JoaJoa Skrevet 18. mai 2007 Del Skrevet 18. mai 2007 (endret) Kom tilbake fra middag, og laptopen hadde skrudd seg av. Starter den opp og får en masse feilmeldinger, om at explorer.exe, svchost.exe, smss.exe, services.exe osv "ikke er en gyldig bildefil" og det var noe om at problemet var perfc000.dat som låg i windows/system32/. Jeg slettet denne, og restartet. Fikk ikke noen ny feilmelding, men jeg TVILER sterkt på at det er så enkelt? Garantert "rester" igjen. Igår fikk jeg en melding fra virusprogrammer NOD32, om at det var noe jall med svchost.exe, jeg trykket ok, og tenkte ikke så mye mer over det. Kan alt dette ha noen sammenheng? Kjørte en Hijack this, og det hadde vært fint om noen kunne tatt seg tid til å sjekke denne. Har nettopp innstallert windows xp på nytt, da hd'en gikk til dundas, så er midlertidig lei å innstallere alle progsa på nytt nå Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 15:25:35, on 18.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe F:\Progs\Creative\Drivers External\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RunDll32.exe C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\Programfiler\Eset\nod32kui.exe F:\Progs\DU Meter\DUMeter.exe F:\Progs\Notebook Hardware Control\nhc.exe C:\WINDOWS\system32\rundll32.exe F:\Mobil\Sony Ericsson PC Suite\Application Launcher\Application Launcher.exe F:\Progs\Launch Manager\LaunchAp.exe F:\Progs\Launch Manager\HotkeyApp.exe F:\Progs\Launch Manager\OSD.exe F:\Progs\Launch Manager\Wbutton.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe F:\Progs\Creative\Mediasource\RemoteControl\RCMan.EXE C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe F:\Progs\Acrobat Reader\Reader\reader_sl.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe F:\Mobil\Sony Ericsson PC Suite\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe F:\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Progs\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CTSysVol] F:\Progs\Creative\Drivers External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [DU Meter] F:\Progs\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [NotebookHardwareControl] "F:\Progs\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sony Ericsson PC Suite] "F:\Mobil\Sony Ericsson PC Suite\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [LaunchAp] F:\Progs\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] F:\Progs\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] F:\Progs\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] F:\Progs\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "F:\Progs\Launch Manager\Wbutton.exe" O4 - HKCU\..\Run: [RemoteCenter] F:\Progs\Creative\Mediasource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [98w1b83uif6kq6] C:\DOCUME~1\Roaro\LOKALE~1\Temp\crasos.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Progs\Acrobat Reader\Reader\AdobeCollabSync.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = F:\Progs\Acrobat Reader\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://F:\Progs\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Progs\OFFICE~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe Endret 18. mai 2007 av JoaJoa Lenke til kommentar
norbat Skrevet 18. mai 2007 Del Skrevet 18. mai 2007 Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\DOCUME~1\Roaro\LOKALE~1\Temp\crasos.exe C:\WINDOWS\system32\perfc000.dat Klikk på Trafikklyset. Restart pc'n. Hent CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Hent SAS, installer, oppdater og kjør en full (Complete) scan. Etter en restart, poster du en ny HJT-logg + loggen fra SAS (preferences->statistics/logs) Lenke til kommentar
JoaJoa Skrevet 18. mai 2007 Forfatter Del Skrevet 18. mai 2007 Takker for rask hjelp! Ny HJT logg: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 16:59:57, on 18.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe F:\Progs\Creative\Drivers External\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RunDll32.exe C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\Programfiler\Eset\nod32kui.exe F:\Progs\DU Meter\DUMeter.exe F:\Progs\Notebook Hardware Control\nhc.exe C:\WINDOWS\system32\rundll32.exe F:\Mobil\Sony Ericsson PC Suite\Application Launcher\Application Launcher.exe F:\Progs\Launch Manager\LaunchAp.exe F:\Progs\Launch Manager\HotkeyApp.exe F:\Progs\Launch Manager\OSD.exe F:\Progs\Launch Manager\Wbutton.exe F:\Progs\Creative\Mediasource\RemoteControl\RCMan.EXE C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Programfiler\Messenger\msmsgs.exe F:\Progs\SuperAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe F:\Mobil\Sony Ericsson PC Suite\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Java\jre1.5.0_11\bin\jucheck.exe C:\Documents and Settings\Roaro\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Progs\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CTSysVol] F:\Progs\Creative\Drivers External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [DU Meter] F:\Progs\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [NotebookHardwareControl] "F:\Progs\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sony Ericsson PC Suite] "F:\Mobil\Sony Ericsson PC Suite\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [LaunchAp] F:\Progs\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] F:\Progs\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] F:\Progs\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] F:\Progs\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "F:\Progs\Launch Manager\Wbutton.exe" O4 - HKCU\..\Run: [RemoteCenter] F:\Progs\Creative\Mediasource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [98w1b83uif6kq6] C:\DOCUME~1\Roaro\LOKALE~1\Temp\crasos.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] F:\Progs\SuperAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Progs\Acrobat Reader\Reader\AdobeCollabSync.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = F:\Progs\Acrobat Reader\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://F:\Progs\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Progs\OFFICE~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat O20 - Winlogon Notify: !SASWinLogon - F:\Progs\SuperAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe SAS logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 05/18/2007 at 04:45 PM Application Version : 3.7.1018 Core Rules Database Version : 3240 Trace Rules Database Version: 1251 Scan type : Complete Scan Total Scan Time : 00:25:31 Memory items scanned : 490 Memory threats detected : 0 Registry items scanned : 5518 Registry threats detected : 4 File items scanned : 30514 File threats detected : 3 Trojan.Net-DriverRK HKLM\System\ControlSet001\Services\Upl38 C:\WINDOWS\SYSTEM32\UPL38.SYS HKLM\System\ControlSet002\Services\Upl38 HKLM\System\ControlSet003\Services\Upl38 HKLM\System\CurrentControlSet\Services\Upl38 Adware.Tracking Cookie C:\Documents and Settings\Roaro\Cookies\[email protected][1].txt C:\Documents and Settings\Roaro\Cookies\roaro@cgi-bin[2].txt Lenke til kommentar
norbat Skrevet 18. mai 2007 Del Skrevet 18. mai 2007 Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O4 - HKCU\..\Run: [98w1b83uif6kq6] C:\DOCUME~1\Roaro\LOKALE~1\Temp\crasos.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Restart i sikker modus (tapp F8 under oppstart) Bruk utforsker til å finne og slett (i fet): C:\DOCUME~1\Roaro\LOKALE~1\Temp\crasos.exe (~1 = forkortelse) C:\WINDOWS\system32\perfc000.dat Kjør en rens med CCleaner Restart i normal tilstand og post en ny HJT-logg Lenke til kommentar
JoaJoa Skrevet 18. mai 2007 Forfatter Del Skrevet 18. mai 2007 hmm. Det gikk ikke helt smertefritt. Når jeg trykket fix problems, fikk jeg opp en feilmelding "an unexpected problem has occured at procedure modbackup "O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat" Error #5... eller noe i den duren". Kjørte en ny hijack rett etterpå, men da var begge linjene borte, så det såg ut til at de ble fixet den første gangen. Kjørte så i sikkermodus, men ingen av de to filene var der. De eksisterte ikke. Restarter og kjørte hijack på nytt: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 17:52:22, on 18.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\Explorer.EXE C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe F:\Progs\Creative\Drivers External\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RunDll32.exe C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\Programfiler\Eset\nod32kui.exe F:\Progs\DU Meter\DUMeter.exe F:\Progs\Notebook Hardware Control\nhc.exe C:\WINDOWS\system32\rundll32.exe F:\Mobil\Sony Ericsson PC Suite\Application Launcher\Application Launcher.exe F:\Progs\Launch Manager\LaunchAp.exe F:\Progs\Launch Manager\HotkeyApp.exe F:\Progs\Launch Manager\OSD.exe F:\Progs\Launch Manager\Wbutton.exe F:\Progs\Creative\Mediasource\RemoteControl\RCMan.EXE C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Programfiler\Messenger\msmsgs.exe F:\Progs\SuperAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe F:\Progs\Acrobat Reader\Reader\reader_sl.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe F:\Mobil\Sony Ericsson PC Suite\Mobile Phone Monitor\epmworker.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Roaro\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Progs\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CTSysVol] F:\Progs\Creative\Drivers External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [DU Meter] F:\Progs\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [NotebookHardwareControl] "F:\Progs\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sony Ericsson PC Suite] "F:\Mobil\Sony Ericsson PC Suite\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [LaunchAp] F:\Progs\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] F:\Progs\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] F:\Progs\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] F:\Progs\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "F:\Progs\Launch Manager\Wbutton.exe" O4 - HKCU\..\Run: [RemoteCenter] F:\Progs\Creative\Mediasource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] F:\Progs\SuperAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Progs\Acrobat Reader\Reader\AdobeCollabSync.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = F:\Progs\Acrobat Reader\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://F:\Progs\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Progs\OFFICE~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: !SASWinLogon - F:\Progs\SuperAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe Lenke til kommentar
norbat Skrevet 18. mai 2007 Del Skrevet 18. mai 2007 (endret) Loggen er ren Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Du bør oppdatere JAVA: http://java.com/en/download/index.jsp Hvordan kjører pc'n? Endret 18. mai 2007 av norbat Lenke til kommentar
JoaJoa Skrevet 18. mai 2007 Forfatter Del Skrevet 18. mai 2007 Da var Java'en oppgradert. Alt ser ut til å fungere bra nå ja Takker for all hjelpa! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå