD1-4277-9651-AA69E0257613}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E910D371-BFD1-4277-9651-AA69E0257613} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\sstts Trojan.Downloader-WBRock C:\WINDOWS\SYSTEM32\GEBXYVS.DLL C:\WINDOWS\SYSTEM32\GEBXYVS.DLL Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\gebxyvs C:\DOCUMENTS AND SETTINGS\ANNE GRETE\SKRIVEBORD\SPAM_DOWNLOADS\BACKUPS\BACKUP-20070118-164433-860.DLL C:\DOCUMENTS AND SETTINGS\ANNE GRETE\SKRIVEBORD\SPAM_DOWNLOADS\BACKUPS\BACKUP-20070118-170259-305.DLL C:\WINDOWS\SYSTEM32\LJJIHHI.DLL Adware.VSToolbar C:\Programfiler\VSAdd-in Adware.Tracking Cookie C:\Documents and Settings\konto\Cookies\[email protected][2].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\konto@adinterax[1].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\[email protected][2].txt C:\Documents and Settings\konto\Cookies\[email protected][2].txt C:\Documents and Settings\konto\Cookies\[email protected][2].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\konto@clicktorrent[1].txt C:\Documents and Settings\konto\Cookies\konto@cpvfeed[2].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\konto@indextools[2].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\konto@nextag[2].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\konto@roiservice[1].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\[email protected][2].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\[email protected][2].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt C:\Documents and Settings\konto\Cookies\konto@winantivirus[1].txt C:\Documents and Settings\konto\Cookies\[email protected][1].txt Trojan.Downloader-SpyTool C:\WINDOWS\SYSTEM32\LJVGHMAH.DLL C:\WINDOWS\SYSTEM32\XKPBGRSU.DLL Hvordan ser det nå ut? På forhånd takk :-) Endret 22. januar 2007 av veskri Lenke til kommentar
norbat Skrevet 22. januar 2007 Del Skrevet 22. januar 2007 Slettes ikke verst Kjør HJT og fix: R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {2810AAE0-EDAA-41F6-86F3-FF420FF9052F} - C:\WINDOWS\system32\gebxyvs.dll (file missing) O2 - BHO: (no name) - {E910D371-BFD1-4277-9651-AA69E0257613} - (no file) Hvordan kjører pc forøvrig? Lenke til kommentar
veskri Skrevet 24. januar 2007 Forfatter Del Skrevet 24. januar 2007 (endret) PC ser ut til å ha blitt "frisk" igjen. Takk så mye for hjelpen Ny HTJ-logg Logfile of HijackThis v1.99.1 Scan saved at 21:11:20, on 24.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ACS.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\DVDRAMSV.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Norman\bin\ZANDA.EXE C:\WINDOWS\system32\wdfmgr.exe C:\Norman\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TPSMain.exe C:\Programfiler\Toshiba\Toshiba Applet\thotkey.exe C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Norman\bin\ZLH.EXE C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Documents and Settings\Anne Grete\Skrivebord\Spam_downloads\Test.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.nor.chello.no/ssi/welcome/welcome.php?url=search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1044&id=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.online.no/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fra chello broadband n.v. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [THotkey] C:\Programfiler\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [smoothView] C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [TOSCDSPD] C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://home.nor.chello.no/ssi/welcome/welcome.php?url=home O16 - DPF: ImageUploader - http://www.direktefoto.no/df/Aurigma/ImageUploader.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwa...director/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.no/QuickFix2/asp/chelloInstall.CAB O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.direktefoto.no/df/saxfiles/saxfile.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093347244265 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.no/quickfix2/asp/LaunchApp.CAB O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com/activex/HMAtchmt.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE Endret 24. januar 2007 av veskri Lenke til kommentar
norbat Skrevet 24. januar 2007 Del Skrevet 24. januar 2007 Loggen ser fin ut Du kan kjøre HJT og fixe: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> Nullstill 'restore'-mappa slik at du slipper å få tilbake infiserte filer ved en evt. gjenoppretting. Kontrollpanel->system->systemgjenoppretting Sett merke framfor: "Slå av systemgj........." Restart pc Fjern merket du nettopp satte. Lag deg et nytt gjenopprettingspunkt manuelt: Tilbehør->systemverktøy->systemgjenoppretting. Lag en nytt punkt. Navgi det, klikk 'Opprett'. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå