Just nu i M3-nätverket
Jump to content

Popup och eventuellt virus


Guest idgadmin

Recommended Posts

Guest idgadmin

Det hela startade med att undertecknad yrvaken öppnade ett mail av en polare, innehållandes följande:

 

In order to read the attach you have to use the following password:

 

 

 

mrrstovkas.gif (1.0 KB)

 

 

 

Your_complaint.zip (21.6 KB)

 

 

Precis när jag klickat på bildlänken tänkte jag; Nej! vad gör jag?

Men då var det givetvis försent.

 

Loggen ser ut som följer:

 

Logfile of HijackThis v1.97.7

Scan saved at 01:03:50, on 2004-10-23

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program\D-Tools\daemon.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\rundll32.exe

E:\Program\na\Norton.Firewall.2004.PRO\IAMAPP.EXE

C:\Program\QuickTime\qttask.exe

C:\Program\Microsoft Hardware\Keyboard\type32.exe

C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\bundle.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Documents and Settings\Administratör\Application Data\ssow.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

E:\Program\na\Norton.Firewall.2004.PRO\NISUM.EXE

C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

E:\Program\na\Norton.Firewall.2004.PRO\SymProxySvc.exe

E:\Program\na\Norton.Firewall.2004.PRO\NISSERV.EXE

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton AntiVirus\SAVScan.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

E:\Download\HijackThis.exe

E:\Program\ICQ\ICQLite.exe

 

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll

O2 - BHO: (no name) - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll

O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iamapp] E:\Program\na\Norton.Firewall.2004.PRO\IAMAPP.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program\Clone\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [Windows Registry Scan] regscan.exe

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\aincvm.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft Hardware\Mouse\point32.exe"

O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [sAHBundle] C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\bundle.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WebRebates0] "C:\Program\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe

O4 - HKCU\..\Run: [uode] C:\Documents and Settings\Administratör\Application Data\ssow.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\mscif.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Web Rebates - file://C:\Program\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: Referensinformation (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=be2e9ae8355f127418dc4f2da7ade549c50759577b958b177e09d4d98c097dbdc4e6e4b14ef20acb7b301b1134a60a787a0805f03bf7a773ae14dc805290d2:b771fac3b8ea1c06fba4f3abd0557676

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2595473e50a6f617fc20/netzip/RdxIE601.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093216854656

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D95CC4-B43D-45C2-A91D-E0CF563AEE9C}: NameServer = 81.26.226.3

 

Om någon kände sig manad att hjälpa en stackare i nöd skulle det uppskattas.

 

 

Link to comment
Share on other sites

 

jag är för trött för att tanka nu men du får säkert hjälp med hjtloggen ändå...

 

du har ju norton, varna/togs inte mailet bort!?

vad heter ditt virus, eller va det inget virus?

 

[inlägget ändrat 2004-10-23 02:15:26 av 927]

Link to comment
Share on other sites

Guest idgadmin

Logfile of HijackThis v1.98.2

Scan saved at 01:55:34, on 2004-10-26

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\rundll32.exe

E:\Program\na\Norton.Firewall.2004.PRO\IAMAPP.EXE

C:\Program\Microsoft Hardware\Keyboard\type32.exe

C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\bundle.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Documents and Settings\Administratör\Application Data\ssow.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

E:\Program\na\Norton.Firewall.2004.PRO\NISUM.EXE

C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

E:\Program\na\Norton.Firewall.2004.PRO\NISSERV.EXE

E:\Program\na\Norton.Firewall.2004.PRO\SymProxySvc.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton AntiVirus\SAVScan.exe

E:\Download\HijackThis.exe

 

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll

O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll

O2 - BHO: CUrlCliObj Object - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iamapp] E:\Program\na\Norton.Firewall.2004.PRO\IAMAPP.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program\Clone\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [Windows Registry Scan] regscan.exe

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\aincvm.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft Hardware\Mouse\point32.exe"

O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [sAHBundle] C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\bundle.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WebRebates0] "C:\Program\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe

O4 - HKCU\..\Run: [uode] C:\Documents and Settings\Administratör\Application Data\ssow.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\mscif.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Web Rebates - file://C:\Program\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=be2e9ae8355f127418dc4f2da7ade549c50759577b958b177e09d4d98c097dbdc4e6e4b14ef20acb7b301b1134a60a787a0805f03bf7a773ae14dc805290d2:b771fac3b8ea1c06fba4f3abd0557676

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2595473e50a6f617fc20/netzip/RdxIE601.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093216854656

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D95CC4-B43D-45C2-A91D-E0CF563AEE9C}: NameServer = 81.26.226.3

O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\msehek.dll

O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl

 

Jeg ber om tack för det snabba svaret... och om ursäkt för mitt fördröjda (internet har varit nere).

Men här är loggen.

 

Glömde säga att viruset förmodligen är/var någon variant av kournikova(om det var så det kallades)

[inlägget ändrat 2004-10-26 02:00:27 av Stillaway]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...