Just nu i M3-nätverket
Jump to content

Explorer försöker nå websidor automatiskt


Guest idgadmin

Recommended Posts

Guest idgadmin

Jag har ett irriterande problem. Varje gång jag startar datorn startar explorer automatiskt och försöker nå följare adresser

http://216.117.163.193/~dark/mt.html

http://www.lightning-it.net/loud.html

http://www.lightning-it.net/bar.html

http://www.prithibi.com/load.html

Jag kör både Norton Internet security 2005 samt Webroot spy sweeper men lyckas inte åtgärda felet.

 

Någon som har ett tips?

 

 

 

 

Link to comment
Share on other sites

Guest idgadmin

 

Tack,

 

Här är logg-filen

 

Logfile of HijackThis v1.99.0

Scan saved at 12:53:22, on 2004-12-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\l0ad.exe

C:\bar.exe

C:\WINDOWS\System32\vrbtvx.exe

C:\l0ud.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\mt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Thomas Edlund\Application Data\MyTraveler\MyTraveler.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Thomas Edlund\Skrivbord\HijackThis.exe

C:\Program\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://10.0.0.6/sd/init

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {61DB6026-BE1C-239A-8602-625508F67F6B} - C:\WINDOWS\system32\nioijb.dll (file missing)

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe

O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe

O4 - HKLM\..\Run: [PK Services] pksvc.exe

O4 - HKLM\..\Run: [suckme] C:\l0ad.exe

O4 - HKLM\..\Run: [wow] C:\bar.exe

O4 - HKLM\..\Run: [kwetbkgobhhyd] C:\WINDOWS\System32\vrbtvx.exe

O4 - HKLM\..\Run: [slergl] C:\WINDOWS\slergl.exe

O4 - HKLM\..\Run: [scuk] C:\l0ud.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [MTRUN] C:\mt.exe

O4 - HKLM\..\RunServices: [PK Services] pksvc.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MyTraveler] C:\Documents and Settings\Thomas Edlund\Application Data\MyTraveler\MyTraveler.exe

O4 - HKCU\..\Run: [PK Services] pksvc.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Certificate Mover.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: ISSvc - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

O23 - Service: SmartTrust Smart Card Server - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

 

Link to comment
Share on other sites

Guest idgadmin

 

Visade sig att jag hade tre trojanska hästar. Två av dem gick inte att ta bort eftersom åtkomst nekades.

Vid uppstart igen försöker Explorer endast nå http://216.117.163.193/~dark/mt.html

 

Här kommer ny loggfil:

 

Logfile of HijackThis v1.99.0

Scan saved at 15:08:24, on 2004-12-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\mt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Thomas Edlund\Application Data\MyTraveler\MyTraveler.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Thomas Edlund\Lokala inställningar\Temporary Internet Files\Content.IE5\3LKX9Y32\HijackThis[1].exe

C:\Program\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://10.0.0.6/sd/init

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {61DB6026-BE1C-239A-8602-625508F67F6B} - C:\WINDOWS\system32\nioijb.dll (file missing)

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe

O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe

O4 - HKLM\..\Run: [PK Services] pksvc.exe

O4 - HKLM\..\Run: [slergl] C:\WINDOWS\slergl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [MTRUN] C:\mt.exe

O4 - HKLM\..\RunServices: [PK Services] pksvc.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MyTraveler] C:\Documents and Settings\Thomas Edlund\Application Data\MyTraveler\MyTraveler.exe

O4 - HKCU\..\Run: [PK Services] pksvc.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Certificate Mover.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: ISSvc - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

O23 - Service: SmartTrust Smart Card Server - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Tack så länge

 

Link to comment
Share on other sites

Guest idgadmin

Tack igen,

 

Här är svaret från scanningen:

 

 

Service load: 0% 100%

 

File: mt.exe

Status: INFECTED/MALWARE

Packers detected: PE-DIMINISHER

 

AntiVir No viruses found (0.16 seconds taken)

Avast No viruses found (1.51 seconds taken)

BitDefender No viruses found (0.60 seconds taken)

ClamAV No viruses found (0.34 seconds taken)

Dr.Web No viruses found (0.53 seconds taken)

F-Prot Antivirus No viruses found (0.06 seconds taken)

Kaspersky Anti-Virus Trojan-Dropper.Win32.PurityScan.i (0.63 seconds taken)

mks_vir No viruses found (0.21 seconds taken)

NOD32 probably unknown NewHeur_PE (probable variant) (0.50 seconds taken)

Norman Virus Control Sandbox: W32/Malware; [ General information ]

 

* File length: 91162 bytes.

 

[ Changes to filesystem ]

* Creates file C:\WINDOWS\TEMP\installer.exe.

* Deletes file C:\WINDOWS\TEMP\installer.exe.

 

[ Changes to registry ]

* Creates value "MTRUN"="c:\sample.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Modifies value "CurrentLevel"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "Flags"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1001"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1004"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1200"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1201"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1206"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1400"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1402"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1405"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1406"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1407"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1601"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1604"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3". (12.23 seconds taken)

 

Statistics

Last piece of malware found was Trojan.Win32.Favadd.i in ntnut.exe, detected by:

 

Scanner Malware name Time taken

AntiVir X 0.15 seconds

Avast X 1.64 seconds

BitDefender X 1.86 seconds

ClamAV X 1.42 seconds

Dr.Web X 2.13 seconds

F-Prot Antivirus X 0.26 seconds

Kaspersky Anti-Virus Trojan.Win32.Favadd.i 0.98 seconds

mks_vir X 0.27 seconds

NOD32 X 0.40 seconds

Norman Virus Control X 0.87 seconds

 

Tack igen

 

 

Link to comment
Share on other sites

Skapa en ny mapp på C:/ och placera HijackThis.exe dit så C:/HjT/HijackThis.exe

 

(skippa inte greijen ovan)

 

Dolda filer synliga titta här hur man gör

 

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

 

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

O2 - BHO: (no name) - {61DB6026-BE1C-239A-8602-625508F67F6B} - C:\WINDOWS\system32\nioijb.dll (file missing)

O4 - HKLM\..\Run: [PK Services] pksvc.exe

O4 - HKLM\..\Run: [slergl] C:\WINDOWS\slergl.exe

O4 - HKLM\..\Run: [MTRUN] C:\mt.exe

O4 - HKLM\..\RunServices: [PK Services] pksvc.exe

O4 - HKCU\..\Run: [PK Services] pksvc.exe

 

 

Starta sen i felsäkert läge sök och ta bort om hittas

 

pksvc.exe

nioijb.dll

slergl.exe

mt.exe

bar.exe

l0ud.exe

vrbtvx.exe

 

Starta sen normat och skicka en ny Hijack logg.

 

 

 

 

Link to comment
Share on other sites

Guest idgadmin

Här kommer nya loggfilen:

 

Logfile of HijackThis v1.99.0

Scan saved at 23:52:00, on 2004-12-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Thomas Edlund\Application Data\MyTraveler\MyTraveler.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\alg.exe

C:\HijackThis\HijackThis.exe

C:\Program\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://10.0.0.6/sd/init

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe

O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MyTraveler] C:\Documents and Settings\Thomas Edlund\Application Data\MyTraveler\MyTraveler.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Certificate Mover.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: ISSvc - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

O23 - Service: SmartTrust Smart Card Server - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Fortfarande något knas?

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...