Scullyy Skrevet 9. juli 2007 Del Skrevet 9. juli 2007 (endret) Super trojansk hest som ikke vil vekk. Har prøvd: TrojanHunter, Spynomore, AVG, SpyHunter, Spyware Doctor, eTrust. Det eneste programmet som finner hesten er Spynomore, men det koster penger å fjerne, og jeg gidder ikke betale for et program jeg sikkert bare kommer til å bruke en gang. Noen andre som har hatt det samme problemet og vet om et gratis program som fjerner hesten? Takk. PS. Jeg tror jeg fikk den fra å laste ned en såkalt "Video codec" fra en "funny videos" side :/ Endret 9. juli 2007 av Scullyy Lenke til kommentar
norbat Skrevet 9. juli 2007 Del Skrevet 9. juli 2007 Hva var det som gjorde at du ble oppmerksom på denne trojaneren? Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Scullyy Skrevet 9. juli 2007 Forfatter Del Skrevet 9. juli 2007 (endret) Får hele tiden Popups med virus prgram som liksom skal fjerne hesten. Og masse irriterende advarsel: Klikk for å se/fjerne innholdet nedenfor Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:40:36, on 09.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Lenovo\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\PMSveH.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Spyware Doctor\svcntaux.exe C:\Programfiler\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\IBM ThinkVantage\Common\Logger\logmon.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe C:\WINDOWS\system32\PMHandler.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\vsnp2std.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\Spyware Doctor\SDTrayApp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\CA\eTrust Internet Security Suite\caissdt.exe C:\Programfiler\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.167.229.3:53 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MSVPS System - {100B21CD-3B97-44FB-B1C0-EA6249E482E8} - C:\WINDOWS\ddesupport.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TPWAUDAP] C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [suScheduler] C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "c:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe O4 - HKLM\..\Run: [cssauthe] "C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ACTray] C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [sDTray] C:\Programfiler\Spyware Doctor\SDTrayApp.exe O4 - HKLM\..\Run: [spyHunter] C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 4.7\THGuard.exe" O4 - HKLM\..\Run: [sNM] C:\Programfiler\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [CaISSDT] "C:\Programfiler\CA\eTrust Internet Security Suite\caissdt.exe" O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programfiler\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{6B4B5177-D864-42EB-9435-128BA6B7DC9C}: NameServer = 10.88.0.2 O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O21 - SSODL: msole - {92E5F3A8-FE76-4EE8-A77F-306047E3C2DE} - C:\WINDOWS\msole.dll O21 - SSODL: msdde - {1A27E719-8412-4E04-A72C-F81BAB27E0F0} - C:\WINDOWS\msdde.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: P2P-VPN Network Service (p2p_peer) - Unknown owner - C:\Programfiler\NatNix\p2p_peer.exe (file missing) O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\swdsvc.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 11003 bytes Endret 9. juli 2007 av Scullyy Lenke til kommentar
norbat Skrevet 9. juli 2007 Del Skrevet 9. juli 2007 (endret) Edit: Ja, det er vel ikke til å unngå å legge merke til den Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Last deretter ned SAS, installer, oppdater og kjør en full (Complete) scan. Post loggfilen fra combofix (vanligvis c:\combofix.txt), loggen fra SAS (preferences->statistics/logs) + ny HJT-logg Endret 10. juli 2007 av norbat Lenke til kommentar
Scullyy Skrevet 9. juli 2007 Forfatter Del Skrevet 9. juli 2007 Hva i...? Det klarte å fjerne det tror jeg? Prøvd netsen alt mulig og så prøver jeg et program som det ser ut som ble laget i 1980, og det funker :O Takk for hjelpen! Klikk for å se/fjerne innholdet nedenfor "Thomas Lange" - 2007-07-09 20:01:44 - ComboFix 07-07-09.3 - Service Pack 2 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\THOMAS~1\FAVORI~1.\Error Cleaner.url C:\DOCUME~1\THOMAS~1\FAVORI~1.\Privacy Protector.url C:\DOCUME~1\THOMAS~1\FAVORI~1.\Spyware&Malware Protection.url C:\DOCUME~1\THOMAS~1\SKRIVE~1.\Error Cleaner.url C:\DOCUME~1\THOMAS~1\SKRIVE~1.\Privacy Protector.url C:\DOCUME~1\THOMAS~1\SKRIVE~1.\Spyware&Malware Protection.url C:\WINDOWS\dat.txt C:\WINDOWS\ddesupport.dll C:\WINDOWS\main_uninstaller.exe C:\WINDOWS\msdde.dll C:\WINDOWS\msole.dll C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\rs.txt ((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 ))))))))))))))))))))))))))))))) 2007-07-09 20:01 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-09 19:40 <DIR> d-------- C:\Programfiler\Trend Micro 2007-07-08 19:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\CA 2007-07-08 19:05 <DIR> d-------- C:\Programfiler\Fellesfiler\Scanner 2007-07-08 19:05 <DIR> d-------- C:\Programfiler\CA 2007-07-08 18:12 1,152 --a------ C:\WINDOWS\system32\windrv.sys 2007-07-08 18:12 <DIR> d-------- C:\Programfiler\SpyNoMore 2007-07-08 18:04 <DIR> d-------- C:\DOCUME~1\THOMAS~1\PROGRA~1\TrojanHunter 2007-07-08 18:03 <DIR> d-------- C:\Programfiler\TrojanHunter 4.7 2007-07-05 16:14 <DIR> d-------- C:\Programfiler\Enigma Software Group 2007-07-05 04:10 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-07-05 04:10 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-07-05 04:10 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-07-05 04:10 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-07-05 04:10 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-07-05 03:43 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-07-05 03:43 <DIR> d-------- C:\Programfiler\Spyware Doctor 2007-07-05 03:43 <DIR> d-------- C:\DOCUME~1\THOMAS~1\PROGRA~1\PC Tools 2007-07-03 02:42 <DIR> d-------- C:\Programfiler\SystemRequirementsLab 2007-06-29 16:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\PCDr 2007-06-19 22:45 <DIR> d-------- C:\Programfiler\Emulators 2007-06-10 22:01 <DIR> d-------- C:\Programfiler\DC++ (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-08 17:14:23 -------- d-----w C:\DOCUME~1\THOMAS~1\PROGRA~1\Azureus 2007-07-08 16:49:22 1,476 ----a-w C:\WINDOWS\mozver.dat 2007-07-08 15:17:16 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS 2007-06-29 20:27:34 -------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-06-29 20:02:05 21,840 -----tw C:\WINDOWS\system32\SIntfNT.dll 2007-06-29 20:02:05 17,212 -----tw C:\WINDOWS\system32\SIntf32.dll 2007-06-29 20:02:05 12,067 -----tw C:\WINDOWS\system32\SIntf16.dll 2007-06-29 14:34:05 -------- d-----w C:\Programfiler\PCDR5 2007-06-28 22:42:13 -------- d-----w C:\DOCUME~1\THOMAS~1\PROGRA~1\dvdcss 2007-06-28 15:56:46 43,520 ------w C:\WINDOWS\system32\CmdLineExt03.dll 2007-06-25 23:04:08 -------- d-----w C:\Programfiler\Steam 2007-06-23 13:04:32 -------- d-----w C:\DOCUME~1\THOMAS~1\PROGRA~1\Hamachi 2007-06-17 21:31:41 -------- d-----w C:\DOCUME~1\THOMAS~1\PROGRA~1\OpenOffice.org2 2007-06-09 13:11:00 -------- d-----w C:\Programfiler\QuickTime 2007-06-06 08:26:52 -------- d-----w C:\Programfiler\Apple Software Update 2007-05-31 16:57:50 73,216 ------w C:\WINDOWS\ST6UNST.EXE 2007-05-31 00:09:46 25,544 ------w C:\WINDOWS\system32\drivers\hamachi.sys 2007-05-19 16:28:15 -------- d-----w C:\Programfiler\MSN Messenger 2007-05-16 15:19:43 683,520 ------w C:\WINDOWS\system32\inetcomm.dll 2007-05-10 16:40:52 -------- d-----w C:\Programfiler\SMI2 2007-05-03 19:00:35 108,144 ------w C:\WINDOWS\system32\CmdLineExt.dll 2007-04-26 21:50:40 52,736 ------w C:\WINDOWS\ipuninst.exe 2007-04-25 14:23:31 144,896 ------w C:\WINDOWS\system32\schannel.dll 2007-04-21 13:14:47 0 ------w C:\WINDOWS\nsreg.dat 2007-04-18 16:15:14 2,854,400 ------w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ------w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ------w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ------w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ------w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ------w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ------w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ------w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ------w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-01-12 20:38 63128 --------- C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --------- C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2005-12-04 17:33 C:\WINDOWS\system32\nwiz.exe] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-10-28 17:58] "Snarvei til egenskapsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe] "TPHOTKEY"="C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe" [2005-12-20 20:47] "TPWAUDAP"="C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe" [2005-12-10 08:29] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:50 C:\WINDOWS\AGRSMMSG.exe] "suScheduler"="C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 17:32] "ISUSPM Startup"="c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50] "ISUSScheduler"="c:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50] "OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-02-28 00:20] "LPManager"="C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe" [2005-12-07 01:00] "cssauthe"="C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2005-12-21 18:08] "DiskeeperSystray"="C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-29 10:55] "ACTray"="C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 13:09] "ACWLIcon"="C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 12:59] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "PCDrProfiler"="" [] "SDTray"="C:\Programfiler\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02] "SpyHunter"="C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 19:03] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-05 16:42] "THGuard"="C:\Programfiler\TrojanHunter 4.7\THGuard.exe" [2007-06-23 00:19] "SNM"="C:\Programfiler\SpyNoMore\SNM.exe" [2007-07-08 18:12] "CaISSDT"="C:\Programfiler\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42] "eTrustPPAP"="C:\Programfiler\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-04-20 18:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{92E5F3A8-FE76-4EE8-A77F-306047E3C2DE}"="C:\WINDOWS\msole.dll" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "c:\programfiler\steam\steam.exe" -silent Contents of the 'Scheduled Tasks' folder 2007-07-04 13:06:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-09 20:05:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-09 20:05:47 C:\ComboFix-quarantined-files.txt ... 2007-07-09 20:05 --- E O F --- Lenke til kommentar
norbat Skrevet 9. juli 2007 Del Skrevet 9. juli 2007 Fortsett med SAS og påfølgende logger, så tar vi en opprydding helt til slutt. Lenke til kommentar
Scullyy Skrevet 9. juli 2007 Forfatter Del Skrevet 9. juli 2007 (endret) *Fjernet* Endret 9. juli 2007 av Scullyy Lenke til kommentar
norbat Skrevet 9. juli 2007 Del Skrevet 9. juli 2007 Og dette skulle være hvilken logg? Hvis det var SAS-loggen, så den litt uvanlig ut Uansett, ny HJT-logg er ønskelig. Lenke til kommentar
Scullyy Skrevet 9. juli 2007 Forfatter Del Skrevet 9. juli 2007 (endret) Glemte det Fant ikke den SAS loggen da, men er er HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:49:39, on 09.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Lenovo\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\PMSveH.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Programfiler\IBM ThinkVantage\Common\Logger\logmon.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Lenovo\Bluetooth Software\BTTray.exe C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = *Fjernet* R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TPWAUDAP] C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [suScheduler] C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "c:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe O4 - HKLM\..\Run: [cssauthe] "C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent O4 - HKLM\..\Run: [ACTray] C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sNM] C:\Programfiler\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programfiler\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{6B4B5177-D864-42EB-9435-128BA6B7DC9C}: NameServer = 10.88.0.2 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: P2P-VPN Network Service (p2p_peer) - Unknown owner - C:\Programfiler\NatNix\p2p_peer.exe (file missing) O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 9611 bytes Endret 5. august 2007 av Scullyy Lenke til kommentar
norbat Skrevet 9. juli 2007 Del Skrevet 9. juli 2007 Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked': O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Folders to delete: C:\WINDOWS\privacy_danger Klikk på Trafikklyset. Restart pc'n. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Post den sammen med ny HJT-logg Kjører pc'n ok? Lenke til kommentar
Scullyy Skrevet 9. juli 2007 Forfatter Del Skrevet 9. juli 2007 (endret) Avenger: Klikk for å se/fjerne innholdet nedenfor Logfile of The Avenger version 1, by Swandog46Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\hyrldrvi ******************* Script file located at: \??\C:\Documents and Settings\qwwyuhex.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Folder C:\WINDOWS\privacy_danger not found! Deletion of folder C:\WINDOWS\privacy_danger failed! Could not process line: C:\WINDOWS\privacy_danger Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:16:09, on 09.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Lenovo\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\PMSveH.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Programfiler\IBM ThinkVantage\Common\Logger\logmon.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Lenovo\Bluetooth Software\BTTray.exe C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.167.229.3:53 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TPWAUDAP] C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [suScheduler] C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "c:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe O4 - HKLM\..\Run: [cssauthe] "C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent O4 - HKLM\..\Run: [ACTray] C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sNM] C:\Programfiler\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programfiler\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{6B4B5177-D864-42EB-9435-128BA6B7DC9C}: NameServer = 10.88.0.2 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: P2P-VPN Network Service (p2p_peer) - Unknown owner - C:\Programfiler\NatNix\p2p_peer.exe (file missing) O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe -- End of file - 9521 bytes PCn kjører fint ja. Kanskje til og med bedre enn før. Raskere start, og raskere avslutning. Endret 9. juli 2007 av Scullyy Lenke til kommentar
norbat Skrevet 9. juli 2007 Del Skrevet 9. juli 2007 Gratulerer, loggen er ren Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Surf trygt. Lenke til kommentar
Scullyy Skrevet 9. juli 2007 Forfatter Del Skrevet 9. juli 2007 Da var det gjort. Tusen takk for hjelpen! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå