Just nu i M3-nätverket
Jump to content

Roings Engine


Guest idgadmin

Recommended Posts

Guest idgadmin

Hej!

 

Tyvärr har jag drabbats av denna spyware/mask/hijacker eller vad det kallas.

 

Jag har sökt runt lite på internet efter info om hur man blir av med den men det var väldigt avancerat och på engelska. När jag försökte följa en instruktion så stängdes datorn av.

 

De program jag har installerade som 'sägs' skall kunna komma åt denna är SpyWareBlaster och Ad-Aware, men den försvinner ändå ej.

 

Finns det någon som kon hjälpa mej här?

 

Link to comment
Share on other sites

Guest idgadmin

 

Här är min logg från HiJackThis:

 

Logfile of HijackThis v1.97.7

Scan saved at 10:57:02, on 2004-04-09

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

C:\Program\ICQLite\ICQLite.exe

C:\Program\ZONELA~1\ZONEAL~1\zlclient.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Aluria Software\ASE\ASE Scheduler.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Messenger\msmsgs.exe

C:\Documents and Settings\rumpino\Skrivbord\spywareskit\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aktieguiden.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://groups.msn.com/elliottelliottson/_homepage.msnw?&pps=k"); (C:\Documents and Settings\rumpino\Application Data\Mozilla\Profiles\default\ltoub7x8.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\rumpino\Application Data\Mozilla\Profiles\default\ltoub7x8.slt\prefs.js)

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [iCQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [updater] C:\Program\Common files\updater\wupdater.exe

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program\ICQLite\ICQLite.exe -trayboot

O4 - Startup: ASE Scheduler.lnk = C:\Program\Aluria Software\ASE\ASE Scheduler.exe

O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/se/win/QuickTimeInstaller.exe

O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe

O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37880.5413888889

O16 - DPF: {A45A8A35-19FA-4E8B-874C-CBA3107F354C} (GVLaunch Control) - http://www.casinolauncher.com/gvlaunch.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://esignalevents.webex.com/client/latest/event/ieatgpc.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/ieplug.cab

O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

Link to comment
Share on other sites

Stäng webbläsaren, kör HJT och bocka i följande:

 

[FET]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html

 

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

 

O4 - HKLM\..\Run: [updater] C:\Program\Common files\updater\wupdater.exe

 

O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx

 

O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB

 

 

[/FET]

 

Sen finns det ett antal objekt som jag inte är säker på...men det verkar som om dom också skall bort.

 

[FET]

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://esignalevents.webex.com/client/latest/event/ieatgpc.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/ieplug.cab

O16 - DPF: {A45A8A35-19FA-4E8B-874C-CBA3107F354C} (GVLaunch Control) - http://www.casinolauncher.com/gvlaunch.cab

O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab

 

[/FET]

 

Bocka i och klicka sedan på "Fix".

 

Link to comment
Share on other sites

Det bör vara borta, eller i alla fall inte fungera.

 

Men jag rekommenderar dig att vara lite extra vaksam 1 dag eller 2...

 

Det kan vara att jag har missat något.

 

 

Link to comment
Share on other sites

Guest idgadmin

tack för din hjälp.

 

tror inte det är riktigt borta, har startat om datorn och kört massa ad-ware progs o de finner ständig nya grejjer, så här ser min startup lista ut, nått man direkt kan säga är sånt?

 

WinPatrol Startup Programs

4/9/2004 16:51

 

 

NvCplDaemon

NvCpl.dll,NvStartup

NVIDIA Display Properties Extension

Version: 6.13.10.4109

© NVIDIA Corporation. All rights reserved.

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\WINDOWS\System32\NvCpl.dll,NvStartup

Click for Plus Info

 

 

 

CTSysVol

CTSysVol.exe

CTSysVol.exe

Version: 1.0.0.0

Copyright © Creative Technology Ltd., 2002. All rights reserved.

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

Click for Plus Info

 

 

 

CTHelper

CTHELPER.EXE

CtHelper MFC Application

Version: 1, 0, 0, 11

Copyright © 2002

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: CTHELPER.EXE

Click for Plus Info

 

 

 

SBDrvDet

SBDrvDet.exe /r

SBDrvDet.exe

Version: 1.0.0.0

Copyright © Creative Technology Ltd., 2002. All rights reserved.

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

Click for Plus Info

 

 

 

UpdReg

Updreg.EXE

Creative UpdReg

Version: 1.0.2

Copyright © Creative Technology Ltd. 2000

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\WINDOWS\Updreg.EXE

Click for Plus Info

 

 

 

CTStartup

CTEaxSpl.EXE /run

Startup Splash

Version: 1, 1, 0, 4

Copyright © Creative Technology Ltd. 2001

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program\Creative\Splash Screen\CTEaxSpl.EXE /run

Click for Plus Info

 

 

 

NeroCheck

NeroCheck.exe

NeroCheck

Version: 1, 0, 0, 2

Copyright © 2001

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\WINDOWS\system32\NeroCheck.exe

Click for Plus Info

 

 

 

QuickTime Task

qttask.exe -atboottime

Version: QuickTime 6.0.2

© Apple Computer, Inc. 2001-2002

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program\QuickTime\qttask.exe -atboottime

Click for Plus Info

 

 

 

LVCOMS

LVComS.exe

LVCom Server

Version: 7.3.0.1113

© 1996-2002 Logitech. All rights reserved.

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program\Delade filer\Logitech\QCDriver3\LVComS.exe

Click for Plus Info

 

 

 

LogitechGalleryRepair

ISStart.exe

ImageStudio Startup Application

Version: 7.3.0.1113

© 1996-2002 Logitech. All rights reserved.

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program\Logitech\ImageStudio\ISStart.exe

Click for Plus Info

 

 

 

LogitechImageStudioTray

LogiTray.exe

ImageStudio Tray Application

Version: 7.3.0.1113

© 1996-2002 Logitech. All rights reserved.

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program\Logitech\ImageStudio\LogiTray.exe

Click for Plus Info

 

 

 

ICQ Lite

ICQLite.exe -minimize

ICQLite

Version: 1, 0, 0

Copyright © 2002

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program\ICQLite\ICQLite.exe -minimize

Click for Plus Info

 

 

 

Zone Labs Client

zlclient.exe

Zone Labs Client

Version: 4.5.530.000

Copyright © 1998-2003, Zone Labs Inc.

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

Click for Plus Info

 

 

 

KernelFaultCheck

dumprep 0 -k

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: %systemroot%\system32\dumprep 0 -k

Click for Plus Info

 

 

 

ccApp

ccApp.exe

Symantec Common Client User Session

Version: 2.0.0.635

Copyright © 2000-2003 Symantec Corporation. All rights reserved.

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program\Delade filer\Symantec Shared\ccApp.exe

Click for Plus Info

 

 

 

WinPatrol

WinPatrol.exe

WinPatrol By BillP Studios

Version: 7.0.0.5

Copyright © 1997- 2004 BillP Studios

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program\WinPatrol\WinPatrol.exe

Click for Plus Info

 

 

 

msnmsgr

msnmsgr.exe /background

Messenger

Version: Version 6.1

Copyright © Microsoft Corporation 1997-2003

Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program\MSN Messenger\msnmsgr.exe /background

Click for Plus Info

 

 

 

CTStartup

CTEaxSpl.EXE /play

Startup Splash

Version: 1, 1, 0, 4

Copyright © Creative Technology Ltd. 2001

Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Path: C:\Program\Creative\Splash Screen\CTEaxSpl.EXE /play

Click for Plus Info

 

 

 

ICQ Lite

ICQLite.exe -trayboot

ICQLite

Version: 1, 0, 0

Copyright © 2002

Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Path: C:\Program\ICQLite\ICQLite.exe -trayboot

Click for Plus Info

 

Link to comment
Share on other sites

Hej.

 

Nej, här hittar jag inget konstigt.

Hur upplever du problemet nu?

Är det som det tar lång tid att starta?

Har du startat om sedan rensningen?

Om inte så prova det.

 

 

Link to comment
Share on other sites

rumpino

 

Du har "VX2 Betterinternet" i ditt system, så jag skulle tro att du inte är problemfri, eller hur?

 

AdAware6 hittar och tar bort detta.Installationsfilen för denna infektion är denna : C:\WINDOWS\twaintec.dll

Men det räcker inte att ta bort den heller, för dessa killar vill ha kvar sin älskling i systemet, därför finns det fler filer som inte syns i HJT, som också återinstallerar infektionen.

 

Gå hit och ladda ner AdAware6 och ställ programmet i "Custom scan" och enligt "Punkt 4" : http://www.lavasoftsupport.com/index.php?showtopic=14136

Glöm inte att uppdatera referensfilen genom att klicka på "check for updates"

 

Hälsning

 

Die Hard

 

[FET]Member of ASAP

Alliance of Security Analysis Professionals[/FET]

 

 

 

Link to comment
Share on other sites

Guest idgadmin

 

stort tack till era DieHard och Mij, har nu konfigurerat AdAware skall göra scanning snart, återkommer med rapport sen så får ni se om det är något kvar.

 

En sak jag noterat är att när jag högerklickar i IE (så man får upp bakåt, framåt, markera, visa källa etc.) så har det lagts till en rad där, "Encyclopedia", denna leder till nån sökmotor ... så jag är inte helt "clean" :-) ännu.

 

mvh

 

Link to comment
Share on other sites

Om det skulle visa sig att inget av det vi har tipsat om hjälper dig att bli av med allt, utan du ändå har något kvar, så kan det vara så att skaparna har ändrat lite i utformningen på eländet.

 

Då kan det behövas en ny analys av objektet, för att kunna lägga till det i Ad-Aware.

 

Jag citerar DieHard:

[CITAT]Kanske att vi skulle vilja ha någon fil uppladdad för undersökning också.

Adressen till det svenska forumet är :

http://www.lavasoftsupport.com/index.php?showforum=17

 

För att posta behöver du bara göra en enkel registrering och vänta på den blir klar.

 

Under tiden kan du göra en "startuplist log" genom att öppna HJT och klicka "Config>Misc tools" och innan du klickar på "Generate startuplist log" bocka i dom två små rutorna inunder.

När registreringen är klar , kanske du skulle vilja posta den.Den är lång.[/CITAT]

Slut citat.

 

Link to comment
Share on other sites

Guest idgadmin

Okej!

 

Har gjort en ny log nu (ej kört ad-aware en gång till med Die Hards inställnignar)

 

Återkommer när jag kört ad-aware.

 

Logfile of HijackThis v1.97.7

Scan saved at 18:35:03, on 2004-04-13

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

C:\Program\ICQLite\ICQLite.exe

C:\Program\ZONELA~1\ZONEAL~1\zlclient.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Lavasoft\Ad-aware 6\Ad-aware.exe

D:\TekniskAnalys.com\Analyzer.exe

C:\Program\Messenger\msmsgs.exe

C:\Documents and Settings\rumpino\Skrivbord\spywareskit\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.aktieguiden.com/login.aspx?loginForm=1&strUID=&strPWD=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://groups.msn.com/elliottelliottson/_homepage.msnw?&pps=k"); (C:\Documents and Settings\rumpino\Application Data\Mozilla\Profiles\default\ltoub7x8.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\rumpino\Application Data\Mozilla\Profiles\default\ltoub7x8.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [iCQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /play

O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program\ICQLite\ICQLite.exe -trayboot

O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/se/win/QuickTimeInstaller.exe

O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37880.5413888889

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://esignalevents.webex.com/client/latest/event/ieatgpc.cab

O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

Link to comment
Share on other sites

rumpino :-

 

Vad du ska göra nu är att du markerar alla "VX2 Betterinternet" för borttagning, sedan startar du om.

 

Vid uppstart är det möjligt att AdAware startar och skannar, låt den avsluta och markera allt i listan denna gång.

Starta sedan om igen.

Posta en ny HJT-log när detta är gjort och AdAware loggen är ren.

 

Hälsning

 

Die Hard

[FET]Member of ASAP

Alliance of Security Analysis Professionals[/FET]

 

 

Link to comment
Share on other sites

Guest idgadmin

sådär! nu fann inte adaware nått alls!

 

så här ser loggen ut nu:

 

Logfile of HijackThis v1.97.7

Scan saved at 17:53:21, on 2004-04-14

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

C:\Program\ICQLite\ICQLite.exe

C:\Program\ZONELA~1\ZONEAL~1\zlclient.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Norton AntiVirus\OPScan.exe

C:\Program\Messenger\msmsgs.exe

C:\Documents and Settings\rumpino\Skrivbord\spywareskit\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.aktieguiden.com/login.aspx?loginForm=1&strUID=&strPWD=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://groups.msn.com/elliottelliottson/_homepage.msnw?&pps=k"); (C:\Documents and Settings\rumpino\Application Data\Mozilla\Profiles\default\ltoub7x8.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\rumpino\Application Data\Mozilla\Profiles\default\ltoub7x8.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [iCQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /play

O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program\ICQLite\ICQLite.exe -trayboot

O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/se/win/QuickTimeInstaller.exe

O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37880.5413888889

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://esignalevents.webex.com/client/latest/event/ieatgpc.cab

O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

 

mvh

 

Link to comment
Share on other sites

Skönt att höra...*ler*

 

Du kan spara på loggen för att ha den som referens om det dyker upp något nytt.

 

Naturligtvis kan det finnas legitima orsaker till en ändring, tex om du installerar något program, men det kan ändå vara bra att ha.

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...