[løst]Mistenker keylogger, Highjackthis logg

[Kontorstol]

Hei!

 

Jeg tok et søk med Spyware Docktor, og det fant et spyware som hadde ofte hadde keylogger og andre uhumskheter i seg...

 

Trojan.Spy.Delf.UC  HKLM\SOFTWARE\Tencent  High

Trojan.Spy.Delf.UC  HKLM\SOFTWARE\Tencent##  High

Trojan.Spy.Delf.UC  HKLM\SOFTWARE\Tencent\PLATFORM_TYPE_LIST  High

Trojan.Spy.Delf.UC  HKLM\SOFTWARE\Tencent\PLATFORM_TYPE_LIST##  High

Trojan.Spy.Delf.UC  HKLM\SOFTWARE\Tencent\PLATFORM_TYPE_LIST\1  High

Trojan.Spy.Delf.UC  HKLM\SOFTWARE\Tencent\PLATFORM_TYPE_LIST\1##  High

 

Så fjernet jeg det med Spyware Doctor, men er usikker på om det ble fjernet helt, så kan noen se gjennom Highjackthis logg?

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 03:07:03, on 01.05.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

d:\Programfiler\Avast\aswUpdSv.exe

d:\Programfiler\Avast\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

D:\PROGRA~1\Avast\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programfiler\PrintScreen\PrintScreen.exe

C:\WINDOWS\system32\svchost.exe

d:\Programfiler\Avast\ashMaiSv.exe

d:\Programfiler\Avast\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

D:\PROGRA~1\Firefox\firefox.exe

D:\Programfiler\uTorrent\utorrent.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\wisptis.exe

C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe

C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\LVComSX.exe

C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe

C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe

D:\Programfiler\Spyware Doctor\swdoctor.exe

D:\Filer\Downlaod\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euchannels.net/web/ramme.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\Avast\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "D:\Programfiler\PrintScreen\PrintScreen.exe" /nosplash

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programfiler\Avast\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - d:\Programfiler\Avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programfiler\Avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programfiler\Avast\ashWebSv.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe

 

--

End of file - 5878 bytes

[norbat]

Loggen ser fin ut den, Kontorstol, og SD tar fint denne Trojaneren.

[Kontorstol]

Loggen ser fin ut den, Kontorstol, og SD tar fint denne Trojaneren.

8509666[/snapback]

 

ok

 

Da kan denne tråden stenges

[tom waits for alice]

Saken er løst, og/-eller trådstarter har bedt om stenging. Ønskes saken gjenoptatt kan dette innlegget rapportères, og tråden vil bli vurdert gjenåpnet.