tjodalv Skrevet 10. juli 2007 Del Skrevet 10. juli 2007 Har fulgt denne guiden: Spylocked men den fungerte desverre ikkje for meg Har brukt SuperAntiSpyware, og den fjerna en god del, tror eg Einaste tilsynelatande problemet som gjenstår er ikonet nede i høgre hjørnet som blinker og henviser meg til VirusProtection Her er HiJackThis logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:13:21, on 10.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\MSI\Core Center\CoreCenter.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\uTorrent\utorrent.exe C:\WINDOWS\system32\taskmgr.exe C:\Programfiler\mIRC\mirc.exe C:\Programfiler\Hamachi\hamachi.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\SR\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programfiler\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared files\RichVideo.exe -- End of file - 5742 bytes Lenke til kommentar
norbat Skrevet 10. juli 2007 Del Skrevet 10. juli 2007 Hei, tjodalv, og velkommen til forumet. Det var nok ikke alt som ble fjernet med den veiledningen, så gjør følgende: Hent Smitfraudfix, legg det på skrivebordet Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør Smitfraudfix, velg valg 2. Følg veiledningen. Post deretter loggen fra Smitfraudfix, vanligvis å finne i C:\rapport.txt + ny HJT-logg Lenke til kommentar
tjodalv Skrevet 10. juli 2007 Forfatter Del Skrevet 10. juli 2007 (endret) Det ser ut som at SmitFraudFix'n fiksa heile greia! :!: Her er HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:35:27, on 10.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\MSI\Core Center\CoreCenter.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\CyberLink\Shared files\RichVideo.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\SR\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programfiler\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared files\RichVideo.exe -- End of file - 5484 bytes SmithFraudFix : Scan done at 20:29:51,12, 10.07.2007 Run from C:\Documents and Settings\SR\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\myqlejy.dll Deleted C:\DOCUME~1\SR\FAVORI~1\Online Security Test.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{0075B64C-837C-45FA-95E0-DD4078B2D06E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0075B64C-837C-45FA-95E0-DD4078B2D06E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{0075B64C-837C-45FA-95E0-DD4078B2D06E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Endret 10. juli 2007 av tjodalv Lenke til kommentar
norbat Skrevet 10. juli 2007 Del Skrevet 10. juli 2007 Ja, loggen ser også ren og pen ut Ikke glem å gi din stemme i undersøkelsen: https://www.diskusjon.no/index.php?showtopic=793667 Lenke til kommentar
tjodalv Skrevet 12. juli 2007 Forfatter Del Skrevet 12. juli 2007 Du er en sann helt Norbat! Takk så masse! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå