insider Skrevet 19. juli 2007 Del Skrevet 19. juli 2007 (endret) hei har fått noe litt diverse møkk (rett og slett) på pcen min. finner også diverse troians hele tiden Rootkit agent Dp Rootkit agent Dw wigon z troian og noe mer. har også gjort så ctr alt del funker ikke. har ikke tilgang. Hijack this log: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Razer\Copperhead\razerhid.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WhatPulse\WhatPulse.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Fredrik Sørlien\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.no/ig/dell?hl=en&client=dell-row&channel=no&ibd=0061201 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=en&client=dell-row&channel=no&ibd=0061201 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=en&client=...=no&ibd=0061201 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: H - {C1315DAE-F973-401c-94B0-C99BA8F1701E} - soirrd.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165945035750 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11865 bytes noen som kan hjelpe ? Endret 19. juli 2007 av insider Lenke til kommentar
berxter Skrevet 19. juli 2007 Del Skrevet 19. juli 2007 Ja, her er det nok et rootkit mm ute og går. Du får begynne med http://www.f-secure.com/blacklight/blacklight.html Den pleier å være grei. Så rebooter du i safe mode og kjører det du har av Anti-spyware og AV der (husk å oppdatere dem først, men IKKE kjør dem i normal modus). Etterpå gjerne en fersk HJTlogg. Bernt K Lenke til kommentar
Gjest medlem-105082 Skrevet 19. juli 2007 Del Skrevet 19. juli 2007 (endret) Berxter: Ikke for å komme inn her og ta over tråden ( ), men ser du anbefaler AVG Anti-Spyware. Hvorfor det? SuperAntiSpyware scanner jo både dypere og er veldig nøye. Motoren til SAS er jo kraftigere enn de fleste konkurenter på markedet. Jeg vet flere anbefaler SAS over de fleste antispyware programmene der ute. Kan godt være du liker AVG sin bedre, men ville bare si ifra Endret 19. juli 2007 av medlem-105082 Lenke til kommentar
insider Skrevet 19. juli 2007 Forfatter Del Skrevet 19. juli 2007 tror jeg også har noe troians. log fra nod 32: Time Module Object Name Threat Action User Information 19.07.2007 22:56:19 AMON file C:\WINDOWS\system32\wpcfpcur.exe Win32/TrojanDownloader.Tiny.ID trojan deleted FREDRIK\Fredrik Sørlien Event occurred at an attempt to access the file by the application: C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\sg6NOhFM.exe. 19.07.2007 22:55:33 AMON file C:\WINDOWS\system32\khfffgg.Vdll Win32/Adware.Virtumonde.JP application deleted FREDRIK\Fredrik Sørlien Event occurred at an attempt to access the file by the application: C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\sg6NOhFM.exe. 19.07.2007 22:55:32 AMON file C:\WINDOWS\system32\khfffgg.V00dll Win32/Adware.Virtumonde.JP application deleted FREDRIK\Fredrik Sørlien Event occurred at an attempt to access the file by the application: C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\sg6NOhFM.exe. 19.07.2007 22:55:04 AMON file C:\WINDOWS\system32\ccrcibdj.dll Win32/Spy.VBStat.J trojan deleted FREDRIK\Fredrik Sørlien Event occurred at an attempt to access the file by the application: C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\sg6NOhFM.exe. 19.07.2007 22:49:58 AMON file C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll Win32/PSW.Sinowal.Gen trojan deleted FREDRIK\Fredrik Sørlien Event occurred at an attempt to access the file by the application: C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\sg6NOhFM.exe. 19.07.2007 22:45:44 AMON file C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys Win32/Rootkit.Agent.DP trojan deleted FREDRIK\Fredrik Sørlien Event occurred at an attempt to access the file by the application: C:\Documents and Settings\Fredrik Sørlien\Desktop\HijackThis.exe. 19.07.2007 22:36:21 AMON file C:\Documents and Settings\Fredrik Sørlien\Local Settings\Temporary Internet Files\Content.IE5\7VVCD8TQ\gwcvsli[1].htm Win32/PSW.Sinowal.Gen trojan FREDRIK\Fredrik Sørlien Event occurred at an attempt to access the file by the application: C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\sg6NOhFM.exe. 19.07.2007 22:36:20 AMON file C:\Documents and Settings\Fredrik Sørlien\Local Settings\Temp\INF16A.tmp Win32/Adware.Virtumonde.KI application FREDRIK\Fredrik Sørlien Event occurred at an attempt to access the file by the application: C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\sg6NOhFM.exe. 19.07.2007 22:36:19 AMON file C:\Documents and Settings\Fredrik Sørlien\Local Settings\Temp\build_dol.exe Win32/TrojanDropper.Agent.NFG trojan FREDRIK\Fredrik Sørlien Event occurred at an attempt to access the file by the application: C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\sg6NOhFM.exe. 19.07.2007 22:36:17 AMON file C:\Documents and Settings\Fredrik Sørlien\Local Settings\Temp\193578.exe Win32/Wigon.Z trojan FREDRIK\Fredrik Sørlien Event occurred at an attempt to access the file by the application: C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\sg6NOhFM.exe. 19.07.2007 22:34:44 AMON file C:\DOCUME~1\FREDRI~1\LOCALS~1\Temp\85375.exe Win32/Wigon.Z trojan quarantined - deleted FREDRIK\Fredrik Sørlien Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\IEXPLORE.EXE. The file was moved to quarantine. You may close this window. 19.07.2007 22:34:43 AMON file C:\WINDOWS\System32\drivers\runtime.sys Win32/Rootkit.Agent.DW trojan quarantined - deleted FREDRIK\Fredrik Sørlien Event occurred on a new file created by the application: C:\WINDOWS\Temp\startdrv.exe. The file was moved to quarantine. You may close this window. Lenke til kommentar
insider Skrevet 19. juli 2007 Forfatter Del Skrevet 19. juli 2007 Ja, her er det nok et rootkit mm ute og går.Du får begynne med http://www.f-secure.com/blacklight/blacklight.html Den pleier å være grei. Så rebooter du i safe mode og kjører det du har av Anti-spyware og AV der (husk å oppdatere dem først, men IKKE kjør dem i normal modus). Etterpå gjerne en fersk HJTlogg. Bernt K 9105010[/snapback] har lakt inn sas. kjørte den i normal modus før jeg poster her og fant en del. men ser ikke ut som det hjelper noe. vet dere om det er troian som har gjort så jeg ikke kommer inn på ctr alt del også ? " this has been disbled by the computer admin". Lenke til kommentar
berxter Skrevet 19. juli 2007 Del Skrevet 19. juli 2007 (endret) Berxter: Ikke for å komme inn her og ta over tråden ( ), men ser du anbefaler AVG Anti-Spyware. Hvorfor det? SuperAntiSpyware scanner jo både dypere og er veldig nøye. Motoren til SAS er jo kraftigere enn de fleste konkurenter på markedet. Jeg vet flere anbefaler SAS over de fleste antispyware programmene der ute. Kan godt være du liker AVG sin bedre, men ville bare si ifra 9105036[/snapback] Du, det er vel gammel vane fra den tiden jeg var aktiv.., da var det Ewido som var det eneste rette i vanskelige tilfeller; jeg droppet vel ut like etter at SAS kom på banen, og AVG kjøpte jo motoren/ hele Ewido. Samtidig har jeg kun gode erfaringer med den. Men greit nok, jeg bruker både SAS og AVG selv. Dessuten ser jeg at tradisjonalistene hos aumha.net faktisk fortsatt kun anbefaler Adaware SE og ATF cleaner. der det ikke er særlige tilfeller som SmitFraudvarianter. Og selvsagt prøveversjonen av Spysweeper. Bernt K Endret 19. juli 2007 av berxter Lenke til kommentar
Gjest medlem-105082 Skrevet 20. juli 2007 Del Skrevet 20. juli 2007 Ahh, stemmer. Husker Ewido 4.0 var en skikkelig slager. Men har bare sett flere som har droppet Ewido etter oppkjøpet av AVG, og nå bruker SAS. Men er vel ikke såååå stor forskjell. Begge gjør nok en god jobb uansett. Men såklart, som du sier er det fortsatt noen som sverger til AdAware. Sånn, du skal få gjøre jobben din ferdig Lenke til kommentar
insider Skrevet 21. juli 2007 Forfatter Del Skrevet 21. juli 2007 hei igjen her er en ny hjackthis log etter scanning med av og sas i sikkerhetsodus: kan noen se igjennom og sjekke om alt er ok ? Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 02:03:40, on 21.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Sørlien\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.no/ig/dell?hl=en&client=dell-row&channel=no&ibd=0061201 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.no/hws/sb/dell-row/en/side.html?channel=no R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.no/hws/sb/dell-row/en/side.html?channel=no R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=en&client=dell-row&channel=no&ibd=0061201 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/default....c=no&l=no&s=gen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: H - {C1315DAE-F973-401c-94B0-C99BA8F1701E} - soirrd.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165945035750 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11303 bytes Lenke til kommentar
berxter Skrevet 22. juli 2007 Del Skrevet 22. juli 2007 (endret) Du er ikke kvitt rootkitet ditt. Har du kjørt Blacklight? Hvis ikke, gjør det. Hvis Blacklight er kjørt, men ga ikke resultater, prøv Sophos: http://www.sophos.com/products/free-tools/...otkit/download/ Bernt K Endret 23. juli 2007 av berxter Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå