rankine Skrevet 18. november 2008 Del Skrevet 18. november 2008 Jeg poster en logg for en venn her, så hadde vært fint om noen kunne ta en titt på den. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:37, on 2008-11-18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\FolderSize\FolderSizeSvc.exe C:\Programfiler\Dell\OpenManage\Client\Iap.exe C:\Programfiler\Symantec\Ghost\ngctw32.exe C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe C:\Programfiler\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\WINDOWS\system32\dllhost.exe C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\system32\dllhost.exe C:\Programfiler\Norman\nse\bin\NSESVC.EXE C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\Explorer.EXE C:\Programfiler\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Programfiler\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\DellTPad\Apoint.exe C:\Programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Programfiler\DellTPad\ApMsgFwd.exe C:\Programfiler\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\KADxMain.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\DellTPad\Apntex.exe C:\Programfiler\DellTPad\HidFind.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE c:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE C:\Programfiler\Symantec\Ghost\ngtray.exe C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Opera\opera.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.nes.vgs.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nes.vgs.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programfiler\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programfiler\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Apoint] C:\Programfiler\DellTPad\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [WavXMgr] C:\Programfiler\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [secureUpgrade] C:\Programfiler\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [KADxMain] c:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [ATICCC] "c:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [NGTray] "C:\Programfiler\Symantec\Ghost\ngtray.exe" O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [LaunchList] C:\Programfiler\Pinnacle\Studio 9\LaunchList.exe O4 - HKLM\..\Run: [Messenger Service] service.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Magic Boss Key] C:\Programfiler\Magicboss\mgboss.exe -min O4 - HKLM\..\Run: [e031178a] rundll32.exe "C:\WINDOWS\system32\badyjnhv.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = C:\Programfiler\Digital Line Detect\DLG.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211190411190 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.vgsa.no O17 - HKLM\Software\..\Telephony: DomainName = local.vgsa.no O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local.vgsa.no O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Programfiler\FolderSize\FolderSizeSvc.exe O23 - Service: Iap - Dell Inc. - C:\Programfiler\Dell\OpenManage\Client\Iap.exe O23 - Service: Symantec Ghost Client Agent (NGCLIENT) - Symantec Corporation - C:\Programfiler\Symantec\Ghost\ngctw32.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programfiler\Norman\nse\bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Programfiler\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Programfiler\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Programfiler\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Programfiler\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- End of file - 11606 bytes Lenke til kommentar
r2d290 Skrevet 18. november 2008 Del Skrevet 18. november 2008 Følg veiledningen som jeg har linket til i øverste link i signaturen min, og post MBAM-logg, combofix og ny hijackthis-logg Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå