Mesias Skrevet 6. oktober 2007 Del Skrevet 6. oktober 2007 (endret) hei hei. jeg ahr tydeligvis fått rusk i tårnet, og trompeten synger ikke rent jeg kjørte programmet " Hijackthis" og endte opp med denne loggen: (takk norbat) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:53:48, on 06.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\CTHELPER.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Online Video Add-on\icmntr.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Online Video Add-on\icthis.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Tobias\Mine dokumenter\Ny mappe (2)\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...mzPFuzxwT8K1mo= R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file) O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Programfiler\Online Video Add-on\ictmdl.dll (file missing) O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [utopia Angel] "C:\Utopia\Angel\Angel.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [steam] D:\spill\steam\\Steam.exe -silent O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programfiler\Online Video Add-on\icthis.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{26ABB37A-A380-4005-8C21-BFD8D6B64506}: NameServer = 85.255.113.93,85.255.112.23 O17 - HKLM\System\CCS\Services\Tcpip\..\{8873DF38-2032-451A-94C3-844CDDB74671}: NameServer = 85.255.113.93,85.255.112.23 O17 - HKLM\System\CCS\Services\Tcpip\..\{A18DD654-0E56-4070-8C2A-0A4C4E1C82BC}: NameServer = 85.255.113.93,85.255.112.23 O17 - HKLM\System\CCS\Services\Tcpip\..\{E5DF8921-ADE5-4D4E-A789-79588C15DFF7}: NameServer = 85.255.113.93,85.255.112.23 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.23 O17 - HKLM\System\CS1\Services\Tcpip\..\{26ABB37A-A380-4005-8C21-BFD8D6B64506}: NameServer = 85.255.113.93,85.255.112.23 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.23 O17 - HKLM\System\CS2\Services\Tcpip\..\{26ABB37A-A380-4005-8C21-BFD8D6B64506}: NameServer = 85.255.113.93,85.255.112.23 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.23 O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll (file missing) O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll (file missing) O22 - SharedTaskScheduler: ataxics - {16be3225-e902-4d2a-ac98-aab162796927} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programfiler\Sygate\SPF\Smc.exe håper dere kan guide meg pent og rolig hjennom hvordan man blir kvit det Endret 6. oktober 2007 av Mesias Lenke til kommentar
norbat Skrevet 6. oktober 2007 Del Skrevet 6. oktober 2007 Hei igjen, 1: Hent Fixwareout Legg filen på skrivebordet og dobbeltklikk på den. Klikk Next -> Install. Sjekk at det er avkrysset i 'Run fixit'. Klikk Finish og fixet vil starte. Følg instruksjonen. Restart PC-en når du blir bedt om det. Oppstarten vil ta litt lengre tid en normalt ..... Når PC-en har restartet følger du bare instruksjonen som kommer på skjermen. 2: Hent Smitfraudfix, legg det på skrivebordet Restart i sikker modus (trykk flere ganger på F8 under oppstart, velg sikker modus) Kjør Smitfraudfix, velg valg 2. 3: Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Når dette er gjort poster du følgende logger: Fixwareout-loggen: C:\fixwareout\report.txt Smitfraudfix-logg: C:\rapport.txt SAS-loggen: Preferences->statistics/logs Ny HJT-logg Lenke til kommentar
Mesias Skrevet 6. oktober 2007 Forfatter Del Skrevet 6. oktober 2007 takk takk for hjelpen, men før jeg poster alle loggene har jeg et spørsmål som kan hjelpe meg i fremtidig posting på forumet. hvordan koker jeg hele loggen ned til en link, så ikke alle behøver å se på hele greia Lenke til kommentar
Mesias Skrevet 6. oktober 2007 Forfatter Del Skrevet 6. oktober 2007 her er loggene: Fixwareout log: Username "Tobias" - 06.10.2007 13:29:17 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kditr.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.113.93 85.255.112.23" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{26ABB37A-A380-4005-8C21-BFD8D6B64506} "nameserver"="85.255.113.93,85.255.112.23" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8873DF38-2032-451A-94C3-844CDDB74671} "nameserver"="85.255.113.93,85.255.112.23" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A18DD654-0E56-4070-8C2A-0A4C4E1C82BC} "nameserver"="85.255.113.93,85.255.112.23" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E5DF8921-ADE5-4D4E-A789-79588C15DFF7} "nameserver"="85.255.113.93,85.255.112.23" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8873DF38-2032-451A-94C3-844CDDB74671} "DhcpNameServer"="85.255.113.93,85.255.112.23" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A18DD654-0E56-4070-8C2A-0A4C4E1C82BC} "DhcpNameServer"="85.255.113.93,85.255.112.23" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D786FF4F-30B0-4548-A40B-BBD0C2B8B2E2} "DhcpNameServer"="85.255.113.93,85.255.112.23" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E5DF8921-ADE5-4D4E-A789-79588C15DFF7} "DhcpNameServer"="85.255.113.93,85.255.112.23" <Value cleared. DNS Resolver-bufferen ble tømt. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}5028B2749A82-A5F9-B6A4-76EF-8962BBED{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}D3D08386138F-66D9-4964-ACC4-7695DB68{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}DE41B605A857-F60B-7324-0FEA-97B4F58D{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}2D7E9DB88EC5-DE58-A614-A256-C9772820{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}4DFEBF00E5DC-DA88-9A24-5EEA-3651F3F9{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}FB4453859D1F-840B-B614-44B9-2A9A5277{" Deleted .... ~~~~~ Misc files. C:\WINDOWS\System32\kernel32.exe Deleted .... ~~~~~ Checking for older varients. .... ~~~~~ Other C:\WINDOWS\Temp\kditr.ren 65057 04.08.2004 ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\\Programfiler\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "CTHelper"="CTHELPER.EXE" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "SunJavaUpdateSched"="C:\\Programfiler\\Java\\jre1.5.0_03\\bin\\jusched.exe" "ATICCC"="\"C:\\Programfiler\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "QuickTime Task"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programfiler\\iTunes\\iTunesHelper.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="\"C:\\Programfiler\\MSN Messenger\\MsnMsgr.Exe\" /background" "Utopia Angel"="\"C:\\Utopia\\Angel\\Angel.exe\"" "DAEMON Tools"="\"C:\\Programfiler\\DAEMON Tools\\daemon.exe\" -lang 1033" "Steam"="D:\\spill\\steam\\\\Steam.exe -silent" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ SmitfraudFix log: SmitFraudFix v2.238 Scan done at 13:45:10,17, 06.10.2007 Run from C:\Documents and Settings\Tobias\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists" [HKEY_CLASSES_ROOT\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32] @="C:\WINDOWS\system32\dpfwu.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32] @="C:\WINDOWS\system32\dpfwu.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{16be3225-e902-4d2a-ac98-aab162796927}"="ataxics" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url Deleted C:\DOCUME~1\Tobias\FAVORI~1\Online Security Test.url Deleted C:\Programfiler\Online Video Add-on\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{26ABB37A-A380-4005-8C21-BFD8D6B64506}: DhcpNameServer=10.0.0.138 HKLM\SYSTEM\CS1\Services\Tcpip\..\{26ABB37A-A380-4005-8C21-BFD8D6B64506}: DhcpNameServer=10.0.0.138 HKLM\SYSTEM\CS2\Services\Tcpip\..\{26ABB37A-A380-4005-8C21-BFD8D6B64506}: DhcpNameServer=10.0.0.138 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{16be3225-e902-4d2a-ac98-aab162796927}"="ataxics" »»»»»»»»»»»»»»»»»»»»»»»» End jeg fant ikke SAS loggen Nye hijackthis log: C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\CTHELPER.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Tobias\Mine dokumenter\Ny mappe (2)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [utopia Angel] "C:\Utopia\Angel\Angel.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [steam] D:\spill\steam\\Steam.exe -silent O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: ataxics - {16be3225-e902-4d2a-ac98-aab162796927} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programfiler\Sygate\SPF\Smc.exe -- End of file - 4817 bytes håper det hjalp. eller at vi kan finne flere feil på denne måten (er egentlig ikke sikker på hva jeg nettop gjorde ) Lenke til kommentar
norbat Skrevet 6. oktober 2007 Del Skrevet 6. oktober 2007 Dette så straks bedre ut Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked': O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file) O22 - SharedTaskScheduler: ataxics - {16be3225-e902-4d2a-ac98-aab162796927} - (no file) Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny hjt-logg. Lenke til kommentar
Tore Skrevet 6. oktober 2007 Del Skrevet 6. oktober 2007 hvordan koker jeg hele loggen ned til en link, så ikke alle behøver å se på hele greia 9648384[/snapback] det er en knapp det står skjul på, sammen med fet skrift å sette inn bilde osv. Teksten du skal skjule skal ligge mellom de to kodene du får frem... [SKJUL]her skal loggen ligge[/SKJUL] da blir det seende slik ut. Klikk for å se/fjerne innholdet nedenfor her skal loggen ligge Lenke til kommentar
Mesias Skrevet 6. oktober 2007 Forfatter Del Skrevet 6. oktober 2007 takk for svar og hjelp folkens, problemene er borte, å livet er lysere. jeg takker for meg og danser elegant av senen med tårer i øynene og sitatet " dette hadde ikke vært mulig om det ikke var for norbat" Lenke til kommentar
norbat Skrevet 6. oktober 2007 Del Skrevet 6. oktober 2007 Det hadde vært veldig greit om du gjennomførte det siste også (combofix) før vi sier surf trygt Lenke til kommentar
Mesias Skrevet 6. oktober 2007 Forfatter Del Skrevet 6. oktober 2007 (endret) Klikk for å se/fjerne innholdet nedenfor ComboFix 07-10-06.5 - Tobias 2007-10-07 1:20:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.325 [GMT 2:00] Running from: C:\Documents and Settings\Tobias\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\montorgueil C:\Programfiler\montorgueil\14.05048 C:\Programfiler\montorgueil\manga\manga.exe C:\Programfiler\montorgueil\manga\manga.ico C:\WA6P . ((((((((((((((((((((((((( Files Created from 2007-09-06 to 2007-10-06 ))))))))))))))))))))))))))))))) . 2007-10-07 01:20 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-06 13:54 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-10-06 13:54 <DIR> d-------- C:\Documents and Settings\Tobias\Programdata\SUPERAntiSpyware.com 2007-10-06 13:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2007-10-06 13:45 1,286 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-06 13:36 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-06 13:36 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-06 13:36 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-06 13:36 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-06 13:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-06 13:36 <DIR> d-------- C:\Documents and Settings\Tobias\SmitfraudFix 2007-09-28 09:41 <DIR> d-------- C:\Programfiler\DivX 2007-09-18 21:27 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2007-09-18 21:25 <DIR> d-------- C:\ijji 2007-09-18 21:20 <DIR> d--h----- C:\Documents and Settings\Tobias\Programdata\ijjigame 2007-09-18 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\IJJIGame 2007-09-11 20:42 <DIR> d-------- C:\Programfiler\98se . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-06 14:28 --------- d-------- C:\Programfiler\DAEMON Tools 2007-10-06 13:53 --------- d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-10-06 00:51 --------- d-------- C:\Documents and Settings\Tobias\Programdata\uTorrent 2007-10-05 10:14 --------- d-------- C:\Programfiler\MagicISO 2007-09-16 13:48 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-09-14 16:47 --------- d-------- C:\Documents and Settings\Tobias\Programdata\dvdcss 2007-08-17 03:00 --------- d-------- C:\Programfiler\MSXML 6.0 2007-08-13 22:57 --------- d-------- C:\Programfiler\Microsoft Virtual PC 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-27 01:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-27 01:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-17 18:55 61440 --a------ C:\WINDOWS\diabunin.exe 2007-07-13 11:53 73216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-07-13 11:53 249856 --------- C:\WINDOWS\Setup1.exe 2006-08-11 21:04 11870207 --a------ C:\Documents and Settings\Tobias\WoW-1.11.2.5464-to-0.12.0.5496-enGB-patch.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 22:00] "CTHelper"="CTHELPER.EXE" [2005-12-08 13:06 C:\WINDOWS\CTHELPER.EXE] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-14 09:13] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 20:05] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-06-22 17:44] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-06-14 16:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "Utopia Angel"="C:\Utopia\Angel\Angel.exe" [] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48] "Steam"="D:\spill\steam\\Steam.exe" [2007-10-06 13:34] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46dce96c-b445-11db-aeb8-0011d8232f93}] AutoRun\command- H:\outlaws.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-07 01:21:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice] "ImagePath"="\"C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe\"" . Completion time: 2007-10-07 1:22:27 C:\ComboFix-quarantined-files.txt ... 2007-10-07 01:22 . --- E O F --- combofix logen Endret 6. oktober 2007 av Mesias Lenke til kommentar
norbat Skrevet 6. oktober 2007 Del Skrevet 6. oktober 2007 (endret) Da skulle det være i orden Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Du kan også slette de programmene vi har brukt i denne tråden med tilhørende filer, om du ønsker. Edit: Surf trygt. Endret 7. oktober 2007 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå