Just nu i M3-nätverket
Jump to content

Virus


oturen

Recommended Posts

Sorry om jag är en total idiot...

 

Hej trorjag har något skit på datorn...igen.. adware hittar samma "malware"

(vad det nu e) hela tiden.. dvs varje gång jag startar datorn

 

Skulle vilja att någon som har tid kunde gå igenom min loggfil...

... eee hur skaparman en sån??

 

Tack på förhand den som orkar med en klant.

 

Link to comment
Share on other sites

 

Kopiera det som Aware hittar och skicka hit.

Ladda ner HijackThis.exe och scanna datorn med det.

Skicka hit loggen sen så tar vi en titt hur den ser ut.

 

http://koti.mbnet.fi/pattaya1/HijackThis.exe

 

Glöm inte detta när du skickar loggar:

 

När du har klistrat in loggen så måla\markera den och klicka på LOG knappen och sen skicka.

 

> eee hur skaparman en sån?? <

 

Du har ju skickat loggen förut ser jag.

 

 

Link to comment
Share on other sites

hej hittar inte malware pryleni adware nu

har antagligen raderat den ..men lugn den kommer igen som alltid

den hette typ "microgaming malware regkey" typ.

 

vet att jag skickat en logg förut..men men hade lyckats radera

hijack..

suck att se mig använda en dator måste va som att springa över en väg

endast trafikerad av fulla bilister utan körkort.

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 13:32:36, on 01/17/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program\Bluetooth-programvara\bin\btwdins.exe

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Common\FSMB32.EXE

C:\Program\F-Secure\Common\FCH32.EXE

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\F-Secure\Common\FNRB32.EXE

C:\Program\F-Secure\Common\FIH32.EXE

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program\F-Secure\Common\FSM32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\D-Tools\daemon.exe

C:\Program\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe

C:\program\steam\steam.exe

C:\Program\Bluetooth-programvara\BTTray.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\zache\Mina dokument\hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program\ICQToolbar\toolbaru.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll

O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program\QuickSearch\QuickSearchBar3_28.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program\ICQToolbar\toolbaru.dll

O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program\QuickSearch\QuickSearchBar3_28.dll

O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU\..\Run: [steam] "c:\program\steam\steam.exe" -silent

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\Bluetooth-programvara\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119717484390

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\Program\fsbwlan.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program\F-Secure\Common\FSAA.EXE

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

 

[/log]

 

Link to comment
Share on other sites

 

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

Avinstallera via Kontrollpanelen om det finns

 

QuickSearch

 

[log]Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program\QuickSearch\QuickSearchBar3_28.dll

O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program\QuickSearch\QuickSearchBar3_28.dll

 

 

Sen ta bort om hittas

 

C:\Program\QuickSearch\ < mappen[/log]

 

Link to comment
Share on other sites

Tjena,

 

Om det Adaware hittar hette typ Microgaming någonting tror jag att det är något som har att göra med Ladbrokes Poker.

 

//Berra

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...