Guest idgadmin Posted October 22, 2004 Share Posted October 22, 2004 Det hela startade med att undertecknad yrvaken öppnade ett mail av en polare, innehållandes följande: In order to read the attach you have to use the following password: mrrstovkas.gif (1.0 KB) Your_complaint.zip (21.6 KB) Precis när jag klickat på bildlänken tänkte jag; Nej! vad gör jag? Men då var det givetvis försent. Loggen ser ut som följer: Logfile of HijackThis v1.97.7 Scan saved at 01:03:50, on 2004-10-23 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program\D-Tools\daemon.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\System32\rundll32.exe E:\Program\na\Norton.Firewall.2004.PRO\IAMAPP.EXE C:\Program\QuickTime\qttask.exe C:\Program\Microsoft Hardware\Keyboard\type32.exe C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\bundle.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Documents and Settings\Administratör\Application Data\ssow.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE E:\Program\na\Norton.Firewall.2004.PRO\NISUM.EXE C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe E:\Program\na\Norton.Firewall.2004.PRO\SymProxySvc.exe E:\Program\na\Norton.Firewall.2004.PRO\NISSERV.EXE C:\Program\Norton AntiVirus\navapsvc.exe C:\Program\Norton AntiVirus\SAVScan.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Internet Explorer\iexplore.exe E:\Download\HijackThis.exe E:\Program\ICQ\ICQLite.exe O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll O2 - BHO: (no name) - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iamapp] E:\Program\na\Norton.Firewall.2004.PRO\IAMAPP.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program\Clone\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [Windows Registry Scan] regscan.exe O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\aincvm.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft Hardware\Mouse\point32.exe" O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [sAHBundle] C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\bundle.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WebRebates0] "C:\Program\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe O4 - HKCU\..\Run: [uode] C:\Documents and Settings\Administratör\Application Data\ssow.exe O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\mscif.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O8 - Extra context menu item: Web Rebates - file://C:\Program\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: Referensinformation (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=be2e9ae8355f127418dc4f2da7ade549c50759577b958b177e09d4d98c097dbdc4e6e4b14ef20acb7b301b1134a60a787a0805f03bf7a773ae14dc805290d2:b771fac3b8ea1c06fba4f3abd0557676 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2595473e50a6f617fc20/netzip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093216854656 O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D95CC4-B43D-45C2-A91D-E0CF563AEE9C}: NameServer = 81.26.226.3 Om någon kände sig manad att hjälpa en stackare i nöd skulle det uppskattas. Link to comment Share on other sites More sharing options...
927 Posted October 23, 2004 Share Posted October 23, 2004 jag är för trött för att tanka nu men du får säkert hjälp med hjtloggen ändå... du har ju norton, varna/togs inte mailet bort!? vad heter ditt virus, eller va det inget virus? [inlägget ändrat 2004-10-23 02:15:26 av 927] Link to comment Share on other sites More sharing options...
Zipp. Posted October 23, 2004 Share Posted October 23, 2004 Skicka en ny Hijack logg med nyaste versionen http://koti.mbnet.fi/pattaya1/HijackThis.exe Link to comment Share on other sites More sharing options...
Guest idgadmin Posted October 25, 2004 Share Posted October 25, 2004 Logfile of HijackThis v1.98.2 Scan saved at 01:55:34, on 2004-10-26 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\System32\rundll32.exe E:\Program\na\Norton.Firewall.2004.PRO\IAMAPP.EXE C:\Program\Microsoft Hardware\Keyboard\type32.exe C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\bundle.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Documents and Settings\Administratör\Application Data\ssow.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE E:\Program\na\Norton.Firewall.2004.PRO\NISUM.EXE C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe E:\Program\na\Norton.Firewall.2004.PRO\NISSERV.EXE E:\Program\na\Norton.Firewall.2004.PRO\SymProxySvc.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\Program\Norton AntiVirus\SAVScan.exe E:\Download\HijackThis.exe O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll O2 - BHO: CUrlCliObj Object - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iamapp] E:\Program\na\Norton.Firewall.2004.PRO\IAMAPP.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program\Clone\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [Windows Registry Scan] regscan.exe O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\aincvm.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft Hardware\Mouse\point32.exe" O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [sAHBundle] C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\bundle.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WebRebates0] "C:\Program\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe O4 - HKCU\..\Run: [uode] C:\Documents and Settings\Administratör\Application Data\ssow.exe O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\mscif.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O8 - Extra context menu item: Web Rebates - file://C:\Program\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=be2e9ae8355f127418dc4f2da7ade549c50759577b958b177e09d4d98c097dbdc4e6e4b14ef20acb7b301b1134a60a787a0805f03bf7a773ae14dc805290d2:b771fac3b8ea1c06fba4f3abd0557676 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2595473e50a6f617fc20/netzip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093216854656 O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D95CC4-B43D-45C2-A91D-E0CF563AEE9C}: NameServer = 81.26.226.3 O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\msehek.dll O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl Jeg ber om tack för det snabba svaret... och om ursäkt för mitt fördröjda (internet har varit nere). Men här är loggen. Glömde säga att viruset förmodligen är/var någon variant av kournikova(om det var så det kallades) [inlägget ändrat 2004-10-26 02:00:27 av Stillaway] Link to comment Share on other sites More sharing options...
Zipp. Posted October 26, 2004 Share Posted October 26, 2004 Putsa datorn med Ad-Aware http://www.majorgeeks.com/download506.html Efter det skapa en ny mapp på C:/ och placera HijackThis.exe dit så C:/HjT/HijackThis.exe Gör en ny scann med Hijack och skicka hit loggen. Link to comment Share on other sites More sharing options...
.thumb.png.71a73be41d8bf63826729db87e16f1ce.png)
.thumb.JPG.a7f98fcf4231ab407810fba3dc9b4085.JPG)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.