Just nu i M3-nätverket
Jump to content

Rootkit?


Kongo

Recommended Posts

Hej!

 

Jag har problem med internet. När jag försöker öppna en sida så får jag ofta svaret att servern kunde inte hittas. Om jag kör en refresh på sidan så brukar det gå att komma in iaf.

Har kört programmet rootkit revealer och tror att det har hittat nåt skumt, men eftersom jag inte är så haj på datorer så kan jag inte avgöra det själv.

Postar även en HJT logg ifall nån vänlig själ vill titta på den.

Tack på förhand! Kongo

 

Logfile of HijackThis v1.99.1

Scan saved at 20:46:10, on 2007-03-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Norman\bin\ZLH.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\Program Files\Eset\nod32krn.exe

C:\Norman\Bin\Zanda.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\BIN\nipsvc.exe

C:\Norman\bin\NJEEVES.EXE

C:\WINDOWS\System32\alg.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leta.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O2 - BHO: (no name) - {004B23E0-1E63-4ED6-BCAC-922BA26CF096} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.line6.net

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.181.87.189/activex/AxisCamControl.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.spray.se/app/uploader/FileUploader.cab

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

 

 

 

Link to comment
Share on other sites

du har två antivirusprogram, du kan ju börja med att ta bort ett av dom (jag skulle ta bort norman)

jag hoppas och tror att du endast använder brandväggen i detta paket annars kör du ju 3(!) antivirusprogram på samma gång,

eTrust Internet Security Suite

 

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

spara filen på skrivbordet >klicka på SDFix.exe >sdfixen packas upp här: C:\SDFix.

starta om i felsäkert läge (F8) >gå hit: C:\SDFix >klicka på runthis.bat >välj y.

 

när scanningen är klar så tryck på valfri tangent för att starta om.

när det står finished så tryck på valfri tangent. en logg kommer automatiskt att visas, kopiera in loggen här plus en ny hjt logg

 

[inlägget ändrat 2007-03-02 22:41:54 av 927]

Link to comment
Share on other sites

Hej 927!

Tack för att du tar dig tid att hjälpa mig.

Här kommer loggarna!

SDFix: Version 1.69

 

Run by Administrator - 2007-03-02 @ 23:44:05,40

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\Program Files\SDFix

 

Safe Mode:

Checking Services:

 

Path:

 

 

 

Restoring Windows Registry Entries

Restoring Default Hosts File

 

 

Rebooting...

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINDOWS\system32\TFTP2944 - Deleted

C:\WINDOWS\system32\TFTP3044 - Deleted

 

 

 

ADS Check:

 

C:\WINDOWS\system32

No streams found.

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\utorrent.exe"="C:\\Program Files\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"

"C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe:*:Enabled:D-Link AirPlus Utility"

"C:\\Program Files\\ESET\\nod32.exe"="C:\\Program Files\\ESET\\nod32.exe:*:Enabled:NOD32"

"C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe"="C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe:*:Enabled:Ad-aware 6"

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\PROGRA~1\SDFix\backups\backups.zip

 

 

Checking For Files with Hidden Attributes :

 

 

Add/Remove Programs List:

 

Ad-aware 6 Personal

ASUS Probe V2.17.07

AsusUpdate

C-Media Audio

Canon i470D

DivX 5.0.2 Pro Bundle

Canon Utilities Easy-PhotoPrint

Easy-WebPrint

ERUNT 1.1j

HijackThis 1.99.1

Canon Utilities PhotoStitch 3.1

Canon RemoteCapture Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon Camera Window DVC for ZoomBrowser EX

AirPlus XtremeG

Canon MovieEdit Task for ZoomBrowser EX

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Support Core Library

Canon Camera Window for ZoomBrowser EX

Microsoft Data Access Components KB870669

Line 6 Monkey 1.15 (Remove Only)

Mozilla Firefox (2.0.0.2)

Nero - Burning Rom (Web installer)

NoAdware v5.0

NOD32 Antivirus

NVIDIA Windows 2000/XP Display Drivers

PODxt Drivers 2.6.8.0 (Remove Only)

QuickTime

RealPlayer

SearchEnhancement: Bookmark

SearchEnhancement: Command

SearchEnhancement: Customize

SearchEnhancement: Error

SearchEnhancement: Filter

SearchEnhancement: Hopper

SearchEnhancement: Search

SearchEnhancement: Watcher

Spybot - Search & Destroy 1.4

Spyware Doctor 2.1

SpywareBlaster v3.5.1

TaskPatrol Personal 2.0

TPTEST 5.0.2

Tweak UI

Unlocker 1.8.1

VideoLink Pro

Winamp (remove only)

Windows Commander (Remove or Repair)

Windows XP Service Pack 2

WinRAR

Canon PhotoRecord

ACDSee 4.0.2 PowerPack Suite

CA eTrust PestPatrol Anti-Spyware

ANIWZCS2 Service

MP3 Player Utilities V1.28

Windows Genuine Advantage v1.3.0254.0

AirPlus XtremeG

ANIO Service

TuneUp Utilities 2006

WinProducer

Adobe Reader 7.0.8 - Svenska

InterVideo WinDVD

Canon ZoomBrowser EX

Minneskortprogram

ArcSoft PhotoImpression

Philips ToUcam Pro Camera

Microsoft Plus! for Windows XP

 

Finished

 

SDFix: Version 1.69

 

Run by Administrator - 2007-03-02 @ 23:44:05,40

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\Program Files\SDFix

 

Safe Mode:

Checking Services:

 

Path:

 

 

 

Restoring Windows Registry Entries

Restoring Default Hosts File

 

 

Rebooting...

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINDOWS\system32\TFTP2944 - Deleted

C:\WINDOWS\system32\TFTP3044 - Deleted

 

 

 

ADS Check:

 

C:\WINDOWS\system32

No streams found.

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\utorrent.exe"="C:\\Program Files\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"

"C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe:*:Enabled:D-Link AirPlus Utility"

"C:\\Program Files\\ESET\\nod32.exe"="C:\\Program Files\\ESET\\nod32.exe:*:Enabled:NOD32"

"C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe"="C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe:*:Enabled:Ad-aware 6"

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\PROGRA~1\SDFix\backups\backups.zip

 

 

Checking For Files with Hidden Attributes :

 

 

Add/Remove Programs List:

 

Ad-aware 6 Personal

ASUS Probe V2.17.07

AsusUpdate

C-Media Audio

Canon i470D

DivX 5.0.2 Pro Bundle

Canon Utilities Easy-PhotoPrint

Easy-WebPrint

ERUNT 1.1j

HijackThis 1.99.1

Canon Utilities PhotoStitch 3.1

Canon RemoteCapture Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon Camera Window DVC for ZoomBrowser EX

AirPlus XtremeG

Canon MovieEdit Task for ZoomBrowser EX

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Support Core Library

Canon Camera Window for ZoomBrowser EX

Microsoft Data Access Components KB870669

Line 6 Monkey 1.15 (Remove Only)

Mozilla Firefox (2.0.0.2)

Nero - Burning Rom (Web installer)

NoAdware v5.0

NOD32 Antivirus

NVIDIA Windows 2000/XP Display Drivers

PODxt Drivers 2.6.8.0 (Remove Only)

QuickTime

RealPlayer

SearchEnhancement: Bookmark

SearchEnhancement: Command

SearchEnhancement: Customize

SearchEnhancement: Error

SearchEnhancement: Filter

SearchEnhancement: Hopper

SearchEnhancement: Search

SearchEnhancement: Watcher

Spybot - Search & Destroy 1.4

Spyware Doctor 2.1

SpywareBlaster v3.5.1

TaskPatrol Personal 2.0

TPTEST 5.0.2

Tweak UI

Unlocker 1.8.1

VideoLink Pro

Winamp (remove only)

Windows Commander (Remove or Repair)

Windows XP Service Pack 2

WinRAR

Canon PhotoRecord

ACDSee 4.0.2 PowerPack Suite

CA eTrust PestPatrol Anti-Spyware

ANIWZCS2 Service

MP3 Player Utilities V1.28

Windows Genuine Advantage v1.3.0254.0

AirPlus XtremeG

ANIO Service

TuneUp Utilities 2006

WinProducer

Adobe Reader 7.0.8 - Svenska

InterVideo WinDVD

Canon ZoomBrowser EX

Minneskortprogram

ArcSoft PhotoImpression

Philips ToUcam Pro Camera

Microsoft Plus! for Windows XP

 

Finished

 

SDFix: Version 1.69

 

Run by Administrator - 2007-03-02 @ 23:44:05,40

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\Program Files\SDFix

 

Safe Mode:

Checking Services:

 

Path:

 

 

 

Restoring Windows Registry Entries

Restoring Default Hosts File

 

 

Rebooting...

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINDOWS\system32\TFTP2944 - Deleted

C:\WINDOWS\system32\TFTP3044 - Deleted

 

 

 

ADS Check:

 

C:\WINDOWS\system32

No streams found.

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\utorrent.exe"="C:\\Program Files\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"

"C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe:*:Enabled:D-Link AirPlus Utility"

"C:\\Program Files\\ESET\\nod32.exe"="C:\\Program Files\\ESET\\nod32.exe:*:Enabled:NOD32"

"C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe"="C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe:*:Enabled:Ad-aware 6"

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\PROGRA~1\SDFix\backups\backups.zip

 

 

Checking For Files with Hidden Attributes :

 

 

Add/Remove Programs List:

 

Ad-aware 6 Personal

ASUS Probe V2.17.07

AsusUpdate

C-Media Audio

Canon i470D

DivX 5.0.2 Pro Bundle

Canon Utilities Easy-PhotoPrint

Easy-WebPrint

ERUNT 1.1j

HijackThis 1.99.1

Canon Utilities PhotoStitch 3.1

Canon RemoteCapture Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon Camera Window DVC for ZoomBrowser EX

AirPlus XtremeG

Canon MovieEdit Task for ZoomBrowser EX

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Support Core Library

Canon Camera Window for ZoomBrowser EX

Microsoft Data Access Components KB870669

Line 6 Monkey 1.15 (Remove Only)

Mozilla Firefox (2.0.0.2)

Nero - Burning Rom (Web installer)

NoAdware v5.0

NOD32 Antivirus

NVIDIA Windows 2000/XP Display Drivers

PODxt Drivers 2.6.8.0 (Remove Only)

QuickTime

RealPlayer

SearchEnhancement: Bookmark

SearchEnhancement: Command

SearchEnhancement: Customize

SearchEnhancement: Error

SearchEnhancement: Filter

SearchEnhancement: Hopper

SearchEnhancement: Search

SearchEnhancement: Watcher

Spybot - Search & Destroy 1.4

Spyware Doctor 2.1

SpywareBlaster v3.5.1

TaskPatrol Personal 2.0

TPTEST 5.0.2

Tweak UI

Unlocker 1.8.1

VideoLink Pro

Winamp (remove only)

Windows Commander (Remove or Repair)

Windows XP Service Pack 2

WinRAR

Canon PhotoRecord

ACDSee 4.0.2 PowerPack Suite

CA eTrust PestPatrol Anti-Spyware

ANIWZCS2 Service

MP3 Player Utilities V1.28

Windows Genuine Advantage v1.3.0254.0

AirPlus XtremeG

ANIO Service

TuneUp Utilities 2006

WinProducer

Adobe Reader 7.0.8 - Svenska

InterVideo WinDVD

Canon ZoomBrowser EX

Minneskortprogram

ArcSoft PhotoImpression

Philips ToUcam Pro Camera

Microsoft Plus! for Windows XP

 

Finished

 

 

Link to comment
Share on other sites

Och här är HJT loggen

 

SDFix: Version 1.69

 

Run by Administrator - 2007-03-02 @ 23:44:05,40

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\Program Files\SDFix

 

Safe Mode:

Checking Services:

 

Path:

 

 

 

Restoring Windows Registry Entries

Restoring Default Hosts File

 

 

Rebooting...

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINDOWS\system32\TFTP2944 - Deleted

C:\WINDOWS\system32\TFTP3044 - Deleted

 

 

 

ADS Check:

 

C:\WINDOWS\system32

No streams found.

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\utorrent.exe"="C:\\Program Files\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"

"C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe:*:Enabled:D-Link AirPlus Utility"

"C:\\Program Files\\ESET\\nod32.exe"="C:\\Program Files\\ESET\\nod32.exe:*:Enabled:NOD32"

"C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe"="C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe:*:Enabled:Ad-aware 6"

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\PROGRA~1\SDFix\backups\backups.zip

 

 

Checking For Files with Hidden Attributes :

 

 

Add/Remove Programs List:

 

Ad-aware 6 Personal

ASUS Probe V2.17.07

AsusUpdate

C-Media Audio

Canon i470D

DivX 5.0.2 Pro Bundle

Canon Utilities Easy-PhotoPrint

Easy-WebPrint

ERUNT 1.1j

HijackThis 1.99.1

Canon Utilities PhotoStitch 3.1

Canon RemoteCapture Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon Camera Window DVC for ZoomBrowser EX

AirPlus XtremeG

Canon MovieEdit Task for ZoomBrowser EX

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Support Core Library

Canon Camera Window for ZoomBrowser EX

Microsoft Data Access Components KB870669

Line 6 Monkey 1.15 (Remove Only)

Mozilla Firefox (2.0.0.2)

Nero - Burning Rom (Web installer)

NoAdware v5.0

NOD32 Antivirus

NVIDIA Windows 2000/XP Display Drivers

PODxt Drivers 2.6.8.0 (Remove Only)

QuickTime

RealPlayer

SearchEnhancement: Bookmark

SearchEnhancement: Command

SearchEnhancement: Customize

SearchEnhancement: Error

SearchEnhancement: Filter

SearchEnhancement: Hopper

SearchEnhancement: Search

SearchEnhancement: Watcher

Spybot - Search & Destroy 1.4

Spyware Doctor 2.1

SpywareBlaster v3.5.1

TaskPatrol Personal 2.0

TPTEST 5.0.2

Tweak UI

Unlocker 1.8.1

VideoLink Pro

Winamp (remove only)

Windows Commander (Remove or Repair)

Windows XP Service Pack 2

WinRAR

Canon PhotoRecord

ACDSee 4.0.2 PowerPack Suite

CA eTrust PestPatrol Anti-Spyware

ANIWZCS2 Service

MP3 Player Utilities V1.28

Windows Genuine Advantage v1.3.0254.0

AirPlus XtremeG

ANIO Service

TuneUp Utilities 2006

WinProducer

Adobe Reader 7.0.8 - Svenska

InterVideo WinDVD

Canon ZoomBrowser EX

Minneskortprogram

ArcSoft PhotoImpression

Philips ToUcam Pro Camera

Microsoft Plus! for Windows XP

 

Finished

 

[inlägget ändrat 2007-03-03 00:33:57 av Kongo]

Link to comment
Share on other sites

jag försöker att posta en HJT logg, men varje gång jag klistrar in den här ändras texten till SD Fix loggen

 

 

Link to comment
Share on other sites

 

Logfile of HijackThis v1.99.1

Scan saved at 01:23:23, on 2007-03-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

SDFix: Version 1.69

 

Run by Administrator - 2007-03-02 @ 23:44:05,40

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\Program Files\SDFix

 

Safe Mode:

Checking Services:

 

Path:

 

 

 

Restoring Windows Registry Entries

Restoring Default Hosts File

 

 

Rebooting...

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINDOWS\system32\TFTP2944 - Deleted

C:\WINDOWS\system32\TFTP3044 - Deleted

 

 

 

ADS Check:

 

C:\WINDOWS\system32

No streams found.

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\utorrent.exe"="C:\\Program Files\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"

"C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe:*:Enabled:D-Link AirPlus Utility"

"C:\\Program Files\\ESET\\nod32.exe"="C:\\Program Files\\ESET\\nod32.exe:*:Enabled:NOD32"

"C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe"="C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe:*:Enabled:Ad-aware 6"

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\PROGRA~1\SDFix\backups\backups.zip

 

 

Checking For Files with Hidden Attributes :

 

 

Add/Remove Programs List:

 

Ad-aware 6 Personal

ASUS Probe V2.17.07

AsusUpdate

C-Media Audio

Canon i470D

DivX 5.0.2 Pro Bundle

Canon Utilities Easy-PhotoPrint

Easy-WebPrint

ERUNT 1.1j

HijackThis 1.99.1

Canon Utilities PhotoStitch 3.1

Canon RemoteCapture Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon Camera Window DVC for ZoomBrowser EX

AirPlus XtremeG

Canon MovieEdit Task for ZoomBrowser EX

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Support Core Library

Canon Camera Window for ZoomBrowser EX

Microsoft Data Access Components KB870669

Line 6 Monkey 1.15 (Remove Only)

Mozilla Firefox (2.0.0.2)

Nero - Burning Rom (Web installer)

NoAdware v5.0

NOD32 Antivirus

NVIDIA Windows 2000/XP Display Drivers

PODxt Drivers 2.6.8.0 (Remove Only)

QuickTime

RealPlayer

SearchEnhancement: Bookmark

SearchEnhancement: Command

SearchEnhancement: Customize

SearchEnhancement: Error

SearchEnhancement: Filter

SearchEnhancement: Hopper

SearchEnhancement: Search

SearchEnhancement: Watcher

Spybot - Search & Destroy 1.4

Spyware Doctor 2.1

SpywareBlaster v3.5.1

TaskPatrol Personal 2.0

TPTEST 5.0.2

Tweak UI

Unlocker 1.8.1

VideoLink Pro

Winamp (remove only)

Windows Commander (Remove or Repair)

Windows XP Service Pack 2

WinRAR

Canon PhotoRecord

ACDSee 4.0.2 PowerPack Suite

CA eTrust PestPatrol Anti-Spyware

ANIWZCS2 Service

MP3 Player Utilities V1.28

Windows Genuine Advantage v1.3.0254.0

AirPlus XtremeG

ANIO Service

TuneUp Utilities 2006

WinProducer

Adobe Reader 7.0.8 - Svenska

InterVideo WinDVD

Canon ZoomBrowser EX

Minneskortprogram

ArcSoft PhotoImpression

Philips ToUcam Pro Camera

Microsoft Plus! for Windows XP

 

Finished

 

SDFix: Version 1.69

 

Run by Administrator - 2007-03-02 @ 23:44:05,40

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\Program Files\SDFix

 

Safe Mode:

Checking Services:

 

Path:

 

 

 

Restoring Windows Registry Entries

Restoring Default Hosts File

 

 

Rebooting...

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINDOWS\system32\TFTP2944 - Deleted

C:\WINDOWS\system32\TFTP3044 - Deleted

 

 

 

ADS Check:

 

C:\WINDOWS\system32

No streams found.

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\utorrent.exe"="C:\\Program Files\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"

"C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe:*:Enabled:D-Link AirPlus Utility"

"C:\\Program Files\\ESET\\nod32.exe"="C:\\Program Files\\ESET\\nod32.exe:*:Enabled:NOD32"

"C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe"="C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe:*:Enabled:Ad-aware 6"

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\PROGRA~1\SDFix\backups\backups.zip

 

 

Checking For Files with Hidden Attributes :

 

 

Add/Remove Programs List:

 

Ad-aware 6 Personal

ASUS Probe V2.17.07

AsusUpdate

C-Media Audio

Canon i470D

DivX 5.0.2 Pro Bundle

Canon Utilities Easy-PhotoPrint

Easy-WebPrint

ERUNT 1.1j

HijackThis 1.99.1

Canon Utilities PhotoStitch 3.1

Canon RemoteCapture Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon Camera Window DVC for ZoomBrowser EX

AirPlus XtremeG

Canon MovieEdit Task for ZoomBrowser EX

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Support Core Library

Canon Camera Window for ZoomBrowser EX

Microsoft Data Access Components KB870669

Line 6 Monkey 1.15 (Remove Only)

Mozilla Firefox (2.0.0.2)

Nero - Burning Rom (Web installer)

NoAdware v5.0

NOD32 Antivirus

NVIDIA Windows 2000/XP Display Drivers

PODxt Drivers 2.6.8.0 (Remove Only)

QuickTime

RealPlayer

SearchEnhancement: Bookmark

SearchEnhancement: Command

SearchEnhancement: Customize

SearchEnhancement: Error

SearchEnhancement: Filter

SearchEnhancement: Hopper

SearchEnhancement: Search

SearchEnhancement: Watcher

Spybot - Search & Destroy 1.4

Spyware Doctor 2.1

SpywareBlaster v3.5.1

TaskPatrol Personal 2.0

TPTEST 5.0.2

Tweak UI

Unlocker 1.8.1

VideoLink Pro

Winamp (remove only)

Windows Commander (Remove or Repair)

Windows XP Service Pack 2

WinRAR

Canon PhotoRecord

ACDSee 4.0.2 PowerPack Suite

CA eTrust PestPatrol Anti-Spyware

ANIWZCS2 Service

MP3 Player Utilities V1.28

Windows Genuine Advantage v1.3.0254.0

AirPlus XtremeG

ANIO Service

TuneUp Utilities 2006

WinProducer

Adobe Reader 7.0.8 - Svenska

InterVideo WinDVD

Canon ZoomBrowser EX

Minneskortprogram

ArcSoft PhotoImpression

Philips ToUcam Pro Camera

Microsoft Plus! for Windows XP

 

Finished

 

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leta.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O2 - BHO: (no name) - {004B23E0-1E63-4ED6-BCAC-922BA26CF096} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.line6.net

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.181.87.189/activex/AxisCamControl.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.spray.se/app/uploader/FileUploader.cab

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

 

 

 

Link to comment
Share on other sites

Kan du svara på en annan fråga?

 

Om jag har en trådlös router med brandvägg, behöver jag då ha windows brandvägg aktiverad?

 

 

Link to comment
Share on other sites

ingen som helst aning

 

den här raden kan du bocka för och fixa, den hör till norton

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

 

funkar internet bättre nu?

[inlägget ändrat 2007-03-03 01:42:30 av 927]

Link to comment
Share on other sites

Jag var inne på Process Library och checkade av mina processer i Enhetshanteraren. Där fick jag svaret att jag hade nåt som hette Isass. Men när jag sökte på nätet hittade jag inte hur jag skulle få bort det..

Vet du?

 

 

Link to comment
Share on other sites

 

detta är en windowsfil

C:\WINDOWS\system32\lsass.exe

 

jag vet inte vad som kan bli fel med en trådlös router men kan du inte testa utan den och koppla bredbandet direkt i datorn?

 

sen kan man ju fixa med nätverk/ipadresser men samma sak här, jag vet inte vad som sker när man har en router

 

Link to comment
Share on other sites

Jag har kopplat datorn direkt med kabel till bredbandet, men det är lika dålig fart på uppkopplingen ocg samma problem med internet iaf.

 

Kan man posta en rootkit revealer logg??

 

 

Link to comment
Share on other sites

 

ja under file >save bör det väl gå men jag tror inte att du har något rootkit för det syns isf i loggen plus att sdfix kollar efter rootkits

 

hur dåligt fart har du på bredbandet?

 

om du skriver cmd i kör och trycker på ok, efter det skriver du tracert www.ginza.se >enter (får du en fråga från brandväggen så svara ja, alltid. gör sedan om samma sak igen för den första spårningen ger missvisande resultat pga av frågan från brandväggen.

det går att kopiera det som visas

 

Link to comment
Share on other sites

Hej! Gjorde som du sa. Fick ingen fråga från brandväggen.

 

Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

 

C:\Documents and Settings\Mr_Kent>tracertwww.ginza.se

'tracertwww.ginza.se' is not recognized as an internal or external command,

operable program or batch file.

 

C:\Documents and Settings\Mr_Kent>tracert www.ginza.se

 

Tracing route to www.ginza.se [217.151.193.180]

over a maximum of 30 hops:

 

1 2110 ms 29 ms 510 ms 192.168.0.1

2 9 ms 10 ms 14 ms 172.16.4.1

3 10 ms 11 ms 9 ms E3GW-180-1-G10.lnctv.com [213.242.180.1]

4 328 ms 201 ms 14 ms 212.75.93.37

5 10 ms 9 ms 894 ms CR-SE-STO-BJTR-3-ge-0-1.internet5.net [213.242.1

78.10]

6 24 ms 78 ms 49 ms TNSTOPEER.internet5.net [212.75.94.158]

7 261 ms 13 ms 1011 ms ge-0-3-0.se-snams001-pe-1.tu.telenor.net [212.10

5.101.254]

8 167 ms 280 ms 34 ms sol-ix-sto-1500.peer.365-24.net [193.110.13.237]

 

9 * 19 ms 520 ms www.ginza.se [217.151.193.180]

10 17 ms 622 ms 44 ms www.ginza.se [217.151.193.180]

11 59 ms 23 ms 903 ms www.ginza.se [217.151.193.180]

 

Trace complete.

 

C:\Documents and Settings\Mr_Kent>

 

 

Link to comment
Share on other sites

det är långt ifrån nomala värden men om det är din dator eller din isp som problemet kommer ifrån kan inte jag svara på.

så här ser mina värden ut (10 mbit)

 

1 <10 ms <10 ms <10 ms gw-n1-n-a31.ias.bredband.telia.com [217.208.]

2 <10 ms <10 ms <10 ms n-d4-link.se.telia.net [81.228.74.176]

3 <10 ms <10 ms <10 ms n-x-c1-link.se.telia.net [81.228.73.18]

4 * 6 ms 10 ms ld-h-c5-link.se.telia.net [81.228.76.58]

5 8 ms 7 ms 7 ms ld-h-peer1.se.telia.net [81.228.75.97]

6 7 ms 7 ms 7 ms kbn-b2-pos14-0.telia.net [213.248.78.126]

7 9 ms 9 ms 9 ms kbn-bb2-pos1-0-0.telia.net [213.248.65.13]

8 20 ms 20 ms 20 ms s-bb2-link.telia.net [213.248.65.165]

9 19 ms 19 ms 19 ms s-b3-pos4-0.telia.net [213.248.66.10]

10 20 ms 20 ms 20 ms qbranch-106097-s-b3.c.telia.net [213.248.67.74]

11 22 ms 22 ms 22 ms www.ginza.se [217.151.193.180]

12 22 ms 22 ms 22 ms www.ginza.se [217.151.193.180]

13 22 ms 22 ms 22 ms www.ginza.se [217.151.193.180]

 

Spårning utförd.

 

 

 

 

[inlägget ändrat 2007-03-07 22:19:49 av 927]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...