|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
HerrAlf
Cadet
Joined: Oct 13, 2006
Posts: 1
Location: Sweden
|
 Posted: Fri Oct 13, 2006 7:18 pm Post subject: Yahoo malware |
|
|
Hej! Har problem med Altavistas Bildsök. När jag trycker på "Nästa" kommer jag till Yahoo istället. Har kört Spybot, Adaware, AVG antivirus och HJT i felfritt läge men blir inte av med skiten. Hade någon vänlig och kunnig människa kunnat hjälpa mig?
Här är min HJT logg:
Logfile of HijackThis v1.99.1
Scan saved at 21:18:17, on 2006-10-13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Delade filer\Real\Update_OB\evntsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program\ZoneAlarm\zapro.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program\Delade filer\Real\Update_OB\rndal.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HjT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] msn64.exe
O4 - HKLM\..\Run: [Makes Your Windows Creative and Fast Downloader] creative32b.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\program\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Microsoft Intrenet Explorer] msn64.exe
O4 - HKLM\..\RunServices: [Makes Your Windows Creative and Fast Downloader] creative32b.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program\Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = D:\Program\ZoneAlarm\zapro.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f007.mail.spray.se/app/uploader/FileUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB744933-BA11-4951-BD6C-D1E2F5D30E7E}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
MVH- Mats Larsson, Malmö
|
|
| Back to top |
|
 |
Oodin
Colonel
Premium Member
Joined: Jul 19, 2004
Posts: 2678
|
| Posted: Tue Oct 17, 2006 12:49 pm Post subject: |
|
|
Thank you for your patience. If you still require help then we would ask you to:
1/ Ensure that you are using the latest version of HijackThis which should be v1.99.1 and that it is running from a permanent folder (such as C:\HJT), rather then a temporary or desktop one. (Note: To create a new folder open Windows Explorer, click on File, select New then Folder. Type in the name of the new folder in the box provided and press Enter.)
You can download the latest version here, then unzip it to that permanent folder: HijackThis!
2/ Whilst you are waiting for an expert to examine your log, we recommend that you follow our Malware Removal and Prevention , a new system we have devised to enable users to either partially, or fully clean their systems without the direct aid of an expert. Should you still require HJT assistance after completing malware removal, this step will eliminate the need for you to repeat these scans during your log analysis.
3/ Post a fresh post scan log into this thread (under my post right here). A lot can happen in a few days so a new scan log is important.
Please post any feedback on how easy you found it to follow the steps in our
Malware Removal and Prevention in this same topic reply.
Your input will enable us to refine it for other users.
We thank you for your participation.
4/ Copy (the URL in your address-bar) and paste this link of your HijackThis Log thread into this page here:
 /p629342-Unhandled_Logs.html#629342 <<-- Here, click it. Put the address URL of your HijackThis Log thread in that topic thread.
Do NOT post your address URL as a new topic.
.....and someone will help you ASAP! 
_________________
Jon
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
