Just nu i M3-nätverket
Gå till innehåll

spyware!


Gäst idgadmin

Rekommendera Poster

Gäst idgadmin

Hjälp mig!!!har spyware.här e min hijack-lista....

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:05:57, on 2005-03-08

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Razer\razertra.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

D:\st3am\steam.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\LiveUpdate\LiveUpdate.exe

C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\rundll32.exe

C:\hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {86CCCCCC-1C9A-41EB-B07A-D13D56AFAC1C} - C:\WINDOWS\System32\aleh.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [razertra] C:\Program\Razer\razertra.exe

O4 - HKLM\..\Run: [update] C:\Program Files\Internet Explorer\Explorer.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll,DllInstall

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "d:\st3am\steam.exe" -silent

O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program\LiveUpdate\LiveUpdate.exe" /autostart

O4 - HKCU\..\Run: [instantTray] C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O18 - Filter: text/html - {9A411A4D-C4E0-42C5-AD25-CD5FFFF8C906} - C:\WINDOWS\System32\aleh.dll

O18 - Filter: text/plain - {9A411A4D-C4E0-42C5-AD25-CD5FFFF8C906} - C:\WINDOWS\System32\aleh.dll

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Unknown owner - C:\Program\Trend Micro\Internet Security\PccPfw.exe (file missing)

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program\Trend Micro\Internet Security\Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program\Trend Micro\Internet Security\tmproxy.exe (file missing)

 

 

 

Länk till kommentar
Dela på andra webbplatser

Gäst idgadmin

 

Fick det här när jag körde det....

Service load:

0% 100%

File: Explorer.exe

Status:

POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)

Packers detected:

BITARTS

 

AntiVir

No viruses found (0.78 seconds taken)

Avast

No viruses found (3.01 seconds taken)

AVG Antivirus

No viruses found (0.54 seconds taken)

BitDefender

No viruses found (0.53 seconds taken)

ClamAV

No viruses found (2.21 seconds taken)

Dr.Web

BACKDOOR.Trojan (probable variant) (1.76 seconds taken)

F-Prot Antivirus

No viruses found (1.11 seconds taken)

Fortinet

No viruses found (0.71 seconds taken)

Kaspersky Anti-Virus

No viruses found (1.38 seconds taken)

mks_vir

No viruses found (0.47 seconds taken)

NOD32

No viruses found (2.24 seconds taken)

Norman Virus Control

No viruses found (17.61 seconds taken)

 

Statistics

 

Länk till kommentar
Dela på andra webbplatser

 

stäng alla övriga fönster, bocka för och fixa dessa i hjt:

 

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {86CCCCCC-1C9A-41EB-B07A-D13D56AFAC1C} - C:\WINDOWS\System32\aleh.dll

 

O4 - HKLM\..\Run: [update] C:\Program Files\Internet Explorer\Explorer.exe

 

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll,DllInstall

 

O18 - Filter: text/html - {9A411A4D-C4E0-42C5-AD25-CD5FFFF8C906} - C:\WINDOWS\System32\aleh.dll

O18 - Filter: text/plain - {9A411A4D-C4E0-42C5-AD25-CD5FFFF8C906} - C:\WINDOWS\System32\aleh.dll

 

töm

C:\DOCUME~1\Redhook\LOKALA~1\Temp <--

 

posta en ny logg för det är troligtvis mer som ska fixas i loggen

 

 

[inlägget ändrat 2005-03-09 17:26:19 av 927]

Länk till kommentar
Dela på andra webbplatser

Gäst idgadmin

gjort det...min ser ut så här nu......

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:47:03, on 2005-03-10

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Razer\razertra.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\nvsvc32.exe

D:\st3am\steam.exe

C:\Program\LiveUpdate\LiveUpdate.exe

C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [razertra] C:\Program\Razer\razertra.exe

O4 - HKLM\..\Run: [update] C:\Program Files\Internet Explorer\Explorer.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll,DllInstall

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "d:\st3am\steam.exe" -silent

O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program\LiveUpdate\LiveUpdate.exe" /autostart

O4 - HKCU\..\Run: [instantTray] C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Unknown owner - C:\Program\Trend Micro\Internet Security\PccPfw.exe (file missing)

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program\Trend Micro\Internet Security\Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program\Trend Micro\Internet Security\tmproxy.exe (file missing)

 

 

 

Länk till kommentar
Dela på andra webbplatser

 

dom här måste bort/fixas!

 

O4 - HKLM\..\Run: [update] C:\Program Files\Internet Explorer\Explorer.exe

 

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll,DllInstall

 

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...