Life_hunter88 Skrevet 15. oktober 2007 Del Skrevet 15. oktober 2007 (endret) hei;-) sitter her å sliter med at jeg får Security Alert: Spyware found. å jeg har en Worm jeg sliter med også får pop-up hele tiden:-( har fikset logg ved hjelp av HijackThis. sikker på dataen detter sammen snart:-( menmen.... håper dere kan hjelpe! ^^ Fortsatt god kveld;-) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:42:31, on 14.11.07 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programfiler\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\HPConfig.exe C:\Programfiler\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\winss.exe C:\Programfiler\Video Add-on Setup\icthis.exe C:\Programfiler\Video Add-on Setup\isfmntr.exe C:\WINDOWS\System32\carpserv.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Programfiler\Java\jre1.5.0_05\bin\jusched.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\Winamp3\winampa.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Video Add-on Setup\icmntr.exe C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\system32\V0230Mon.exe C:\Programfiler\Video Add-on Setup\isfmm.exe C:\Programfiler\Fellesfiler\WinPCDoctor\strpmon.exe C:\Programfiler\Comodo\Firewall\CPF.exe C:\WINDOWS\System32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Logitech\MouseWare\system\em_exec.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\drivers\WINXP\SMC11GMonitor.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\System32\notepad.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [url="http://autoconfig.cpqcorp.net"]http://autoconfig.cpqcorp.net[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Programfiler\Video Add-on Setup\isfmdl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: (no name) - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - (no file) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [TV Now] C:\Programfiler\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [Display Settings] C:\Programfiler\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\Programfiler\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Windows Ue 32] winss.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Programfiler\Winamp3\winampa.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVFX Engine] C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [C:\WINDOWS\System32\V0230Cvw.dll] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\V0230Cvw.dll O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [salestart(1)] "C:\Programfiler\Fellesfiler\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com; ad=http://winpcdoctor.com O4 - HKLM\..\Run: [salestart(2)] "C:\Programfiler\Fellesfiler\WinSpyControl\bm.exe" dm=http://winspycontrol.com; ad=http://winspycontrol.com O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\RunServices: [Windows Ue 32] winss.exe O4 - HKLM\..\RunOnce: [Windows Ue 32] winss.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [WinFixer2005] "C:\Programfiler\WinFixer_2005\uwfx5.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Windows Ue 32] winss.exe O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\RunOnce: [Windows Ue 32] winss.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programfiler\Video Add-on Setup\icthis.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programfiler\Video Add-on Setup\isfmntr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [Windows Ue 32] winss.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [Windows Ue 32] winss.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programfiler\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk = C:\Programfiler\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\drivers\WINXP\SMC11GMonitor.exe O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - [url="http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZZ"]http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZZ[/url] O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) - O17 - HKLM\System\CCS\Services\Tcpip\..\{71C6C041-65EF-4912-93E4-4086FBACF599}: NameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{71C6C041-65EF-4912-93E4-4086FBACF599}: NameServer = 192.168.2.1 O17 - HKLM\System\CS4\Services\Tcpip\..\{71C6C041-65EF-4912-93E4-4086FBACF599}: NameServer = 192.168.2.1 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: eurymus - {ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b} - C:\WINDOWS\System32\rrtrit.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programfiler\Comodo\Firewall\cmdagent.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programfiler\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe -- End of file - 11232 bytes Endret 16. oktober 2007 av Life_hunter88 Lenke til kommentar
riroil Skrevet 15. oktober 2007 Del Skrevet 15. oktober 2007 C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe Fjern alt som har med dette å gjøre. Lenke til kommentar
