Just nu i M3-nätverket
Jump to content

explorer problem samt Win32.TrojanDownloader.Swizzor.br ???


iranian_stallion

Recommended Posts

iranian_stallion

hey jag har fått lite problem med internet expolrer de så här att varje gång när jag går in i internet explorer så kommer de en sån searchbar och när jag stänger av explorer så kommer de länsgt ner i skärmen en meny bar med casino , make mony ,travel serchbar, mortage en massa andra till efter man stängd ner explorer ..

 

och när jag gör visa det sig att jag har

 

Win32.TrojanDownloader.Swizzor.br

den här nån som vet nått om de ?

eller hur man kan få bort den

för jag har nod32 virus program och den hittar inte enns den

ok typ med adawere när jag tar bort den så kommer den tillbax bara när gång jag startar datan

 

Link to comment
Share on other sites

iranian_stallion

här e logen !! men jag har inte nån msn mesenger plus .. bara den vanliga fick den henom en mail !! bar öppna den woos så va den här

 

 

Logfile of HijackThis v1.98.2

Scan saved at 13:23:30, on 2004-11-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Internet Explorer\iexplore.exe

c:\program\intern~1\iexplore.exe

C:\Program\a2\a2guard.exe

C:\Program\oDC\oDC.exe

C:\Program\Internet Explorer\iexplore.exe

C:\hjackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ucennyizawwccegxtbgdbypn.com/MDzhOYEyX9RWZxWlspF7b1CW98ddyVnejT2nW58kpXC5SQdKyo43xpv3gdbx8f3I.jpg

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://valo1.tiscali.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://hbsaocdvvjray.info/MDzhOYEyX9SJrGArhdPyVUFqM5_5j59R7ZN/lF4Fu2w.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\mehdi basirat\Application Data\Mozilla\Profiles\default\dlc1h8hb.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\mehdi basirat\Application Data\Mozilla\Profiles\default\dlc1h8hb.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1925B0A1-810C-14D6-20E8-8C517D36B013} - C:\DOCUME~1\MEHDIB~1\APPLIC~1\INTRAU~1\flag creative.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [nod32kui] C:\Program\Eset\nod32kui.exe /WAITSERVICE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [32TwoSlowPile] C:\Documents and Settings\All Users\Application Data\showbike32two\BlehDupe.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [thunk open] C:\DOCUME~1\MEHDIB~1\APPLIC~1\Mp3amok\Noun sign.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [a-squared] "C:\Program\a2\a2guard.exe"

O4 - HKCU\..\Run: [a²] "C:\Program\a2\a2guard.exe"

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

 

 

 

Link to comment
Share on other sites

Iallafall har du haft Messenger Plus 3 på datorn ser jag.

 

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

 

[log]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ucennyizawwccegxtbgdbypn.com/MDzhOYEyX9RWZxWlspF7b1CW9

8ddyVnejT2nW58kpXC5SQdKyo43xpv3gdbx8f3I.jpg

O2 - BHO: (no name) - {1925B0A1-810C-14D6-20E8-8C517D36B013} - C:\DOCUME~1\MEHDIB~1\APPLIC~1\INTRAU~1\flag creative.exe

O4 - HKLM\..\Run: [32TwoSlowPile] C:\Documents and Settings\All Users\Application Data\showbike32two\BlehDupe.exe

O4 - HKCU\..\Run: [thunk open] C:\DOCUME~1\MEHDIB~1\APPLIC~1\Mp3amok\Noun sign.exe

 

 

Känner du inte igen den här sidan så bocka i den också

 

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://hbsaocdvvjray.info/MDzhOYEyX9SJrGArhdPyVUFqM5_5j59R7

ZN/lF4Fu2w.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\mehdi basirat\Application [/log]

 

 

Starta sen i felsäkert läge sök och ta bort

 

C:\DOCUME~1\MEHDIB~1\APPLIC~1\INTRAU~1\flag creative.exe

- ta bort INTRAU~1 mappen

 

C:\Documents and Settings\All Users\Application Data\showbike32two\BlehDupe.exe

- ta bort showbike32two mappen

 

C:\DOCUME~1\MEHDIB~1\APPLIC~1\Mp3amok\Noun sign.exe

- ta bort Mp3amok mappen

 

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...