jotran Skrevet 16. februar 2008 Del Skrevet 16. februar 2008 (endret) Hei Har fått malmware eller hva det enn er av typen netprojecet, kommer sånn meldinger nederst på skjermen til høyre. har kjørt HTJ, og her jeg loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:04:38, on 16.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Hotspot Shield\bin\openvpnas.exe C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Programfiler\Sotfone\1203124518.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: e404 helper - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - C:\Programfiler\Helper\1203124515.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Programfiler\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [StartCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing) O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194740828054 O22 - SharedTaskScheduler: epistylar - {917f93bf-6714-4e11-8982-59db2e0f88fc} - C:\WINDOWS\system32\eeioq.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programfiler\Hotspot Shield\bin\openvpnas.exe O23 - Service: NMIndexingService - Unknown owner - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe -- End of file - 5281 bytes kan noen hjelp meg å fjerne dem?? =) Endret 16. februar 2008 av jotran Lenke til kommentar
r2d290 Skrevet 16. februar 2008 Del Skrevet 16. februar 2008 Jotran: Last ned SuperAntispyware (SAS) Installer programmet, oppdater og kjør en full scan (complete, ikke quick scan). Etter dette restart maskinen, og post SAS-log (Start programmet. Velg: Preferences->statistics/logs) Deretter poster du ny hjt-logg Lenke til kommentar
jotran Skrevet 16. februar 2008 Forfatter Del Skrevet 16. februar 2008 Har kjøprt full scan med (SAS) Merket at den malmware var borte etter at jeg restartet maskinen..Men setter opp loggen for det. (SAS) SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/16/2008 at 05:05 PM Application Version : 3.9.1008 Core Rules Database Version : 3404 Trace Rules Database Version: 1396 Scan type : Complete Scan Total Scan Time : 00:52:13 Memory items scanned : 496 Memory threats detected : 1 Registry items scanned : 5058 Registry threats detected : 175 File items scanned : 43604 File threats detected : 7 Trojan.Smitfraud Variant C:\WINDOWS\SYSTEM32\EEIOQ.DLL C:\WINDOWS\SYSTEM32\EEIOQ.DLL HKLM\Software\Classes\CLSID\{917f93bf-6714-4e11-8982-59db2e0f88fc} HKCR\CLSID\{917F93BF-6714-4E11-8982-59DB2E0F88FC} HKCR\CLSID\{917F93BF-6714-4E11-8982-59DB2E0F88FC}\InProcServer32 HKCR\CLSID\{917F93BF-6714-4E11-8982-59DB2E0F88FC}\InProcServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{917f93bf-6714-4e11-8982-59db2e0f88fc} Adware.E404 Helper/Tracker HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10C52A42-DB8B-4ade-AA4A-CED6A8282B67} HKCR\CLSID\{10C52A42-DB8B-4ADE-AA4A-CED6A8282B67} HKCR\CLSID\{10C52A42-DB8B-4ADE-AA4A-CED6A8282B67} HKCR\CLSID\{10C52A42-DB8B-4ADE-AA4A-CED6A8282B67}\InprocServer32 HKCR\CLSID\{10C52A42-DB8B-4ADE-AA4A-CED6A8282B67}\InprocServer32#ThreadingModel HKCR\CLSID\{10C52A42-DB8B-4ADE-AA4A-CED6A8282B67}\ProgID HKCR\CLSID\{10C52A42-DB8B-4ADE-AA4A-CED6A8282B67}\Programmable HKCR\CLSID\{10C52A42-DB8B-4ADE-AA4A-CED6A8282B67}\TypeLib HKCR\CLSID\{10C52A42-DB8B-4ADE-AA4A-CED6A8282B67}\VersionIndependentProgID C:\PROGRAMFILER\SOTFONE\1203124518.DLL HKCR\Tracker.TrackerObj HKCR\Tracker.TrackerObj\CLSID HKCR\Tracker.TrackerObj\CurVer HKCR\Tracker.TrackerObj.1 HKCR\Tracker.TrackerObj.1\CLSID HKCR\CLSID\Tracker.TrackerObj HKCR\CLSID\Tracker.TrackerObj#UserId HKCR\TypeLib\{499B8A53-5949-4625-A8BF-A4D934AFC9DA} HKCR\TypeLib\{499B8A53-5949-4625-A8BF-A4D934AFC9DA}\1.0 HKCR\TypeLib\{499B8A53-5949-4625-A8BF-A4D934AFC9DA}\1.0 HKCR\TypeLib\{499B8A53-5949-4625-A8BF-A4D934AFC9DA}\1.0\win32 HKCR\TypeLib\{499B8A53-5949-4625-A8BF-A4D934AFC9DA}\1.0\FLAGS HKCR\TypeLib\{499B8A53-5949-4625-A8BF-A4D934AFC9DA}\1.0\HELPDIR HKCR\Interface\{E85F6AA5-7A0C-49A5-9E5E-936FED62347D} HKCR\Interface\{E85F6AA5-7A0C-49A5-9E5E-936FED62347D}\ProxyStubClsid HKCR\Interface\{E85F6AA5-7A0C-49A5-9E5E-936FED62347D}\ProxyStubClsid32 HKCR\Interface\{E85F6AA5-7A0C-49A5-9E5E-936FED62347D}\TypeLib HKCR\Interface\{E85F6AA5-7A0C-49A5-9E5E-936FED62347D}\TypeLib#Version Adware.E404 Helper/Variant-A HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} HKCR\CLSID\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} HKCR\CLSID\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} HKCR\CLSID\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2}\InprocServer32 HKCR\CLSID\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2}\InprocServer32#ThreadingModel HKCR\CLSID\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2}\ProgID HKCR\CLSID\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2}\Programmable HKCR\CLSID\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2}\TypeLib HKCR\CLSID\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2}\VersionIndependentProgID C:\PROGRAMFILER\HELPER\1203124515.DLL Trojan.Smitfraud Variant/IE Anti-Spyware HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} Trojan.DNSChanger-Codec HKCR\CLSID\E404.e404mgr HKCR\CLSID\E404.e404mgr#UserId Malware.SpyLocked HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString Adware.E404 Helper/Hij HKCR\E404.e404mgr HKCR\E404.e404mgr\CLSID HKCR\E404.e404mgr\CurVer HKCR\E404.e404mgr.1 HKCR\E404.e404mgr.1\CLSID HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\win32 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version Malware.VirusProtect HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A} HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0 HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0 HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\win32 HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\FLAGS HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\HELPDIR HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1} HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\ProxyStubClsid HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\ProxyStubClsid32 HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\TypeLib HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\TypeLib#Version HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68} HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\ProxyStubClsid HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\ProxyStubClsid32 HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\TypeLib HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\TypeLib#Version HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245} HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\ProxyStubClsid HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\ProxyStubClsid32 HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\TypeLib HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\TypeLib#Version HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E} HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\ProxyStubClsid HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\ProxyStubClsid32 HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\TypeLib HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\TypeLib#Version HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872} HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\ProxyStubClsid HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\ProxyStubClsid32 HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\TypeLib HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\TypeLib#Version HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B} HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\ProxyStubClsid HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\ProxyStubClsid32 HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\TypeLib HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\TypeLib#Version HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352} HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\ProxyStubClsid HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\ProxyStubClsid32 HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\TypeLib HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\TypeLib#Version HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3} HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\ProxyStubClsid HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\ProxyStubClsid32 HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\TypeLib HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\TypeLib#Version HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA} HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\ProxyStubClsid HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\ProxyStubClsid32 HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\TypeLib HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\TypeLib#Version HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286} HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\ProxyStubClsid HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\ProxyStubClsid32 HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\TypeLib HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\TypeLib#Version HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1} HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\ProxyStubClsid HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\ProxyStubClsid32 HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\TypeLib HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\TypeLib#Version HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A} HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\ProxyStubClsid HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\ProxyStubClsid32 HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\TypeLib HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\TypeLib#Version HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C} HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\ProxyStubClsid HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\ProxyStubClsid32 HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\TypeLib HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\TypeLib#Version HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8} HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\ProxyStubClsid HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\ProxyStubClsid32 HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\TypeLib HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\TypeLib#Version HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB} HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\ProxyStubClsid HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\ProxyStubClsid32 HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\TypeLib HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\TypeLib#Version HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2} HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\ProxyStubClsid HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\ProxyStubClsid32 HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\TypeLib HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\TypeLib#Version Adware.E404 Helper C:\Programfiler\SOTFONE Rogue.VirusHeat HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}#Version HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}#SpecVersion HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}#Vendor HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}#MetadataFormat HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}#RequiresFullStream HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}#SupportsPadding HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}#Author HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}#FriendlyName HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Containers HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Containers\{19E4A5AA-5662-4FC5-A0C0-1758028E1057} HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Containers\{19E4A5AA-5662-4FC5-A0C0-1758028E1057}#WritePosition HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Containers\{19E4A5AA-5662-4FC5-A0C0-1758028E1057}#WriteOffset HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Containers\{19E4A5AA-5662-4FC5-A0C0-1758028E1057}#WriteHeader HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Containers\{537396C6-2D8A-4BB6-9BF8-2F0A8E2A3ADF} HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Containers\{537396C6-2D8A-4BB6-9BF8-2F0A8E2A3ADF}#WritePosition HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Containers\{537396C6-2D8A-4BB6-9BF8-2F0A8E2A3ADF}#WriteHeader HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\eixXzm HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InProcServer32 HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InProcServer32#ThreadingModel HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Mbqqrlsf HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\mtkdsiiFdHfd HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\mwfvnmhn HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\rovQrTGwZhlaa HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\VjlrNrRbfJOB HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\XuZyvwXRbra C:\SYSTEM VOLUME INFORMATION\_RESTORE{8D7A6228-B66C-40C6-A9D3-75C3C9B5F8E1}\RP115\A0031312.EXE Browser Hijacker.Favorites C:\DOCUMENTS AND SETTINGS\DP\FAVORITTER\ONLINE SECURITY TEST.URL Trojan.Unclassifed/LAF-Variant C:\DOCUMENTS AND SETTINGS\DP\LOKALE INNSTILLINGER\TEMP\LAF1.EXE (HJT) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:18:58, on 16.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\Hotspot Shield\bin\openvpnas.exe C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\1XConfig.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Programfiler\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194740828054 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programfiler\Hotspot Shield\bin\openvpnas.exe O23 - Service: NMIndexingService - Unknown owner - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe -- End of file - 4947 bytes Lenke til kommentar
r2d290 Skrevet 16. februar 2008 Del Skrevet 16. februar 2008 SAS fikset en del. HJT-loggen ser fin ut, men kanskje noen andre bør se over det... som Norbat sier: surf trygt Lenke til kommentar
jotran Skrevet 16. februar 2008 Forfatter Del Skrevet 16. februar 2008 Oki!! Tusen takk for hjelpen Lenke til kommentar
r2d290 Skrevet 16. februar 2008 Del Skrevet 16. februar 2008 (endret) Bare hyggelig skriv "[løst]" foran emnetittelen din, dersom du mener at problemet er løst Endret 16. februar 2008 av r2d290 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå