roald-p Skrevet 19. januar 2008 Del Skrevet 19. januar 2008 Hei. Har problem med CiD popups. Har rensket opp i hosts-fila. Har kjørt SAS, complete scan. Men jeg vet ikke hvordan HJT loggen skal tolkes. Hvis noen har tid til å se på loggene fra SAS og HJT, og gi noen gode råd vil jeg bli meget takknemlig. SAS logg ------------------------------------------------------------ SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/19/2008 at 05:53 PM Application Version : 3.9.1008 Core Rules Database Version : 3384 Trace Rules Database Version: 1378 Scan type : Complete Scan Total Scan Time : 01:02:59 Memory items scanned : 548 Memory threats detected : 0 Registry items scanned : 8067 Registry threats detected : 0 File items scanned : 74890 File threats detected : 38 Adware.Tracking Cookie C:\Documents and Settings\Pappa\Cookies\[email protected][2].txt C:\Documents and Settings\Pappa\Cookies\[email protected][2].txt C:\Documents and Settings\Pappa\Cookies\pappa@adtech[1].txt C:\Documents and Settings\Pappa\Cookies\[email protected][2].txt C:\Documents and Settings\Pappa\Cookies\pappa@atdmt[1].txt C:\Documents and Settings\Pappa\Cookies\[email protected][1].txt C:\Documents and Settings\Pappa\Cookies\pappa@hitbox[2].txt C:\Documents and Settings\Pappa\Cookies\[email protected][1].txt C:\Documents and Settings\Pappa\Cookies\pappa@indextools[2].txt C:\Documents and Settings\Pappa\Cookies\[email protected][1].txt C:\Documents and Settings\Pappa\Cookies\pappa@apmebf[2].txt C:\Documents and Settings\Pappa\Cookies\[email protected][2].txt C:\Documents and Settings\Pappa\Cookies\pappa@clickbank[1].txt C:\Documents and Settings\Pappa\Cookies\pappa@advertising[2].txt C:\Documents and Settings\Pappa\Cookies\pappa@fastclick[2].txt C:\Documents and Settings\Pappa\Cookies\pappa@tradedoubler[2].txt C:\Documents and Settings\Pappa\Cookies\pappa@imrworldwide[2].txt C:\Documents and Settings\Pappa\Cookies\pappa@partypoker[1].txt C:\Documents and Settings\Pappa\Cookies\[email protected][2].txt C:\Documents and Settings\Pappa\Cookies\[email protected][1].txt C:\Documents and Settings\Pappa\Cookies\[email protected][2].txt C:\Documents and Settings\Pappa\Cookies\pappa@xiti[1].txt C:\Documents and Settings\Pappa\Cookies\[email protected][2].txt C:\Documents and Settings\Pappa\Cookies\pappa@doubleclick[2].txt C:\Documents and Settings\Pappa\Cookies\[email protected][1].txt C:\Documents and Settings\Pappa\Cookies\[email protected][2].txt C:\Documents and Settings\Pappa\Cookies\pappa@partyfriendfinder[2].txt C:\Documents and Settings\Pappa\Cookies\pappa@2o7[2].txt C:\Documents and Settings\Hanne\Cookies\[email protected][1].txt C:\Documents and Settings\Pappa\Cookies\[email protected][1].txt C:\Documents and Settings\Øystein\Cookies\ø[email protected][1].txt C:\Documents and Settings\Øystein\Cookies\ø[email protected][1].txt C:\Documents and Settings\Øystein\Cookies\ø[email protected][1].txt C:\Documents and Settings\Øystein\Cookies\øystein@adtech[1].txt C:\Documents and Settings\Øystein\Cookies\øystein@advertising[2].txt C:\Documents and Settings\Øystein\Cookies\øystein@doubleclick[1].txt C:\Documents and Settings\Øystein\Cookies\ø[email protected][1].txt C:\Documents and Settings\Øystein\Cookies\øystein@pacificpoker[2].txt ------------------------------------------------------------ HJT logg ------------------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 23:43:26, on 19.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SCARDS32.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Garmin\gStart.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Orion2\FF\ffserv32.exe C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe C:\video\Last.fm\LastFMHelper.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\programmer\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.salten.skyttersamlag.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/learnmore/learnm...amp;lcode=en-us O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\Find user.exe O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: FlashFiler Server.lnk = C:\Orion2\FF\ffserv32.exe O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ? O4 - Global Startup: Last.fm Helper.lnk = C:\video\Last.fm\LastFMHelper.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing) O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE Lenke til kommentar
norbat Skrevet 19. januar 2008 Del Skrevet 19. januar 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\Find user.exe Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Bruk utforsker til å finne og slette, hvis tilstede, mappa (i fet): C:\Documents and Settings\All Users\Application Data\Audio 4 part browse Oppdater JAVA: http://java.com/en/download/index.jsp Trenger ikke å se flere logger. Fortell hvordan det går med CiD-popups Det kan være lurt å tømme temp-mapper etc. Bruk gjerne CCleaner Du bør etterpå nullstille systemgjenopprettingsmappa: Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
roald-p Skrevet 20. januar 2008 Forfatter Del Skrevet 20. januar 2008 Hei. Det ser meget lovende ut. Hjertelig takk for hjelpen! Lenke til kommentar
norbat Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå