ehv Skrevet 29. mars 2007 Del Skrevet 29. mars 2007 Er det noen som kan hjelpe? Legger ved hijacklog og loggen fra nod32 scanning. Lenke til kommentar
norbat Skrevet 29. mars 2007 Del Skrevet 29. mars 2007 Hei, ehv Klikk på 'Rediger' knappen i posten din og kopier og lim inn HJT-loggen Lenke til kommentar
ehv Skrevet 29. mars 2007 Forfatter Del Skrevet 29. mars 2007 Er det noen som kan hjelpe? Legger ved hijacklog og loggen fra nod32 scan Logfile of HijackThis v1.99.1 Scan saved at 21:31:47, on 29.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\EzButton\CPATR10.EXE C:\Programfiler\TOSHIBA\E-KEY\CeEKey.exe C:\Programfiler\TOSHIBA\TouchPadNF\TPTray.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Eset\nod32.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Eeva\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE O4 - HKLM\..\Run: [CeEKey.exe] C:\Programfiler\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [soundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd O4 - HKLM\..\Run: [TPNF] C:\Programfiler\TOSHIBA\TouchPadNF\TPTray.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_11\bin\jusched.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_11\bin\npjpi142_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_11\bin\npjpi142_11.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe log scan av nod32 Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Lenke til kommentar
ehv Skrevet 29. mars 2007 Forfatter Del Skrevet 29. mars 2007 Er det noen som kan hjelpe? Legger ved hijacklog og loggen fra nod32 scan Logfile of HijackThis v1.99.1 Scan saved at 21:31:47, on 29.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\EzButton\CPATR10.EXE C:\Programfiler\TOSHIBA\E-KEY\CeEKey.exe C:\Programfiler\TOSHIBA\TouchPadNF\TPTray.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Eset\nod32.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Eeva\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE O4 - HKLM\..\Run: [CeEKey.exe] C:\Programfiler\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [soundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd O4 - HKLM\..\Run: [TPNF] C:\Programfiler\TOSHIBA\TouchPadNF\TPTray.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_11\bin\jusched.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_11\bin\npjpi142_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_11\bin\npjpi142_11.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe log scan av nod32 Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. Time Module Object Name Threat Action User Information 29.03.2007 15:51:29 AMON file C:\Programfiler\Error Safe Free\ersd.sys Win32/Rootkit.Agent.AF trojan error while Cleaning - operation unavailable for this type of object TOSHIBA\Eeva Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. 8269228[/snapback] Lenke til kommentar
Znoken Skrevet 29. mars 2007 Del Skrevet 29. mars 2007 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab Fjern disse og gå deretter inn på Norbat sin guide for og fjerne virus og spywaren.... Er en veldig bra guide og følge... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå