trojan horse generic_c.wwf

[ArGyLe]

Hej min dator hittade denna trojan. och jag har tagit bort den tror jag men datorn är seg å varvar jätte mycket så här kommer en liten log från hijackthis.. så om nån snäll människa vill ta sig en tit på den ...

 

MvH Robert

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:50:02, on 2008-11-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\McAfee\SiteAdvisor\McSACore.exe

C:\Program\McAfee\MSC\mcmscsvc.exe

c:\program\DELADE~1\mcafee\mna\mcnasvc.exe

c:\program\DELADE~1\mcafee\mcproxy\mcproxy.exe

C:\Program\McAfee\VIRUSS~1\mcshield.exe

C:\Program\McAfee\MPF\MPFSrv.exe

C:\Program\McAfee\MSK\MskSrver.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\McAfee\VIRUSS~1\mcsysmon.exe

c:\program\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program\Java\j2re1.4.2_05\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\program\powerstrip\pstrip.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Logitech\G-series Software\LGDCore.exe

C:\Program\Logitech\G-series Software\LCDMon.exe

C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

C:\Program\Logitech\G-series Software\Applets\LCDClock.exe

C:\Program\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Program\Microsoft ActiveSync\wcescomm.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.undertexter.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\program\mcafee\msk\mskapbho.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [PowerStrip] c:\program\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\Program\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program\Octoshape Streaming Services\Dalman\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [AIM] C:\Program\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [VOIPlay] "C:\Program\VOIPlay\voiplay.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [sTYLEXP] C:\Program\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Program\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~2\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~2\INetRepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit ... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~2\INetRepl.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.order.proprint.se/resources/files/ImageUploader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://streamingtvonline.net/movies/hd//DivXBrowserPlugin.cab

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: MBackMonitor - McAfee - C:\Program\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program\DELADE~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\program\DELADE~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program\McAfee\MSK\MskSrver.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program\TGTSoft\StyleXP\StyleXPService.exe (file missing)

 

--

End of file - 13322 bytes[/log]

 

 

[Cecilia]

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Den raden kan du läsa om på

http://www.bleepingcomputer.com/startups/alcmtr-240.html

 

Jag ser inget annat skadligt i loggen i alla fall.

 

Det är en urgammal Java-version med mängder med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java/J2SE/JRE utom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång).

 

Vilket program hittade trojanen?

I vilken mapp och fil fanns den?

Hur tog du bort den?

 

[ArGyLe]

PCTools hittade filen..

vart den låg vet ja inte jag la inte de på minnet tyvärr.

jag la in mcafee och tog bort allt den hittade så mcafee fick bort filen

 

[Cecilia]

Menar du Spyware Doctor eller vilket program från PC Tools?

Var det en crackfil? För det är det jag får napp på när jag googlar. I så fall så måste du ju också avinstallera programmet du försökte cracka.

 

Det är kanske McAfee som segar ner datorn. Det kan nog ta för mycket resurser om man inte har en snabb dator med ordentligt med RAM-minne.

 

[ArGyLe]

hade denna installerad PCTools Firewall Plus

och threatfire när jag hittade filen. tror den kommer ifrån gamecopyworld en fix till call of duty 5

 

MvH Robert

 

[Cecilia]

Kanske var Threatfire då för en brandvägg lär inte peka ut trojaner så där. Är fixen borttagen?

 

[ArGyLe]

ja fixen har ja tagit bort.. finner inget annat i burken så ja hoppas att allt är borta... får tacka så jätte mycket att du tog dig tid för att hjälpa mig

 

 

mvh Robert

 

[Cecilia]

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home