Gå til innhold

Hatt problem med keylogging, noen som kan sjekke scan?


Anbefalte innlegg

Når jeg kjører AVG finner jeg Trpjan horse PSW.Generic5.AGYI.

 

WoW accounten min er akuratt hacka, så jeg vil gjerne være helt sikker på at alt er fint før jeg starter spille igjen :p

 

Gidder noen hjelpe?

 

 

 

HijackThis scan:

 

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 15:03:57, on 23.01.2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS6\System32\smss.exe

C:\WINDOWS6\system32\csrss.exe

C:\WINDOWS6\system32\winlogon.exe

C:\WINDOWS6\system32\services.exe

C:\WINDOWS6\system32\lsass.exe

C:\WINDOWS6\system32\svchost.exe

C:\WINDOWS6\System32\svchost.exe

C:\WINDOWS6\System32\svchost.exe

C:\WINDOWS6\System32\svchost.exe

C:\WINDOWS6\Explorer.EXE

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS6\System32\PROMon.exe

C:\WINDOWS6\System32\RUNDLL32.EXE

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS6\SOUNDMAN.EXE

C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\Spyware Doctor\pctsTray.exe

C:\Programfiler\Comodo\Firewall\CPF.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\WINDOWS6\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programfiler\Comodo\Firewall\cmdagent.exe

C:\WINDOWS6\System32\NMSSvc.exe

C:\WINDOWS6\System32\nvsvc32.exe

C:\Programfiler\Spyware Doctor\pctsAuxs.exe

C:\PROGRA~1\Grisoft\AVG7\avgw.exe

C:\Programfiler\Spyware Doctor\pctsSvc.exe

C:\WINDOWS6\System32\svchost.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS6\System32\wuauclt.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe

C:\Programfiler\Spyware Doctor\pctsGui.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\jens.JENS-4GPLHXB7QB\Mine dokumenter\HiJackThis_v2.exe

C:\WINDOWS6\System32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS6\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programfiler\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS6\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS6\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [iSTray] "C:\Programfiler\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\Comodo\Firewall\CPF.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Veoh] "C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS6\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS6\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS6\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS6\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS6\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS6\web\related.htm

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS6\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS6\System32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programfiler\Comodo\Firewall\cmdagent.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS6\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS6\System32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe

 

--

 

 

 

takk :)

Lenke til kommentar
Videoannonse
Annonse

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

denne kan vel fikses ved hjelp av hijack this?

 

Du kan trykke Fix checked på den

 

 

 

edit: vent til du får bedre svar fra andre du... prøver meg bare litt frem med å lære de loggene... (går i fotsporene til vintermåne og norbat)

Endret av r2d290
Lenke til kommentar

Den kan du fikse ved hjelp av hjt som r2d290 så pent sier. Hyggelig å få litt positiv tilbakemelding :)

 

Du bør også bytte nettleser fra IE som du bruker til f.eks. Opera, eller Firefox.

 

Last ned og kjør programmet Ccleaner

 

 

Har hjulpet mange kamerater o.l med å fjerne spyware. De fleste har ikke peiling på data og må guides mye mere grundig enn ms-fix-guiden til norbat. Kanskje jeg lager en ganske lik guide, men med enda mere grunnleggende.

Endret av Vintermåne
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...