Hoppa till innehåll

Foto

Downloader.Trojan - Hur blir jag av med detta skräp?


  • Vänligen logga in för att kunna svara
10 svar till detta ämne

#1 fkarpenm

fkarpenm

    Nykomling

  • Medlemmar
  • Pip
  • 5 inlägg

Postad 25 januari 2005 klockan 21:58

Hej

Nån som kan läsa en log-fil från HijackThis flytande?

Min Norton Antivirus flaggar dagligen för en Downloader.Trojan och placerar en massa exe-filer i karantän. Mkt besvärande...

Jag är tacksam för all hjälp!

/F

Här är loggen:

Logfile of HijackThis v1.99.0
Scan saved at 21:46:17, on 2005-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\NavNT\defwatch.exe
C:\WINDOWS\system32\id2scaps.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program\NavNT\vptray.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program\iD2\CSP\iD2CertMover.exe
C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eniro.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://webmail.tele2.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StatusClient] C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [vptray] C:\Program\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZiKNgJtf] C:\WINDOWS\axtcxcb.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\axtcxcb.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe
O4 - HKLM\..\RunServicesOnce: [capscanuninstall] "C:\WINDOWS\command.com" /c del "C:\DOCUME~1\Fredrik\LOKALA~1\Temp\uninstal.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Date Manager.lnk = C:\Program\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program\Delade filer\GMT\GMT.exe
O4 - Global Startup: iD2 CSP Certificate Utility.lnk = C:\Program\iD2\CSP\iD2CertMover.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Påminnelser för Kalendern i Microsoft Works.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Informationshanteraren - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program\Delade filer\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .sgn: C:\Program\Internet Explorer\PLUGINS\npSign.dll
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093686558047
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program\NavNT\defwatch.exe
O23 - Service: iD2 Smart Card Server - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


#2 Mentor

Mentor

    Flitig

  • Väntar på godkännande
  • PipPipPipPip
  • 731 inlägg
  • Ort:Kristianstad

Postad 25 januari 2005 klockan 22:29

Läs här hur du ska göra för att bli av med det.

http://securityrespo...der.trojan.html


#3 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 85 668 inlägg
  • Ort:Stockholm

Postad 26 januari 2005 klockan 12:11

Börja med att göra som Mentor skriver.

Vad är det för Norton du har, variant och årsmodell?
I vilka filer rapporterar Norton att du har trojanen?

Om man tar bort något med HijackThis så kommer den att skapa säkerhetskopior i samma mapp som den själv ligger, eftersom dessa säkerhetskopior kan vara väldigt bra att ha om något går snett så tycker jag inte att det är så bra att HijackThis ligger i en mapp som heter Temp, allför stor risk att mappen tas bort.

Innan vi börjar med HijackThis så tycker jag att du först försöker rensa din dator med lite säkrare program.
Först dessa online-skanningar:
http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm
Skriv ner vad de hittar och i vilka filer.

Sedan antispioinprogrammen Ad-aware och Spybot Search & Destroy:
http://www.lavasoft....pport/download/
http://www.lavasofts...showtopic=42066 (instruktioner)
http://www.safer-net...load/index.html
Ta bort sådant de rapporterar som kritiskt eller farligt.

Sedan startar du om datorn och tar ut en ny HijackThis-logg.
Skriv i ditt svar vad online-skanningarna hittade, svar på övriga frågor och lägg med loggen.
Men denna gång så använder du LOG-knappen och inte KOD-knappen! :thumbsup:


#4 fkarpenm

fkarpenm

    Nykomling

  • Medlemmar
  • Pip
  • 5 inlägg

Postad 26 januari 2005 klockan 22:22

Fortfarande lika illa...

Har tyvärr bara modemuppkoppling än så länge, så online-scanningarna har jag inte löst ännu - det verkade ta väldigt lång tid att plocka hem de komponenter som behövdes?!?!

Har uppdaterat mina program nu igen (Norton, Adaware SE, Spybot)

Norton som jag kör är:
Norton AntiVirus, Corporate edition, 7.61.930, Server/Client Gold
Denna har jag varit duktig att uppdatera kontinuerligt.

Det är Nortons realtime-protection som hele tiden poppar upp. Dessutom vill datorn dra igång modemet varje gång jag startar datorn - nån skit verkar vilja ta kontakt med internet direkt vid uppstart. Så har det inte varit tidare...

Typiska filer som det varnas för:
axtcxb.exe
fsBNsdt.exe
osv.
De är av typ Downloader.Trojan.

Istbar är ett begrepp som jag tycker mig se lite här o var i detta...

Nedan finns tre feta logfiler
- Adaware SE
- Spybot
- HijackThis

Tacksam för all hjälp
/Fredrik



Adaware SE logfil:

[log]
Ad Aware

ArchiveData(auto-quarantine- 2005-01-21 21-26-14.bckp)
Referencefile : SE1R25 11.01.2005
======================================================

ISTBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : S-1-5-21-1602489464-1318987518-222395546-1007\software\ist
obj[1]=RegValue : S-1-5-21-1602489464-1318987518-222395546-1007\software\ist "Recover"


============


Ad-Aware SE Build 1.05
Logfile Created on:den 26 januari 2005 21:14:35
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R26 25.01.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
istbar(TAC index:6):2 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R26 25.01.2005
Internal build : 31
File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 413418 Bytes
Total size : 1303446 Bytes
Signature data size : 1273751 Bytes
Reference data size : 29183 Bytes
Signatures total : 36254
Fingerprints total : 607
Fingerprints size : 22890 Bytes
Target categories : 15
Target families : 632


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:47 %
Total physical memory:523760 kb
Available physical memory:243460 kb
Total page file size:1280504 kb
Available on page file:1056572 kb
Total virtual memory:2097024 kb
Available virtual memory:2047788 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2005-01-26 21:14:35 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32 ProcessID : 456
ThreadCreationTime : 2005-01-26 19:33:23
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32 ProcessID : 504
ThreadCreationTime : 2005-01-26 19:33:24
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32 ProcessID : 532
ThreadCreationTime : 2005-01-26 19:33:26
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32 ProcessID : 580
ThreadCreationTime : 2005-01-26 19:33:26
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Tjänst- och styrenhetsprogram
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32 ProcessID : 592
ThreadCreationTime : 2005-01-26 19:33:26
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32 ProcessID : 732
ThreadCreationTime : 2005-01-26 19:33:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32 ProcessID : 812
ThreadCreationTime : 2005-01-26 19:33:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32 ProcessID : 848
ThreadCreationTime : 2005-01-26 19:33:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32 ProcessID : 908
ThreadCreationTime : 2005-01-26 19:33:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32 ProcessID : 1004
ThreadCreationTime : 2005-01-26 19:33:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS ProcessID : 1176
ThreadCreationTime : 2005-01-26 19:33:29
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Utforskaren
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32 ProcessID : 1268
ThreadCreationTime : 2005-01-26 19:33:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32 ProcessID : 1372
ThreadCreationTime : 2005-01-26 19:33:30
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:14 [defwatch.exe]
FilePath : C:\Program\NavNT ProcessID : 1392
ThreadCreationTime : 2005-01-26 19:33:30
BasePriority : Normal
FileVersion : 7.61.00.930
ProductVersion : 7.61.00.930
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:15 [id2scaps.exe]
FilePath : C:\WINDOWS\system32 ProcessID : 1424
ThreadCreationTime : 2005-01-26 19:33:30
BasePriority : Normal


#:16 [mdm.exe]
FilePath : C:\Program\Delade filer\Microsoft Shared\VS7Debug ProcessID : 1452
ThreadCreationTime : 2005-01-26 19:33:30
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:17 [rtvscan.exe]
FilePath : C:\Program\NavNT ProcessID : 1480
ThreadCreationTime : 2005-01-26 19:33:30
BasePriority : Normal
FileVersion : 7.61.00.930
ProductVersion : 7.61.00.930
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2001

#:18 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32 ProcessID : 1512
ThreadCreationTime : 2005-01-26 19:33:30
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:19 [svchost.exe]
FilePath : C:\WINDOWS\System32 ProcessID : 1572
ThreadCreationTime : 2005-01-26 19:33:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32 ProcessID : 1620
ThreadCreationTime : 2005-01-26 19:33:30
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32 ProcessID : 1664
ThreadCreationTime : 2005-01-26 19:33:30
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:22 [cthelper.exe]
FilePath : C:\WINDOWS\system32 ProcessID : 204
ThreadCreationTime : 2005-01-26 19:33:32
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : cthelper
CompanyName : Creative Technology Ltd
FileDescription : cthelper
InternalName : cthelper
LegalCopyright : Copyright © 2002
OriginalFilename : cthelper.exe

#:23 [statusclient.exe]
FilePath : C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient ProcessID : 244
ThreadCreationTime : 2005-01-26 19:33:32
BasePriority : Normal
FileVersion : 00.00.13
ProductVersion : 00.00.13
ProductName : Hewlett-Packard T-TR Status Client
CompanyName : Hewlett-Packard
FileDescription : Hewlett-Packard T-TR Status Client
InternalName : StatusClient.exe
LegalCopyright : Copyright © 2002 Hewlett-Packard Company
LegalTrademarks : All Rights Reserved.
OriginalFilename : StatusClient.exe

#:24 [vptray.exe]
FilePath : C:\Program\NavNT ProcessID : 324
ThreadCreationTime : 2005-01-26 19:33:32
BasePriority : Normal
FileVersion : 7.61.00.930
ProductVersion : 7.61.00.930
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2001

#:25 [realsched.exe]
FilePath : C:\Program\Delade filer\Real\Update_OB ProcessID : 332
ThreadCreationTime : 2005-01-26 19:33:32
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:26 [ctfmon.exe]
FilePath : C:\WINDOWS\system32 ProcessID : 384
ThreadCreationTime : 2005-01-26 19:33:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:27 [msmsgs.exe]
FilePath : C:\Program\Messenger ProcessID : 396
ThreadCreationTime : 2005-01-26 19:33:33
BasePriority : Normal
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:28 [rundll32.exe]
FilePath : C:\WINDOWS\system32 ProcessID : 412
ThreadCreationTime : 2005-01-26 19:33:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Kör en DLL-fil som ett program
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : RUNDLL.EXE

#:29 [acrotray.exe]
FilePath : C:\Program\Adobe\Acrobat 5.0\Distillr ProcessID : 432
ThreadCreationTime : 2005-01-26 19:33:33
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:30 [id2certmover.exe]
FilePath : C:\Program\iD2\CSP ProcessID : 476
ThreadCreationTime : 2005-01-26 19:33:33
BasePriority : Normal


#:31 [wincinemamgr.exe]
FilePath : C:\Program\InterVideo\Common\Bin ProcessID : 480
ThreadCreationTime : 2005-01-26 19:33:33
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
ProductName : WinCinema Manager for InterVideo WinCinema products
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright © 2000 InterVideo Inc.
OriginalFilename : WinCinemaMgr.EXE

#:32 [javaw.exe]
FilePath : C:\Program\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin ProcessID : 1972
ThreadCreationTime : 2005-01-26 19:33:41
BasePriority : Normal


#:33 [alg.exe]
FilePath : C:\WINDOWS\System32 ProcessID : 2184
ThreadCreationTime : 2005-01-26 19:33:41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:34 [msgsys.exe]
FilePath : C:\WINDOWS\system32 ProcessID : 2352
ThreadCreationTime : 2005-01-26 19:33:43
BasePriority : Normal
FileVersion : 6.0.201.0940 E
ProductVersion : 6.0
ProductName : Intel Common Base Agent
CompanyName : Intel Corporation
FileDescription : CBA -- Message System
InternalName : MsgExe
LegalCopyright : Copyright © 1997, 1998
LegalTrademarks : LANDesk ® is a registered trademark of Intel Corporation
OriginalFilename : MsgSys.EXE

#:35 [dbgout.exe]
FilePath : C:\Program\Ericsson\COMMUN~1\MOBILE~1 ProcessID : 3352
ThreadCreationTime : 2005-01-26 19:35:10
BasePriority : Normal
FileVersion : 1, 0, 0,1671
ProductVersion : 1,1,0,109
ProductName : DbgOut Application
CompanyName : Teleca Software Solutions AB
FileDescription : DbgOut MFC Application
InternalName : DbgOut
LegalCopyright : Copyright © 1999-2002 Teleca Software Solutions AB. All rights reserved.
OriginalFilename : DbgOut.EXE

#:36 [ad-aware.exe]
FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 2684
ThreadCreationTime : 2005-01-26 20:09:25
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1602489464-1318987518-222395546-1007\software\ist

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1602489464-1318987518-222395546-1007\software\ist
Value : Recover

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fredrik@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:fredrik@imrworldwide.com/cgi-bin
Expires : 2009-01-19
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 3




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

21:32:44 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:09.438
Objects scanned:177879
Objects identified:3
Objects ignored:0
New critical objects:3

===========================
[/log]



Logfil från SpyBot


[log]
WebTrends live: Tracking cookie (Internet Explorer: Fredrik) (Cookie, fixed)
WebTrends live: Tracking cookie (Internet Explorer: Fredrik) (Cookie, fixed)
WebTrends live: Tracking cookie (Internet Explorer: Fredrik) (Cookie, fixed)
Avenue A, Inc.: Tracking cookie (Internet Explorer: Fredrik) (Cookie, fixed)
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-1602489464-1318987518-222395546-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DyFuCA.InternetOptimizer: Program directory (Directory, fixed)
C:\Program files\Internet OptimizerGAIN.Gator: Common files (Directory, fixed)
C:\Program\Delade filer\CMEII
GAIN.Gator: Autostart file (File, fixed)
C:\Documents and Settings\All Users\Start-meny\Program\Autostart\GStartup.lnk
GAIN.Gator: Autostart file (File, fixed)
C:\Documents and Settings\All Users\Start-meny\Program\Autostart\PrecisionTime.lnk
GAIN.Gator: Autostart file (File, fixed)
C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Påminnelser för Kalendern i Microsoft Works.lnk
GAIN.Gator: Autostart file (File, fixed)
C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Date Manager.lnk
GAIN.Gator: Common file (global) (File, fixed)
C:\Program\Delade filer\GMT\GMT.exe.manifest
GAIN.Gator: Common file (global) (File, fixed)
C:\Program\Delade filer\CMEII\CMEDiagnostics.log
GAIN.Gator: Common file (global) (File, fixed)
C:\Program\Delade filer\CMEII\GatorSupportInfo.txt
GAIN.Gator: Common file (global) (File, fixed)
C:\Program\Delade filer\GMT\mepgh.dat
GAIN.Gator: Common file (global) (File, fixed)
C:\Program\Delade filer\GMT\mepcmeft.dat
GAIN.Gator: Common file (global) (File, fixed)
C:\Program\Delade filer\GMT\meprca.dat
GAIN.Gator: Common file (global) (File, fixed)
C:\Program\Delade filer\GMT\mepcme.dat
GAIN.Gator: Common file (global) (File, fixed)
C:\Program\Delade filer\GMT\Helper.wav
GAIN.Gator: Common file (global) (File, fixed)
C:\Program\Delade filer\GMT\FillIn.wav
GAIN.Gator: Common file (global) (File, fixed)
C:\Program\Delade filer\GMT\Gator.log
GAIN.Gator: Common files (Directory, fixed)
C:\Program\Delade filer\GMT
GAIN.Gator: Module usage (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEGator.dll
GAIN.Gator: Program group (Directory, fixed)
C:\Documents and Settings\All Users\Start-meny\Program\Date Manager
GAIN.Gator: Program group (Directory, fixed)
C:\Documents and Settings\All Users\Start-meny\Program\PrecisionTime
--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\Cookies.sbi
[/log]


Logfil från HijackThis

[log]
Logfile of HijackThis v1.99.0
Scan saved at 22:07:30, on 2005-01-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\NavNT\defwatch.exe
C:\WINDOWS\system32\id2scaps.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program\NavNT\vptray.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program\iD2\CSP\iD2CertMover.exe
C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program\Ericsson\COMMUN~1\MOBILE~1\DbgOut.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eniro.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://webmail.tele2.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StatusClient] C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [vptray] C:\Program\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZiKNgJtf] C:\WINDOWS\axtcxcb.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\axtcxcb.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe
O4 - HKLM\..\RunServicesOnce: [capscanuninstall] "C:\WINDOWS\command.com" /c del "C:\DOCUME~1\Fredrik\LOKALA~1\Temp\uninstal.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: iD2 CSP Certificate Utility.lnk = C:\Program\iD2\CSP\iD2CertMover.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Informationshanteraren - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program\Delade filer\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .sgn: C:\Program\Internet Explorer\PLUGINS\npSign.dll
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093686558047
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A731078E-EB75-40E1-9D62-D2E4A6F94D2A}: NameServer = 213.150.135.211 213.150.135.210
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program\NavNT\defwatch.exe
O23 - Service: iD2 Smart Card Server - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

[/log]


#5 Little cracker

Little cracker

    Aktiv

  • Medlemmar
  • PipPipPip
  • 106 inlägg

Postad 26 januari 2005 klockan 22:36

hej

jag brukade ha istbar på min bärbar men nu är den borta! jag använde ad aware se, letade efter viruser..när den har letat klart så visas den en lista med alla farliga filer och på vilken plats de finns... istbar var i min registry(finns det viruser i registry så visas hela adressen, precis var den finns, typ... HEKY_CURRENT_USER/software... osv.)

...det e bara köra regedit, följa adressen hitta filen och radera bort den och när du gör den ska du ta bort nyckeln alla undernycklar....hoppas att det här hjälper dig.


#6 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 85 668 inlägg
  • Ort:Stockholm

Postad 27 januari 2005 klockan 11:30

Det är Ok med att du hoppar över online-skanningarna.

Även om du bara har uppringt modem så kan det nog vara ide med en brandvägg. Du kan ladda hem en gratis från t ex Kerio eller Sygate:
http://smb.sygate.co...pf_standard.htm
http://www.kerio.com/kpf_download.html

Låt Ad-aware ta bort allt den hittar som har med Istbar att göra. Om den inte kan göra det så starta om datorn i felsäkert läge och kör Ad-aware igen och se om det går bättre då.

Spybots klagan på DSO Exploit är en en bug i Spybot och inget att bry sig om. Om de andra sakerna kommer tillbaks i Spybot så kan det även där vara ide att köra den i felsäkert läge.

För att du inte ska råka återställa datorn till ett läge med en massa otrevligheter i så bör du nu stänga av systemåterställningsfunktionen för att ta bort alla systemåterställningspunkter.
Den här Datorn - Högerklick - Egenskaper - Systemåterställning
När datorn är ren så ska den sättas på igen.

[log]Efter att ha försökt med de två programmen så starta om datorn och kör HiajckThis och skanna. Bocka sedan för dessa rader:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ZiKNgJtf] C:\WINDOWS\axtcxcb.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\axtcxcb.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Starta om i felsäkert läge.

Ställ in så att du kan se alla filer i Utforskaren:
Verktyg - Mappalternativ - Visning
Välj Visa dolda filer och mappar
Avbocka Dölj filnamnstillägg för kända filtyper
Avbocka Dölj skyddade operativsystemfiler
Bocka för Visa innehållet i systemmappar

Ta bort filen:
C:\WINDOWS\axtcxcb.exe

Ta bort innehållet i denna mapp, men låt mappen vara kvar:
C:\DOCUME~1\Fredrik\LOKALA~1\TempDär ~1 står för ett antal godtyckliga tecken.[/log]

Starta om i normalt läge och ta ut en ny HijackThis-logg, som du lägger ut här tillsammans med hur det har gått med Ad-aware och Spybot (loggar från dem behövs inte).


#7 fkarpenm

fkarpenm

    Nykomling

  • Medlemmar
  • Pip
  • 5 inlägg

Postad 2 februari 2005 klockan 11:01

Hej

Tack alla som engagerat sig i mitt ärende. Jag valde dock att ominstallera hela burken. Har haft ett antal angrepp och kände att tiden var mogen för en nystart.

TACK!
/F

:thumbsup:


#8 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 85 668 inlägg
  • Ort:Stockholm

Postad 2 februari 2005 klockan 11:35

Ok!
För att skydda din dator i framtiden så kör Ad-aware och Spybot S&D regelbundet.


#9 fkarpenm

fkarpenm

    Nykomling

  • Medlemmar
  • Pip
  • 5 inlägg

Postad 4 februari 2005 klockan 15:05

Man riskerar inte att "dra på sig skräp" genom att installera dessa produkter på sin dator, eller? Är de "safe" ?

/F


#10 [Esc]

[Esc]

    Veteran

  • Medlemmar
  • PipPipPipPipPip
  • 4 975 inlägg

Postad 4 februari 2005 klockan 15:23

Ovanstående produkter är mest för att reparera skadan, och ta bort skräp
Laddas ner här:
Spybot (http://security.kolla.de/)
AdAware (http://www.lavasoft.de eller http//www.lavasoftusa.com/)

För att i framtiden hindra att spyware installeras:
Ladda ner
Spywareblaster
Spyywareguard
från http://www.javacoolsoftware.com

och Microsoft Antispyware Beta
från http://www.microsoft...re/default.mspx

Alla dessa produkter är "safe"


--
[Esc]


#11 fkarpenm

fkarpenm

    Nykomling

  • Medlemmar
  • Pip
  • 5 inlägg

Postad 4 februari 2005 klockan 21:39

Schysst! Man tackar! :thumbsup:





0 användare läser detta ämne

0 medlemmar, 0 gäster, 0 anonyma medlemmar

 
 

Senaste trådarna

 

pc för alla Senaste nytt


Prenumerera på nyheter

Missa inte PC för Allas
smarta nyhetsbrev
Läs mer om nyhetsbreven här!
  PFA Express
  Veckans surftips
  Extreme
PC för Alla-nätverket