norbat Skrevet 16. oktober 2007 Del Skrevet 16. oktober 2007 Hent Smitfraudfix, legg det på skrivebordet Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør Smitfraudfix, velg valg 2. Det vil lages en logg som du poster senere. Fra normal modus: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt), Smitfraudfix-loggen (C:\rapport.txt) + ny HJT-logg. Lenke til kommentar
Programvare Skrevet 16. oktober 2007 Del Skrevet 16. oktober 2007 C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe Fjern alt som har med dette å gjøre. Hvorfor det? Det er da et ganske sikkert og kjent program. Lenke til kommentar
norbat Skrevet 16. oktober 2007 Del Skrevet 16. oktober 2007 Det største problemet, Life_hunter88, er at du har en Windows som ikke har noen av ServicePack'ene installert (oppdateringer). Er det noen spesiell grunn til at du ikke har kjørt noen oppdateringer? Lenke til kommentar
G3 Skrevet 25. oktober 2007 Del Skrevet 25. oktober 2007 Hei. Jeg trenger hjelp til samme som trådstarter, og er helt grønn på området. Controlpanel er borte, og jeg får opp den spyware pop-up'en stadig vekk. Startsiden forandret til google hver gang jeg starter. Har nå lastet ned Hijack, og kjørt et systemscan, og legger ved følgende logg. Kunne noen være så snill og se på denne, og tipse meg hva jeg gjør videre...Litt step by step, da jeg er ny på dette... Copy/paste : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:14:38, on 25.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\System32\RegSrvc.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\printer.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Real\RealPlayer\RealPlay.exe C:\Programfiler\QuickTime\qttask.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Rainlendar\Rainlendar.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://no8l.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O3 - Toolbar: MSN-verktøylinje - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar1.01.2607.0\no\msntb.dll O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [CamMonitor] "C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programfiler\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [RealTray] C:\Programfiler\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] "C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Programfiler\Logitech\Video\InstallHelper.exe" /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM_Monitor] "C:\Programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe" -NoStart O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Programfiler\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: system.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe (User 'Default user') O4 - .DEFAULT Startup: system.exe (User 'Default user') O4 - Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe O4 - Startup: system.exe O4 - Global Startup: autorun.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://no8l.hpwis.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O20 - AppInit_DLLs: sulimo.dat O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 10153 bytes Lenke til kommentar
norbat Skrevet 25. oktober 2007 Del Skrevet 25. oktober 2007 Hent Smitfraudfix, legg det på skrivebordet Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør Smitfraudfix, velg valg 2. Fra normal modus: Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post følgende logger: Smitfraudfix: C:\rapport.txt SAS: Preferences->statistics/logs Ny hjt-logg. Lenke til kommentar
G3 Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 Hei norbat. Jeg setter umåtelig stor pris på at du hjelper meg. Jeg har lastet ned smitfraudfix (ikke kjørt det enda), og ikonet ligger på skrivebordet. Men når jeg starter maskinen i sikker modus, så er det mange ikoner som ikke vises, og da er smitfraudfix et av de. Selv om jeg har forsøkt å flytte det til en 'bedre' sted i normal modus... Så her ser du nivået mitt.... Noen ide hva jeg gjør videre ? Lenke til kommentar
norbat Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 (endret) Du kan opprette ei ny mappe f.eks. C:\smitfraudfix. (For å gjøre dette kan du åpne Min Datamaskin, dobbeltklikke på C:, høyreklikke i vinduet og velg Ny->Mappe fra menyen som kommer fram.) Der legger du programmet. Når du da starter opp i sikkermodus, finner du mappa vha. utforsker og kjører prog. derfra. Endret 26. oktober 2007 av norbat Lenke til kommentar
