Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Skapar ny anslutning!

Gäst idgadmin

Startad av Gäst idgadmin,
i Virus, skadliga program & botemedel

Rekommendera Poster

Gäst idgadmin

Gäst idgadmin

Postad
Postad

Vore tacksam för hjälp. Ett fönster ploppar upp var och varannan minut med texten Already Running!!! +att startsidan ändras,går ej bort med ad-awere eller spysweeper.

 

Logfile of HijackThis v1.97.7

Scan saved at 20:54:19, on 2004-05-12

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ICO.EXE

C:\WINDOWS\System32\Pelmiced.exe

C:\Program\LEXMAR~1\ACMonitor_X83.exe

C:\Program\LEXMAR~1\AcBtnMgr_X83.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\MMTray2k.exe

C:\WINDOWS\System32\MMTrayLSI.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\runwin32.exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\windial32.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\IBM\Lokala inställningar\Temp\Temporär katalog 3 för hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchmeup.com/search.php?aid=1057

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmeup.com/search.php?aid=1057

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmeup.com/search.php?aid=1057

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchmeup.com/search.php?aid=1057

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchmeup.com/search.php?aid=1057

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://login1.telia.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchmeup.com/search.php?aid=1057

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchmeup.com/search.php?aid=1057

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE_Window_Title

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchmeup.com/search.php?aid=1057

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O1 - Hosts: 69.50.170.21 www.yahoo.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5DAFD089-24B1-4c5e-BD42-8CA72550717B} - C:\Program\SurfAssistant.com\saiemod.dll (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\Program\LEXMAR~1\ACMonitor_X83.exe

O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\Program\LEXMAR~1\AcBtnMgr_X83.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37412.0086226852

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

 

 

Länk till kommentar
Dela på andra webbplatser
Mij

Mij

Postad
Postad

Tyvärr har du virus.

 

Objektet C:\WINDOWS\runwin32.exe är ett virus som du kan läsa mer om här http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.allight.html

 

Där finns också instruktioner för hur du tar bort viruset.

 

Du kan även prova med en onlinescanning på tex Trend Micro:

http://housecall.trendmicro.com/housecall/start_corp.asp

 

Vidare kan du ladda ner CWShredder från http://www.spywareinfo.com/~merijn/downloads.html

 

Kör programmet.

Kör sedan HiJack This igen.

 

Om följande objekt är kvar efter det, bockar du i dessa i HJT och klickar på "Fix":

[FET]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057'>http://www.searchmeup.com/search.php?aid=1057

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchmeup.com/search.php?aid=1057

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmeup.com/search.php?aid=1057

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmeup.com/search.php?aid=1057

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchmeup.com/search.php?aid=1057

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchmeup.com/search.php?aid=1057

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchmeup.com/search.php?aid=1057

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchmeup.com/search.php?aid=1057

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE_Window_Title

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchmeup.com/search.php?aid=1057

 

O2 - BHO: (no name) - {5DAFD089-24B1-4c5e-BD42-8CA72550717B} - C:\Program\SurfAssistant.com\saiemod.dll (file missing)

 

O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe

[/FET]

 

Posta gärna en ny logg när du är klar med ovanstående.

Börja med viruset...

 

 

 

Länk till kommentar
Dela på andra webbplatser
Gäst idgadmin

Gäst idgadmin

Postad
Postad

Tack för hjälpen.

Jag hoppas verkligen det fungerade.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 22:35:25, on 2004-05-13

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ICO.EXE

C:\Program\LEXMAR~1\ACMonitor_X83.exe

C:\Program\LEXMAR~1\AcBtnMgr_X83.exe

C:\WINDOWS\System32\Pelmiced.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\MMTray2k.exe

C:\WINDOWS\System32\MMTrayLSI.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Documents and Settings\IBM\Lokala inställningar\Temp\Temporär katalog 4 för hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com'>http://login1.telia.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\Program\LEXMAR~1\ACMonitor_X83.exe

O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\Program\LEXMAR~1\AcBtnMgr_X83.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spySweeper] C:\Program\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37412.0086226852

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

 

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...