hijackthis log

Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet filerne listet nedenunder, kør SaS.

O4 - HKLM\..\Run: [.svchost] C:\WINDOWS\System\CSRSS.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -

---------------------------------------
Sletning af \mapper\ og filer:
Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
-------------------
Mapper:
Ingen.
-------------------
Filer:
C:\WINDOWS\System\CSRSS.EXE
---------------------------------------
Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.

Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.

Vi skal også se en frisk hijackthislog.

jeg kan ikke finde filen CSRSS.EXE...

eller den er der ikke--- m,en jeg fortsætter alligevel..

jeg kunne ikke åbne syperantispyware i fejlsikret tilstand, så den er ikke scannet i fejlsikret... og jeg fandt heller ikke mappen CSRSS.EXE



SUPERAntiSpyware Scan Log
Generated 12/27/2006 at 00:29 AM

Application Version : 3.3.1020

Core Rules Database Version : 3154
Trace Rules Database Version: 1171

Scan type      : Complete Scan
Total Scan Time : 00:14:04

Memory items scanned      : 426
Memory threats detected  : 0
Registry items scanned    : 5285
Registry threats detected : 0
File items scanned        : 3314
File threats detected    : 94

Adware.Tracking Cookie
    C:\Documents and Settings\Christiansen\Cookies\christiansen@stats.adbrite[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@tribalfusion[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@upspiral[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@serving-sys[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@kaboose.112.2o7[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@image.masterstats[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@valueclick[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@tradedoubler[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@as-eu.falkag[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@m1.webstats4u[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@cgi-bin[4].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@1069763826[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@casalemedia[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@mb[3].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@adserver.easyad[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@stats1.reliablestats[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ad1.emediate[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ilead.itrack[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@www.burstnet[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@track.adform[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ads.addynamix[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@targetnet[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ads.neodelight[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ads.pointroll[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ads.newgrounds[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@statcounter[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@1072638200[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@cgi-bin[8].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@hg1.hitbox[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@adtech[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@rotator.adjuggler[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@adserver.banneradministration[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@doubleclick[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@direct[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@cgi-bin[6].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ads.estart[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@adecn[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@adfair[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@realmedia[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ad[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@xiti[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@cgi-bin[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@cgi-bin[3].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@zedo[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@c.goclick[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@as1.falkag[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@hitbox[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@server.cpmstar[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@fastclick[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@partypoker[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@18766632[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@www.upspiral[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@cgi-bin[5].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@atwola[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ads.arto[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@as-us.falkag[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@adserver.tibaco[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@roi[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@wrigley.122.2o7[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@media.fastclick[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@cgi-bin[7].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@1065243893[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@questionmarket[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@indextools[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@mediaplex[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@e2.emediate[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@revenue[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@mb[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@advertising[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@revsci[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@msninvite.112.2o7[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@adbrite[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@advert.runescape[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ads.us.e-planning[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@adlegend[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@atdmt[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ad.yieldmanager[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@counter.hitslink[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@2o7[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@drivecleaner[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@yieldmanager[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@yourdailymedia[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@bizrate[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@maxserving[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@cyberclick[1].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@mb[4].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@adserver.adremedy[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@adopt.euroclick[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ads.blizzard[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@overture[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@cz7.clickzs[2].txt
    C:\Documents and Settings\Christiansen\Cookies\christiansen@ads.cartoonnetwork[1].txt

og her er den friske hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 00:34:41, on 27-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Programmer\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programmer\Skype\Plugin Manager\SkypePM.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Java\jre1.5.0_09\bin\jucheck.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Christiansen\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Programmer\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe

Den fil er nok død i knaldet, så fred være med den. :-)

Så er din log ren, vi behøver ikke at se flere.
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere samt sætte filvisning til normal.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis ikke skjulte filer og mapper".

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.

Tak for point.*S*