Sempercogitare Skrevet 28. november 2007 Del Skrevet 28. november 2007 (endret) Tastaturet mitt er blitt veldig rart, regner med det er virus som er på gang(bruker nå skjermtastatur). Så har kjørt hijack this for å så håpe at noen her kan tyde loggen å finne ut hva som må gjøers. her er hva som skjer når jeg trykker på de forskjllige tastene: q=wq w=(ingenting) e=rew r=ure t=t y=åyt u=ur i=(ingenting) o=(ingenting) p=po å=åy a=sa s=(ingenting) d=ds f=jfd g=hg h=hg j=jf k=k(pluss at vinduet for søkeresultater kommer opp) l=l ø=øl(denne var litt gøy ) æ=æ' z=(ingenting) x=(ingenting) c=(ingenting) v=(ingenting) b=(ingenting) n=(ingenting) m=(ingenting) 1=321 2=(ingenting) 3=324 4=743 5=65 6=65 7=74 8=8 9=9 0=09 +=+ \=(slett privat data til firefox kommer opp) (backspace)=visker en gang for å så skrive n logg fra hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:49:15, on 28.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\D-Link\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\D-Link\Bluetooth-programvare\BTTray.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\WiFiConnector\NintendoWFCReg.exe C:\Programfiler\BOINC\boinc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe C:\Programfiler\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R3_4.15_windows_intelx86.exe C:\Programfiler\Winamp\winamp.exe C:\WINDOWS\system32\CPdeSrvU.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\osk.exe C:\WINDOWS\system32\MSSWCHX.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programfiler\Winamp Toolbar\winamptb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programfiler\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BOINC Manager.lnk = C:\Programfiler\BOINC\boincmgr.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Kjør registreringsverktøyet for Nintendo Wi-Fi USB Connector.lnk = C:\Programfiler\WiFiConnector\NintendoWFCReg.exe O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\D-Link\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\D-Link\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\D-Link\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\D-Link\Bluetooth-programvare\bin\btwdins.exe O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing) O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7566 bytes Endret 28. november 2007 av Sempercogitare Lenke til kommentar
norbat Skrevet 28. november 2007 Del Skrevet 28. november 2007 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Sempercogitare Skrevet 28. november 2007 Forfatter Del Skrevet 28. november 2007 (endret) her er loggen fra combofix: ComboFix 07-11-19.4C - Henrik 2007-11-28 21:03:57.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.404 [GMT 1:00] Running from: C:\Documents and Settings\Henrik\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-28 20:05 <DIR> d-------- C:\Programfiler\Trend Micro 2007-11-28 15:59 <DIR> d-------- C:\Documents and Settings\Henrik\Programdata\MailFrontier 2007-11-28 15:57 4,005,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-28 15:57 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-28 15:52 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-11-28 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\MailFrontier 2007-11-28 15:52 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-11-28 15:37 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-11-26 22:39 <DIR> dr-h----- C:\Documents and Settings\Henrik\Siste 2007-11-16 18:09 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-16 18:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2007-11-13 17:22 <DIR> d-------- C:\Programfiler\Winamp Toolbar 2007-11-13 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Winamp Toolbar 2007-11-10 15:48 <DIR> d---s---- C:\Documents and Settings\Henrik\UserData 2007-11-05 16:22 <DIR> d-------- C:\Programfiler\Speed Up Alarm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 20:03 --------- d-----w C:\Programfiler\BOINC 2007-11-28 17:09 --------- d-----w C:\Documents and Settings\Henrik\Programdata\gtk-2.0 2007-11-28 17:02 --------- d-----w C:\Programfiler\DaemonTools_WhenUSave_Installer 2007-11-28 17:02 --------- d-----w C:\Programfiler\DAEMON Tools 2007-11-28 16:12 --------- d-----w C:\Programfiler\MSN Messenger 2007-11-28 14:44 --------- d-----w C:\Documents and Settings\Henrik\Programdata\SUPERAntiSpyware.com 2007-11-16 17:09 --------- d-----w C:\Programfiler\Java 2007-11-16 17:05 --------- d-----w C:\Programfiler\Winamp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Programfiler\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programfiler\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 11:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 22:21] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 14:42 C:\WINDOWS\SOUNDMAN.EXE] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2006-06-07 12:25] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-27 08:41] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "RegistryMechanic"="" [] "ZoneAlarm Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "srePostpone"="c:\windows\system32\zonelabs\srescan.dll" [2007-10-18 20:18] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 22:21] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ ATI CATALYST System Tray.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe [2005-02-22 22:21:26] BTTray.lnk - C:\Programfiler\D-Link\Bluetooth-programvare\BTTray.exe [2005-07-26 13:28:52] Kj›r registreringsverkt›yet for Nintendo Wi-Fi USB Connector.lnk - C:\Programfiler\WiFiConnector\NintendoWFCReg.exe [2007-06-24 11:49:34] Service Manager.lnk - C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] R3 net5213;3Com 3CRDAG675B Wireless LAN PCI Adapter Service;C:\WINDOWS\system32\DRIVERS\net5213xp.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-28 21:07:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-28 21:08:25 . --- E O F --- fant en morro knapp til, windows knappen åpnet mozilla firefox og outlook express samtidig som en skrudde hovedvolumet litt ned på pc-en Endret 28. november 2007 av Sempercogitare Lenke til kommentar
norbat Skrevet 28. november 2007 Del Skrevet 28. november 2007 Du har noe adware i form av DaemonTools_WhenUSave_Installer. Ut over dette ser loggen grei ut. Jeg foreslår at du prøver å kjøre en systemgjenoppretting til før dette oppsto. Tilbehør->systemverktøy->systemgjenoppretting. Du vil ikke miste noe personlig data (dokumenter, epost etc..), kun evt. programmer du har installert etter valgt dato. Hvilket tastatur har du? Trådløst? Lenke til kommentar
Sempercogitare Skrevet 28. november 2007 Forfatter Del Skrevet 28. november 2007 (endret) jeg har nå kjørt systemgjenoppretting og det hjalp ikke, har vanlig tastatur med ledning. hvis det ikke er noe galt i loggen så er det vel kanskje hardware feil. skal prøve meg med et annet tastatur for å se hvordan det går. men uansett, tusen takk for hjelpen edit: ja det var tastaturet, ser ut til at jeg må kjøpe meg nytt (det siste her er skrevet med broren min sitt tastatur) Endret 28. november 2007 av Sempercogitare Lenke til kommentar
norbat Skrevet 28. november 2007 Del Skrevet 28. november 2007 (endret) Før evt. andre feilsøk så kan det være en god ide - å prøve et annet tastatur. Ja, det er lett å søle cola og bringebærsyltetøy oppi et tastatur Endret 28. november 2007 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå