kjetilm Skrevet 10. november 2007 Del Skrevet 10. november 2007 Etter at jeg fikk mistanke av at noen hacket meg etter at jeg fikk en FTP side av en venn Satte jeg i Windows cd i en hast for formatering, det ble sånn at jeg tok å reparterte windows filene i stedet Men noen få ting skjedde. Jeg får ikke til å laste ned msn (som forsvant når jeg brukte win CD-en) Jeg får ikke til å skru av maskinen med hjelp av "slå av" Jeg fikk heller ikke til å opdatere windowsen min. Derfor skjørte jeg Langversonen til Norbat og her er alle loggene: HJT fra hijackthis.de Logfile of HijackThis v1.99.1 Scan saved at 17:51:19, on 10.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Saitek\Software\ProfilerU.exe C:\Programfiler\Saitek\Software\SaiMfd.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programfiler\Windows Live\installer\WLSetupSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Kjetil\LOCALS~1\Temp\Rar$EX00.906\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Profiler] C:\Programfiler\Saitek\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Programfiler\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: http://s1.travian.no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by120fd.bay120.hotmail.msn.com/activex/HMAtchmt.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe ComboFix: ComboFix 07-11-08.1 - Kjetil 2007-11-10 16:58:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.653 [GMT 1:00] Running from: C:\Documents and Settings\Kjetil\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))) . 2007-11-10 16:56 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-10 16:54 <DIR> d----c--- C:\Programfiler\CCleaner 2007-11-10 16:22 <DIR> d-------- C:\WINDOWS\LastGood 2007-11-10 15:23 <DIR> d----c--- C:\Programfiler\Windows Live 2007-11-10 15:23 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-11-10 15:23 <DIR> d----c--- C:\Documents and Settings\All Users\Programdata\WLInstaller 2007-11-10 15:08 <DIR> d----c--- C:\Programfiler\Saitek 2007-11-10 15:05 <DIR> d----c--- C:\Programfiler\Fellesfiler\InstallShield 2007-11-09 20:43 <DIR> d----c--- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-11-09 20:38 <DIR> d----c--- C:\Documents and Settings\All Users\Programdata\Comodo 2007-11-09 20:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata 2007-11-09 20:30 <DIR> d----c--- C:\Programfiler\microsoft frontpage 2007-11-09 20:18 <DIR> d----c--- C:\Programfiler\Fellesfiler\MSSoap 2007-11-09 20:14 <DIR> d----c--- C:\Programfiler\Windows Plus 2007-11-09 20:14 69,632 --a--c--- C:\WINDOWS\system32\dllcache\wmm2ext.dll 2007-11-09 20:14 9,728 --a--c--- C:\WINDOWS\system32\dllcache\wmm2eres.dll 2007-11-09 19:52 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\Programdata 2007-11-09 19:52 <DIR> d----c--- C:\Programfiler\Fellesfiler\SpeechEngines 2007-11-09 19:52 <DIR> d----c--- C:\Programfiler\Fellesfiler\ODBC 2007-11-09 19:52 <DIR> dr---c--- C:\Programfiler 2007-11-09 19:52 <DIR> dr------- C:\Documents and Settings\Default User\Start-meny 2007-11-09 19:52 <DIR> d--h----- C:\Documents and Settings\Default User\Skrivere 2007-11-09 19:52 <DIR> d-------- C:\Documents and Settings\Default User\Skrivebord 2007-11-09 19:52 <DIR> d--h----- C:\Documents and Settings\Default User\Siste 2007-11-09 19:52 <DIR> dr-h----- C:\Documents and Settings\Default User\Programdata 2007-11-09 19:52 <DIR> d-------- C:\Documents and Settings\Default User\Mine dokumenter 2007-11-09 19:52 <DIR> d--h----- C:\Documents and Settings\Default User\Maler 2007-11-09 19:52 <DIR> d-------- C:\Documents and Settings\Default User\Favoritter 2007-11-09 19:52 <DIR> d--h----- C:\Documents and Settings\Default User\AndrMask 2007-11-09 19:52 <DIR> dr---c--- C:\Documents and Settings\All Users\Start-meny 2007-11-09 19:52 <DIR> d----c--- C:\Documents and Settings\All Users\Skrivebord 2007-11-09 19:52 <DIR> dr-h-c--- C:\Documents and Settings\All Users\Programdata 2007-11-09 19:52 <DIR> d--h-c--- C:\Documents and Settings\All Users\Maler 2007-11-09 19:52 <DIR> d----c--- C:\Documents and Settings\All Users\Favoritter 2007-11-09 19:52 <DIR> dr---c--- C:\Documents and Settings\All Users\Dokumenter 2007-11-09 19:52 774,144 --a--c--- C:\WINDOWS\system32\dllcache\spttseng.dll 2007-11-09 19:52 741,376 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll 2007-11-09 19:52 77,824 --a--c--- C:\WINDOWS\system32\dllcache\spcommon.dll 2007-11-09 19:52 61,440 --a--c--- C:\WINDOWS\system32\dllcache\spcplui.dll 2007-11-09 19:52 36,864 --a--c--- C:\WINDOWS\system32\dllcache\sapisvr.exe 2007-11-09 19:52 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-11-09 19:52 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-11-09 19:52 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-11-09 19:52 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2007-11-02 18:28 <DIR> d-------- C:\Documents and Settings\Kjetil\Application Data\SmartFTP 2007-10-28 22:38 <DIR> d-------- C:\Documents and Settings\Kjetil\Application Data\vlc 2007-10-13 23:09 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2007-10-13 23:09 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-09 15:32 --------- d-----w