G3 Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 Hei igjen norbat. Da har jeg fulgt oppskriften din, og poster loggene her. Først Smitfraud, så SAS og så HjT. Jeg har enda ikke fått igjen controlpanel etc. men dette vet du vel..... Så hva nå videre...Husk jeg er helt grønn på dette. SmitFraudFix v2.241 Scan done at 15:26:47,39, 26.10.2007 Run from C:\Documents and Settings\Administrator\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 ar.atwola.com 192.168.200.3 atdmt.com 192.168.200.3 avp.ch 192.168.200.3 avp.com 192.168.200.3 avp.ru 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 ca.com 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 192.168.200.3 customer.symantec.com 192.168.200.3 dispatch.mcafee.com 192.168.200.3 download.mcafee.com 192.168.200.3 downloads-us1.kaspersky-labs.com 192.168.200.3 downloads-us2.kaspersky-labs.com 192.168.200.3 downloads-us3.kaspersky-labs.com 192.168.200.3 downloads1.kaspersky-labs.com 192.168.200.3 downloads2.kaspersky-labs.com 192.168.200.3 downloads3.kaspersky-labs.com 192.168.200.3 downloads4.kaspersky-labs.com 192.168.200.3 engine.awaps.net 192.168.200.3 f-secure.com 192.168.200.3 fastclick.net 192.168.200.3 ftp.avp.ch 192.168.200.3 ftp.downloads1.kaspersky-labs.com 192.168.200.3 ftp.downloads2.kaspersky-labs.com 192.168.200.3 ftp.downloads3.kaspersky-labs.com 192.168.200.3 ftp.f-secure.com 192.168.200.3 ftp.kasperskylab.ru 192.168.200.3 ftp.sophos.com 192.168.200.3 ids.kaspersky-labs.com 192.168.200.3 kaspersky-labs.com 192.168.200.3 kaspersky.com 192.168.200.3 liveupdate.symantec.com 192.168.200.3 liveupdate.symantecliveupdate.com 192.168.200.3 mast.mcafee.com 192.168.200.3 mcafee.com 192.168.200.3 media.fastclick.net 192.168.200.3 my-etrust.com 192.168.200.3 nai.com 192.168.200.3 networkassociates.com 192.168.200.3 norton.com 192.168.200.3 phx.corporate-ir.net 192.168.200.3 rads.mcafee.com 192.168.200.3 secure.nai.com 192.168.200.3 securityresponse.symantec.com 192.168.200.3 service1.symantec.com 192.168.200.3 sophos.com 192.168.200.3 spd.atdmt.com 192.168.200.3 symantec.com 192.168.200.3 trendmicro.com 192.168.200.3 update.symantec.com 192.168.200.3 updates.symantec.com 192.168.200.3 updates1.kaspersky-labs.com 192.168.200.3 updates2.kaspersky-labs.com 192.168.200.3 updates3.kaspersky-labs.com 192.168.200.3 updates4.kaspersky-labs.com 192.168.200.3 updates5.kaspersky-labs.com 192.168.200.3 us.mcafee.com 192.168.200.3 vil.nai.com 192.168.200.3 viruslist.com 192.168.200.3 viruslist.ru 192.168.200.3 virusscan.jotti.org 192.168.200.3 virustotal.com 192.168.200.3 www.avp.ch 192.168.200.3 www.avp.com 192.168.200.3 www.avp.ru 192.168.200.3 www.awaps.net 192.168.200.3 www.ca.com 192.168.200.3 www.f-secure.com 192.168.200.3 www.fastclick.net 192.168.200.3 www.grisoft.com 192.168.200.3 www.kaspersky-labs.com 192.168.200.3 www.kaspersky.com 192.168.200.3 www.kaspersky.ru 192.168.200.3 www.mcafee.com 192.168.200.3 www.my-etrust.com 192.168.200.3 www.nai.com 192.168.200.3 www.networkassociates.com 192.168.200.3 www.sophos.com 192.168.200.3 www.symantec.com 192.168.200.3 www.symantec.com 192.168.200.3 www.trendmicro.com 192.168.200.3 www.viruslist.com 192.168.200.3 www.viruslist.ru 192.168.200.3 www.virustotal.com 192.168.200.3 www3.ca.com »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\printer.exe Deleted C:\WINDOWS\system32\WinAvXX.exe Deleted C:\DOCUME~1\ADMINI~1\START-~1\PROGRA~1\Oppstart\system.exe Deleted C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\autorun.exe Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/26/2007 at 04:53 PM Application Version : 3.9.1008 Core Rules Database Version : 3331 Trace Rules Database Version: 1332 Scan type : Complete Scan Total Scan Time : 01:07:43 Memory items scanned : 548 Memory threats detected : 1 Registry items scanned : 6017 Registry threats detected : 21 File items scanned : 44256 File threats detected : 108 Trojan.Net-AVP/AVT C:\DOCUMENTS AND SETTINGS\DAG\START-MENY\PROGRAMMER\OPPSTART\SYSTEM.EXE C:\DOCUMENTS AND SETTINGS\DAG\START-MENY\PROGRAMMER\OPPSTART\SYSTEM.EXE [WinAVX] C:\WINDOWS\SYSTEM32\WINAVXX.EXE C:\WINDOWS\SYSTEM32\WINAVXX.EXE [WinAVX] C:\WINDOWS\SYSTEM32\WINAVXX.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\Run#WinAVX [ C:\WINDOWS\system32\WinAvXX.exe ] HKU\S-1-5-21-2909843803-2446008445-2684698000-1007\Software\Microsoft\Windows\CurrentVersion\Run#WinAVX [ C:\WINDOWS\system32\WinAvXX.exe ] C:\DOCUMENTS AND SETTINGS\ALL USERS\START-MENY\PROGRAMMER\OPPSTART\AUTORUN.EXE C:\WINDOWS\SYSTEM32\PRINTER.EXE Trojan.Downloader-Gen/BDIVX HKLM\Software\Classes\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547} HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547} HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547} HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}#AppID HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}#LocalizedString HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\Elevation HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\Elevation#Enabled HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\Implemented Categories HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\InprocServer32 HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\InprocServer32#ThreadingModel HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\ProgID HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\TypeLib HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\Version C:\WINDOWS\SYSTEM32\BDIVX.DLL Adware.Tracking Cookie C:\Documents and Settings\Dag\Cookies\dag@sextube[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@tribalfusion[1].txt C:\Documents and Settings\Dag\Cookies\dag@statcounter[2].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\dag@xiti[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\dag@adtech[1].txt C:\Documents and Settings\Dag\Cookies\dag@yadro[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@indexstats[2].txt C:\Documents and Settings\Dag\Cookies\dag@burstnet[2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\dag@adverticum[1].txt C:\Documents and Settings\Dag\Cookies\dag@overture[1].txt C:\Documents and Settings\Dag\Cookies\dag@adbrite[2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@questionmarket[2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@tradedoubler[1].txt C:\Documents and Settings\Dag\Cookies\dag@toplist[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\dag@basicstat[2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\dag@superstats[1].txt C:\Documents and Settings\Dag\Cookies\dag@doubleclick[1].txt C:\Documents and Settings\Dag\Cookies\dag@serving-sys[2].txt C:\Documents and Settings\Dag\Cookies\dag@clicktorrent[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@focalex[2].txt C:\Documents and Settings\Dag\Cookies\dag@screensavers[1].txt C:\Documents and Settings\Dag\Cookies\dag@cpvfeed[2].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@advertising[1].txt C:\Documents and Settings\Dag\Cookies\dag@weborama[2].txt C:\Documents and Settings\Dag\Cookies\dag@bluestreak[2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@imrworldwide[2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\dag@pornhost[2].txt C:\Documents and Settings\Dag\Cookies\dag@smartadserver[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@sexyandfunny[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@myamateurhomeporn[2].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\dag@atwola[2].txt C:\Documents and Settings\Dag\Cookies\dag@windowsmedia[2].txt C:\Documents and Settings\Dag\Cookies\dag@krazysexy[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@euros4click[1].txt C:\Documents and Settings\Dag\Cookies\dag@besthomesex[1].txt C:\Documents and Settings\Dag\Cookies\dag@adlegend[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\dag@sexbiblioteket[2].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\dag@pornotube[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\dag@medianewsgroup[2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@clickbank[1].txt C:\Documents and Settings\Dag\Cookies\dag@sexynatalie[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@precisionclick[1].txt C:\Documents and Settings\Dag\Cookies\dag@eyewonder[1].txt C:\Documents and Settings\Dag\Cookies\dag@adultadworld[2].txt C:\Documents and Settings\Dag\Cookies\[email protected][2].txt C:\Documents and Settings\Dag\Cookies\dag@youramateurporn[1].txt C:\Documents and Settings\Dag\Cookies\dag@onetwoporn[2].txt C:\Documents and Settings\Dag\Cookies\dag@2o7[2].txt C:\Documents and Settings\Dag\Cookies\dag@clicksor[2].txt C:\Documents and Settings\Dag\Cookies\dag@atdmt[2].txt C:\Documents and Settings\Dag\Cookies\dag@justsexyvideos[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt C:\Documents and Settings\Dag\Cookies\dag@freesexyclips[1].txt C:\Documents and Settings\Dag\Cookies\[email protected][1].txt Adware.180solutions/ZangoSearch HKLM\Software\Zango HKLM\Software\Zango\Zango Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:06:47, on 26.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\System32\RegSrvc.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Real\RealPlayer\RealPlay.exe C:\Programfiler\QuickTime\qttask.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Rainlendar\Rainlendar.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://no8l.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F2 - REG:system.ini: Shell=Explorer.exe O3 - Toolbar: MSN-verktøylinje - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar1.01.2607.0\no\msntb.dll O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [CamMonitor] "C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programfiler\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [RealTray] C:\Programfiler\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] "C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Programfiler\Logitech\Video\InstallHelper.exe" /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM_Monitor] "C:\Programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe" -NoStart O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Programfiler\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe (User 'Default user') O4 - Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://no8l.hpwis.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 9950 bytes Lenke til kommentar
norbat Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 Start HJT, velg "Do a system scan only", sett merke framfor følgede linje og klikk 'Fix checked': O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 Klikk deretter på Startknappen (windows)->Kjør Skriv/kopier inn følgende: cmd /c echo 127.0.0.1 localhost > c:\windows\system32\drivers\etc\hosts Klikk OK Restart PC-en Fortell hvordan PC-en kjører. Lenke til kommentar
G3 Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 Hei igjen norbat. Detter er utført, og det er bedring på enkelte områder. Blandt annet så kan jeg nå starte nettleseren uten at det er google som automatisk kommer opp. Jeg pleier å bruke 'tom'. Jeg har ikke fått opp den pop'up'en som plaget meg. Den med at jeg skulle trykke yes, og scanne maskinen. Jeg har ikke kontrolpanel, og har ingen tilgang på "Angi progmamtilgang og standardprogrammer". Og jeg kan heller ikke slå på Beskyttelse mot phishing på Norton Protection center. Ellers ser det ganske greit ut. Lenke til kommentar
norbat Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 Vi kan fortsette: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
G3 Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 Da har jeg kjørt en scan her (completed Stage 6), og her er loggen : ComboFix 07-10-25.4 - Dag 2007-10-26 18:19:58.1 - NTFSx86 Running from: C:\Documents and Settings\Dag\Skrivebord\ComboFix.exe * Created a new restore point . Lenke til kommentar
G3 Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 Da har jeg kjørt en scan her (completed Stage 6), og her er loggen : ComboFix 07-10-25.4 - Dag 2007-10-26 18:19:58.1 - NTFSx86 Running from: C:\Documents and Settings\Dag\Skrivebord\ComboFix.exe * Created a new restore point . Forresten ; det ser ut til å kjøre enda. Det har holdt på en halvtime nå. Er det flere enn Stage 6 tro... Lenke til kommentar
norbat Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 (endret) Ja.....du skal nok gjennom 20-30 stages. Gi det litt mer tid. Hvis det ikke kjører videre etter en stund, kan du avslutte prog. Restart deretter pc og prøv å kjøre det igjen. Edit: Dette med kontrollpanelet tar vi til slutt Endret 26. oktober 2007 av norbat Lenke til kommentar
G3 Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 Ja.....du skal nok gjennom 20-30 stages. Gi det litt mer tid. Hvis det ikke kjører videre etter en stund, kan du avslutte prog. Restart deretter pc og prøv å kjøre det igjen. Edit: Dette med kontrollpanelet tar vi til slutt Hei igjen. Jeg avsluttet scanningen siden den ikke kom videre etter 6 Stages (etter 50 minutter) . Restartet maskinen, og alt er nå tilbake til normalen ser det ut for. Har fått igjen contol panel, var innom Symantec å lastet ned en fil som gjør at phising'en fungerer som det skal. Var innom Microsoft å sjekket, og gjorde der en validering. Hva mener du, skal vi 'friskmelde' maskinen nå ? Eller bør jeg forsøke å scanne gjennom de 'stages' som du nevner ? Og et spørsmål til; Er det neon vits i å ha AdAware siden SaS virker mye bedre ? Lenke til kommentar
norbat Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 Kunne du også ha sjekket om du får åpnet oppgavebehandlingen? (høyreklikk på oppgavelinja og velg oppgavebehandling) Ønsker gjerne at du kunne ha fått kjørt gjennom combofix med etterfølgende logg, men du trenger ikke å stresse med det hvis du mener alt virker ok. Ang. Adaware og SAS. Jeg foretrekker SAS da dette er noe kvassere enn Adaware, men det er sikkert ikke så veldig stor forskjell på dem. Lenke til kommentar
G3 Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 Kunne du også ha sjekket om du får åpnet oppgavebehandlingen?(høyreklikk på oppgavelinja og velg oppgavebehandling) Ønsker gjerne at du kunne ha fått kjørt gjennom combofix med etterfølgende logg, men du trenger ikke å stresse med det hvis du mener alt virker ok. Ang. Adaware og SAS. Jeg foretrekker SAS da dette er noe kvassere enn Adaware, men det er sikkert ikke så veldig stor forskjell på dem. Restartet og kjørte en ny scan, men den 'stoppet' også denne gang etter at section 6 var ferdig. Så en logg har jeg ikke foreløpig. Det enste jeg kan si ikke er helt 'optimalt' nå, er at jeg ikke kan bla. i måneder bakover for å se etter eventuelt gjenopprettingstidspunkter. Men contol panel og oppgave behandling fungerer alt som det skal. Skal logge av og kose meg med et glass vi her nå, så jeg vil benytte anledningen å takke deg for en virkelig flott hjelp med spyware problemet mitt :-) Jeg er virkelig imponert over dine kunnskaper på området :-) Tusen, tusen hjertelig takk skal du ha :-) Lenke til kommentar
norbat Skrevet 26. oktober 2007 Del Skrevet 26. oktober 2007 Fint å høre at PC-en kjører ok. Vil tro at trojaneren som har vært på ferde har slettet gjenopprettingspunktene. Sørg bare for at systemgjenopprettingen er aktivert slik at funksjonen fungerer. Si i fra om dette ikke er tilfellet. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå