|
|
#1
26. jun 2008, 12:48
| |||
| |||
| Vel problemet mitt er at jeg fortsetter å få meg avast sier sysrestore.dll inneholder malaware alle hjelpe behage? thank you im bekymret siden jeg har brukt systemgjenoppretting i passerte og om det nå er et virus im skrus |
|
#2
26. jun 2008, 18:40
| |||
| |||
| Ikke skrudd. Post en Hijackthis logg slik at vi kan ta en titt.
__________________  |
|
#3
27. jun 2008, 08:03
| |||
| |||
| Logfile of Trend Micro HijackThis v2.0.2 Scan lagret på 6:20:16 PM, on 4/19/2008 Plattform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Kjører prosesser: C: \ Windows \ system32 \ taskeng.exe C: \ Windows \ system32 \ Dwm.exe C: \ Windows \ Explorer.exe C: \ Programfiler \ Alwil Software \ Avast4 \ ashDisp.exe C: \ Programfiler \ Fellesfiler \ Symantec Shared \ pif \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe C: \ Windows \ System32 \ rundll32.exe C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe C: \ Windows \ System32 \ rundll32.exe C: \ Windows \ System32 \ CtHelper.exe C: \ Windows \ System32 \ CTXFIHLP.EXE C: \ Users \ Mark JR \ Programfiler \ DNA \ btdna.exe C: \ Windows \ System32 \ CTXFISPI.EXE C: \ Windows \ system32 \ wbem \ Unsecapp.exe C: \ Programfiler \ MSN Messenger \ msnmsgr.exe C: \ Programfiler \ MSN Messenger \ livecall.exe C: \ Programfiler \ Mozilla Firefox \ firefox.exe C: \ Users \ Mark JR \ Skrivebord \ dss.exe C: \ Windows \ system32 \ conime.exe C: \ PROGRA ~ 1 \ TRENDM ~ 1 \ Hijack ~ 1 \ Mark JR.exe C: \ Windows \ system32 \ SearchFilterHost.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = ca: blank R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. local R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = O1 - Hosts: 72.233.61.2 L2authd.lineage2.com O1 - Hosts: 72.233.61.2 L2testauthd.lineage2.com O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Programfiler \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O2 - BHO: MegaIEMn - (bf00e119-21a3-4fd1-b178-3b8537e75c92) - C: \ Programfiler \ Megaupload \ Mega Manager \ MegaIEMn.dll O4 - HKLM \ .. \ Run: [avast!] C: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide O4 - HKLM \ .. \ Run: [Rutenett Service] "C: \ Programfiler \ GridService \ peer.exe"-n Rutenett O4 - HKLM \ .. \ Run: [VMware-skuffen] "C: \ Programfiler \ VMware \ VMware Workstation \ VMware-tray.exe" O4 - HKLM \ .. \ Run: [VMware hqtray] "C: \ Programfiler \ VMware \ VMware Workstation \ hqtray.exe" O4 - HKLM \ .. \ Run: [Symantec pif AlertEng] "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ pif \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Programfiler \ Fellesfiler \ Symantec Shared \ pif \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll " O4 - HKLM \ .. \ Run: [UpdReg] C: \ Windows \ UpdReg.EXE O4 - HKLM \ .. \ Run: [NvSvc] rundll32.exe C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit O4 - HKLM \ .. \ Run: [NeroCheck] C: \ Windows \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [AsioReg] Regsvr32.exe / S CTASIO.DLL O4 - HKLM \ .. \ Run: [CTHelper] CTHELPER.EXE O4 - HKLM \ .. \ Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM \ .. \ Run: [CTXFIREG] CTxfiReg.exe O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Users \ Mark JR \ Programfiler \ DNA \ btdna.exe" O4 - HKCU \ .. \ Run: [igndlm.exe] C: \ Programfiler \ Download Manager \ DLM.exe / windowsstart / startifwork O4 - HKCU \ .. \ Run: [Steam] "c: \ programfiler \ steam \ steam.exe"-silent O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE') O8 - Extra sammenheng menyelement: Download Link Bruke Mega Manager ... - C: \ Programfiler \ Megaupload \ Mega Manager \ mm_file.htm O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll O9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - (no file) O10 - Unknown fil i Winsock LSP: c: \ windows \ system32 \ prxernsp.dll O13 - Gopher Prefix: O16 - DPF: (0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75) (CKAVWebScan Object) -- http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Checkers Klassifikasjon) -- http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programfiler \ Yahoo! \ Common \ Yinsthelper.dll O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: (69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A) (GameLauncher Control) -- http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: (A4110378-789B-455F-AE86-3A1BFC402853) (ZPA_SHVL Object) -- http://zone.msn.com/bingame/zpagames...l.cab55579.cab O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: (FFB3A759-98B1-446F-BDA9-909C6EB18CC7) (PCPitstop eksamen) -- http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll O20 - Winlogon Notify: GoToAssist - C: \ Program Files \ Citrix \ GoToAssist \ 480 \ G2AWinLogon.dll (fil mangler) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe O23 - Service: # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # (Bonjour Service) - Apple Computer, Inc. - C: \ Programfiler \ Bonjour \ mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programfiler \ Fellesfiler \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe O23 - Service: GoToAssist - Citrix Online, en divisjon av Citrix Systems, Inc. - C: \ Program Files \ Citrix \ GoToAssist \ 480 \ g2aservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - c: \ progra ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ pif \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe O23 - Service: MySQL - Unknown owner - C: \ Program.exe (fil mangler) O23 - Service: PnkBstrA - Unknown owner - C: \ Windows \ system32 \ PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C: \ Programfiler \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe (fil mangler) O23 - Service: Steam Client Service - Ventilverksted Corporation - C: \ Programfiler \ Fellesfiler \ Steam \ SteamService.exe O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C: \ Programfiler \ VMware \ VMware Workstation \ VMware-ufad.exe (fil mangler) O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C: \ Windows \ system32 \ vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - Unknown owner - C: \ Programfiler \ Fellesfiler \ VMware \ VMware Virtual Image Editing \ vmount2.exe (fil mangler) O23 - Service: VMware NAT Service - VMware, Inc. - C: \ Windows \ system32 \ vmnat.exe O23 - Service: wampapache - Apache Software Foundation - c: \ wamp \ bin \ apache \ apache2.2.8 \ bin \ httpd.exe O23 - Service: wampmysqld - Unknown owner - c: \ wamp \ bin \ mysql \ mysql5.0.51a \ bin \ mysqld-nt.exe -- End of file - 9649 bytes |
|
#4
27. jun 2008, 11:57
| |||
| |||
| Jeg kan ikke fortelle mye fra loggen. Laste ned Dr.Web CureIt! Og lagre den på skrivebordet ditt.
---------- Neste innlegg legge Dr. Web log
__________________ |
|
#5
2nd 2008 jul 15:39
| |||
| |||
| Jeg har vista hvordan iget til dokumenter og innstillinger? im ikke vant til vista jeg bruke til å ha xp edit: fant det NVM |
|
#6
2nd 2008 jul 15:41
| |||
| |||
| sin si sitt skanning på 80kbs ... Jeg har 130gb å skanne som vil ta dager noen ideer? |
|
#7
4de 2008 jul 16:44
| |||
| |||
| Last ned Combofix av ubåter fra én av de nedenfor koblinger. Viktig! Combofix.exe MÅ lagres til og løp fra Desktop.
---------- Neste innlegg legge Combofix log
__________________ |
|
#8
9th 2008 jul 10:13
| |||
| |||
| Jeg gir opp ComboFix doesnt innlede lol vel kanskje nødt til å formatere og miste alt jeg har |
|
#9
9th 2008 jul 10:16
| |||
| |||
| Sitat:
|
|
#10
9th 2008 jul 12:58
| |||
| |||
| Gå til Start> Kjør og kopier / lim inn følgende: "% brukerprofil% \ desktop \ combofix.exe" / killall Trykk Enter og Combofix vil begynne. Når du er ferdig, vil den produsere en loggfil plassert på C: \ ComboFix.txt Post innholdet i denne loggen i din neste svaret. Merk: Ikke mouseclick combofix's vinduet mens den kjører. Som kan forårsake at systemet stall.
__________________ |
