Just nu i M3-nätverket
Jump to content

trojan horse???


speed-limit

Recommended Posts

speed-limit

hej.... För inte så länge sen fick jag trojan på datorn och jag har prövat både det ena och det andra te.x norton och adwere och man kan säga att det inte funkar för det kräket försvinner inte så jag hoppas att nån kan hjälpa mig.

för att inte glömma ligger trojan viruset i system 32

 

// speed

 

här är loggen:

Logfile of HijackThis v1.99.1

Scan saved at 18:29:54, on 2005-07-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\windows\system\hpsysdrv.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\HP\KBD\KBD.EXE

C:\Program\Norton AntiVirus\navapsvc.exe

c:\windows\system32\fxngyi.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program\Norton Internet Security\IAMAPP.EXE

C:\Program\NORTON~1\navapw32.exe

C:\WINDOWS\System32\nvsvc32.exe

D:\Program\Winamp\winampa.exe

C:\Program\BullsEye Network\bin\bargains.exe

C:\WINDOWS\system32\msxct.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Norton Internet Security\SymProxySvc.exe

C:\Program\NaviSearch\bin\nls.exe

C:\Program\Save\Save.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Norton Internet Security\NISSERV.EXE

C:\Program\NETGEAR\WG111T Configuration Utility\wlan111t.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\devldr32.exe

D:\Program\Winamp\winamp.exe

C:\Program\Internet Explorer\iexplore.exe

D:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sw4.hpwis.com/'>http://sw4.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sw4.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program\SurfSideKick 3\SskBho.dll

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [surfSideKick 3] C:\Program\SurfSideKick 3\Ssk.exe

O4 - HKLM\..\Run: [bullsEye Network] C:\Program\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [msxct] msxct.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [wmplayer] C:\Program\Windows Media Player\wmplayer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [NaviSearch] C:\Program\NaviSearch\bin\nls.exe

O4 - HKLM\..\Run: [WhenUSave] "C:\Program\Save\Save.exe"

O4 - HKLM\..\Run: [Anti Trojan Elite] D:\Program\Anti Trojan Elite\TJEnder.exe :NO

O4 - HKLM\..\Run: [tempx] C:\WINDOWS\system32\tempx.exe

O4 - HKLM\..\Run: [LogonStudio] "D:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [yurlihf] c:\windows\system32\fxngyi.exe r

O4 - HKLM\..\Run: [PC Adware-Spyware Removal] D:\Program\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe

O4 - HKLM\..\Run: [PC Adware-Spware Removal] D:\Program\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe /quick

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [surfSideKick 3] C:\Program\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.neededware.com

O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117386540998

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program\Norton Internet Security\NISSERV.EXE

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\SymProxySvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

 

 

[inlägget ändrat 2005-07-09 18:40:42 av speed-limit]

[inlägget ändrat 2005-07-09 18:43:44 av speed-limit]

Link to comment
Share on other sites

Guest idgadmin

 

Din dator är full med SPYWARE!!!!!!!!!

 

nail.exe är en st trojan!!!!

 

du har även fullt av spyware.....

 

bargains.exe är ett stort spyware...

 

Du borde prova onlinescan hos f-secure. Den tar ej bort något men den se i alla fall vad du har.

 

Bra anti-spyware program är pestpatrol och aluria spyware eliminator.

 

nail.exe är trojanen "Trojan.Win32.Stervis.b

 

http://support.f-secure.se/swe/home/ols.shtml

för online scan

 

och pestpatrol finns på download.com

 

Säg till om det funkar lr inte :P

 

Link to comment
Share on other sites

Guest idgadmin

 

microsoft(gratis) anti-spy funkar också väldigt bra, faktiskt. se till att installera spywareblaster(gratis) sen, så förhindras spyware att komma in ifrån första början. min dator har inte haft ett spyware på veckor nu. det är bra. extremt bra. microsoft anti-spy har också aktivt skydd. online sök hos norton(vet inte f-secure) taggar bara aktiva och missar en del. alla program hos download.com. jag kör med microsoft anti-spy, spywareblaster och spybot. vad är spyware? jag kommer knappt ihåg.

 

Link to comment
Share on other sites

Guest idgadmin

 

program som kollar vad du gör, för att sedan skicka ut anpassad reklam =spyware

 

Microsofts anti-spyware är ganska ok.

