Jump to content
Sign in to follow this  
Followers 0
thamule

Sliter med virus og spyware, har hijack logg

By thamule, in IKT-drift og sikkerhet

Recommended Posts

thamule    13

thamule
Posted (edited)

Her er min Hijack-loggen min:

 

Sliter veldig med virus, spyware og masse anna dritt, er velldi takknemlig viss noen hadde giddet og sett gjennom.. :blush:

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:47:20, on 03.09.2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\FotoNation\EvLstnr.exe

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\WINDOWS\MXOALDR.EXE

C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe

C:\Programfiler\D-Tools\daemon.exe

C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\VM_STI.EXE

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Sony Ericsson\Mobile\audevicemgr.exe

c:\progra~1\intern~1\iexplore.exe

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE

c:\Programfiler\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe

C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

I:\navsetup.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\Programfiler\WinRAR\WinRAR.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\DOCUME~1\CHRIST~1.ING\LOKALE~1\Temp\Rar$EX00.062\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kmyofjebamrlnnyokocb.com/zxlM6B...AuokFAaWFN.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cgbxljhfcuhuzatc.net/zxlM6Byr9y...WfpNbGnKvOY.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.204.87.245:5000

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [EVENTLISTENER] C:\Programfiler\Fellesfiler\FotoNation\EvLstnr.exe

O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Programfiler\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KeyBoard] C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe

O4 - HKLM\..\Run: [clock download view tick] C:\Documents and Settings\All Users\Programdata\keepkindclockdownload\Eggs dent.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [Aim Axis Show Tick] C:\Documents and Settings\All Users\Programdata\platform itch aim axis\window open.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Tweak-XP Pro] "C:\Programfiler\Tweak-XP Pro 4\autostart.exe"

O4 - HKCU\..\Run: [TransTask] "C:\Programfiler\Tweak-XP Pro 4\transtask.exe"

O4 - HKCU\..\Run: [bib 64] C:\DOCUME~1\CHRIST~1.ING\PROGRA~1\CLOSEP~1\mail remote.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Phone Connection Monitor.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA6B115-AE98-4193-807C-14AB9874EF28}: NameServer = 192.168.1.1

O20 - AppInit_DLLs: MsgPlusLoader.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by blaster88

Share this post

Link to post

Alastor    2319

Alastor
Posted

Disse ser litt tvilsomme ut:

 

O4 - HKLM\..\Run: [clock download view tick] C:\Documents and Settings\All Users\Programdata\keepkindclockdownload\Eggs dent.exe

 

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

BigDogPath

Bundled with some software for digital cameras that use a USB connection. - what does it do and is it required?

 

O4 - HKLM\..\Run: [Aim Axis Show Tick] C:\Documents and Settings\All Users\Programdata\platform itch aim axis\window open.exe

 

Uansett, før du gjør noe med denne loggen, gjør følgende:

 

Kjør windows update, last ned alle kritiske oppdateringer. Om automatiske oppdateringer er slått av, slå på dette.

 

Så slår du av system recovery om dette er på. Høyre musknapp på min datamaskin, egenskaper, systemgjenoppretting/recovery, deaktiver på alle stasjoner.

 

Skann med http://housecall.trendmicro.com (full scan)

Skann med microsoft antispyware, spybot search and destroy og ad-aware. Reboot, blokker allt som ms antispyware rapporterer, og skann med alle 4 programmene igjen.

 

Post så en ny hijackthislog, evt fortell om andre feilmeldinger som ms antispyware gir deg.

 

www.microsoft.com

www.safer-networking.de

www.lavasoft.nu

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...