Gjest medlem-105082 Skrevet 16. oktober 2006 Del Skrevet 16. oktober 2006 (endret) Hei, Tok en spyware scan over internett men jeg kan såklart ikke fikse problemene før jeg kjøper full pakke. Men uansett, fant noen "critical" objekter, trojan, noe bearshare greier (har forresten aldri innstalert bearshare på min datamaskin, så skjønner ikke hvordan den kan oppstå) osv. Derfor legger jeg ut en Hijackthis log, så får dere se om det er noe jeg burde fjerne. Logfile of HijackThis v1.99.1Scan saved at 00:03:43, on 17.10.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\devldr32.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\LimeWire\LimeWire.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Alwil Software\Avast4\ashSimpl.exe C:\Documents and Settings\Tommy\Skrivebord\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) Endret 17. oktober 2006 av medlem-105082 Lenke til kommentar
Gjest medlem-105082 Skrevet 17. oktober 2006 Del Skrevet 17. oktober 2006 Ingen som ser noe å fjerne? Lenke til kommentar
Erelend Skrevet 17. oktober 2006 Del Skrevet 17. oktober 2006 Lim den inn her: http://www.hijackthis.de/ Fant inget rusk nei... Lenke til kommentar
norbat Skrevet 17. oktober 2006 Del Skrevet 17. oktober 2006 (endret) Tok en spyware scan over internett men jeg kan såklart ikke fikse problemene før jeg kjøper full pakke. Hvilken onlinescanner brukte du? Endret 17. oktober 2006 av norbat Lenke til kommentar
Gjest medlem-105082 Skrevet 18. oktober 2006 Del Skrevet 18. oktober 2006 (endret) Tok en spyware scan over internett men jeg kan såklart ikke fikse problemene før jeg kjøper full pakke. Hvilken onlinescanner brukte du? 7093053[/snapback] Var på noe windows protection etelleranna.. Men tok en søk med ad-aware og SAS, men fant ikke noe spessielt. Skulle ikke forundre meg om det var en jukse side. Endret 18. oktober 2006 av medlem-105082 Lenke til kommentar
Gjest medlem-105082 Skrevet 18. oktober 2006 Del Skrevet 18. oktober 2006 Lim den inn her: http://www.hijackthis.de/ Fant inget rusk nei... 7092290[/snapback] Ok, skal gjøre det. Takk for at du så over Lenke til kommentar
Gjest medlem-105082 Skrevet 18. oktober 2006 Del Skrevet 18. oktober 2006 Den online hijackthis analysereren fant dette som "possibly nasty": R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: og R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm Er det bare å fjerne eller? Lenke til kommentar
Demantios Skrevet 18. oktober 2006 Del Skrevet 18. oktober 2006 neinei, det er bare fordi det kan være startsider med reklame. loggen ser clean ut den Lenke til kommentar
Gjest medlem-105082 Skrevet 19. oktober 2006 Del Skrevet 19. oktober 2006 neinei, det er bare fordi det kan være startsider med reklame. loggen ser clean ut den 7096050[/snapback] Ok, takk Lenke til kommentar
jjjhhhsss Skrevet 19. oktober 2006 Del Skrevet 19. oktober 2006 Kan noen se over denne loggen? På forhånd takk! Logfile of HijackThis v1.99.1 Scan saved at 13:16:01, on 19.10.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\System32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\Programfiler\Apoint2K\Apoint.exe D:\WINDOWS\AGRSMMSG.exe D:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Norman\bin\ZLH.EXE D:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\Windows Defender\MSASCui.exe D:\Programfiler\Apoint2K\Apntex.exe D:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe D:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe D:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Programfiler\QuickTime\qttask.exe D:\programfiler\powerstrip\pstrip.exe D:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe C:\Programfiler\iTunes\iTunesHelper.exe D:\Programfiler\HP\hpcoretech\hpcmpmgr.exe D:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe D:\WINDOWS\system32\ctfmon.exe D:\Programfiler\Skype\Phone\Skype.exe D:\Programfiler\MSN Messenger\msgr.exe D:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe D:\Programfiler\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\Programfiler\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Norman\Npf\BIN\NPFSVICE.EXE C:\Norman\Bin\Zanda.exe D:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe D:\WINDOWS\System32\svchost.exe D:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Programfiler\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe D:\Programfiler\Linksys\Wireless-G Notebook Adapter\Gcc.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Norman\Nvc\bin\nvcoas.exe C:\PHP\XAMPP\xampp\mysql\bin\winmysqladmin.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE D:\WINDOWS\System32\wbem\wmiprvse.exe C:\Norman\Nvc\BIN\nipsvc.exe C:\Norman\Nvc\BIN\NIP.EXE D:\Programfiler\HP\hpcoretech\comp\hptskmgr.exe D:\Programfiler\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\Norman\Nvc\bin\cclaw.exe C:\Norman\Npf\BIN\npfmsg2.exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\System32\alg.exe D:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Mozilla Firefox\firefox.exe D:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE D:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe D:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe D:\Documents and Settings\Jarle\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwplatt.edu/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Apoint] D:\Programfiler\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] "D:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cpqset] D:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [intelliPoint] "D:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [spywarefighterguard] C:\Programfiler\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [spySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PowerStrip] d:\programfiler\powerstrip\pstrip.exe O4 - HKLM\..\Run: [PC Suite for Smartphones] "D:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Component Manager] "D:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [eabconfg.cpl] D:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spyware Doctor] "C:\Programfiler\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [skype] "D:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "D:\Programfiler\MSN Messenger\msgr.exe" /background O4 - HKCU\..\Run: [mRouterConfig] "D:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" O4 - Startup: WinMySQLadmin.lnk = C:\PHP\XAMPP\xampp\mysql\bin\winmysqladmin.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programfiler\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = D:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programfiler\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe O4 - Global Startup: Phone Connection Monitor.lnk = ? O4 - Global Startup: Wireless-G Notebook Adapter.lnk = D:\Programfiler\Linksys\Wireless-G Notebook Adapter\Gcc.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146856916421 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apache2.2 - Unknown owner - C:\Programfiler\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: MySQL - Unknown owner - C:\Programfiler\MySQL\MySQL.exe (file missing) O23 - Service: NICSer_WPC54G - Unknown owner - D:\Programfiler\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe Lenke til kommentar
norbat Skrevet 19. oktober 2006 Del Skrevet 19. oktober 2006 Ser greit ut. De linjene som har (file missing) kan slettes. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå