Gå til innhold
Trenger du hjelp med PCen? Still spørsmål her! ×

Har fått virus, spyware og adware, hva gjør jeg?


Anbefalte innlegg

Trenger hjelp ganske kvikt. Fikk en trojan på Pcen i går når jeg surfet. Husker ikke om jeg lastet ned noe, men jeg fikk den ihvertfall.

 

Jeg prøvde i hele går å fjerne det med Search and destroy, Norman antivirus (som alltid er opperativt på min pc) og Ad-aware og mange andre online programmer, men pcen min viser fortsatt masse uhyggelige meldinger som:

System Alert: Adware and Spyware

Yoru computer is infected (i en rød ramme ved klokken som kommer opp når jeg trykker på et "?" ikon som blinker med et stoppskilt.

 

Normann viser ingen ting, og de fleste virusprogrammene finner ikke noe særlig untatt enkelt ting her og nå.

Mange online programmer viser at jeg har megahøy risiko for pcen, men jeg aner ikke hva jeg skal gjøre.

 

Hittil har jeg ikke merket noen feil annet en noe tregere internett (som betyr at jeg antakelig har spyware/adware), uønskede "casino" popups selv om jeg ikke bruker explorer, popups av andre sorter og at pcen går en smule saktere.

 

HJELP! Hva skal jeg gjøre?

Lenke til kommentar
Videoannonse
Annonse

Jeg brukte "hijackthis" nå nettop og dette er loggen fra programmet:

 

Logfile of HijackThis v1.99.1

Scan saved at 16:33:48, on 23.06.2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Billionton\Bluetooth-programvare\bin\btwdins.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norman\bin\ZANDA.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\Norman\bin\NJEEVES.EXE

C:\PROGRAM FILES\NORMAN\nvc\BIN\NVCSCHED.EXE

C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe

C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoas.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norman\bin\ZLH.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Billionton\Bluetooth-programvare\BTTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Norman\Nvc\BIN\NIP.EXE

C:\Program Files\Norman\Nvc\bin\cclaw.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\ishost.exe

C:\WINDOWS\System32\ismon.exe

C:\WINDOWS\System32\isnotify.exe

C:\WINDOWS\System32\issearch.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Magnus Kraft Breivik\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...bwKriWOGXEyCa2k

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.snebrett.tk/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt0.dll

O2 - BHO: ohb - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nso4.dll

O2 - BHO: Log.Full - {B7B0089A-FAF6-43FB-A33D-657E416AE259} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Log\log.dll

O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll

O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe

O4 - HKCU\..\Run: [The Spy Guard] C:\Program Files\SpyGuard\spyguard.exe

O4 - HKCU\..\Run: [The Spy Guard Monitor] C:\Program Files\SpyGuard\spyguard_monitor.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/no/games4.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab

O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} (iiittt Class) - http://www.hotsearchbar.com/toolbar30/hsrb.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\bin\ZANDA.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\PROGRAM FILES\NORMAN\nvc\BIN\NVCSCHED.EXE

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Lenke til kommentar

Fjern:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...bwKriWOGXEyCa2k

 

O2 - BHO: ohb - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nso4.dll

 

O2 - BHO: Log.Full - {B7B0089A-FAF6-43FB-A33D-657E416AE259} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Log\log.dll

 

O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} (iiittt Class) - http://www.hotsearchbar.com/toolbar30/hsrb.cab

 

PRøv å fjerne disse og start maskinen på nytt

Lenke til kommentar

Det er den nye logen. Jeg kjørte hijack og fjernet de ambefalte filene og restartet. Så tok jeg denne:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:00:37, on 23.06.2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\WINDOWS\System32\ishost.exe

C:\WINDOWS\System32\isnotify.exe

C:\WINDOWS\System32\ismon.exe

C:\WINDOWS\System32\issearch.exe

C:\Program Files\Norman\bin\ZLH.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\The Cleaner\tca.exe

C:\Program Files\The Cleaner\tcm.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Billionton\Bluetooth-programvare\bin\btwdins.exe

C:\Program Files\Billionton\Bluetooth-programvare\BTTray.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norman\bin\ZANDA.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\Norman\Nvc\BIN\NIP.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRAM FILES\NORMAN\nvc\BIN\NVCSCHED.EXE

C:\Program Files\Norman\bin\NJEEVES.EXE

C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoas.exe

C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe

C:\Program Files\Norman\Nvc\bin\cclaw.exe

C:\Documents and Settings\Magnus Kraft Breivik\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.snebrett.tk/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt0.dll

O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll

O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe

O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe

O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe

O4 - HKCU\..\Run: [The Spy Guard] C:\Program Files\SpyGuard\spyguard.exe

O4 - HKCU\..\Run: [The Spy Guard Monitor] C:\Program Files\SpyGuard\spyguard_monitor.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/no/games4.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\bin\ZANDA.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\PROGRAM FILES\NORMAN\nvc\BIN\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\PROGRAM FILES\NORMAN\nvc\BIN\NVCSCHED.EXE

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Endret av Olaff
Lenke til kommentar

[tørt] Tja, det var en del her, du[/tørt] Kan ikke garantere resultatet, men dette skulle hjelpe noe:

 

Last ned Ewido og sett den opp slik. Ikke kjør den ennå.

Oppdater SpyBot; ikke kjør den heller.

Plukk ned ccleaner.

Ta ned Winsockfix og LSPFix (google). Det er ikke sikkert du trenger dem, men hvis det vi gjør først krøller til nettilgangen din kan du kjøre dem.

 

Start HJT, do a scan only; sett en hake ved følgende:

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.snebrett.tk/

O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt0.dll

O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)

O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll

O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [The Spy Guard] C:\Program Files\SpyGuard\spyguard.exe

O4 - HKCU\..\Run: [The Spy Guard Monitor] C:\Program Files\SpyGuard\spyguard_monitor.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/no/games4.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab

Lukk alle nettleservinduer; dette inkludert, og trykk "fix checked"

Så avinstallerer du enten AVG eller Norman (de roter det til for hverandre).

Kjør ccleaner (husk å fjerne haka i advanced options for "only delete temp files older than 48 hours).

Reboot i safe mode (f8 under oppstart), kjører Ewido og SpyBot.

Kjør begge 2 ganger!

Kjør ccleaner

 

Reboot normalt, kjør en Panda Activescan (google).

 

Legg så ut loggen fra Panda sammen med en blodfersk HJTlogg.

Skulle vært i kategori "sikkerhet"

Bernt K

Lenke til kommentar

Mener jeg kjenner igjen look2me, som installerer og laster ned enda mere spyware med mere. Det finnes et glimrende program som fjerner greia. kan lastes ned her(kan ikke skade å kjøre det uansett):

 

http://www.atribune.org/ccount/click.php?id=7

 

Følg følgende instruksjoner:

 

[*]Close all windows before continuing.

[*]Double-click Look2Me-Destroyer.exe to run it.

[*]Put a check next to Run this program as a task.

[*]You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK

[*]When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.

[*]Once it's done scanning, click the Remove L2M button.

[*]You will receive a Done Scanning message, click OK.

[*]When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.

[*]Your computer will then shutdown.

[*]Turn your computer back on.

 

Isearch toolbar nevnes hos symantec http://www.symantec.com/avcenter/venc/data...re.isearch.html

 

Jeg ser at du har et program som heter spyguard. Les om svineriet her:

http://www.symantec.com/avcenter/venc/data/punisher.html

 

De winsock-entryene dine kan bety at noe prøver å overta internetttilgangen din. Du kan sjekke dette og fikse winsock med LSPfix (som andre har nevnt tidligere).

Endret av Narkolepsi
Lenke til kommentar
Mener jeg kjenner igjen look2me, som installerer og laster ned enda mere spyware med mere. Det finnes et glimrende program som fjerner greia. kan lastes ned her(kan ikke skade å kjøre det uansett):

 

http://www.atribune.org/ccount/click.php?id=7

 

Hvor ser du L2M? Ikke fordi jeg tviler, men dersom du har en kjapp metode å identifisere den på vil jeg gjerne høre. Jeg ser Starware, Spyguard, mulig en lop.com, issearch og noe annet rask, men L2M hopper ikke fram og skriker "her er jeg". Som du sier gjør ikke L2MFix/destroyer noen skade, så det er vel verdt å prøve.Uansett tenker jeg Ewido og Spybot, muligens kombinert med WinsockFix/ LSPFix og evt L2MDestroyer rydder opp i det meste slik at vi får bedre oversikt.

 

Bernt K

Lenke til kommentar

Jeg fikk i dag noe spyware dritt på maskinen min. Vet ikke helt om det er det samme som du har, men du kan jo prøve min løsning.

 

Spyware drittet jeg fikk ble fjernet med ad-aware og Trend Anti-Spyware, men det dukket opp igjen kanskje 10 sekunder etterpå, så jeg ble visst ikke kvitt det likevel. Det som ble løsningen var et program som heter SmitFraudFix.

 

1.Last ned programmet:

http://siri.geekstogo.com/SmitfraudFix.php

 

2.Pakk det ut

 

3.Start maskinen i sikkermodus

 

4.Kjør filen SmitfraudFix.cmd

 

5. Trykk 2 og enter (clean), så venter du, så Y på alt annet.

 

Lykke til.

Lenke til kommentar

Joa, den ene 04'ern:

O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt0.dll

 

er SmitFraudrelatert, og SmitFraudFix ville vært en naturlig del av kuren.

EDIT: Norman er like god som noen andre AV-programmer; ett av problemene trådstarter har/ hadde var at han kjørte 2 AVprogrammer samtidig, og det blir bare krøll. Det ville ikke ha hjulpet det minste å smelle ett til ned i smørja.

 

 

Bernt K

Endret av berxter
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...