Just nu i M3-nätverket
Jump to content

spyware!


Guest idgadmin

Recommended Posts

Guest idgadmin

Hjälp mig!!!har spyware.här e min hijack-lista....

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:05:57, on 2005-03-08

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Razer\razertra.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

D:\st3am\steam.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\LiveUpdate\LiveUpdate.exe

C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\rundll32.exe

C:\hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {86CCCCCC-1C9A-41EB-B07A-D13D56AFAC1C} - C:\WINDOWS\System32\aleh.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [razertra] C:\Program\Razer\razertra.exe

O4 - HKLM\..\Run: [update] C:\Program Files\Internet Explorer\Explorer.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll,DllInstall

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "d:\st3am\steam.exe" -silent

O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program\LiveUpdate\LiveUpdate.exe" /autostart

O4 - HKCU\..\Run: [instantTray] C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O18 - Filter: text/html - {9A411A4D-C4E0-42C5-AD25-CD5FFFF8C906} - C:\WINDOWS\System32\aleh.dll

O18 - Filter: text/plain - {9A411A4D-C4E0-42C5-AD25-CD5FFFF8C906} - C:\WINDOWS\System32\aleh.dll

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Unknown owner - C:\Program\Trend Micro\Internet Security\PccPfw.exe (file missing)

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program\Trend Micro\Internet Security\Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program\Trend Micro\Internet Security\tmproxy.exe (file missing)

 

 

 

Link to comment
Share on other sites

Guest idgadmin

 

Fick det här när jag körde det....

Service load:

0% 100%

File: Explorer.exe

Status:

POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)

Packers detected:

BITARTS

 

AntiVir

No viruses found (0.78 seconds taken)

Avast

No viruses found (3.01 seconds taken)

AVG Antivirus

No viruses found (0.54 seconds taken)

BitDefender

No viruses found (0.53 seconds taken)

ClamAV

No viruses found (2.21 seconds taken)

Dr.Web

BACKDOOR.Trojan (probable variant) (1.76 seconds taken)

F-Prot Antivirus

No viruses found (1.11 seconds taken)

Fortinet

No viruses found (0.71 seconds taken)

Kaspersky Anti-Virus

No viruses found (1.38 seconds taken)

mks_vir

No viruses found (0.47 seconds taken)

NOD32

No viruses found (2.24 seconds taken)

Norman Virus Control

No viruses found (17.61 seconds taken)

 

Statistics

 

Link to comment
Share on other sites

 

stäng alla övriga fönster, bocka för och fixa dessa i hjt:

 

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {86CCCCCC-1C9A-41EB-B07A-D13D56AFAC1C} - C:\WINDOWS\System32\aleh.dll

 

O4 - HKLM\..\Run: [update] C:\Program Files\Internet Explorer\Explorer.exe

 

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll,DllInstall

 

O18 - Filter: text/html - {9A411A4D-C4E0-42C5-AD25-CD5FFFF8C906} - C:\WINDOWS\System32\aleh.dll

O18 - Filter: text/plain - {9A411A4D-C4E0-42C5-AD25-CD5FFFF8C906} - C:\WINDOWS\System32\aleh.dll

 

töm

C:\DOCUME~1\Redhook\LOKALA~1\Temp <--

 

posta en ny logg för det är troligtvis mer som ska fixas i loggen

 

 

[inlägget ändrat 2005-03-09 17:26:19 av 927]

Link to comment
Share on other sites

Guest idgadmin

gjort det...min ser ut så här nu......

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:47:03, on 2005-03-10

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Razer\razertra.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\nvsvc32.exe

D:\st3am\steam.exe

C:\Program\LiveUpdate\LiveUpdate.exe

C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [razertra] C:\Program\Razer\razertra.exe

O4 - HKLM\..\Run: [update] C:\Program Files\Internet Explorer\Explorer.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll,DllInstall

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "d:\st3am\steam.exe" -silent

O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program\LiveUpdate\LiveUpdate.exe" /autostart

O4 - HKCU\..\Run: [instantTray] C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Unknown owner - C:\Program\Trend Micro\Internet Security\PccPfw.exe (file missing)

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program\Trend Micro\Internet Security\Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program\Trend Micro\Internet Security\tmproxy.exe (file missing)

 

 

 

Link to comment
Share on other sites

 

dom här måste bort/fixas!

 

O4 - HKLM\..\Run: [update] C:\Program Files\Internet Explorer\Explorer.exe

 

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Redhook\LOKALA~1\Temp\se.dll,DllInstall

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...