C:\Documents and Settings\Kjetil\Application Data\Hamachi 2007-11-08 07:08 --------- d-----w C:\Documents and Settings\Kjetil\Application Data\OpenOffice.org2 2007-10-16 14:23 --------- d-----w C:\Documents and Settings\Kjetil\Application Data\Azureus 2007-10-10 16:24 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-10-10 15:17 --------- d-----w C:\Documents and Settings\Kjetil\Application Data\gtk-2.0 2007-09-29 18:32 --------- d-----w C:\Documents and Settings\Kjetil\Application Data\Xfire 2007-09-20 12:41 --------- d-----w C:\Documents and Settings\Kjetil\Application Data\teamspeak2 2007-09-17 17:25 --------- d-----w C:\Documents and Settings\Kjetil\Application Data\Apple Computer 2007-09-11 09:17 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll 2007-04-17 15:23 1,184 ----a-w C:\Documents and Settings\Kjetil\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 19:58] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 12:54] "NvMediaCenter"="NvMCTray.dll" [2006-07-20 19:58 C:\WINDOWS\system32\nvmctray.dll] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24] "Profiler"="C:\Programfiler\Saitek\Software\ProfilerU.exe" [2006-08-09 14:23] "SaiMfd"="C:\Programfiler\Saitek\Software\SaiMfd.exe" [2006-08-21 13:22] "nwiz"="nwiz.exe" [2006-07-20 19:58 C:\WINDOWS\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 19:49 C:\WINDOWS\RTHDCPL.EXE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-06-30 01:13 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hurtigstart for Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hurtigstart for Adobe Reader.lnk backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kjetil^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Kjetil\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\drivers\SiSRaid2.sys R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys R3 SaiH0004;SaiH0004;C:\WINDOWS\system32\DRIVERS\SaiH0004.sys R3 SaiL0004;SaiL0004;C:\WINDOWS\system32\DRIVERS\SaiL0004.sys R3 SaiU0004;SaiU0004;C:\WINDOWS\system32\DRIVERS\SaiU0004.sys S1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys S3 CtUsbMs;Creative HID USB Filter Driver;C:\WINDOWS\system32\DRIVERS\CtUsbMs.Sys S3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe -service *Newly Created Service* - CATCHME *Newly Created Service* - WLSETUPSVC . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 16:59:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCYCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-10 17:00:36 . --- E O F --- SAS: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/10/2007 at 05:47 PM Application Version : 3.9.1008 Core Rules Database Version : 3342 Trace Rules Database Version: 1343 Scan type : Complete Scan Total Scan Time : 00:42:51 Memory items scanned : 349 Memory threats detected : 0 Registry items scanned : 4959 Registry threats detected : 0 File items scanned : 75114 File threats detected : 1 Adware.Tracking Cookie C:\Documents and Settings\Kjetil\Cookies\[email protected][1].txt og Rootchk: ********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh 10.11.2007 17:52:58,42 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 17:52:59 Windows 5.1.2600 Service Pack 2 scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... hidden processes: 0 hidden services: 0 hidden files: 0 Håper på at noen tar seg tid til å se på problemet. Lenke til kommentar
norbat Skrevet 10. november 2007 Del Skrevet 10. november 2007 Loggene dine ser grei ut, kjetilm. Sørg for at windows er oppdatert (sjekk på windows update) Sjekk om PC-en dato og klokkeslett er riktig Og, ikke få panikk neste gang du får mistanke om noe Lenke til kommentar
kjetilm Skrevet 10. november 2007 Forfatter Del Skrevet 10. november 2007 Loggene dine ser grei ut, kjetilm. Sørg for at windows er oppdatert (sjekk på windows update) Sjekk om PC-en dato og klokkeslett er riktig Og, ikke få panikk neste gang du får mistanke om noe HeHe men seriøst Det kom frem en grønn rute der det stod bla. Hey Kjetil isnt it? Im hacking your account now See you. Åsså fikk jeg ikke til å starte HJT eller noe. ble livredd Men skjønner ikke hvorfor at når jeg opdaterer kommer det bare Følgene 62 av 62 filer kan ikke instaleres og msn fikk jeg heller ikke til å instalerer Lenke til kommentar
norbat Skrevet 10. november 2007 Del Skrevet 10. november 2007 Vil tro MSN-problemet er knyttet til at du ikke får oppdatert. Har du mulighet til å oppdatere manuelt og velge noen få oppdateringer av gangen? Lenke til kommentar
kjetilm Skrevet 10. november 2007 Forfatter Del Skrevet 10. november 2007 (endret) Nei det går ikke. Men når jeg starter maskinen står det: Hva vil du starte: Windows xP Home media center Windows xP Preffesional setup Edit: en ting til: Når jeg prøvde å laste ned update til internett explorer kom det noe om at språke på OS ikke supportet språket elns Endret 11. november 2007 av kjetilm Lenke til kommentar
kjetilm Skrevet 11. november 2007 Forfatter Del Skrevet 11. november 2007 Takk for hjelpen NORBAt. Har formatert maskine p.g.a at det manglet en windows fil elns. Alt er bra nå Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå