Just nu i M3-nätverket
Jump to content

Program some kommer Tillbacka.


Benna

Recommended Posts

Hej Nu har jag surfat lite på nätet aja så mitt i allt så kommer det en popup från min firewall att ett ntfull.exe wants to contact with server eller nått och sen när jag surfa lite längre så fråga typ iq32321.exe om den får kontakt med server typ Men när jag kollar runt i mina mapps så ser jag dom här "exe"programmen men jag har raderat dom flera gånger men dom kommer hela tiden tillbaka och nu kan jag inte riktigt surfa ordentligt för det börjar lagga mittiallt och det frågar om jag vill installera nån komponent eller så vet någon vad som e fel? Och Jusde Det här programmet Ntfull.exe Det e typ en figur från simpson en kvinna som röker typ :S Aja så jag tänkte att det här kan va något virus eller nått men har scannat hittar inget.

[inlägget ändrat 2005-11-22 07:32:08 av benna]

Link to comment
Share on other sites

Asså jag tog bort bägge filerna men nu e det också nån link.exe fil som jag fattar NOLL! skickar loggen :

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:43:42, on 2005-11-22

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Ares\Ares.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comhem.se/publik/www/portal/all

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [links] links.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Men jag vet inte vad link.exe är och wdfrgm.exe är :S Skulle du kunna säga vad som ska bort ? Och vet du hur do kom in i min dator? Förslåt om jag frågar lite mycke men jag har alldtid varit lite för stressad när det gäller datorn :P.

 

Link to comment
Share on other sites

Okej här kommer Links.exe scanna den

 

 

 

 

Service load: 0% 100%

 

File: links.exe

Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5 8e1c72de03f437b1f6c7605abc751ee2

Packers detected: FSG

Scanner results

AntiVir Found Trojan/LowZones.DF

ArcaVir Found Trojan.Lowzones.Df

Avast Found nothing

AVG Antivirus Found Generic.DXX

BitDefender Found BehavesLike:Trojan.LowZones (probable variant)

ClamAV Found nothing

Dr.Web Found Trojan.LowZones.137

F-Prot Antivirus Found unknown virus (probable variant)

Fortinet Found W32/LowZones.2-tr

Kaspersky Anti-Virus Found Trojan.Win32.LowZones.df

NOD32 Found probably unknown NewHeur_PE (probable variant)

Norman Virus Control Found Sandbox: W32/Malware; [ General information ]

 

* File might be compressed.

* Creating several executable files on hard-drive.

* File length: 5675 bytes.

 

[ Changes to filesystem ]

* Creates file C:\WINDOWS\SYSTEM32\links.exe.

 

[ Changes to registry ]

* Creates value "links"="links.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Modifies value "CurrentLevel"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1001"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1004"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1201"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1406"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1601"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1800"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1A05"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1C00"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1E05"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1804"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1A00"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1A04"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

 

[ Network services ]

* Looks for an Internet connection.

 

[ Process/window information ]

UNA Found nothing

VBA32 Found Trojan.Win32.LowZones.df

 

 

 

Link to comment
Share on other sites

Och här kommer wdfgmr.exe

 

 

 

 

Service load: 0% 100%

 

File: wdfmgr.exe

Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5 ab0a7ca90d9e3d6a193905dc1715ded0

Packers detected: -

Scanner results

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

UNA Found nothing

VBA32 Found nothing

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...