Gå til innhold

Security Alert:spyware found/pop_up problemer.

Life_hunter88

Av Life_hunter88
i IKT-drift og sikkerhet

Anbefalte innlegg

Life_hunter88

Life_hunter88

Skrevet
Skrevet (endret)

hei;-) sitter her å sliter med at jeg får Security Alert: Spyware found.

å jeg har en Worm jeg sliter med også får pop-up hele tiden:-(

har fikset logg ved hjelp av HijackThis.

sikker på dataen detter sammen snart:-( menmen....

håper dere kan hjelpe! ^^

Fortsatt god kveld;-)

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:31, on 14.11.07
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programfiler\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\winss.exe
C:\Programfiler\Video Add-on Setup\icthis.exe
C:\Programfiler\Video Add-on Setup\isfmntr.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programfiler\Java\jre1.5.0_05\bin\jusched.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\Winamp3\winampa.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Video Add-on Setup\icmntr.exe
C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Programfiler\Video Add-on Setup\isfmm.exe
C:\Programfiler\Fellesfiler\WinPCDoctor\strpmon.exe
C:\Programfiler\Comodo\Firewall\CPF.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programfiler\Logitech\MouseWare\system\em_exec.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\drivers\WINXP\SMC11GMonitor.exe
C:\Programfiler\OpenOffice.org 2.0\program\soffice.exe
C:\Programfiler\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\notepad.exe
C:\Programfiler\Opera\Opera.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [url="http://autoconfig.cpqcorp.net"]http://autoconfig.cpqcorp.net[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Programfiler\Video Add-on Setup\isfmdl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Programfiler\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Programfiler\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Programfiler\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [Windows Ue 32] winss.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programfiler\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVFX Engine] C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [C:\WINDOWS\System32\V0230Cvw.dll] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\V0230Cvw.dll
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [salestart(1)] "C:\Programfiler\Fellesfiler\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com; ad=http://winpcdoctor.com
O4 - HKLM\..\Run: [salestart(2)] "C:\Programfiler\Fellesfiler\WinSpyControl\bm.exe" dm=http://winspycontrol.com; ad=http://winspycontrol.com
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\RunServices: [Windows Ue 32] winss.exe
O4 - HKLM\..\RunOnce: [Windows Ue 32] winss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Programfiler\WinFixer_2005\uwfx5.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Ue 32] winss.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Windows Ue 32] winss.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programfiler\Video Add-on Setup\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programfiler\Video Add-on Setup\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows Ue 32] winss.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows Ue 32] winss.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programfiler\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk = C:\Programfiler\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\drivers\WINXP\SMC11GMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - [url="http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZZ"]http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZZ[/url]
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - 
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{71C6C041-65EF-4912-93E4-4086FBACF599}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{71C6C041-65EF-4912-93E4-4086FBACF599}: NameServer = 192.168.2.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{71C6C041-65EF-4912-93E4-4086FBACF599}: NameServer = 192.168.2.1
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: eurymus - {ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b} - C:\WINDOWS\System32\rrtrit.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programfiler\Comodo\Firewall\cmdagent.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programfiler\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11232 bytes

Endret av Life_hunter88
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Hent Smitfraudfix, legg det på skrivebordet

 

Restart i sikker modus (tapp F8 under oppstart, velg sikker modus)

 

Kjør Smitfraudfix, velg valg 2.

Det vil lages en logg som du poster senere.

 

Fra normal modus:

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt), Smitfraudfix-loggen (C:\rapport.txt) + ny HJT-logg.

Lenke til kommentar
  • 2 uker senere...
G3

G3

Skrevet
Skrevet

Hei.

Jeg trenger hjelp til samme som trådstarter, og er helt grønn på området.

Controlpanel er borte, og jeg får opp den spyware pop-up'en stadig vekk. Startsiden forandret til google hver gang jeg starter.

 

Har nå lastet ned Hijack, og kjørt et systemscan, og legger ved følgende logg.

Kunne noen være så snill og se på denne, og tipse meg hva jeg gjør videre...Litt step by step, da jeg er ny på dette...

 

Copy/paste :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:14:38, on 25.10.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

C:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\printer.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Real\RealPlayer\RealPlay.exe

C:\Programfiler\QuickTime\qttask.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programfiler\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Rainlendar\Rainlendar.exe

C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://no8l.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe

O3 - Toolbar: MSN-verktøylinje - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar1.01.2607.0\no\msntb.dll

O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CamMonitor] "C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"

O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programfiler\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [RealTray] C:\Programfiler\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OM_Monitor] "C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Programfiler\Logitech\Video\InstallHelper.exe" /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [OM_Monitor] "C:\Programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe" -NoStart

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Programfiler\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: system.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe (User 'Default user')

O4 - .DEFAULT Startup: system.exe (User 'Default user')

O4 - Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe

O4 - Startup: system.exe

O4 - Global Startup: autorun.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://no8l.hpwis.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O20 - AppInit_DLLs: sulimo.dat

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

--

End of file - 10153 bytes

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Hent Smitfraudfix, legg det på skrivebordet

 

Restart i sikker modus (tapp F8 under oppstart, velg sikker modus)

 

Kjør Smitfraudfix, velg valg 2.

 

Fra normal modus:

 

Last ned SAS, installer, oppdater og kjør en full (Complete) scan.

 

Post følgende logger:

Smitfraudfix: C:\rapport.txt

SAS: Preferences->statistics/logs

Ny hjt-logg.

Lenke til kommentar
G3

G3

Skrevet
Skrevet

Hei norbat.

 

Jeg setter umåtelig stor pris på at du hjelper meg.

Jeg har lastet ned smitfraudfix (ikke kjørt det enda), og ikonet ligger på skrivebordet.

Men når jeg starter maskinen i sikker modus, så er det mange ikoner som ikke vises, og da er smitfraudfix et av de. Selv om jeg har forsøkt å flytte det til en 'bedre' sted i normal modus...

 

Så her ser du nivået mitt....

Noen ide hva jeg gjør videre ?

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet (endret)

Du kan opprette ei ny mappe f.eks. C:\smitfraudfix. (For å gjøre dette kan du åpne Min Datamaskin, dobbeltklikke på C:, høyreklikke i vinduet og velg Ny->Mappe fra menyen som kommer fram.) Der legger du programmet. Når du da starter opp i sikkermodus, finner du mappa vha. utforsker og kjører prog. derfra.

Endret av norbat
Lenke til kommentar
G3

G3

Skrevet
Skrevet

Hei igjen norbat.

 

Da har jeg fulgt oppskriften din, og poster loggene her. Først Smitfraud, så SAS og så HjT. Jeg har enda ikke fått igjen controlpanel etc. men dette vet du vel.....

 

Så hva nå videre...Husk jeg er helt grønn på dette.

 

 

 

 

 

SmitFraudFix v2.241

 

Scan done at 15:26:47,39, 26.10.2007

Run from C:\Documents and Settings\Administrator\Skrivebord\SmitfraudFix

OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!Attention, following keys are not inevitably infected!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

192.168.200.3 ad.doubleclick.net

192.168.200.3 ad.fastclick.net

192.168.200.3 ads.fastclick.net

192.168.200.3 ar.atwola.com

192.168.200.3 atdmt.com

192.168.200.3 avp.ch

192.168.200.3 avp.com

192.168.200.3 avp.ru

192.168.200.3 awaps.net

192.168.200.3 banner.fastclick.net

192.168.200.3 banners.fastclick.net

192.168.200.3 ca.com

192.168.200.3 click.atdmt.com

192.168.200.3 clicks.atdmt.com

192.168.200.3 customer.symantec.com

192.168.200.3 dispatch.mcafee.com

192.168.200.3 download.mcafee.com

192.168.200.3 downloads-us1.kaspersky-labs.com

192.168.200.3 downloads-us2.kaspersky-labs.com

192.168.200.3 downloads-us3.kaspersky-labs.com

192.168.200.3 downloads1.kaspersky-labs.com

192.168.200.3 downloads2.kaspersky-labs.com

192.168.200.3 downloads3.kaspersky-labs.com

192.168.200.3 downloads4.kaspersky-labs.com

192.168.200.3 engine.awaps.net

192.168.200.3 f-secure.com

192.168.200.3 fastclick.net

192.168.200.3 ftp.avp.ch

192.168.200.3 ftp.downloads1.kaspersky-labs.com

192.168.200.3 ftp.downloads2.kaspersky-labs.com

192.168.200.3 ftp.downloads3.kaspersky-labs.com

192.168.200.3 ftp.f-secure.com

192.168.200.3 ftp.kasperskylab.ru

192.168.200.3 ftp.sophos.com

192.168.200.3 ids.kaspersky-labs.com

192.168.200.3 kaspersky-labs.com

192.168.200.3 kaspersky.com

192.168.200.3 liveupdate.symantec.com

192.168.200.3 liveupdate.symantecliveupdate.com

192.168.200.3 mast.mcafee.com

192.168.200.3 mcafee.com

192.168.200.3 media.fastclick.net

192.168.200.3 my-etrust.com

192.168.200.3 nai.com

192.168.200.3 networkassociates.com

192.168.200.3 norton.com

192.168.200.3 phx.corporate-ir.net

192.168.200.3 rads.mcafee.com

192.168.200.3 secure.nai.com

192.168.200.3 securityresponse.symantec.com

192.168.200.3 service1.symantec.com

192.168.200.3 sophos.com

192.168.200.3 spd.atdmt.com

192.168.200.3 symantec.com

192.168.200.3 trendmicro.com

192.168.200.3 update.symantec.com

192.168.200.3 updates.symantec.com

192.168.200.3 updates1.kaspersky-labs.com

192.168.200.3 updates2.kaspersky-labs.com

192.168.200.3 updates3.kaspersky-labs.com

192.168.200.3 updates4.kaspersky-labs.com

192.168.200.3 updates5.kaspersky-labs.com

192.168.200.3 us.mcafee.com

192.168.200.3 vil.nai.com

192.168.200.3 viruslist.com

192.168.200.3 viruslist.ru

192.168.200.3 virusscan.jotti.org

192.168.200.3 virustotal.com

192.168.200.3 www.avp.ch

192.168.200.3 www.avp.com

192.168.200.3 www.avp.ru

192.168.200.3 www.awaps.net

192.168.200.3 www.ca.com

192.168.200.3 www.f-secure.com

192.168.200.3 www.fastclick.net

192.168.200.3 www.grisoft.com

192.168.200.3 www.kaspersky-labs.com

192.168.200.3 www.kaspersky.com

192.168.200.3 www.kaspersky.ru

192.168.200.3 www.mcafee.com

192.168.200.3 www.my-etrust.com

192.168.200.3 www.nai.com

192.168.200.3 www.networkassociates.com

192.168.200.3 www.sophos.com

192.168.200.3 www.symantec.com

192.168.200.3 www.symantec.com

192.168.200.3 www.trendmicro.com

192.168.200.3 www.viruslist.com

192.168.200.3 www.viruslist.ru

192.168.200.3 www.virustotal.com

192.168.200.3 www3.ca.com

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\printer.exe Deleted

C:\WINDOWS\system32\WinAvXX.exe Deleted

C:\DOCUME~1\ADMINI~1\START-~1\PROGRA~1\Oppstart\system.exe Deleted

C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\autorun.exe Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!Attention, following keys are not inevitably infected!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!Attention, following keys are not inevitably infected!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 10/26/2007 at 04:53 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3331

Trace Rules Database Version: 1332

 

Scan type : Complete Scan

Total Scan Time : 01:07:43

 

Memory items scanned : 548

Memory threats detected : 1

Registry items scanned : 6017

Registry threats detected : 21

File items scanned : 44256

File threats detected : 108

 

Trojan.Net-AVP/AVT

C:\DOCUMENTS AND SETTINGS\DAG\START-MENY\PROGRAMMER\OPPSTART\SYSTEM.EXE

C:\DOCUMENTS AND SETTINGS\DAG\START-MENY\PROGRAMMER\OPPSTART\SYSTEM.EXE

[WinAVX] C:\WINDOWS\SYSTEM32\WINAVXX.EXE

C:\WINDOWS\SYSTEM32\WINAVXX.EXE

[WinAVX] C:\WINDOWS\SYSTEM32\WINAVXX.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\Run#WinAVX [ C:\WINDOWS\system32\WinAvXX.exe ]

HKU\S-1-5-21-2909843803-2446008445-2684698000-1007\Software\Microsoft\Windows\CurrentVersion\Run#WinAVX [ C:\WINDOWS\system32\WinAvXX.exe ]

C:\DOCUMENTS AND SETTINGS\ALL USERS\START-MENY\PROGRAMMER\OPPSTART\AUTORUN.EXE

C:\WINDOWS\SYSTEM32\PRINTER.EXE

 

Trojan.Downloader-Gen/BDIVX

HKLM\Software\Classes\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}#AppID

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}#LocalizedString

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\Elevation

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\Elevation#Enabled

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\Implemented Categories

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\InprocServer32

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\InprocServer32#ThreadingModel

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\ProgID

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\TypeLib

HKCR\CLSID\{D99BACC6-6289-4D4F-8BAF-4192016AF547}\Version

C:\WINDOWS\SYSTEM32\BDIVX.DLL

 

Adware.Tracking Cookie

C:\Documents and Settings\Dag\Cookies\dag@sextube[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@tribalfusion[1].txt

C:\Documents and Settings\Dag\Cookies\dag@statcounter[2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\dag@xiti[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\dag@adtech[1].txt

C:\Documents and Settings\Dag\Cookies\dag@yadro[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@indexstats[2].txt

C:\Documents and Settings\Dag\Cookies\dag@burstnet[2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\dag@adverticum[1].txt

C:\Documents and Settings\Dag\Cookies\dag@overture[1].txt

C:\Documents and Settings\Dag\Cookies\dag@adbrite[2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@questionmarket[2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@tradedoubler[1].txt

C:\Documents and Settings\Dag\Cookies\dag@toplist[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\dag@basicstat[2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\dag@superstats[1].txt

C:\Documents and Settings\Dag\Cookies\dag@doubleclick[1].txt

C:\Documents and Settings\Dag\Cookies\dag@serving-sys[2].txt

C:\Documents and Settings\Dag\Cookies\dag@clicktorrent[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@focalex[2].txt

C:\Documents and Settings\Dag\Cookies\dag@screensavers[1].txt

C:\Documents and Settings\Dag\Cookies\dag@cpvfeed[2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@advertising[1].txt

C:\Documents and Settings\Dag\Cookies\dag@weborama[2].txt

C:\Documents and Settings\Dag\Cookies\dag@bluestreak[2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@imrworldwide[2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\dag@pornhost[2].txt

C:\Documents and Settings\Dag\Cookies\dag@smartadserver[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@sexyandfunny[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@myamateurhomeporn[2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\dag@atwola[2].txt

C:\Documents and Settings\Dag\Cookies\dag@windowsmedia[2].txt

C:\Documents and Settings\Dag\Cookies\dag@krazysexy[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@euros4click[1].txt

C:\Documents and Settings\Dag\Cookies\dag@besthomesex[1].txt

C:\Documents and Settings\Dag\Cookies\dag@adlegend[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\dag@sexbiblioteket[2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\dag@pornotube[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\dag@medianewsgroup[2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@clickbank[1].txt

C:\Documents and Settings\Dag\Cookies\dag@sexynatalie[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@precisionclick[1].txt

C:\Documents and Settings\Dag\Cookies\dag@eyewonder[1].txt

C:\Documents and Settings\Dag\Cookies\dag@adultadworld[2].txt

C:\Documents and Settings\Dag\Cookies\[email protected][2].txt

C:\Documents and Settings\Dag\Cookies\dag@youramateurporn[1].txt

C:\Documents and Settings\Dag\Cookies\dag@onetwoporn[2].txt

C:\Documents and Settings\Dag\Cookies\dag@2o7[2].txt

C:\Documents and Settings\Dag\Cookies\dag@clicksor[2].txt

C:\Documents and Settings\Dag\Cookies\dag@atdmt[2].txt

C:\Documents and Settings\Dag\Cookies\dag@justsexyvideos[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

C:\Documents and Settings\Dag\Cookies\dag@freesexyclips[1].txt

C:\Documents and Settings\Dag\Cookies\[email protected][1].txt

 

Adware.180solutions/ZangoSearch

HKLM\Software\Zango

HKLM\Software\Zango\Zango

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:06:47, on 26.10.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

C:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\Explorer.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Real\RealPlayer\RealPlay.exe

C:\Programfiler\QuickTime\qttask.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programfiler\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Rainlendar\Rainlendar.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://no8l.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

F2 - REG:system.ini: Shell=Explorer.exe

O3 - Toolbar: MSN-verktøylinje - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar1.01.2607.0\no\msntb.dll

O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CamMonitor] "C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"

O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programfiler\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [RealTray] C:\Programfiler\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OM_Monitor] "C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Programfiler\Logitech\Video\InstallHelper.exe" /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [OM_Monitor] "C:\Programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe" -NoStart

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Programfiler\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe (User 'Default user')

O4 - Startup: Rainlendar.lnk = C:\Programfiler\Rainlendar\Rainlendar.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://no8l.hpwis.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

--

End of file - 9950 bytes

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Start HJT, velg "Do a system scan only", sett merke framfor følgede linje og klikk 'Fix checked':

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

 

Klikk deretter på Startknappen (windows)->Kjør

Skriv/kopier inn følgende: cmd /c echo 127.0.0.1 localhost > c:\windows\system32\drivers\etc\hosts

Klikk OK

 

Restart PC-en

 

Fortell hvordan PC-en kjører.

Lenke til kommentar
G3

G3

Skrevet
Skrevet

Hei igjen norbat.

 

Detter er utført, og det er bedring på enkelte områder. Blandt annet så kan jeg nå starte nettleseren uten at det er google som automatisk kommer opp. Jeg pleier å bruke 'tom'.

 

Jeg har ikke fått opp den pop'up'en som plaget meg. Den med at jeg skulle trykke yes, og scanne maskinen.

 

Jeg har ikke kontrolpanel, og har ingen tilgang på "Angi progmamtilgang og standardprogrammer".

Og jeg kan heller ikke slå på Beskyttelse mot phishing på Norton Protection center.

 

Ellers ser det ganske greit ut.

Lenke til kommentar
G3

G3

Skrevet
Skrevet

Da har jeg kjørt en scan her (completed Stage 6), og her er loggen :

 

ComboFix 07-10-25.4 - Dag 2007-10-26 18:19:58.1 - NTFSx86

Running from: C:\Documents and Settings\Dag\Skrivebord\ComboFix.exe

* Created a new restore point

.

Lenke til kommentar
G3

G3

Skrevet
Skrevet
Da har jeg kjørt en scan her (completed Stage 6), og her er loggen :

 

ComboFix 07-10-25.4 - Dag 2007-10-26 18:19:58.1 - NTFSx86

Running from: C:\Documents and Settings\Dag\Skrivebord\ComboFix.exe

* Created a new restore point

.

 

Forresten ; det ser ut til å kjøre enda. Det har holdt på en halvtime nå. Er det flere enn Stage 6 tro...

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet (endret)

Ja.....du skal nok gjennom 20-30 stages. Gi det litt mer tid. Hvis det ikke kjører videre etter en stund, kan du avslutte prog.

 

Restart deretter pc og prøv å kjøre det igjen.

 

Edit: Dette med kontrollpanelet tar vi til slutt :)

Endret av norbat
Lenke til kommentar
G3

G3

Skrevet
Skrevet
Ja.....du skal nok gjennom 20-30 stages. Gi det litt mer tid. Hvis det ikke kjører videre etter en stund, kan du avslutte prog.

 

Restart deretter pc og prøv å kjøre det igjen.

 

Edit: Dette med kontrollpanelet tar vi til slutt :)

 

Hei igjen.

 

Jeg avsluttet scanningen siden den ikke kom videre etter 6 Stages (etter 50 minutter) . Restartet maskinen, og alt er nå tilbake til normalen ser det ut for. Har fått igjen contol panel, var innom Symantec å lastet ned en fil som gjør at phising'en fungerer som det skal. Var innom Microsoft å sjekket, og gjorde der en validering.

 

Hva mener du, skal vi 'friskmelde' maskinen nå ? Eller bør jeg forsøke å scanne gjennom de 'stages' som du nevner ?

 

Og et spørsmål til; Er det neon vits i å ha AdAware siden SaS virker mye bedre ?

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Kunne du også ha sjekket om du får åpnet oppgavebehandlingen?

(høyreklikk på oppgavelinja og velg oppgavebehandling)

 

Ønsker gjerne at du kunne ha fått kjørt gjennom combofix med etterfølgende logg, men du trenger ikke å stresse med det hvis du mener alt virker ok.

 

Ang. Adaware og SAS. Jeg foretrekker SAS da dette er noe kvassere enn Adaware, men det er sikkert ikke så veldig stor forskjell på dem.

Lenke til kommentar
G3

G3

Skrevet
Skrevet
Kunne du også ha sjekket om du får åpnet oppgavebehandlingen?

(høyreklikk på oppgavelinja og velg oppgavebehandling)

 

Ønsker gjerne at du kunne ha fått kjørt gjennom combofix med etterfølgende logg, men du trenger ikke å stresse med det hvis du mener alt virker ok.

 

Ang. Adaware og SAS. Jeg foretrekker SAS da dette er noe kvassere enn Adaware, men det er sikkert ikke så veldig stor forskjell på dem.

 

Restartet og kjørte en ny scan, men den 'stoppet' også denne gang etter at section 6 var ferdig.

Så en logg har jeg ikke foreløpig.

Det enste jeg kan si ikke er helt 'optimalt' nå, er at jeg ikke kan bla. i måneder bakover for å se etter eventuelt gjenopprettingstidspunkter.

 

Men contol panel og oppgave behandling fungerer alt som det skal.

 

Skal logge av og kose meg med et glass vi her nå, så jeg vil benytte anledningen å takke deg for en virkelig flott hjelp med spyware problemet mitt :-)

Jeg er virkelig imponert over dine kunnskaper på området :-)

 

Tusen, tusen hjertelig takk skal du ha :-)

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...