thamule Skrevet 3. september 2005 Rapporter Del Skrevet 3. september 2005 (endret) Her er min Hijack-loggen min: Sliter veldig med virus, spyware og masse anna dritt, er velldi takknemlig viss noen hadde giddet og sett gjennom.. Logfile of HijackThis v1.99.1 Scan saved at 22:47:20, on 03.09.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\FotoNation\EvLstnr.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\WINDOWS\MXOALDR.EXE C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\VM_STI.EXE C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Sony Ericsson\Mobile\audevicemgr.exe c:\progra~1\intern~1\iexplore.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE c:\Programfiler\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe C:\Programfiler\Mozilla Firefox\firefox.exe I:\navsetup.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\Programfiler\WinRAR\WinRAR.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\DOCUME~1\CHRIST~1.ING\LOKALE~1\Temp\Rar$EX00.062\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kmyofjebamrlnnyokocb.com/zxlM6B...AuokFAaWFN.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cgbxljhfcuhuzatc.net/zxlM6Byr9y...WfpNbGnKvOY.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.204.87.245:5000 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EVENTLISTENER] C:\Programfiler\Fellesfiler\FotoNation\EvLstnr.exe O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Programfiler\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KeyBoard] C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe O4 - HKLM\..\Run: [clock download view tick] C:\Documents and Settings\All Users\Programdata\keepkindclockdownload\Eggs dent.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera O4 - HKLM\..\Run: [Aim Axis Show Tick] C:\Documents and Settings\All Users\Programdata\platform itch aim axis\window open.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Tweak-XP Pro] "C:\Programfiler\Tweak-XP Pro 4\autostart.exe" O4 - HKCU\..\Run: [TransTask] "C:\Programfiler\Tweak-XP Pro 4\transtask.exe" O4 - HKCU\..\Run: [bib 64] C:\DOCUME~1\CHRIST~1.ING\PROGRA~1\CLOSEP~1\mail remote.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Phone Connection Monitor.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA6B115-AE98-4193-807C-14AB9874EF28}: NameServer = 192.168.1.1 O20 - AppInit_DLLs: MsgPlusLoader.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Endret 4. september 2005 av blaster88 Lenke til kommentar
Alastor Skrevet 4. september 2005 Rapporter Del Skrevet 4. september 2005 Disse ser litt tvilsomme ut: O4 - HKLM\..\Run: [clock download view tick] C:\Documents and Settings\All Users\Programdata\keepkindclockdownload\Eggs dent.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera BigDogPath Bundled with some software for digital cameras that use a USB connection. - what does it do and is it required? O4 - HKLM\..\Run: [Aim Axis Show Tick] C:\Documents and Settings\All Users\Programdata\platform itch aim axis\window open.exe Uansett, før du gjør noe med denne loggen, gjør følgende: Kjør windows update, last ned alle kritiske oppdateringer. Om automatiske oppdateringer er slått av, slå på dette. Så slår du av system recovery om dette er på. Høyre musknapp på min datamaskin, egenskaper, systemgjenoppretting/recovery, deaktiver på alle stasjoner. Skann med http://housecall.trendmicro.com (full scan) Skann med microsoft antispyware, spybot search and destroy og ad-aware. Reboot, blokker allt som ms antispyware rapporterer, og skann med alle 4 programmene igjen. Post så en ny hijackthislog, evt fortell om andre feilmeldinger som ms antispyware gir deg. www.microsoft.com www.safer-networking.de www.lavasoft.nu Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå