Just nu i M3-nätverket
Jump to content

Trojan "Nebuler"


mhb

Recommended Posts

Hej,

 

av ren idioti råkade jag ladda hem en .exe fil från internet när jag hade lite bråttom, och denna filen innehöll en trojan. Det började med att jag fick en ny startsida, spyfalcon och en pop-up som kom upp hela tiden som annonserade att jag hade virus på datorn.

Jag tror att viruset jag har/hade på datorn liknade detta virus i denna tråd //eforum.idg.se/viewmsg.asp?entriesid=816971

 

I alla fall. Jag lyssnade på några av råden som gavs i den andra tråden och försökte göra som dom sa. Jag lyckades radera några .dll filer som låg i system32 mappen. Sen efter det har jag använt åtskilliga virusprogram. Problemet är att nu, efter att det mesta (kanske till och med allt) är borta så känns det ändå som om något är kvar.

 

Mitt internet explorer fungerade inte när man ville öppna rutor (så som den här rutan man skriver inlägg i), så jag var tvungen att ladda hem firefox för att använda mig av detta forum.

 

Både mitt norton antivirus och firewall beter sig konstigt också, då dom inte visar någonting förutom en blank skärm. Jag har en aning att det kanske har med javascripten att göra, men jag vet egentligen ingenting.

 

Nu undrar jag hur jag ska göra för att veta om min dator är helt ren och felfri.

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:30:43, on 2006-05-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\EPSON\ESM2\eEBSVC.exe

C:\Program\ewido anti-malware\ewidoctrl.exe

C:\Program\ewido anti-malware\ewidoguard.exe

C:\Program\Sony\MD Simple Burner\NetMDSB.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\sistray.EXE

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\mHotkey.exe

C:\Program\D-Tools\daemon.exe

C:\Program\Java\jre1.5.0_02\bin\jusched.exe

C:\Program\Sony\SONICS~1\SsAAD.exe

C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Greatis\REGRUN~1\WatchDog.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\PROGRAM\WINZIP\winzip32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administratör\Lokala inställningar\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dn.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [ssAAD.exe] C:\Program\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Administratör\Lokala inställningar\Temporary Internet Files\Content.IE5\GXW9A78P\utorrent[1].exe"

O4 - HKCU\..\Run: [Regrun2] C:\Program\Greatis\REGRUN~1\WatchDog.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program\EPSON\ESM2\STMS.exe

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Dream Poker - {2841F778-7EAA-4e5a-BE73-E93F9420390E} - C:\Program\dreampokerMPP\MPPoker.exe

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O23 - Service: Bonjour-tjänst (Bonjour Service) - Unknown owner - C:\Program\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program\EPSON\ESM2\eEBSVC.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido anti-malware\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program\Sony\MD Simple Burner\NetMDSB.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

Link to comment
Share on other sites

 

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka Fix checked

 

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123

 

och uppdatera din java

 

Eftersom du hade SpyFalcon så:

 

Ladda ner SmitfraudFix på skrivbordet och unzippa den där.

 

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

Sen öppna SmitfraudFix mappen och dubbelklicka på smitfraudfix.cmd

Välj altenativ Search = klicka 1 och Enter

Kopiera loggen som kommer ut och skicka hit.

 

 

 

Link to comment
Share on other sites

Hej Mhb!

 

Kontrollera om du verkligen har behov av nedan, Om EJ: radera gärna!:

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

 

O4 - HKLM\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe

 

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

 

O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Administratör\Lokala inställningar\Temporary Internet Files\Content.IE5\GXW9A78P\utorrent[1].exe"

 

O4 - HKCU\..\Run: [Regrun2] C:\Program\Greatis\REGRUN~1\WatchDog.exe

 

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

 

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123

 

Gör sedan en kontroll av datorn via en BRA online avsökning:

http://www.kaspersky.com/virusscanner

 

 

:0)

 

/Thomas

Ladda ner professionella väl genomtänkta installationsanvisningar som ger hög säkerhet mot virus & angrepp, stabil drift samt optimal prestanda på: http://www.winguider.se Finns för Win2000 Pro & för XP Pro (3 olika versioner) Ej för XP home

 

[inlägget ändrat 2006-05-23 14:57:48 av /Thomas]

[inlägget ändrat 2006-05-23 14:59:08 av /Thomas]

Link to comment
Share on other sites

Här är smitfraudfix loggen

 

[log]SmitFraudFix v2.46

 

Scan done at 14:55:50,51, 2006-05-23

Run from C:\Documents and Settings\Administrat”r\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600]

Fix ran in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\regperf.exe FOUND !

C:\WINDOWS\system32\simpole.tlb FOUND !

C:\WINDOWS\system32\stdole3.tlb FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrat”r\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

Link to comment
Share on other sites

 

Java + update hittar du i Kontrollpanelen

 

Starta datorn i felsäkert läge.

 

Efter det öppna SmitfraudFix mappen och dubbelklicka på smitfraudfix.cmd

Välj altenativ Clean = klicka 2 och Enter

Sen vänta tills den jobbar klart.

På frågan "Registry cleaning - Do you want to clean the registry ?"

svara Yes med att klicka Y och Enter

Om wininet.dll är infekterad får du frågan "Replace infected file ?"

svara Yes med att klicka Y och Enter.

Om inte datorn startar om automatiskt så starta den i normalläge.

 

Skicka sen C:\rapport.txt

 

 

Link to comment
Share on other sites

Tack så mycket för alla svar! Jag tror jag har fått bort alla virus. Trots det så känns det som om min dator har tagit emot ett hårt slag. Internet explorer fungerar ej som förut så jag har varit tvungen att ta till firefox. Vissa program vägrar öppnas (bitcomet, pplive, norton firewall). Samt att datorn tar lite väl god tid på sig vid uppstarten.

 

Skulle vara väldigt tacksam för förslag

 

Link to comment
Share on other sites

 

> Jag lyckades radera några .dll filer som låg i system32 mappen. <

 

Vet inte vilka filer du har tagit bort men pröva att ominstallera dom program som inte öppnas.

 

Link to comment
Share on other sites

Jag vet inte om problemet sitter i .dll filerna. Jag har för mig att båda var virus. Iafl så är det problem med att stänga av datorn nu också. Jag undrar om det inte är så att jag har fått nya virus. . . Här är en ny hijack log

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:59:38, on 2006-05-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\EPSON\ESM2\eEBSVC.exe

C:\Program\ewido anti-malware\ewidoctrl.exe

C:\Program\ewido anti-malware\ewidoguard.exe

C:\Program\Sony\MD Simple Burner\NetMDSB.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\sistray.EXE

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\mHotkey.exe

C:\Program\D-Tools\daemon.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Sony\SONICS~1\SsAAD.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Greatis\REGRUN~1\WatchDog.exe

C:\Program\Windows Media Player\wmplayer.exe

C:\Program\Real\RealPlayer\RealPlay.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\PROGRAM\WINZIP\winzip32.exe

C:\Documents and Settings\Administratör\Lokala inställningar\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [ssAAD.exe] C:\Program\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Administratör\Lokala inställningar\Temporary Internet Files\Content.IE5\GXW9A78P\utorrent[1].exe"

O4 - HKCU\..\Run: [Regrun2] C:\Program\Greatis\REGRUN~1\WatchDog.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program\EPSON\ESM2\STMS.exe

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Dream Poker - {2841F778-7EAA-4e5a-BE73-E93F9420390E} - C:\Program\dreampokerMPP\MPPoker.exe

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O23 - Service: Bonjour-tjänst (Bonjour Service) - Unknown owner - C:\Program\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program\EPSON\ESM2\eEBSVC.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido anti-malware\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program\Sony\MD Simple Burner\NetMDSB.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

Link to comment
Share on other sites

Prova även http://www.f-secure.com/blacklight/

Som söker efter Rootkits! (dvs. filer(smittor) som döljs för windows & virusskydd!)

 

:0)

 

 

/Thomas

Ladda ner professionella väl genomtänkta installationsanvisningar som ger hög säkerhet mot virus & angrepp, stabil drift samt optimal prestanda på: http://www.winguider.se Finns för Win2000 Pro & för XP Pro (3 olika versioner) Ej för XP home

 

[inlägget ändrat 2006-05-31 08:53:23 av /Thomas]

Link to comment
Share on other sites

  • 2 weeks later...

 

Jag körde en Kaspersky scan och fick denna logg. Utöver det så har jag märkt att vissa program helt enkelt stannar upp, och då går det ej att avsluta dom helt heller. Dom stannar kvar (även om dom inte är igång) och det står att programmet ej svarar. Programmen funkar heller inte efter en ominstallering. . . skumt

 

 

 

 

[log]-------------------------------------------------------------------------------

KASPERSKY ON-LINE SCANNER REPORT

Sunday, June 04, 2006 4:56:41 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky On-line Scanner version: 5.0.78.0

Kaspersky Anti-Virus database last update: 4/06/2006

Kaspersky Anti-Virus database records: 186525

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A: C: D: E:

Scan Statistics:

Total number of scanned objects: 130951

Number of viruses found: 19

Number of infected objects: 40

Number of suspicious objects: 0

Duration of the scan process: 01:00:30

 

Infected Object Name / Virus Name / Last Action

C:\Program\Norton AntiVirus\Quarantine\14BB3BC4 Infected: Trojan-Downloader.JS.IstBar.b skipped

C:\Program\Norton AntiVirus\Quarantine\154B4CB1 Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped

C:\Program\Norton AntiVirus\Quarantine\20DB08B0 Infected: Trojan-Downloader.Win32.IstBar.gen skipped

C:\Program\Norton AntiVirus\Quarantine\3DF3693D Infected: Trojan-Downloader.Win32.IstBar.gen skipped

C:\Program\Norton AntiVirus\Quarantine\3DF7133A Infected: Trojan-Downloader.Win32.IstBar.gen skipped

C:\Program\Norton AntiVirus\Quarantine\3DFA3D36 Infected: Trojan-Downloader.Win32.IstBar.ga skipped

C:\Program\Norton AntiVirus\Quarantine\548917DE Infected: Trojan-Downloader.Win32.Dyfuca.dk skipped

C:\Program\Norton AntiVirus\Quarantine\60B20C6E Infected: Trojan-Downloader.Win32.IstBar.er skipped

C:\Program\Norton AntiVirus\Quarantine\6429036D.dctmp Infected: P2P-Worm.Win32.Tibick.d skipped

C:\Program\Norton AntiVirus\Quarantine\65410179 Infected: Trojan-Downloader.Win32.Dyfuca.dk skipped

C:\Program\Norton AntiVirus\Quarantine\66A366AF Infected: Trojan-Downloader.Win32.IstBar.gen skipped

C:\Program\Norton AntiVirus\Quarantine\66ED2D58.dctmp Infected: P2P-Worm.Win32.Tibick.d skipped

C:\Program\Norton AntiVirus\Quarantine\71052363 Infected: Trojan-Downloader.JS.IstBar.b skipped

C:\Program\Norton AntiVirus\Quarantine\717F3FEF Infected: Trojan-Downloader.Win32.Dyfuca.dk skipped

C:\Program\Norton AntiVirus\Quarantine\718269EB Infected: Trojan-Downloader.JS.IstBar.j skipped

C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\7D5024D8.exe Infected: Trojan-Downloader.Win32.Zlob.pb skipped

C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\07CF79E3.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped

C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\10515E86.exe/data0002 Infected: Trojan-Downloader.Win32.IstBar.er skipped

C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\10515E86.exe NSIS: infected - 1 skipped

C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\10515E86.exe CryptFF: infected - 1 skipped

C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\38CE6DF8.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\38CE6DF8.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\38CE6DF8.exe NSIS: infected - 2 skipped

C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\38CE6DF8.exe CryptFF: infected - 2 skipped

C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\38D117F4.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\38D117F4.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\38D117F4.exe NSIS: infected - 2 skipped

C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\38D117F4.exe CryptFF: infected - 2 skipped

C:\System Volume Information\_restore{8DC2AB82-39F9-4251-A2B6-9C179BA03F31}\RP510\A0043218.exe/data0002 Infected: Trojan-Downloader.Win32.IstBar.er skipped

C:\System Volume Information\_restore{8DC2AB82-39F9-4251-A2B6-9C179BA03F31}\RP510\A0043218.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{8DC2AB82-39F9-4251-A2B6-9C179BA03F31}\RP511\A0043279.dll Infected: Trojan-Downloader.Win32.IstBar.ff skipped

C:\System Volume Information\_restore{8DC2AB82-39F9-4251-A2B6-9C179BA03F31}\RP511\A0043283.exe Infected: Trojan-Downloader.Win32.PurityScan.au skipped

C:\System Volume Information\_restore{8DC2AB82-39F9-4251-A2B6-9C179BA03F31}\RP511\A0043284.EXE Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{8DC2AB82-39F9-4251-A2B6-9C179BA03F31}\RP511\A0043296.exe Infected: Trojan-Downloader.Win32.Zlob.pc skipped

C:\System Volume Information\_restore{8DC2AB82-39F9-4251-A2B6-9C179BA03F31}\RP514\A0046998.exe Infected: Trojan-Downloader.Win32.Zlob.pb skipped

C:\System Volume Information\_restore{8DC2AB82-39F9-4251-A2B6-9C179BA03F31}\RP517\A0047266.dll Infected: not-virus:Hoax.Win32.Renos.dd skipped

C:\System Volume Information\_restore{8DC2AB82-39F9-4251-A2B6-9C179BA03F31}\RP517\A0047682.dll Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{8DC2AB82-39F9-4251-A2B6-9C179BA03F31}\RP517\A0049111.exe Infected: Trojan-Downloader.Win32.Zlob.pa skipped

C:\System Volume Information\_restore{8DC2AB82-39F9-4251-A2B6-9C179BA03F31}\RP517\A0049112.tlb Infected: Trojan-Downloader.Win32.Zlob.oz skipped

C:\System Volume Information\_restore{8DC2AB82-39F9-4251-A2B6-9C179BA03F31}\RP522\A0053432.exe Infected: Trojan-Downloader.Win32.PurityScan.cp skipped

 

Scan process completed.

[/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...