Maniac89 Skrevet 10. oktober 2007 Del Skrevet 10. oktober 2007 (endret) Hei, Har fått et problem med noen CID popups, og har ikke klart og få fjernet dem med de Spy/adware programmene jeg har så om noen kunne hjulpet meg hadde jeg vært veldig takknemlig =) Takk på forhånd =) Redigering: Hijackthis log Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 8:02:12 PM, on 10/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\AGEIA Technologies\TrayIcon.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programfiler\Alias\Maya7.0\docs\wrapper.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe C:\Programfiler\Alias\Maya7.0\docs\jre\bin\java.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\uTorrent\utorrent.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Programfiler\Winamp\winamp.exe C:\WINDOWS\system32\CTPdeSrv.exe C:\Documents and Settings\Chris Andre Mål\Skrivebord\NM\Ny mappe\AutoNM.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\divxsm.exe C:\Documents and Settings\Chris Andre Mål\Skrivebord\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O1 - Hosts: 85.17.143.79 xtremewrestlingtorrents.net O1 - Hosts: 85.17.143.79 www.xtremewrestlingtorrents.net O1 - Hosts: 85.17.143.79 torrent-vision.org O1 - Hosts: 85.17.143.79 www.torrent-vision.org O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {E6BB1BA5-CF0C-44BF-970A-2A1D5069FBD6} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file) O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programfiler\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: C:\DOCUME~1\CHRISA~1\PROGRA~1\CDROMP~1\Site Bind Bait.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Webshots Photo Search - res://C:\Programfiler\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162055145974 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: vturrqn - vturrqn.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Programfiler\Alias\Maya7.0\docs\wrapper.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programfiler\TuneUp Utilities 2006\WinStylerThemeSvc.exe Endret 11. oktober 2007 av Maniac89 Lenke til kommentar
snippsat Skrevet 10. oktober 2007 Del Skrevet 10. oktober 2007 Hei du følger det som står i denne posten. Post en logg der. https://www.diskusjon.no/index.php?showtopic=691246 Lenke til kommentar
Maniac89 Skrevet 10. oktober 2007 Forfatter Del Skrevet 10. oktober 2007 Ok. takk for det =) Har nå redigert emnet =) Lenke til kommentar
Zeph Skrevet 10. oktober 2007 Del Skrevet 10. oktober 2007 Emnetittelen i denne tråden er lite beskrivende for trådens innhold og det er derfor ingen god emnetittel. Jo bedre og mer beskrivende emnetittelen er, jo lettere er det for andre å skjønne trådens innhold og det vil være lettere å treffe den riktige forumbrukeren med det rette svaret. Ber deg derfor om å endre emnetittel slik at du unngår at en moderator stenger tråden. Vennligst forsøk å tenk på dette neste gang du starter en tråd, og orienter deg om hva vår nettikette sier om dårlig bruk av emnetitler. Bruk -knappen i første post for å endre emnetittelen. Tråden bryter også med tre-ords-regelen. (Dette innlegget vil bli fjernet ved endring av emnetittel. Ikke kommenter dette innlegget, men ta gjerne og dette innlegget når tittelen er endret, så vil det bli fjernet.) Lenke til kommentar
Maniac89 Skrevet 10. oktober 2007 Forfatter Del Skrevet 10. oktober 2007 Emnetittelen i denne tråden er lite beskrivende for trådens innhold og det er derfor ingen god emnetittel. Jo bedre og mer beskrivende emnetittelen er, jo lettere er det for andre å skjønne trådens innhold og det vil være lettere å treffe den riktige forumbrukeren med det rette svaret. Ber deg derfor om å endre emnetittel slik at du unngår at en moderator stenger tråden. Vennligst forsøk å tenk på dette neste gang du starter en tråd, og orienter deg om hva vår nettikette sier om dårlig bruk av emnetitler.Bruk -knappen i første post for å endre emnetittelen. Tråden bryter også med tre-ords-regelen. (Dette innlegget vil bli fjernet ved endring av emnetittel. Ikke kommenter dette innlegget, men ta gjerne og dette innlegget når tittelen er endret, så vil det bli fjernet.) Har redigert emne tittelen nå, håper det er mer passende. Om ikke så vet jeg ikke hva jeg skal skrive for og gi mer forklaring på hva emnet handler om. Lenke til kommentar
norbat Skrevet 10. oktober 2007 Del Skrevet 10. oktober 2007 Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {E6BB1BA5-CF0C-44BF-970A-2A1D5069FBD6} - (no file) O20 - Winlogon Notify: vturrqn - vturrqn.dll (file missing) Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) Lenke til kommentar
Maniac89 Skrevet 11. oktober 2007 Forfatter Del Skrevet 11. oktober 2007 Combofix log Klikk for å se/fjerne innholdet nedenfor ComboFix 07-10-11.1 - Chris Andre M†l 2007-10-11 11:50:49.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.510 [GMT 2:00] Running from: C:\Documents and Settings\Chris Andre M†l\Skrivebord\Mozilla Firefox Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\Programfiler\sembly~1 C:\Programfiler\sembly~1\??sembly\ C:\WINDOWS\cookies.ini C:\WINDOWS\system32\hjkmp.bak1 C:\WINDOWS\system32\hjkmp.bak2 C:\WINDOWS\system32\hjkmp.ini C:\WINDOWS\system32\yldkmhtu.dll . ((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))) . 2007-10-11 11:49 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-10 20:01 <DIR> d-------- C:\Program Files 2007-10-10 19:15 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-10-10 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2007-10-09 15:11 <DIR> d-------- C:\Programfiler\DirectVobSub 2007-10-08 11:47 <DIR> d-------- C:\Programfiler\cdrom pop mix 2007-10-05 10:43 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-10-05 10:43 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-10-05 10:43 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-10-05 10:43 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-10-05 10:43 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-10-05 10:23 <DIR> d-------- C:\Programfiler\Codemasters 2007-10-04 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ATI 2007-10-04 20:11 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7 2007-10-04 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2007-10-04 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7 2007-09-29 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\flag ace stupid data . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-11 09:54 14,155,776 ----a-w C:\Documents and Settings\Chris Andre Mål\NTUSER.DAT 2007-10-10 17:14 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-10-07 13:05 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-10-06 23:20 --------- d-----w C:\Programfiler\Electronic Arts 2007-10-06 19:24 --------- d-----w C:\Programfiler\Joost 2007-10-05 21:57 --------- d-----w C:\Programfiler\Gothic III 2007-10-04 21:12 --------- d-----w C:\Programfiler\ATI Technologies 2007-10-04 19:06 --------- d-----w C:\Programfiler\Gabest 2007-09-26 20:38 --------- d-----w C:\Programfiler\mIRC 2007-08-31 14:14 --------- d-----w C:\Documents and Settings\All Users\Programdata\Test Drive Unlimited 2007-08-28 15:23 --------- d-----w C:\Programfiler\DAEMON Tools 2007-08-28 15:15 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-08-22 02:33 46,432 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp 2007-08-22 02:07 2,417,664 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-08-22 01:13 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "AGEIA PhysX SysTray"="C:\Programfiler\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43] "DiskeeperSystray"="C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 18:38] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-16 10:54] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-04 20:11] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] "List Sect"="C:\DOCUME~1\CHRISA~1\PROGRA~1\CDROMP~1\Site Bind Bait.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"=0 (0x0) "NoLogoff"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Creative Detector"=C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" "WinampAgent"=C:\Programfiler\Winamp\winampa.exe "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "SoundMan"=SOUNDMAN.EXE R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys R2 maya70docserver;Maya 7.0 Documentation Server;C:\Programfiler\Alias\Maya7.0\docs\wrapper.exe -s C:\Programfiler\Alias\Maya7.0\docs\Wrapper.conf R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4558329d-d972-11db-9fab-000c76e92f8c}] AutoRun\command - J:\CDCheck.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1fa4476-054a-11dc-9fc0-000c76e92f8c}] AutoRun\command - K:\CDCheck.exe . Contents of the 'Scheduled Tasks' folder "2007-10-05 15:15:59 C:\WINDOWS\Tasks\1-Click Maintenance.job" "2007-10-11 09:00:00 C:\WINDOWS\Tasks\A954AF12924B278A.job" . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-11 11:56:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-11 11:57:31 - machine was rebooted . --- E O F --- Lenke til kommentar
norbat Skrevet 11. oktober 2007 Del Skrevet 11. oktober 2007 Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Den lager en logg ( C:\NoLop.txt ) som du poster sammen med en ny HJT-logg. Lenke til kommentar
Maniac89 Skrevet 11. oktober 2007 Forfatter Del Skrevet 11. oktober 2007 Nolop log Klikk for å se/fjerne innholdet nedenfor NoLop! Log by Skate_Punk_21 Please Note: any existing old logs will have now been renamed to NoLop!OLD.log Fix running from: C:\Documents and Settings\Chris Andre Mål\Skrivebord\Mozilla Firefox Downloads [10/11/2007] [12:23:42 PM] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\A954AF12924B278A.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... **Fix Complete!** ---Listing AppData sub directories--- HJT log Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1 Scan saved at 12:27:35 PM, on 10/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\AGEIA Technologies\TrayIcon.exe C:\Programfiler\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\Alias\Maya7.0\docs\wrapper.exe C:\Programfiler\Alias\Maya7.0\docs\jre\bin\java.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Chris Andre Mål\Skrivebord\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file) O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programfiler\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: C:\DOCUME~1\CHRISA~1\PROGRA~1\CDROMP~1\Site Bind Bait.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Webshots Photo Search - res://C:\Programfiler\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162055145974 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Programfiler\Alias\Maya7.0\docs\wrapper.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programfiler\TuneUp Utilities 2006\WinStylerThemeSvc.exe Tusen takk for all hjelpen =) Lenke til kommentar
norbat Skrevet 11. oktober 2007 Del Skrevet 11. oktober 2007 Begynner å se bra ut dette Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linje og klikk 'Fix checked': O4 - HKCU\..\Run: C:\DOCUME~1\CHRISA~1\PROGRA~1\CDROMP~1\Site Bind Bait.exe Hvis du selv ikke har satt noen restriksjoner på 'Alternativer for Internett' (i kontrollpanelet eller fra IE), så fixer du også følgende linje: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Bruk utforsker til å finne og slette, hvis tilstede, følgende mappe (i fet): C:\DOCUME~1\CHRISA~1\PROGRA~1\CDROMP~1 (~1=forkortelse. Se etter ei mappe under Programfiler/Program Files som heter noe med CD.... og som inneholder ei fil som heter Site Bind Bait.exe Når du har gjort dette, bør du nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå