Aller au contenu principal

www.bestsafetyguide.net!

Commentaires

6 commentaires

  • Support

    Assuming you added this to your trusted zone yourself?

    O15 - Trusted Zone: *.line6.net

     

    Everything looks fine. How is your computer acting at this point?

    0
  • Support

    Hi swed, Welcome!

     

    Your HijackThis log is formatted wrong and we need to fix that so I can read the next one. Open Notepad and at the top choose the *format* button. Make sure that wordwrap is unchecked.

     

    You have a Smitfraud Hijacker, and most programs are not able to remove it yet.. We can use a special free tool made for dealing with it.

     

    1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

     

    How to extract (decompress) zipped or compressed files

    http://www.lvsonline.com/compresstut/index.shtml

     

    Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

     

    2. Reboot into Safe Mode

    You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

     

    How to start the computer in Safe mode

    http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

     

    3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

     

    Select option #2 - Clean by typing 2 and press Enter.

    Wait for the tool to complete and disk cleanup to finish.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

     

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

     

    4. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

     

    Logs needed in your next post are:

     

    rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

     

    Fresh HijackThis log

    0
  • Customer

    Hello,and thx for the fast reply! Here are the logs:

     

     

     

    SmitFraudFix v2.58

     

    Scan done at 22:54:22,29, 2006-06-11

    Run from C:\Documents and Settings\Johan Brodin\Skrivbord\SmitfraudFix

    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

    Fix ran in safe mode

     

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

    !!!Attention, following keys are not inevitably infected!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "{55059d4f-a1ac-4837-ae07-4859101f598d}"="chromatodysopia"

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

     

    C:\WINDOWS\system32\dcomcfg.exe Deleted

    C:\WINDOWS\system32\hp???.tmp Deleted

    C:\WINDOWS\system32\ld????.tmp Deleted

    C:\WINDOWS\system32\regperf.exe Deleted

    C:\WINDOWS\system32\simpole.tlb Deleted

    C:\WINDOWS\system32\stdole3.tlb Deleted

    C:\WINDOWS\system32\1024\ Deleted

     

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

     

    GenericRenosFix by S!Ri

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

     

    Registry Cleaning done.

     

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

    !!!Attention, following keys are not inevitably infected!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» End

     

     

    Logfile of HijackThis v1.99.1

    Scan saved at 23:01:40, on 2006-06-11

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

    C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

    C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program\Delade filer\Symantec Shared\ccApp.exe

    C:\Program\Logitech\iTouch\iTouch.exe

    C:\Program\Java\jre1.5.0_02\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

    C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

    C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program\Belkin\Bluetooth Software\bin\btwdins.exe

    C:\Program\ewido anti-malware\ewidoctrl.exe

    C:\Program\ewido anti-malware\ewidoguard.exe

    C:\Program\Norton AntiVirus\navapsvc.exe

    C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\Smartscaps.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\UAService7.exe

    C:\Program\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program\Messenger\msmsgs.exe

    C:\Program Files\HijackThis.exe

     

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_02\bin\jusched.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Certificate Mover.lnk = ?

    O8 - Extra context menu item: Send To &Bluetooth - C:\Program\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O15 - Trusted Zone: *.line6.net

    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

    O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - http://designer.room328.com/app/WebVDSetUp.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095866767293

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126695314312

    O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

    O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) - http://designer.room328.com/app/WebVD.cab

    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\Belkin\Bluetooth Software\bin\btwdins.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

    O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe

    O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido anti-malware\ewidoguard.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    0
  • Support

    You're quite welcome! Glad we could help

     

    Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr

    Wait while Windows scans your system for files to delete.

    Make sure these 3 are checkmarked and press *ok* to delete them.

     

    Temporary Files

    Temporary Internet Files

    Recycle Bin

    ....................................................

    And be sure to follow up with a full system scan with Adaware SE

    ....................................

    Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

     

    One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

     

    To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

     

    (winXP)

     

    1. Turn off System Restore.

    Go to Start and right-click on *My Computer*.

    Click Properties.

    Click the System Restore tab.

    Put a Checkmark in the box next to "Turn off System Restore".

    Click Apply, and then click OK.

     

    2. Reboot.

     

    3. Turn ON System Restore.

    Go to Start and right-click on *My Computer*.

    Click Properties.

    Click the System Restore tab.

    Remove the checkmark next to "Turn off System Restore".

    Click Apply, and then click OK.

     

    How to Turn On and Turn Off System Restore in Windows XP

    http://support.microsoft.com/default.aspx?...kb;en-us;310405

     

    Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help .

    How do I prevent Browser Hijacks and Spyware?

    http://www.dslreports.com/faq/13620

     

    I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE

    Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!

    Windows Update

    http://update.microsoft.com/microsoftupdate/

     

    And see this link for instructions on how to configure the enhanced security features in SP2:

    http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

     

    I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

     

    MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:

    Microsoft Baseline Security Analyzer

    http://www.microsoft.com/technet/security/...s/mbsahome.mspx

    Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

    0
  • Customer

    Comp. acting normal! And yes,i trust Line6

    Im very grateful for your help,thank you very much!!

    0
  • Customer

    Ok,followed your intructions,everything seeems alright.

    Thanks again!

    0

Vous devez vous connecter pour laisser un commentaire.