 

Fast jag tycker inte om den och norton tycker jag är dålig på att hitta trojaner

 

Link to comment
Share on other sites

speed-limit

jag har laddat ner några anti-spyware som ajg hoppas på fungerar men problemet kvarstår ja har fortfarade kvar trojan

 

Logfile of HijackThis v1.99.1

Scan saved at 14:37:01, on 2005-07-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\nvsvc32.exe

c:\windows\system32\hbwemof.exe

C:\Program\Norton Internet Security\SymProxySvc.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program\Norton Internet Security\IAMAPP.EXE

C:\Program\NORTON~1\navapw32.exe

D:\Program\Winamp\winampa.exe

C:\Program\Norton Internet Security\NISSERV.EXE

C:\Program\QuickTime\qttask.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NETGEAR\WG111T Configuration Utility\wlan111t.exe

C:\WINDOWS\system32\devldr32.exe

D:\Program\Winamp\winamp.exe

C:\Program\Internet Explorer\iexplore.exe

D:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sw4.hpwis.com/'>http://sw4.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sw4.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program\SurfSideKick 3\SskBho.dll

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [surfSideKick 3] C:\Program\SurfSideKick 3\Ssk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [wmplayer] C:\Program\Windows Media Player\wmplayer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Anti Trojan Elite] D:\Program\Anti Trojan Elite\TJEnder.exe :NO

O4 - HKLM\..\Run: [tempx] C:\WINDOWS\system32\tempx.exe

O4 - HKLM\..\Run: [LogonStudio] "D:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [PC Adware-Spware Removal] D:\Program\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe /quick

O4 - HKLM\..\Run: [owhynjk] c:\windows\system32\hbwemof.exe r

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [surfSideKick 3] C:\Program\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.neededware.com

O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117386540998

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program\Norton Internet Security\NISSERV.EXE

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\SymProxySvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

 

 

Link to comment
Share on other sites

Amos Bronson Alcott

Hej speed-limit

 

För att komma till felsäkert läge brukar man trycka upprepade gånger på F8 vid start av datorn.

 

Sedan gissar jag att det 927 menade var att du laddar hem programmet på hans länk, installerar och uppdaterar i "vanligt läge".

Sedan startar du om datorn i "felsäkert läge", startar programmet och scannar därifrån.

 

När scanningen är klar så starta om datorn till "vanligt läge" igen och kör HijackThis och posta den loggen.

 

amos

 

 

[CITAT]När pengar talar är sanningen stum

Ryskt ordspråk[/CITAT]

 

 

Link to comment
Share on other sites

Guest idgadmin

hej logge dig ind på www.spywarefri.dk det er den bedste side i hele skandinavien til at løse dit problem mvh pepijo fra denmark

 

 

Link to comment
Share on other sites

speed-limit

den länken du skrev 927 gick jag in på och laddade ner programet och har testat det ohc även uppdaterat det och det ser ut som att det är ett bra program så det ända jag ska göra nu är att testa det i felsäkert läge.

 

//hoppas det funkar...

 

//speed

 

Link to comment
Share on other sites

speed-limit

jag har gjort det nu, startat den i fel.... läge , gjort skannen men fick ett snabbbt medelande att det finns trojan virus i system 32. här är i alla fall loggen:

 

Logfile of HijackThis v1.99.1

Scan saved at 00:28:28, on 2005-07-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program\Lavasoft\security suite\ewidoctrl.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program\Norton Internet Security\IAMAPP.EXE

C:\Program\NORTON~1\navapw32.exe

D:\Program\Lavasoft\security suite\ewidoguard.exe

D:\Program\Winamp\winampa.exe

C:\Program\QuickTime\qttask.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NETGEAR\WG111T Configuration Utility\wlan111t.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Norton Internet Security\SymProxySvc.exe

C:\Program\Norton Internet Security\NISSERV.EXE

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\wuauclt.exe

c:\windows\system32\onrzric.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Symantec\LiveUpdate\AUpdate.exe

D:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sw4.hpwis.com/'>http://sw4.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sw4.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program\SurfSideKick 3\SskBho.dll (file missing)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [surfSideKick 3] C:\Program\SurfSideKick 3\Ssk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [wmplayer] C:\Program\Windows Media Player\wmplayer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Anti Trojan Elite] D:\Program\Anti Trojan Elite\TJEnder.exe :NO

O4 - HKLM\..\Run: [tempx] C:\WINDOWS\system32\tempx.exe

O4 - HKLM\..\Run: [LogonStudio] "D:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [PC Adware-Spware Removal] D:\Program\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe /quick

O4 - HKLM\..\Run: [qmsstsg] c:\windows\system32\fkvncx.exe r

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [surfSideKick 3] C:\Program\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.neededware.com

O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117386540998

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O23 - Service: ewido security suite control - ewido networks - D:\Program\Lavasoft\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - D:\Program\Lavasoft\security suite\ewidoguard.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program\Norton Internet Security\NISSERV.EXE

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\SymProxySvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

 

 

Link to comment
Share on other sites

 

sätt en bock framför dessa

 

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program\SurfSideKick 3\SskBho.dll (file missing)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

 

O4 - HKLM\..\Run: [surfSideKick 3] C:\Program\SurfSideKick 3\Ssk.exe

 

O4 - HKLM\..\Run: [tempx] C:\WINDOWS\system32\tempx.exe

 

O4 - HKLM\..\Run: [PC Adware-Spware Removal] D:\Program\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe /quick

 

O4 - HKLM\..\Run: [qmsstsg] c:\windows\system32\fkvncx.exe r

 

O15 - Trusted Zone: http://www.neededware.com

O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab

 

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

 

 

avinstallera

PC Adware

SurfSideKick 3

 

 

[inlägget ändrat 2005-07-12 15:51:28 av 927]

Link to comment
Share on other sites

speed-limit

när jag omstartade datorn kom det fram ett medelande om jag skulle blockera "c:windows/nail.exe"(typ nåt sånt) och jag tryckte ok, vet inte varför men hur som helst, så kom det fram ett fel medelande att "datorn" hade någon slags användning för den filen och filen var infecterad så vad ska jag göra nu?

 

 

Link to comment
Share on other sites

 

du scannar med hjt och sätter en bock framför dessa. sen klickar du på fix checked

 

scanna du i felsäkert läge med ewido?

 

Link to comment
Share on other sites

speed-limit

japp jag har scannat i felsäkert läge och jag har bockat av dom i hjt och jag startade om datorn och fick inte fram e tt error medelande i och med det så vet jag inte vad jag ska tro om datorn e botad eller inte om den är det så ska du ha ett stort tack för all din hjälp.

 

om inte så hör jag av mig igen om jag inte hittar lösningen själv.

 

:)

 

//speed thx

[inlägget ändrat 2005-07-13 17:09:19 av speed-limit]

Link to comment
Share on other sites

speed-limit

en ska till bara jag undrar hur du kan läsa loggen (hijack log) eftersom det bara står en massa skumma grejer så jag undrar om du har ett spe program som läser det lr nått?

 

hällsningar speed

 

Link to comment
Share on other sites

 

skicka en ny logg för det är inte säkert att all skit är borta

 

det är inte skumma grejeor om man vet vad vad alla förkortningar/rader betyder

och ja det finns förklaraningar på nätet vad allt betyder i en logg

 

Link to comment
Share on other sites

speed-limit

har du nått tips på var man kan söka?

 

Logfile of HijackThis v1.99.1

Scan saved at 19:17:45, on 2005-07-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

D:\Program\Lavasoft\security suite\ewidoctrl.exe

D:\Program\Lavasoft\security suite\ewidoguard.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program\Norton Internet Security\SymProxySvc.exe

C:\WINDOWS\system32\pctspk.exe

C:\Program\Norton Internet Security\NISSERV.EXE

C:\Program\Norton Internet Security\IAMAPP.EXE

C:\Program\NORTON~1\navapw32.exe

D:\Program\Winamp\winampa.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NETGEAR\WG111T Configuration Utility\wlan111t.exe

C:\WINDOWS\system32\devldr32.exe

D:\Program\Winamp\winamp.exe

C:\Program\Internet Explorer\iexplore.exe

D:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sw4.hpwis.com/'>http://sw4.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sw4.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [wmplayer] C:\Program\Windows Media Player\wmplayer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Anti Trojan Elite] D:\Program\Anti Trojan Elite\TJEnder.exe :NO

O4 - HKLM\..\Run: [LogonStudio] "D:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [egxuuqj] c:\windows\system32\bgxhqx.exe r

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [surfSideKick 3] C:\Program\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117386540998

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O23 - Service: ewido security suite control - ewido networks - D:\Program\Lavasoft\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - D:\Program\Lavasoft\security suite\ewidoguard.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program\Norton Internet Security\NISSERV.EXE

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\SymProxySvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

//speed

 

Link to comment
Share on other sites

 

trojan

O4 - HKLM\..\Run: [egxuuqj] c:\windows\system32\bgxhqx.exe r

 

spyware

O4 - HKCU\..\Run: [surfSideKick 3] C:\Program\SurfSideKick 3\Ssk.exe

hade du inte avinst programmet?

 

inaktivera den här windowstjänsten

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

 

http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm

 

Link to comment
Share on other sites

speed-limit

ska jag bock i den eller som du skrev inaktivera den här windowstjänsten

 

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

 

 

 

Link to comment
Share on other sites

speed-limit

gör den någon skada eller segar ner datorn eller nått sånt?

 

jag vet inte hur jag ska inaktivera den. det är det som är saken.

 

Link to comment
Share on other sites

speed-limit

du jag bara undrar om du har nåt spe du går efter när du tittar på loggen som ett kännetecken lr nåt, som man kanske kunde få lära sig så man kan fixa sånna saker som te.x trojan osv...

 

det hade varit rätt nice om du förstår vad jag menar, du har några tips & trix på hur man tolkar loggen.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...