kekjo Skrevet 21. oktober 2006 Skrevet 21. oktober 2006 hei, lurer på om pc`n min kan være infisert av trojan/virus...da den er veldig treig. Har kjørt HijackThis etter vanlig oppstart av windows. Log er som følger: Logfile of HijackThis v1.99.1 Scan saved at 12:44:56, on 21.10.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Olympus\DeviceDetector\DM1Service.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\carpserv.exe C:\Programfiler\Eset\nod32kui.exe D:\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe D:\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programfiler\Olympus\DeviceDetector\DevDtct2.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\wuauclt.exe D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Programfiler\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\xdeee.exe O4 - HKCU\..\Run: [PcSync] D:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Startup: .protected O4 - Global Startup: .protected O4 - Global Startup: Device Detector 2.lnk = C:\Programfiler\Olympus\DeviceDetector\DevDtct2.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: winrgp32 - winrgp32.dll (file missing) O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DM1Service - OLYMPUS Corporation - C:\Programfiler\Olympus\DeviceDetector\DM1Service.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe Lurer på om det er noe skummelt her: O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\xdeee.exe O20 - Winlogon Notify: winrgp32 - winrgp32.dll (file missing)Velger jeg info om 020-winlogon Notify står det: files specified in the AppInit_Dlls Registry value are loaded very early in windows startup and stay in memory until system shutdown.This way of loading a .dll is hardly ever used,exept by trojans.The Winlogon Notify Registry subkeys load dll files into memory at aboat same point in the boot process,keeping them loaded into memory until session ends.Apart from several windows system components the prog vx2,ABetterInternet and Look2me use this Registry keys.Since both metods ensure the dll file stays loaded in memory,fixing this wont help if the dll puts back the registry value immediately.In such case "delete file on reboot or killbox is recommended to delete the file. mvh. kekjo
GeirGrusom Skrevet 21. oktober 2006 Skrevet 21. oktober 2006 xdeee.exe ville jeg fjernet carpserv.exe er til et modem av et eller annet slag, vet ikke om du trenger den. Slett winrgp32, tror ikke den spiller noen rolle though, siden det står "file missing" er den kanskje slettet av nod32.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå