Just nu i M3-nätverket
Jump to content

Troligen virus!


Henke4144

Recommended Posts

Hej när jag håller på att chatta på msn så helt plötsligt skickar jag nått på spanska och en adress där man kan ladda ner en zip fil.. men det är ju inte jag som gör det..:( har gjort en hijackthis på det.. Tack i förhand

 

 

 

 

 

Här kommer hijackthis loggen:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:49:34, on 2006-10-16

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\Analog Devices\SoundMAX\Smax4.exe

C:\Program\Winamp\winampa.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\DAEMON Tools\daemon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\NETGEAR\WG311TSU\Utility\Gear311T.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\icpldrvx.exe

C:\WINDOWS\System32\ctfmon.exe

C:\program\steam\steam.exe

C:\Program\Winamp\winamp.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administratör\Mina dokument\hijackthis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide

O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\System32\icpldrvx.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\program\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157993004639

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

 

 

 

Link to comment
Share on other sites

 

jag ser två bara filer som ska bort men det är ju bara filer som används som syns i loggen. scanna med ewido i felsäkert läge för oftast finns det mer än vad man ser som ska bort.

glöm inte uppdatera ewido innan du är i felsäkert läge

 

Link to comment
Share on other sites

Här kommer ewido loggen:

 

 

 

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 20:16:24 2006-10-17

 

+ Scan result:

 

 

 

C:\Program\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : No action taken.

C:\Program\HLSW\filter.dat -> Adware.Systemdoctor : No action taken.

HKLM\SOFTWARE\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : No action taken.

C:\WINDOWS\system32\icpldrvx.exe -> Logger.Banker.byu : No action taken.

:mozilla.42:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.43:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.44:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.45:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.46:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.47:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.51:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.52:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.53:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.56:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Adtech : No action taken.

:mozilla.57:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Adtech : No action taken.

C:\Documents and Settings\Administratör\Cookies\administratör@adtech[2].txt -> TrackingCookie.Adtech : No action taken.

:mozilla.78:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.

:mozilla.79:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.

:mozilla.80:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.

:mozilla.81:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.

:mozilla.82:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.

:mozilla.83:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.

:mozilla.75:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Com : No action taken.

:mozilla.62:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

:mozilla.100:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Ivwbox : No action taken.

:mozilla.11:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.

:mozilla.150:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.

:mozilla.151:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.

:mozilla.152:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.

:mozilla.153:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.

:mozilla.154:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.

:mozilla.18:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.19:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.20:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.21:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.22:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.23:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.24:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.25:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.26:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.27:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.28:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.29:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.30:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.31:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.32:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.33:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.34:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.35:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.36:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.37:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.38:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.39:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.40:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.41:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.221:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.

:mozilla.163:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Spylog : No action taken.

:mozilla.168:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.

:mozilla.169:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.

:mozilla.174:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.

:mozilla.175:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.

:mozilla.176:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.

:mozilla.177:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Trafic : No action taken.

:mozilla.196:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.197:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\7nhvr0m6.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

 

 

::Report end

[inlägget ändrat 2006-10-17 20:21:22 av Henke4144]

Link to comment
Share on other sites

tydligen följer det med spyware med deamon tools, kolla upp det nästa gång.

 

du valde inte ta bort nåt som hittades så nu måste du scanna igen

 

tar inte ewido bort den här filen så för du göra det manuellt, du ser ju efter scanningen om den är kvar eller ej.

 

glöm inte uppdatera ewido, det kan uppdateras flera ggr om dagen

C:\WINDOWS\DLP.dll

 

starta sen om som vanligt och posta en ny hjt logg

[inlägget ändrat 2006-10-17 23:31:53 av 927]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...