Josen91 Skrevet 21. desember 2006 Del Skrevet 21. desember 2006 heisannn, har hatt virus, og prøvd å fjerne det, men det fremdeles noe igjen virker det som. poster en hijackThis log --------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 17:30:07, on 21.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\PROGRA~1\FELLES~1\Stardock\SDMCP.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Razer\razerhid.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Razer\razerofa.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\Rundll32.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE C:\Programfiler\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Programfiler\Windows Media Connect 2\wmccfg.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\WINDOWS\system32\ctfmon.exe C:\programfiler\steam\steam.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\Programfiler\Skype\Phone\Skype.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Torjus\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} O4 - HKLM\..\Run: [razer] C:\Programfiler\Razer\razerhid.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Programfiler\Windows Media Connect 2\wmccfg.exe" /StartQuiet O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [WINDOWS] C:\pdwpamt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?b88a777659f443cc8fd956ea231fe57f O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?b88a777659f443cc8fd956ea231fe57f O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137417613093 O17 - HKLM\System\CCS\Services\Tcpip\..\{168E2851-1D8B-4164-907F-4889845EEAAA}: NameServer = 193.216.69.12 O17 - HKLM\System\CCS\Services\Tcpip\..\{A2915EDC-4B58-423C-8214-A4934A22C89D}: NameServer = 193.216.69.12 O17 - HKLM\System\CS1\Services\Tcpip\..\{168E2851-1D8B-4164-907F-4889845EEAAA}: NameServer = 193.216.69.12 O17 - HKLM\System\CS2\Services\Tcpip\..\{168E2851-1D8B-4164-907F-4889845EEAAA}: NameServer = 193.216.69.12 O17 - HKLM\System\CS3\Services\Tcpip\..\{168E2851-1D8B-4164-907F-4889845EEAAA}: NameServer = 193.216.69.12 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FELLES~1\Stardock\mcpstub.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Lenke til kommentar
Demantios Skrevet 21. desember 2006 Del Skrevet 21. desember 2006 Stusser lit over den her: O4 - HKLM\..\Run: [WINDOWS] C:\pdwpamt.exe Ellerså anbefaler jeg deg å scanne loggen på www.hijackthis.de Lenke til kommentar
Gjest medlem-105082 Skrevet 21. desember 2006 Del Skrevet 21. desember 2006 (endret) O4 - HKLM\..\Run: [WINDOWS] C:\pdwpamt.exe burde slettes. Anbefaler også å ta en scan med SAS Oppdater, kjør, slett alt den finner. Endret 21. desember 2006 av medlem-105082 Lenke til kommentar
Gjest medlem-105082 Skrevet 21. desember 2006 Del Skrevet 21. desember 2006 (endret) Avinstaller "SweetIM" fra legg til å fjern programmer. Det burde du ikke ha på pc'en. Endret 21. desember 2006 av medlem-105082 Lenke til kommentar
Demantios Skrevet 21. desember 2006 Del Skrevet 21. desember 2006 Avinstaller "SweetIM" fra legg til å fjern programmer. Det burde du ikke ha på pc'en. 7550580[/snapback] Det gjør nå ingen skade bortsett fra å spamme ned kameratene hans på msn Lenke til kommentar
Gjest medlem-105082 Skrevet 21. desember 2006 Del Skrevet 21. desember 2006 Ashampoo Antispyware, CA eTrust PestPatrol og Emisoft A2 melder om at det inneholder spyware. <SweetIM Spyware: Name: Logger.Agent.gk - Category: Key Logger : (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans).> Lenke til kommentar
p@ge Skrevet 21. desember 2006 Del Skrevet 21. desember 2006 Ashampoo Antispyware, CA eTrust PestPatrol og Emisoft A2 melder om at det inneholder spyware. <SweetIM Spyware: Name: Logger.Agent.gk - Category: Key Logger : (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans).> 7550695[/snapback] les dette: http://www.fbmsoftware.com/spyware-net/Application/sweetim/ Lenke til kommentar
Gjest medlem-105082 Skrevet 21. desember 2006 Del Skrevet 21. desember 2006 Da er det jo ord mot ord. Rart at 3 virus programmer gjenkjenner det som virus. Men han får ha det hvis han vil Lenke til kommentar
Josen91 Skrevet 21. desember 2006 Forfatter Del Skrevet 21. desember 2006 Da er det jo ord mot ord. Rart at 3 virus programmer gjenkjenner det som virus. Men han får ha det hvis han vil 7550781[/snapback] Har fikksa det nå... takk fpr hjelpen!! GOD JUL! Lenke til kommentar
p@ge Skrevet 21. desember 2006 Del Skrevet 21. desember 2006 Da er det jo ord mot ord. Rart at 3 virus programmer gjenkjenner det som virus. Men han får ha det hvis han vil 7550781[/snapback] jeg scanned selv med nod32, med superanti-spyware og ad-aware. disse fant også ingenting. men men, man vet aldri Lenke til kommentar
Gjest medlem-105082 Skrevet 21. desember 2006 Del Skrevet 21. desember 2006 (endret) ..... 7550781[/snapback] Har fikksa det nå... takk fpr hjelpen!! GOD JUL! 7551243[/snapback] Bra! God jul til deg og Blablabla 7550781[/snapback] jeg scanned selv med nod32, med superanti-spyware og ad-aware. disse fant også ingenting. men men, man vet aldri 7551297[/snapback] Hehe, nei, det er sant. Jeg har ikke noe formening om det inneholder virus eller ikke, fant bare informasjonen på internett Men han har vist fått fikset det nå, så da er jo alt i orden. Endret 21. desember 2006 av medlem-105082 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå