vemundw Skrevet 26. februar 2007 Del Skrevet 26. februar 2007 Hei! Har problemer med seglivet spyware som popper opp, endrer hjemmesiden, kommer med falske virusvarsler osv. Her er loggene fra AVGas og hijackthis. fulgte trinn 1-4 i langversjonen her: https://www.diskusjon.no/index.php?showtopic=691246 Håper noen kan hjelpe. AVGas: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 19:42:52 26.02.2007 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Ignored. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Ignored. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : Ignored. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.Generic : Ignored. HKU\S-1-5-21-507921405-1004336348-839522115-1003\Software\Internet Security -> Adware.Generic : Ignored. HKU\S-1-5-21-507921405-1004336348-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Ignored. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Ignored. C:\System Volume Information\_restore{19C927B0-EFE9-41EF-9914-B54E8A052A3B}\RP218\A0017113.exe -> Downloader.Zlob.bcz : Ignored. C:\System Volume Information\_restore{19C927B0-EFE9-41EF-9914-B54E8A052A3B}\RP219\A0017626.exe -> Downloader.Zlob.bcz : Ignored. C:\System Volume Information\_restore{19C927B0-EFE9-41EF-9914-B54E8A052A3B}\RP219\A0017635.exe -> Downloader.Zlob.bcz : Ignored. C:\System Volume Information\_restore{19C927B0-EFE9-41EF-9914-B54E8A052A3B}\RP219\A0017644.exe -> Downloader.Zlob.bcz : Ignored. C:\System Volume Information\_restore{19C927B0-EFE9-41EF-9914-B54E8A052A3B}\RP218\A0017114.exe -> Downloader.Zlob.bor : Ignored. C:\Documents and Settings\Carls Bar\Cookies\carls bar@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored. C:\Documents and Settings\Carls Bar\Cookies\carls bar@overture[1].txt -> TrackingCookie.Overture : Ignored. ::Report end Og hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 19:56:30, on 26.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Security\isamntr.exe C:\Program Files\Internet Security\pmsnrr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Internet Security\isamini.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Carls Bar\My Documents\hijtest.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lillehammerturist.no/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {337C54C9-80C1-4de2-93CD-AAA510834074} - C:\WINDOWS\system32\lafFB.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Internet Security\isadd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Internet Security\iesplugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [PlayMaster] D:\Playback\PlayMaster\PlayMaster.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINDOWS\system32\xkrdk.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Lenke til kommentar
norbat Skrevet 26. februar 2007 Del Skrevet 26. februar 2007 (endret) Hei, vemundw og velkommen til forumet Du har nok fått deg en smitfraud-infeksjon så vi gjøre følgende: Hent SAS, installer og oppdater. Hent Smitfraudfix, legg det på skrivebordet Hvis du ikke har hentet CCleaner, gjør du det. Installer. Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {337C54C9-80C1-4de2-93CD-AAA510834074} - C:\WINDOWS\system32\lafFB.dll O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Internet Security\isadd.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Internet Security\iesplugin.dll O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINDOWS\system32\xkrdk.dll (file missing) Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør Smitfraudfix, velg valg 2. Om pc restarter, tar du bare en ny restart og fortsetter under i sikker modus Bruk utforsker til å finne og slette (i bold): C:\Program Files\Internet Security C:\WINDOWS\system32\xkrdk.dll <-mulig den ikke finnes. Kjør en rens med CCleaner Kjør deretter en 'Complete scan' med SAS, slett alt den finner. Restart i normal Post en ny HJT-logg sammen med loggen fra SAS (preferences->statistics/logs). Endret 26. februar 2007 av norbat Lenke til kommentar
vemundw Skrevet 26. februar 2007 Forfatter Del Skrevet 26. februar 2007 Tusen takk for svar har gjort som du har sagt og her er loggene. Fant verken program files\internet security eller system32\xkrdk.dll, men det gjør kanskje ikke noe...? Logfile of HijackThis v1.99.1 Scan saved at 20:56:29, on 26.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Carls Bar\My Documents\hijtest.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lillehammerturist.no/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [PlayMaster] D:\Playback\PlayMaster\PlayMaster.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Og SAS: SUPERAntiSpyware Scan Log Generated 02/26/2007 at 08:53 PM Application Version : 3.5.1016 Core Rules Database Version : 3189 Trace Rules Database Version: 1199 Scan type : Complete Scan Total Scan Time : 00:09:38 Memory items scanned : 174 Memory threats detected : 0 Registry items scanned : 3553 Registry threats detected : 3 File items scanned : 20708 File threats detected : 4 Adware.Tracking Cookie C:\Documents and Settings\Carls Bar\Cookies\carls bar@cgi-bin[2].txt C:\Documents and Settings\Carls Bar\Cookies\carls [email protected][1].txt Trojan.Media-Codec HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString Unclassified.Unknown Origin C:\DOCUMENTS AND SETTINGS\CARLS BAR\MY DOCUMENTS\BACKUPS\BACKUP-20070226-203153-101.DLL C:\WINDOWS\SYSTEM32\LAFFB.DLL Lenke til kommentar
norbat Skrevet 26. februar 2007 Del Skrevet 26. februar 2007 HJT-loggen ser fin ut. To spm: Du har slått på visning av skjulte filer og mapper? SAS-scanningen tok sannelig kort tid. Hvor stor HD har du på pc? Uansett, hvordan kjører pc'n? Lenke til kommentar
vemundw Skrevet 26. februar 2007 Forfatter Del Skrevet 26. februar 2007 HJT-loggen ser fin ut. To spm: Du har slått på visning av skjulte filer og mapper? SAS-scanningen tok sannelig kort tid. Hvor stor HD har du på pc? Uansett, hvordan kjører pc'n? 8032572[/snapback] Ja til første spm. Er ikke min pc. er bare en musikk-pc i baren der jeg jobber så vet ikke. men ikke så mye på hden ennå i alle fall. Men det ser ut som alt er fikset nå. Kjører fint og rent. Må bare takke så mye for hjelpen. Fantastisk å ha muligheter til å få slik hjelp på et sted som dette Tusen takk! Lenke til kommentar
norbat Skrevet 26. februar 2007 Del Skrevet 26. februar 2007 Hei, Ok, da forsvant det med smitfraudfix Og, ja, det måtte være en 'mikro'-harddisk da det bare tok 10 minutter. Vanlig tid ligger på 1 time Du får bare komme tilbake om det dukker om nye problemer Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå