m0g1e Skrevet 4. august 2007 Del Skrevet 4. august 2007 (endret) Howie! Har funnet meg et lite "ekstremtilfelle" av en infisert PC her. Har kjørt en CCleaner m "fjerning av internettfiler eldre enn 48 timer" valget allerede. Trenger en analyse av HJT-loggen: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 14:42:11, on 04.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\RMC.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ALCMTR.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\WINDOWS\system32\slserv.exe C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\taskmgr.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe E:\CRAP\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://budiromsdal.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programfiler\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer by Tele2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [Windows Updater Servc] C:\WINDOWS\system32\xpuupdate.exe O4 - HKCU\..\Run: [OE] "C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam3.frana.kommune.no/activex/AxisCamControl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Spionprogrambeskyttelse fra Trend Micro (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 6676 bytes Merk: Har kjørt HJT før jeg har satt igang SAS. Regner med SAS får fjerna noe av dette. Ser hele "Winsoftware" familien ramse seg opp her så... Men om jeg skal bruke andre verktøy spesifikt mot ting noen VET ikke SAS takler, så kan det gjerne nevnes. Kommer tilbake med SAS logg.. Endret 4. august 2007 av nollie Lenke til kommentar
Gjest medlem-105082 Skrevet 4. august 2007 Del Skrevet 4. august 2007 (endret) Hei Post gjerne en ny hijackthis logg, som er kjørt ETTER at SAS var ferdig. Kan også bytte hijackthis versjonen, til den nyeste - versjon 2.0.2 Endret 4. august 2007 av medlem-105082 Lenke til kommentar
m0g1e Skrevet 4. august 2007 Forfatter Del Skrevet 4. august 2007 SAS-logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 08/04/2007 at 03:07 PM Application Version : 3.9.1008 Core Rules Database Version : 3259 Trace Rules Database Version: 1270 Scan type : Complete Scan Total Scan Time : 00:26:26 Memory items scanned : 340 Memory threats detected : 0 Registry items scanned : 4545 Registry threats detected : 47 File items scanned : 20024 File threats detected : 12 Trojan.Downloader-XPUUpdate [Windows Updater Servc] C:\WINDOWS\SYSTEM32\XPUUPDATE.EXE C:\WINDOWS\SYSTEM32\XPUUPDATE.EXE Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59} HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59} HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59} HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}#AppID HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\InprocServer32 HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\InprocServer32#ThreadingModel HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\ProgID HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\Programmable HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\TypeLib HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\VersionIndependentProgID C:\WINDOWS\SYSTEM32\ENTRY.DLL Adware.MovieLand/MediaPipe HKCR\MPAgent.Agent HKCR\MPAgent.Agent\CLSID HKCR\MPAgent.Agent\CurVer HKCR\MPAgent.Agent.1 HKCR\MPAgent.Agent.1\CLSID HKCR\AppId\MPAgent.DLL HKCR\AppId\MPAgent.DLL#AppID HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D} HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0 HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\0 HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\0\win32 HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\FLAGS HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\HELPDIR Trojan.Error Safe Free HKLM\Software\Error Safe Free HKLM\Software\Error Safe Free#EulUERSH_0001_N91M2407 HKLM\Software\Error Safe Free#EulUERSH_9999_N91S1212 Trojan.WinAntiSpyware/WinAntiVirus 2006/2007 HKLM\Software\WinAntiVirus Pro 2006 HKLM\Software\WinAntiVirus Pro 2006#EulUWA6PH_0001_N91M2107 Trojan.Spy-Shield/BON HKCR\Interface\{214345B8-BB69-498D-A168-29F58F15D806} HKCR\Interface\{214345B8-BB69-498D-A168-29F58F15D806}\ProxyStubClsid HKCR\Interface\{214345B8-BB69-498D-A168-29F58F15D806}\ProxyStubClsid32 HKCR\Interface\{214345B8-BB69-498D-A168-29F58F15D806}\TypeLib HKCR\Interface\{214345B8-BB69-498D-A168-29F58F15D806}\TypeLib#Version HKCR\AppId\{9DA1990B-9BCA-4c80-AEFB-11A40FA849F9} Malware.ContraVirus HKCR\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4} HKCR\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}\FdzpeJ HKCR\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}\gYjEaW HKCR\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}\InprocServer32 HKCR\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}\InprocServer32#InprocServer32 HKCR\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}\InprocServer32#ThreadingModel HKCR\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}\JcxkNx HKCR\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}\qzilcsbdWvaf HKCR\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}\Ryuqhk HKCR\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}\VINPcVMazuqwc HKCR\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}\yapwYh HKCR\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}\ykykrvaMiimC C:\Programfiler\ContraVirus\Logs\activity-07282007-235834.log C:\Programfiler\ContraVirus\Logs\activity-07292007-151034.log C:\Programfiler\ContraVirus\Logs\activity-07292007-172459.log C:\Programfiler\ContraVirus\Logs\activity-07302007-070819.log C:\Programfiler\ContraVirus\Logs\activity-08012007-075944.log C:\Programfiler\ContraVirus\Logs\activity-08042007-111359.log C:\Programfiler\ContraVirus\Logs C:\Programfiler\ContraVirus Malware.DriveCleaner C:\SYSTEM VOLUME INFORMATION\_RESTORE{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP353\A0027603.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP353\A0027605.EXE HJT-logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:20:59, on 04.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\slserv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\drivers\RMC.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ALCMTR.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\Programfiler\Trend Micro\Internet Security 2007\pccguide.exe C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe F:\CRAP\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://budiromsdal.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programfiler\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer by Tele2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKCU\..\Run: [OE] "C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam3.frana.kommune.no/activex/AxisCamControl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Spionprogrambeskyttelse fra Trend Micro (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 7000 bytes Lenke til kommentar
Gjest medlem-105082 Skrevet 4. august 2007 Del Skrevet 4. august 2007 (endret) Kjør Hijackthis og slett: O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE Finn og slett: C:\WINDOWS\ALCMTR.EXE Last ned den nyeste (v 2.0.2) versjonen av hijackthis. Så endrer du Hijackthis navnet til noe annet og legger ut en ny logg. Endret 4. august 2007 av medlem-105082 Lenke til kommentar
m0g1e Skrevet 4. august 2007 Forfatter Del Skrevet 4. august 2007 HJT 2.0.2 logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:08:00, on 04.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\system32\slserv.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\drivers\RMC.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe F:\CRAP\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://budiromsdal.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer by Tele2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam3.frana.kommune.no/activex/AxisCamControl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing) O23 - Service: Spionprogrambeskyttelse fra Trend Micro (PcScnSrv) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 5357 bytes Lenke til kommentar
Gjest medlem-105082 Skrevet 4. august 2007 Del Skrevet 4. august 2007 Loggen så ren ut den Men hvorfor har du ikke antivirus? Fant ikke noe AV program i loggen. Du bør nullstille system gjennoppretting, slik at du ikke blir får tilbake virusene ved en senere anledning. Kontrollpanel->system->systemgjenoppretting. Sett merke framfor: "Slå av systemgjenoppretting......." Restart pc'n Fjern merke igjen framfor "Slå av systemgjenoppretting......" slik at du aktiverer funksjonen. Lenke til kommentar
m0g1e Skrevet 4. august 2007 Forfatter Del Skrevet 4. august 2007 (endret) Loggen så ren ut den Men hvorfor har du ikke antivirus? Fant ikke noe AV program i loggen. Du bør nullstille system gjennoppretting, slik at du ikke blir får tilbake virusene ved en senere anledning. Kontrollpanel->system->systemgjenoppretting. Sett merke framfor: "Slå av systemgjenoppretting......." Restart pc'n Fjern merke igjen framfor "Slå av systemgjenoppretting......" slik at du aktiverer funksjonen. 9206509[/snapback] Jobber med saken Har byttet fra Trend Micron 2007 til NOD32 nå. Er en 384MB 800MHz laptop jeg holder på med. Tusen hjertlig for hjelpen! Ufattelig glad for at folk som dere fins på forumet her edit: haha! nei, faktisk 1.58GHz Sempron PC. utrolig hva som kommer fram etter hvert her.. Endret 4. august 2007 av nollie Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå