Hjt - Spyquake, noget.

Af Super Supporter Garnie | 05-06-2006 18:01 | 1303 visninger | 4 svar, hop til seneste

Hejsa Skulle have noget der hedder Spyquake eller deromkring men har ikke selv være i stand til at fjerne det :( Logfile of HijackThis v1.99.1 Scan saved at 16:28:55, on 05-06-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:Program FilesWindows DefenderMsMpEng.exe C:WINDOWSSystem32svchost.exe C:Program FilesIntelWirelessBinEvtEng.exe C:Program FilesIntelWirelessBinS24EvMon.exe C:Program FilesIntelWirelessBinWLKeeper.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe C:Program FilesDAEMON Toolsdaemon.exe C:PROGRA~1GrisoftAVGFRE~1avgcc.exe C:Program FilesWindows DefenderMSASCui.exe C:Program FilesMSN MessengerMsnMsgr.Exe C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe C:PROGRA~1GrisoftAVGFRE~1avgemc.exe C:WINDOWSeHomeehRecvr.exe C:WINDOWSeHomeehSched.exe C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe C:Program FilesIntelWirelessBinRegSrvc.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32dllhost.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:WINDOWSsystem32svchost.exe c:program filescommon filesinstallshieldupdateserviceisuspm.exe C:Program FilesCommon FilesInstallShieldUpdateServiceagent.exe C:WINDOWSsystem32atmclk.exe C:Program FileseMuleemule.exe C:Program FilesuTorrentutorrent.exe C:Program FilesWinampwinamp.exe C:Program FilesMozilla Firefoxfirefox.exe C:WINDOWSsystem32dcomcfg.exe C:Documents and SettingsRasmusDesktopHijackThis.exe R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www1.euro.dell.com[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com[...] R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www1.euro.dell.com[...] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:PROGRA~1FlashGetjccatch.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dla fswshx.dll O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:WINDOWSsystem32hp100.tmp O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:PROGRA~1FlashFXPIEFlash.dll O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:WINDOWSsystem32hp100.tmp O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay O4 - HKLM..Run: [ISUSPM Startup] "c:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide O4 - HKLM..Run: [SpyHunter] C:Program FilesEnigma Software GroupSpyHunterSpyHunter.exe O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized O8 - Extra context menu item: Download All by FlashGet - C:Program FilesFlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - C:Program FilesFlashGetjc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03in pjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03in pjpi142_03.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com[...] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgemc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodiniPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcap pcapd.exe" -d -f "%ProgramFiles%WinPcap pcapd.ini (file missing) O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:Program FilesIntelWirelessBinWLKeeper.exe
--

http://www.againsttcpa.com[...] - <--- Alle skulle læse denne side!

#1
Theking2
Super Nørd
05-06-2006 23:21

Rapporter til Admin

Hej Du kan starte med at følge vejledningen her: - Hent SmitfraudFix.zip (pak det ud til dit Skrivebord) http://siri.urz.free.fr[...] NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig. • Genstart i fejlsikret tilstand. (Tryk F8 gentagne gange ved opstart) • Åbn mappen SmitfraudFix som du fik på Skrivebordet • Dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes) Lad programmet gennemføre en rensning • Det vil tjekke om systemfilen wininet.dll er inficeret. Hvis den er det, så klik på Y (Yes) når den spørger. Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . • Kopier listen ind i tråden sammen med en ny HJT Log.
--
http://www.hattrick.org[...] Alliancen (570540) Hol.dk HJT Supporter

#2
PJ
Gæst
05-06-2006 23:34

Rapporter til Admin

http://www.krusesecurity.dk[...] alletiders ilille artikel om SpywareQuake
--
Gæstebruger, opret dit eget login og få din egen signatur.

#3
Garnie
Super Supporter
06-06-2006 15:05

Rapporter til Admin

Problemet er væk :) takker .. her er loggen Logfile of HijackThis v1.99.1 Scan saved at 15:04:32, on 06-06-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:Program FilesWindows DefenderMsMpEng.exe C:WINDOWSSystem32svchost.exe C:Program FilesIntelWirelessBinEvtEng.exe C:Program FilesIntelWirelessBinS24EvMon.exe C:Program FilesIntelWirelessBinWLKeeper.exe C:WINDOWSsystem32spoolsv.exe C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe C:PROGRA~1GrisoftAVGFRE~1avgemc.exe C:WINDOWSeHomeehRecvr.exe C:WINDOWSeHomeehSched.exe C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe C:Program FilesIntelWirelessBinRegSrvc.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32dllhost.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe C:Program FilesDAEMON Toolsdaemon.exe C:PROGRA~1GrisoftAVGFRE~1avgcc.exe C:Program FilesWindows DefenderMSASCui.exe C:Program FilesMSN MessengerMsnMsgr.Exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:WINDOWSsystem32svchost.exe C:Program FilesMozilla Firefoxfirefox.exe C:WINDOWSeHomeehmsas.exe C:WINDOWSeHomeEHTray.exe C:Program FilesWindows Media Playerwmplayer.exe C:WINDOWSsystem32divxsm.exe C:Program FilesWinampwinamp.exe C:Documents and SettingsRasmusDesktopHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www1.euro.dell.com[...] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:PROGRA~1FlashGetjccatch.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dla fswshx.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:PROGRA~1FlashFXPIEFlash.dll O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay O4 - HKLM..Run: [ISUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized O8 - Extra context menu item: Download All by FlashGet - C:Program FilesFlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - C:Program FilesFlashGetjc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03in pjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03in pjpi142_03.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com[...] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgemc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodiniPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcap pcapd.exe" -d -f "%ProgramFiles%WinPcap pcapd.ini (file missing) O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:Program FilesIntelWirelessBinWLKeeper.exe
--
http://www.againsttcpa.com[...] - <--- Alle skulle læse denne side!

#4
Theking2
Super Nørd
06-06-2006 22:40

Rapporter til Admin

#3 Det var da dejligt nu hvor loggen også er ren ;) Hvis du vil, så kan du afslutte med at rydde lidt op med dette program. - CCleaner http://majorgeeks.com[...] Installer CCleaner CCleaner Åben CCleaner og gå i Problemer Vælg "Skan efter problemer" og derefter Udbedre valgte problemer" Tryk Yes til at lave en sikkerhedskopi og gem det til et sted som du kan huske Tryk til sidst på "Udbedre alle valgte problemer" Luk CCleaner Genstart pc'en - ingen ny log behøves.
--
http://www.hattrick.org[...] Alliancen (570540) Hol.dk HJT Supporter