Just nu i M3-nätverket
Jump to content

Problem


Funkey

Recommended Posts

Hej. Jag har problem med popups och sånt och jag tror det kan bero på spyware. Har kört ad-aware men det verkar inte hjälpa. Vore tacksam om nån kunde hjälpa mig.

/ Johan

 

Link to comment
Share on other sites

adaware räcker inte längre till.

 

hämta programmet hijackthis på skrivbordet.

http://koti.mbnet.fi/pattaya1/lataus/hijackthis_self.exe

 

hämta, installera och uppdatera programmet avg anti-spyware. scanna i felsäkert läge och efter scanningen

klickar du på apply all actions, save report.

http://downloads.grisoft.cz/softw/70/filedir/inst/avgas-setup-7.5.0.50.exe

 

starta om normalt, klicka på filen hijackthis_self.exe, ok, unzip.

nu öppnas hjt automatiskt (ev varnar brandväggen), klicka på knappen do a system scan and save a logfile.

kopiera den loggen och avg loggen som finns under reports hit

 

Link to comment
Share on other sites

Okej, här är loggarna:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:50:15, on 2006-12-26

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Delade filer\{2A521806-0775-1053-1202-03091203002e}\Update.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\svchosts.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Creative\Shared Files\CamTray.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\DOBE~1\lsass.exe

C:\WINDOWS\system32\??pPatch\?poolsv.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\System32\svchost.exe

C:\HJT\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {AE88ED7D-0C99-0F34-9B6E-7EE5596B1C90} - C:\WINDOWS\System32\ieabof.dll

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{3A521~1\Bar888.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Disk Monitor] C:\Program\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvfiz.dll,startup

O4 - HKLM\..\Run: [{2A521806-0775-1053-1202-03091203002e}] "C:\Program\Delade filer\{2A521806-0775-1053-1202-03091203002e}\Update.exe" mc-110-12-0000272

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program\Creative\Shared Files\CamTray.exe"

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Msra] "C:\WINDOWS\System32\DOBE~1\lsass.exe" -vt yazb

O4 - HKCU\..\Run: [umd] C:\WINDOWS\system32\??pPatch\?poolsv.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?7cca9ac4e3f444778e1f04928fe5ab04

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?7cca9ac4e3f444778e1f04928fe5ab04

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-se.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_236/webolr/OCX/FlashAX.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000272 (file missing)

[/log]

 

 

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 14:46:18 2006-12-26

 

+ Scan result:

 

 

 

C:\Documents and Settings\stina\Cookies\stina@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\stina\Cookies\stina@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.

 

 

::Report end

 

Link to comment
Share on other sites

Hej igen.

 

Den hittade inga problem, här är loggfilen:

 

************************* Rustock.b-fix -- By ejvindh *************************

2006-12-27 10:24:01,10

 

No Rustock.b-rootkits found

 

******************************* End of Logfile ********************************

 

 

Link to comment
Share on other sites

skriv detta i kör:

SC STOP COM+ Messages >ok

SC DELETE COM+ Messages >ok

 

uppdatera avg antispyware > starta om i felsäkert läge > gör en complete system scan. kolla noga så att det är valt karantän på allt som hittas, det går att högerklicka och välja. hittar du nåt där som du vet är ok kan du ju välja ignore

 

starta om normat, posta en ny hjt logg och avg loggen som finns under reports

 

 

 

[inlägget ändrat 2006-12-27 12:45:10 av 927]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...