Hansa12 Skrevet 1. mars 2007 Del Skrevet 1. mars 2007 Hei, Trenger litt hjelp her, har nemlig fått denne beskjeden på min pc: "Your system is problaby infected with the latest version of Spyware. CyberLog-X" Noen som har gode tips på hvordan man ev. kan få fjernet dette? Hvor skadelig er den? På forhånd takk! Lenke til kommentar
norbat Skrevet 1. mars 2007 Del Skrevet 1. mars 2007 Kan du poste en Hijackthis-logg. Last ned programmet og legg det i en egen mappe på skrivebordet. Start programmet og velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster i neste post. Lenke til kommentar
Hansa12 Skrevet 1. mars 2007 Forfatter Del Skrevet 1. mars 2007 Kan du poste en Hijackthis-logg. Last ned programmet og legg det i en egen mappe på skrivebordet. Start programmet og velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster i neste post. 8052957[/snapback] Får beskjed om at siden jeg leter etter trolig er blokkert av adware/spyware på min pc. Fjern det med system doctor software står det også. Skal jeg bare følge de instruksene? Lenke til kommentar
norbat Skrevet 1. mars 2007 Del Skrevet 1. mars 2007 (endret) Nei!! Skal finne noen andre linker. Prøv denne: http://www.spywarefri.dk/downloads1/alternativ.exe Endret 1. mars 2007 av norbat Lenke til kommentar
Hansa12 Skrevet 1. mars 2007 Forfatter Del Skrevet 1. mars 2007 Her kommer loggfilen: Logfile of HijackThis v1.99.1 Scan saved at 14:42:08, on 01.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Internet Security\isamntr.exe C:\Programfiler\Internet Security\pmsnrr.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Jensen AirLink\AWU.exe C:\Programfiler\Internet Security\pmmnt.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Internet Security\isamini.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\Hello\Hello.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctpmon.exe C:\WINDOWS\system32\ctpmon.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\Eier\Lokale innstillinger\Temporary Internet Files\Content.IE5\1P732WI9\alternativ[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Programfiler\Internet Security\isadd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AWU] "C:\Programfiler\Jensen AirLink\AWU.exe" -nogui O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PicasaNet] "C:\Programfiler\Hello\Hello.exe" -b O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctpmon] ctpmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programfiler\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programfiler\Hello\PicasaCapture.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/15.12/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://magneo.spaces.live.com//PhotoUpload/MsnPUpld.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\syst84.dll O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing) O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINDOWS\system32\xkrdk.dll (file missing) O23 - Service: Jensen Air:Link Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe Lenke til kommentar
norbat Skrevet 1. mars 2007 Del Skrevet 1. mars 2007 Hent http://siri.urz.free.fr/Fix/SmitfraudFix.zip, pakk det ut på skrivebordet Hent SAS, installer og oppdater. Restart i sikker modus (tapp F8 under oppstart) Kjør smitfraudfix, velg valg 2. Kjør deretter en 'Complete scan' med SAS Restart i normal modus Post en ny HJT-logg + loggen fra SAS + loggen fra Smitfraudfix (c:\rapport.txt) Lenke til kommentar
Hansa12 Skrevet 1. mars 2007 Forfatter Del Skrevet 1. mars 2007 Hent http://siri.urz.free.fr/Fix/SmitfraudFix.zip, pakk det ut på skrivebordet Hent SAS, installer og oppdater. Restart i sikker modus (tapp F8 under oppstart) Kjør smitfraudfix, velg valg 2. Kjør deretter en 'Complete scan' med SAS Restart i normal modus Post en ny HJT-logg + loggen fra SAS + loggen fra Smitfraudfix (c:\rapport.txt) 8053332[/snapback] Får samme beskjed her, at siden trolig er blokkert av adware/spyware Lenke til kommentar
Gjest medlem-105082 Skrevet 1. mars 2007 Del Skrevet 1. mars 2007 Prøv å hent SAS fra en av disse to sidene da: Her og Her Lenke til kommentar
Hansa12 Skrevet 1. mars 2007 Forfatter Del Skrevet 1. mars 2007 Får heller ikke opp http://siri.urz.free.fr/Fix/SmitfraudFix.zip desverre av samme årsak.... Mulig dette er et dumt spm, men ville funket å skrudd tilbake dataen ved en systemgjenoppretting , eller ville den samme dritten fortsatt være der? Ellers takk for all hjelp Lenke til kommentar
Pozzolan Skrevet 1. mars 2007 Del Skrevet 1. mars 2007 Last ned vedlegget jeg har lagt med i denne posten. SmitfraudFix.zip Lenke til kommentar
norbat Skrevet 1. mars 2007 Del Skrevet 1. mars 2007 (endret) Hei EDIT: Prøv å last ned vedlegget fra Stealthy -------------------------------------------------------------------- Avinstaller fra legg til/fjern programmer: Bearshare Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix Checked': R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Programfiler\Internet Security\isadd.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [ctpmon] ctpmon.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\syst84.dll O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing) O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINDOWS\system32\xkrdk.dll (file missing) Sørg for at du kan se skjulte filer og mapper (Kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Restart i sikker modus m/nettverk (tapp F8 under oppstart) Bruk utforsker til å finne og slette (i bold): C:\Programfiler\Internet Security \ C:\WINDOWS\system32\ctpmon.exe C:\WINDOWS\system32\syst84.dll C:\WINDOWS\system32\rpcc.dll <-mulig den mangler C:\WINDOWS\system32\xkrdk.dll <-mulig den mangler Klikk Start ->kjør, skriv: cleanmgr Velg hvilken hd du skal rydde på Programmet beregner frigjort plass..... Sjekk at det er merket av for: Nedlastede programfiler, midlertidige internettfile, papirkurv og midlertidige filer Se om du får hentet Smitfraudfix og SAS fra sikker modus. Hvis, kjører du smitfraudfix som tidilgere forklart. Restart i normal Prøv å installer SAS, oppdater og kjør en full scan. Post en ny HJT-logg sammen med evt. logger fra Smitfraudfix og SAS Endret 1. mars 2007 av norbat Lenke til kommentar
Hansa12 Skrevet 1. mars 2007 Forfatter Del Skrevet 1. mars 2007 Nå har jeg prøvd å følge deres instrukser, og her er de siste loggfilene: Logfile of HijackThis v1.99.1 Scan saved at 23:29:13, on 01.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Jensen AirLink\AWU.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\Hello\Hello.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\Eier\Skrivebord\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AWU] "C:\Programfiler\Jensen AirLink\AWU.exe" -nogui O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PicasaNet] "C:\Programfiler\Hello\Hello.exe" -b O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programfiler\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programfiler\Hello\PicasaCapture.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/15.12/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://magneo.spaces.live.com//PhotoUpload/MsnPUpld.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Jensen Air:Link Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe SmitFraudFix v2.145 Scan done at 23:01:55,59, 01.03.2007 Run from C:\Documents and Settings\Eier\Skrivebord\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\RegistryCleanerSetup.exe Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End SUPERAntiSpyware Scan Log Generated 03/01/2007 at 11:16 PM Application Version : 3.5.1016 Core Rules Database Version : 3192 Trace Rules Database Version: 1202 Scan type : Quick Scan Total Scan Time : 00:08:56 Memory items scanned : 160 Memory threats detected : 0 Registry items scanned : 552 Registry threats detected : 0 File items scanned : 8390 File threats detected : 3 Adware.Tracking Cookie C:\Documents and Settings\Eier\Cookies\[email protected][2].txt C:\Documents and Settings\Eier\Cookies\eier@cgi-bin[2].txt C:\Documents and Settings\Eier\Cookies\[email protected][1].txt Lenke til kommentar
norbat Skrevet 2. mars 2007 Del Skrevet 2. mars 2007 Hei, En 'Complete scan' og ikke 'Quick scan' er å foretrekke når man kjører SAS første gang. Men, HJT-loggen se fin ut. Hvordan kjører pc'n? Lenke til kommentar
Hansa12 Skrevet 2. mars 2007 Forfatter Del Skrevet 2. mars 2007 Hei,En 'Complete scan' og ikke 'Quick scan' er å foretrekke når man kjører SAS første gang. Men, HJT-loggen se fin ut. Hvordan kjører pc'n? 8059275[/snapback] Hei igjen, Her er complete scan loggfile: SUPERAntiSpyware Scan Log Generated 03/02/2007 at 05:43 PM Application Version : 3.5.1016 Core Rules Database Version : 3192 Trace Rules Database Version: 1202 Scan type : Complete Scan Total Scan Time : 00:36:23 Memory items scanned : 383 Memory threats detected : 0 Registry items scanned : 3719 Registry threats detected : 0 File items scanned : 17782 File threats detected : 16 Adware.Tracking Cookie C:\Documents and Settings\Eier\Cookies\[email protected][1].txt C:\Documents and Settings\Eier\Cookies\[email protected][2].txt C:\Documents and Settings\Eier\Cookies\eier@mediaplex[1].txt C:\Documents and Settings\Eier\Cookies\[email protected][2].txt C:\Documents and Settings\Eier\Cookies\eier@drivecleaner[2].txt C:\Documents and Settings\Eier\Cookies\eier@atdmt[2].txt C:\Documents and Settings\Eier\Cookies\eier@cgi-bin[1].txt C:\Documents and Settings\Eier\Cookies\[email protected][2].txt C:\Documents and Settings\Eier\Cookies\eier@fastclick[2].txt C:\Documents and Settings\Eier\Cookies\eier@adtech[2].txt C:\Documents and Settings\Eier\Cookies\[email protected][1].txt C:\Documents and Settings\Eier\Cookies\[email protected][1].txt C:\Documents and Settings\Eier\Cookies\[email protected][1].txt C:\Documents and Settings\Eier\Cookies\eier@advertising[1].txt C:\Documents and Settings\Eier\Cookies\eier@doubleclick[2].txt Trojan.Downloader-CTF Loader C:\SYSTEM VOLUME INFORMATION\_RESTORE{D3A0FB70-FCC8-4C95-882C-3A47272BAE64}\RP28\A0008312.EXE Pc`n kjører faktisk mye bedre, det kommer heller ikke lengre div. varseltrekanter sprettende opp, ei heller en annen side istedet for den opprinnelige startsiden. Kan se ut som mye er borte Lenke til kommentar
Pozzolan Skrevet 2. mars 2007 Del Skrevet 2. mars 2007 (endret) Slå av og på system restore/systemgjenoppretting iom at det ligger en trojaner der. Endret 2. mars 2007 av stealthy Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå