Just nu i M3-nätverket
Jump to content

trojan-spy.html.smitfraud.c


Tjena snygging

Recommended Posts

Tjena snygging

vet någon hur jag tar bort detta virus?

Jag har sökt igenom me HijackThis Här är min logo::

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:59:52, on 2005-05-06

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Norman\bin\ZLH.EXE

C:\Program\Eset\nod32kui.exe

C:\Program\Winamp\winampa.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Eset\nod32krn.exe

C:\Norman\Bin\Zanda.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\nipsvc.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Winamp\winamp.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\jhjvsalwwz.exe

D:\Film\Csfilmer\hijackthis_199\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {11FD0B54-77C8-40A1-8727-ECCE4BDEFD9D} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKCU\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)

O9 - Extra button: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c7.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115397139388

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program\Eset\nod32krn.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

 

 

 

Link to comment
Share on other sites

Ladda ner denna uninstaller

 

http://www.mypctuneup.com/evaluate.php

 

(If you are downloading it with a browser other than IE, you may need to strip the '.php' from the end).

 

Följ noga anvisningar på sidan hur man använder den.

När du har startat om datorn så skicka en ny Hijack logg.

 

När du skickar nästa logg så måla den först och sen klicka på LOG

och skicka efter det.

 

 

Link to comment
Share on other sites

Tjena snygging

Logfile of HijackThis v1.99.1

Scan saved at 19:57:48, on 2005-05-06

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Norman\bin\ZLH.EXE

C:\Program\Eset\nod32kui.exe

C:\Program\Winamp\winampa.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Eset\nod32krn.exe

C:\Norman\Bin\Zanda.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\nipsvc.exe

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

D:\Film\Csfilmer\hijackthis_199\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {11FD0B54-77C8-40A1-8727-ECCE4BDEFD9D} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKCU\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)

O9 - Extra button: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c7.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115397139388

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program\Eset\nod32krn.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

 

 

Link to comment
Share on other sites

 

"När du skickar nästa logg så måla den först och sen klicka på LOG

och skicka efter det."

 

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

(skippa inte greijen ovan)

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

[log]O2 - BHO: (no name) - {11FD0B54-77C8-40A1-8727-ECCE4BDEFD9D} - (no file)

O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

O9 - Extra button: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c

7.cab

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

 

 

Starta sen i felsäkert läge och ta bort

 

C:\WINDOWS\isrvs\ < mappen

 

Starta normalt och ny logg.[/log]

 

Link to comment
Share on other sites

Tjena snygging

Logfile of HijackThis v1.99.1

Scan saved at 20:12:12, on 2005-05-06

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Norman\bin\ZLH.EXE

C:\Program\Eset\nod32kui.exe

C:\Program\Winamp\winampa.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Eset\nod32krn.exe

C:\Norman\Bin\Zanda.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\nipsvc.exe

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

D:\Ventrilo\Ventrilo.exe

D:\Film\Csfilmer\hijackthis_199\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKCU\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)

O9 - Extra button: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c7.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115397139388

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program\Eset\nod32krn.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

 

 

Link to comment
Share on other sites

Har du bockat i rader jag nämde och klickat på Fix checked och tagit bort denna mapp.

 

C:\WINDOWS\isrvs\ < mappen

 

 

Link to comment
Share on other sites

gick inte att loga det för att min dator hängde sig då :S

Då kan du göra så att du innan loggen skriver in [ LOG ] och efter loggen skriver in [ /LOG ], fast utan mellanrummen mellan [] och LOG, så att folk slipper hålla på och skrolla så väldigt mycket.

 

Link to comment
Share on other sites

Du har 2 antivirus i gång

 

NOD32 och Norman

 

Stäng av en utav dom.

Sen skicka en ny Hijack logg

 

> men problemet kvarstår fortfarande <

 

Berätta lite mera vad är problemet.

 

Link to comment
Share on other sites

Tjena snygging

Jo det är ju bakgrounden.. den e helt blå och då står det Security warnig... sen står det trojan-spy.html.smitfraud.c sen att jag ska söka egenom me adware program o anti virus program och jag har gjort båda men inget har funkat....

 

 

nya logo

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:23:29, on 2005-05-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Eset\nod32krn.exe

C:\Norman\Bin\Zanda.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\BIN\nipsvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Norman\bin\ZLH.EXE

C:\Program\Winamp\winampa.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Nvc\bin\cclaw.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\msdtc.exe

D:\Ventrilo\Ventrilo.exe

C:\Program Files\mIRC\mirc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

D:\Film\Csfilmer\hijackthis_199\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKCU\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c7.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115397139388

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program\Eset\nod32krn.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

 

 

Link to comment
Share on other sites

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

(skippa inte greijen ovan)

 

Du har fortfarande 2 antivirusprogram i gång.

 

Nod32 och Norman

 

STÄNG AV EN UTAV DOM.

 

Ladda ner DelDomains.inf

 

http://mvps.org/winhelp2002/DelDomains.inf

 

Spara den på skrivbordet och sen högerklicka på den och välj Installera.

 

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

[log]O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

O9 - Extra button: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c

7.cab

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

 

 

Sen starta om datorn.

Konstigt... om du har smitfraud för att i loggen ser man inte nåt .

Skicka en Startuplist logg från Hijackken

 

Config.... > Misc Tools > Generate StartupList log

Bocka i dom 2 smårutor före du scannar

List also.....

List empty....[/log]

 

Link to comment
Share on other sites

Tjena snygging

Logfile of HijackThis v1.99.1

Scan saved at 20:12:36, on 2005-05-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Norman\bin\ZLH.EXE

C:\Program\Winamp\winampa.exe

C:\Program\Eset\nod32krn.exe

C:\Norman\Bin\Zanda.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\BIN\nipsvc.exe

C:\Norman\bin\NJEEVES.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\System32\alg.exe

C:\Norman\Nvc\bin\cclaw.exe

D:\Ventrilo\Ventrilo.exe

D:\Spel\Steam\Steam.exe

C:\Program\RivaTuner v2.0 RC 15.4\RivaTuner.exe

C:\Program Files\mIRC\mirc.exe

C:\Program\Winamp\winamp.exe

C:\WINDOWS\System32\svchost.exe

d:\spel\steam\steamapps\rexp300\counter-strike\hl.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Film\Csfilmer\hijackthis_199\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKCU\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c7.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115397139388

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program\Eset\nod32krn.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

Link to comment
Share on other sites

Alltså nu fattar jag ingentig.

Har du gjort allt jag skrev Idag 10:32

 

För att dessa rader ska försvinna från loggen om du har bockat i dom och Fix:at

 

O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

O9 - Extra button: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {96DB937F-3A47-4714-A68B-8767FB336B22} - (no file) (HKCU)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c

7.cab

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

 

 

Och skicka en Startuplist som jag skrev och STÄNG AV ena antivirusprogram du har nod32 och Norman igång.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...