Trojan-Spy.HTML.Smitfraud.c

22 juni, 2005

Då gör jag en ny (egen) tråd då...jag har problem med

Trojan-Spy.HTML.Smitfraud.c....tror jag :S...

För datorn startar om sig lite som den vill, med en bluescreen innan...

[log]

Logfile of HijackThis v1.99.1

Scan saved at 15:39:44, on 2005-06-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Program\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\Program\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\D-Tools\daemon.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\LogiTray.exe

C:\Program\Java\jre1.5.0_02\bin\jusched.exe

C:\Program\Daily Weather Forecast\weather.exe

C:\WINDOWS\wtnvmmun.exe

C:\Program\Logitech\Video\FxSvr2.exe

C:\Program\ISTsvc\istsvc.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\LennartFranzén\LFConnectionKeeper\lfck.exe

C:\Program\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Steam\Steam.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\Program\Silicon Image\SiISATARaid\SATARaid.exe

C:\Program\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Logitech\Video\AlbumDB2.exe

C:\HjT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program\Daily Weather Forecast\weather.exe

O4 - HKLM\..\Run: [mlvbfEtE] C:\WINDOWS\wtnvmmun.exe

O4 - HKLM\..\Run: [hglurgh] C:\WINDOWS\hglurgh.exe

O4 - HKLM\..\Run: [mlvùõš/‚²‘ÆßfÏNb‰»C:\Program\ISTsvc\istsvc.exe] C:\WINDOWS\wtnvmmun.exe

O4 - HKLM\..\Run: [Á³# é"h'þ9ÓœU3rÅ²WC:\Program\ISTsvc\istsvc.exe] C:\WINDOWS\wtnvmmun.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iST Service] C:\Program\ISTsvc\istsvc.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [steam] C:\Program\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - Global Startup: SATARaid.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Skapa mobilfavorit - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0C253E15-E096-4E07-BDF9-110895A258D4} (CamfrogWEB Control) - http://camfrogweb.com/download/cfweb_camfrogweb.com-download_instmodule.exe

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105725620171

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O23 - Service: LF Connection Keeper Service (LFCK) - Unknown owner - C:\Program\LennartFranzén\LFConnectionKeeper\lfck.exe" --startAsService (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program\Trend Micro\PC-cillin 2002\Tmntsrv.exe

[/log]

Det är hela, jag tar "Do a system scan, and save a logfile" Sen kopierar jag hela texten som kommer upp i logfilen...

22 juni, 2005

Avinstallera via Kontrollpanelen om det finns

ISTsvc

Daily Weather Forecast

Dolda filer synliga titta här hur man gör

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

[log]O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program\Daily Weather Forecast\weather.exe

O4 - HKLM\..\Run: [mlvbfEtE] C:\WINDOWS\wtnvmmun.exe

O4 - HKLM\..\Run: [hglurgh] C:\WINDOWS\hglurgh.exe

O4 - HKLM\..\Run: [mlvùõš/‚²‘ÆßfÏNb‰»C:\Program\ISTsvc\istsvc.exe] C:\WINDOWS\wtnvmmun.exe

O4 - HKLM\..\Run: [Á³# é"h'þ9ÓœU3rÅ²WC:\Program\ISTsvc\istsvc.exe] C:\WINDOWS\wtnvmmun.exe

O4 - HKLM\..\Run: [iST Service] C:\Program\ISTsvc\istsvc.exe

Starta sen i felsäkert läge och ta bort om hittas

C:\WINDOWS\wtnvmmun.exe

C:\Program\Daily Weather Forecast\ < mappen

C:\Program\ISTsvc\ < mappen

Starta sen normalt och ny Hijack logg.[/log]

22 juni, 2005

nya loggen

[log]

Logfile of HijackThis v1.99.1

Scan saved at 16:18:08, on 2005-06-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Program\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\Program\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\D-Tools\daemon.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\LogiTray.exe

C:\Program\Java\jre1.5.0_02\bin\jusched.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program\Steam\Steam.exe

C:\Program\Silicon Image\SiISATARaid\SATARaid.exe

C:\Program\Logitech\Video\FxSvr2.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\wincmd\WinCmd32.exe

C:\Program\LennartFranzén\LFConnectionKeeper\lfck.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\mIRC\mirc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\Program\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\WINDOWS\system32\wuauclt.exe