|
| |||||||
 |
 |
| | Thread Tools |
|
#1
23 Dec 2007, 22:58
| |||
| |||
| Min skrivebordet og oppgavelinjen er borte og jeg kan ikke synes å ha noen vinduer åpne for å lange (Kontrollpanel, Min datamaskin). Mine andre programmer fungerer helt fint når jeg åpner dem opp fra oppgavebehandling. Så jeg kjører en registrert og juridisk versjon av Windows XP, jeg har ikke cd eller noen av installasjonen ting så jeg vil ikke ha mulighet til å installere Windows på min datamaskin for å løse mitt problem. Ive forsøkt å sørge for at jeg ikke har explorer.exe på kjøring av programmer, så kjører explorer, men det fungerer ikke heller. Jeg har prøvd å kjøre Spybot S & D, Runreg, Symantics og SpySweeper, og slettet den dårlige ting (etter googling den og pass på at det var dårlig) men problemet vedvarer. Når jeg kjører explorer kommer oppgavelinjen inn og ut ... Heres my Hijack denne loggen: http://security.symantec.com/sscv6/h...SIVFWMFKPXKBQW |
|
#2
26 Dec 2007, 09:21
| |||
| |||
| Dette har skjedd meg før, og det høres ut som det er permanent skade gjort av et virus. sitt beste for å installere Windows, eller finn en reparer disk fra en kompis eller internett. |
|
#3
26 Dec 2007, 17:53
| |||
| |||
| Se dette innlegget og sende loggene til å begynne fjerningen.
__________________  |
|
#4
3dje 2008, 11:16
| |||
| |||
| Alright, så jeg gjorde alle disse trinnene på datamaskinen min og det viser seg meg computer var et rot, og det tok en masse ting ut, men min største problemet vedvarer. Min desktop wont show før jeg kjører explorer på Oppgavebehandling, og selv da det vises i noen sekunder og forsvinner. Jeg får ikke tilgang til noen av mine mapper fordi de stenger ned i løpet av få sekunder, men jeg fant ut at jeg kan kjøre andre programmer helt fint. Heres min nye HJT fil. Logfile of Trend Micro HijackThis v2.0.2 Scan lagret på 11:13:13, on 1/3/2008 Plattform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Kjører prosesser: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Program Files \ TGTSoft \ StyleXP \ StyleXPService.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccProxy.exe C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe C: \ Programfiler \ Fellesfiler \ Symantec Shared \ CCPD-LC \ symlcsvc.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Programfiler \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe C: \ WINDOWS \ system32 \ bmwebcfg.exe C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ DVDRAMSV.exe C: \ WINDOWS \ eHome \ ehRecvr.exe C: \ WINDOWS \ eHome \ ehSched.exe C: \ Programfiler \ Intel \ Wireless \ Bin \ EvtEng.exe C: \ Programfiler \ Norton Internet Security \ Norton AntiVirus \ navapsvc.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Program Files \ Novatel Wireless \ Sprint \ Sprint PCS Connection Manager \ OSCMUtilityService.exe C: \ Program Files \ Sprint \ Pantech \ Sprint Mobile Broadband (Pantech) \ PWIUtilityService.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Programfiler \ Intel \ Wireless \ Bin \ RegSrvc.exe C: \ WINDOWS \ system32 \ Svchost.exe c: \ TOSHIBA \ IVP \ swupdate \ swupdtmr.exe C: \ Programfiler \ TOSHIBA \ TOSHIBA Applet \ TAPPSRV.exe C: \ WINDOWS \ system32 \ Dllhost.exe C: \ Programfiler \ TOSHIBA \ TOSHIBA Controls \ TFncKy.exe C: \ WINDOWS \ system32 \ TDispVol.exe C: \ WINDOWS \ AGRSMMSG.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Program Files \ Sprint \ Pantech \ Sprint Mobile Broadband (Pantech) \ CMPWI.exe C: \ Programfiler \ Mozilla Firefox \ firefox.exe C: \ Programfiler \ Adobe \ Acrobat 7.0 \ Reader \ AcroRd32.exe C: \ WINDOWS \ system32 \ taskmgr.exe C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe C: \ WINDOWS \ explorer.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://www.toshiba.com/search R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toshibadirect.com/dpdstart R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR O3 - Toolbar: Norton Internet Security 2006 - (0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7) - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ AdBlocking \ NISShExt.dll O3 - Toolbar: Norton AntiVirus - (C4069E3A-68F1-403E-B40E-20066696354B) - C: \ Programfiler \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll O4 - HKLM \ .. \ Run: [TPSMain] TPSMain.exe O4 - HKLM \ .. \ Run: [THotkey] "C: \ Program Files \ Toshiba \ Toshiba Applet \ thotkey.exe" O4 - HKLM \ .. \ Run: [TFncKy] TFncKy.exe O4 - HKLM \ .. \ Run: [TDispVol] TDispVol.exe O4 - HKLM \ .. \ Run: [SynTPLpr] "C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe" O4 - HKLM \ .. \ Run: [SpySweeper] C: \ Programfiler \ Webroot \ Spy Sweeper \ SpySweeperUI.exe / startintray O4 - HKLM \ .. \ Run: [SmoothView] "C: \ Program Files \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe" O4 - HKLM \ .. \ Run: [RegRun WinBait] C: \ WINDOWS \ xxxwinbait.exe O4 - HKLM \ .. \ Run: [PadTouch] C: \ Programfiler \ TOSHIBA \ Touch og Launch \ PadExe.exe O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Programfiler \ Intel \ Wireless \ Bin \ ifrmewrk.exe" / tf Intel PROSet / Wireless O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ DLACTRLW.exe O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM \ .. \ Run: [@ RegRunOnSecure] C: \ PROGRA ~ 1 \ Greatis \ REGRUN ~ 1 \ xxxOnSecure.exe O4 - HKCU \ .. \ Run: [Register] "C: \ Program Files \ Greatis \ RegRunSuite \ lsoon.exe" -1 30 "C: \ Program Files \ Greatis \ RegRunSuite \ rescue.exe" / a "c: \ backreg \ rstore.ini " O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKCU \ .. \ Run: [TOSCDSPD] "C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe" O4 - HKCU \ .. \ Run: [STYLEXP] "C: \ Program Files \ TGTSoft \ StyleXP \ StyleXP.exe"-Skjul O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe O4 - HKCU \ .. \ Run: [Regrun2] C: \ PROGRA ~ 1 \ Greatis \ REGRUN ~ 1 \ WatchDog.exe O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Programfiler \ MSN Messenger \ MsnMsgr.Exe" / background O4 - HKCU \ .. \ Run: [Aim6] "C: \ Programfiler \ AIM6 \ aim6.exe" / d locale = no ee: / / AOL / imApp O4 - Global Startup: hpoddt01.exe.lnk =? O4 - Global Startup: RAMASST.lnk = C: \ WINDOWS \ system32 \ RAMASST.exe O8 - Extra sammenheng menyelement: & Windows Live Search - res: / / C: \ Programfiler \ Windows Live Toolbar \ msntb.dll / search.htm O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000 O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.5.0_04 \ bin \ npjpi150_04.dll O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.5.0_04 \ bin \ npjpi150_04.dll O9 - Extra knappen: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll O9 - Extra "Verktøy" MENUITEM: S & end til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL O9 - Extra knappen: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe O10 - Unknown fil i Winsock LSP: bmnet.dll O10 - Unknown fil i Winsock LSP: bmnet.dll O10 - Unknown fil i Winsock LSP: bmnet.dll O14 - IERESET.INF: START_PAGE_URL = http://www.toshibadirect.com/dpdstart O16 - DPF: (14B87622-7E19-4EA8-93B3-97215F77A6BC) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: (2BC66F54-93A8-11D3-BEB6-00105AA9B6AE) (Symantec AntiVirus scanner) -- http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook Photo Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: (644E432F-49D3-41A1-8DD5-E099162EEEC5) (Symantec RuFSI Utility klasse) -- http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: (8E0D4DE5-3180-4024-a327-4DFAD1796A8D) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab31267.cab Ø16 - DPF: (A7A61125-0EAA-11D1-B22F-0000C08C00C4) (SSDBGrid Control 3.1 - A) -- https: / / www.ext.ch2m.com/ETS/controls/sheridan3_13.cab Ø16 - DPF: (F5131C24-E56D-11CF-B78A-444553540000) (Ikonic Menykontroll) -- https: / / www.ext.ch2m.com/cgi-bin/controls/ikcntrls.cab Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (75405C70-8319-41CB-8288-402151999888): NameServer = 68.28.50.91 68.28.58.92 O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C: \ Programfiler \ Fellesfiler \ Adobe Systems Shared \ Service \ Adobelmsvc.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ aspn et_state.exe (fil mangler) O23 - Service: Automatisk LiveUpdate Scheduler - Symantec Corporation - C: \ Programfiler \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C: \ WINDOWS \ system32 \ bmwebcfg.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C: \ Programfiler \ Norton Internet Security \ ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSvcs.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C: \ Programfiler \ Norton Internet Security \ comHost.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co Ltd - C: \ WINDOWS \ system32 \ DVDRAMSV.exe O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - c: \ progra ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Programfiler \ Norton Internet Security \ Norton AntiVirus \ navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ Security Console \ NSCSRVCE.EXE O23 - Service: OSCM Utility Service - Sprint Spectrum, LLC - C: \ Program Files \ Novatel Wireless \ Sprint \ Sprint PCS Connection Manager \ OSCMUtilityService.exe O23 - Service: Pantech Utility Service - Sprint Spectrum, LLC - C: \ Program Files \ Sprint \ Pantech \ Sprint Mobile Broadband (Pantech) \ PWIUtilityService.exe O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ RegSrvc.exe O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Programfiler \ Norton Internet Security \ Norton AntiVirus \ SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C: \ Program Files \ TGTSoft \ StyleXP \ StyleXPService.exe O23 - Service: Swupdtmr - Unknown owner - c: \ TOSHIBA \ IVP \ swupdate \ swupdtmr.exe O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ CCPD-LC \ symlcsvc.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp - C: \ Programfiler \ TOSHIBA \ TOSHIBA Applet \ TAPPSRV.exe -- End of file - 12024 bytes |
|
#5
3 januar 2008, 13:48
| |||
| |||
| Kan du poste de andre loggene? Åpne SUPERAntiSpyware > Innstillinger> Statistikk / Logger kategorien> Marker logg> Vis logg .. ESET > Gå til C: \ Programfiler \ EsetOnlineScanner \ Log.txt -------------------- Last ned ATF Cleaner ved Atribune. ATF Cleaner.exe Ikke bruke det ennå, vil vi senere. -------------------- Vi trenger å deaktivere noen beskyttende programmer slik at de ikke forstyrre løser vi prøve. Deaktiver Spybot's TeaTimer Mens TeaTimer er et utmerket verktøy for forebygging av spyware, kan det noen ganger hindre våre verktøy fra fikse ting. Deaktiver TeaTimer nå før du er ren. TeaTimer kan reaktiveres når loggene er rene. Først:
Med både Tea tidtaker og Spybot lukket nedlasting ResetTeaTimer.zip
-------------------- Deaktiver SpySweeper Kan du aktivere det etter at du er ren. Hvis du vil deaktivere SpySweeper: Åpen Spysweeper klikk> Valg over mot venstre, deretter> Program Valg > Fjern merkingen "belastningen på windows oppstart Over til venstre klikker "skjold" og Fjern merkingen alle der. Fjern merkingen "startsiden skjold" Fjern merkingen "automatisk gjenopprette standard uten varsel" -------------------- Jeg er ikke sikker på om Watch Dog Programmet beskytter registret endringer så hvis det gjør deretter deaktivere den. ------------------- Aktivere visning av skjulte systemfiler og mapper Gå til Min datamaskin-> Verktøy-> Mappealternativer-> Vis kategori:
Åpen Task Manager og velg Prosesser tab. Kill prosessene for: xxxwinbait.exe xxxOnSecure.exe -------------------- Åpne HijackThis og velg Gjør et søk deretter plassere et merke ved siden: O4 - HKLM \ .. \ Run: [RegRun WinBait] C: \ WINDOWS \ xxxwinbait.exe <<-Jeg tror dette programmet er enten kapret eller det er ikke legitimt RegRun nedlasting. Det bør winbait.exe men vises som xxxwinbait.exe O4 - HKLM \ .. \ Run: [@ RegRunOnSecure] C: \ PROGRA ~ 1 \ Greatis \ REGRUN ~ 1 \ xxxOnSecure.exe <<-Jeg tror dette programmet er enten kapret eller det er ikke legitimt RegRun nedlasting. Det bør OnSecure.exe men vises som xxxOnSecure.exe O4 - Global Startup: hpoddt01.exe.lnk =? Lukk alle vinduer unntatt HijackThis og klikk Fix kontrolleres -------------------- Åpen Min datamaskin og finn deretter slette disse Filer og Mapper. C: \ WINDOWS \xxxwinbait.exe C: \ PROGRA ~ 1 \Greatis \ REGRUN ~ 1\xxxOnSecure.exe -------------------- Løpe ATF-Cleaner Kontroller at alle webleservinduer er stengt.
-------------------- Neste innlegg kan du legge Ny HijackThis log SUPERAntiSpyware logg <<- Fra instruksjoner for fjerning ESET logg <<- Fra instruksjoner for fjerning
__________________ |
|
#6
5te 2008 jan 03:31
| |||
| |||
| I cant tilgang til skrivebordet eller min mapper skjønt. Finnes det en vei rundt det? Jeg prøvde å få tilgang til filene mine via nettleseren min bortsett fra den ikke arbeide |
|
#7
5te 2008 jan 03:33
| |||
| |||
| # Version = 4 # OnlineScanner.ocx = 1.0.0.56 # OnlineScannerDLLA.dll = 1, 0, 0, 51 # OnlineScannerDLLW.dll = 1, 0, 0, 51 # OnlineScannerUninstaller.exe = 1, 0, 0, 49 # Vers_standard_module = 2762 (20080102) # Vers_arch_module = 1,060 (20071228) # Vers_adv_heur_module = 1,064 (20070717) # EOSSerial = 6051a39d0346bc4b8901f101faab2805 # End = ferdig # Remove_checked = sant # Unwanted_checked = sant # Utc_time = 2008-01-03 08:02:05 # Local_time = 2008-01-03 01:02:05 (-0700, US Mountain Standard Time) # Country = "United States" # OSVer = 5.1.2600 NT Service Pack 2 # Skannet = 601050 # Funnet = 48 # Scan_time = 6894 C: \ Documents and Settings \ Administrator \ Lokale innstillinger \ Temp \ TMP22.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Family \ Lokale innstillinger \ Temp \ RCX3.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Family \ Lokale innstillinger \ Temp \ TMP28.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ D1B9.tmp Win32/TrojanDownloader.PurityScan.EG trojan (slettet) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ D1B9.tmp »NSIS» Yazzle1552OinAdmin.exe Win32/TrojanDownloader.PurityScan.EG trojan (feil ved rengjøring - operasjon ikke tilgjengelig for denne type objekt - feil under sletting - operasjon utilgjengelig for denne type objekt - var en del av det slettes objektet) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ RCX10.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ RCX29D2.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP10.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP12.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP13.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP19.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP20C.tmp Win32/TrojanDownloader.Agent.BLS trojan (stand til å rengjøre - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP223.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP241.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP288C.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP29D0.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP30.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP36.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP3D.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP65.tmp Win32/TrojanDownloader.Agent.BLS trojan (stand til å rengjøre - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP72.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP7766.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP8.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMP9D.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMPD.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Documents and Settings \ Mikael \ Lokale innstillinger \ Temp \ TMPD0.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Program Files \ AIM6 \ aim6.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Program Files \ Greatis \ RegRunSuite \ lsoon.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Program Files \ Greatis \ RegRunSuite \ OnSecure.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Program Files \ Hewlett-Packard \ HP Software Update \ HPWuSchd2.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Program Files \ Intel \ Wireless \ Bin \ ZCfgSvc.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Programfiler \ QuickTime \ qttask. EXE Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Programfiler \ QuickTime \ iTunesHelper.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ Program Files \ TOSHIBA \ Tvs \ TvsTray.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ WINDOWS \ mrofinu72.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ WINDOWS \ mrofinu72.exe.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ WINDOWS \ winbait.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ WINDOWS \ PCHealth \ helpctr \ binaries \ msconfig.exe. tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ WINDOWS \ system32 \ ctfmon.exe.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ WINDOWS \ system32 \ hkcmd.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ WINDOWS \ system32 \ mllji.exe Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ WINDOWS \ system32 \ PMNKIIF.DLL.del Win32/Adware.Virtumonde program (ikke rent - slettes) 00000000000000000000000000000000 C: \ WINDOWS \ system32 \ RCX416.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 C: \ WINDOWS \ system32 \ RCX8.tmp Win32/Adware.Virtumonde.CLI program (ikke rent - slettes) 00000000000000000000000000000000 |
|
#8
5te 2008 jan 05:01
| |||
| |||
| hvor om sikkermodus? når enker begynner trykker du F8 bottum repeadetly en vinduer vil bli apear bruke sikkermodus for å starte opp <EDIT> software er best for systemsikkerheten |
|
#9
5 januar 2008, 10:16
| |||
| |||
| Sitat:
__________________ |
|
#10
5te 2008 jan 10:22
| |||
| |||
| Prøv å få SUPERAntiSpyware logg og en ny HijackThis logg.
__________________ |
