|
| |||||||
 |
 |
| | Thread Tools |
|
#1
1 mai 2008, 01:34
| |||
| |||
| i hve thisvirus på Windows Vista-maskin jeg kan ikke git kvitt det jeg har forsøkt adaware Jeg har forsøkt nod32 Jeg har forsøkt everthing Jeg har forsøkt manualy sletter filen den bare fungerer ikke i am stuck forvirret whateva u wonna kalle det det bugging den helvete ut av meg Jeg fikk den på MSN Messenger når jeg logget på noen igjen meg en frakoblet melding med en link jeg aldri klikket koblingen i knw bedre enn det, men det infiserte vista noen måte her er min kapre denne loggen, jeg har selv prøvd nod32 undll program og at wont selv få infisert dll fil av systemet jeg trenger hjelp kan du lol Logfile of Trend Micro HijackThis v2.0.2 Scan lagret 13:17:21, on 30/04/2008 Plattform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Kjører prosesser: C: \ Windows \ system32 \ taskeng.exe C: \ Windows \ system32 \ Dwm.exe C: \ Windows \ Explorer.exe C: \ Programfiler \ Windows Defender \ MSASCui.exe C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.exe C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ egui.exe C: \ Programfiler \ PowerISO \ PWRISOVM.EXE C: \ Windows \ WindowsMobile \ wmdSync.exe C: \ Windows \ System32 \ Spool \ drivers \ w32x86 \ 3 \ E_FATIA IE.EXE C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NMIndexStoreSvr.exe C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ CCC.exe C: \ Windows \ system32 \ rundll32.exe C: \ Windows \ system32 \ rundll32.exe C: \ Windows \ system32 \ SearchFilterHost.exe C: \ Programfiler \ Mozilla Firefox \ firefox.exe C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = R3 - URLSearchHook: bigmaq Toolbar - (a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60) - C: \ Programfiler \ bigmaq \ tbbigm.dll O1 - Hosts::: 1 localhost O2 - BHO: (61072721-1971-3979-0594-bb6f4826e923) - (329e6284-f6bb-4950-9793-179112727016) - C: \ Windows \ system32 \ pxqtjlsa.dll O2 - BHO: (no name) - (5B8307B3-B75E-4217-9B4A-A72CD3EFC1C2) - (no file) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll O2 - BHO: bigmaq Toolbar - (a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60) - C: \ Programfiler \ bigmaq \ tbbigm.dll O2 - BHO: (no name) - (DE856D34-75E1-4F7F-A89C-A0FDA324F057) - C: \ Windows \ system32 \ mlJDvSKe.dll O3 - Toolbar: bigmaq Toolbar - (a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60) - C: \ Programfiler \ bigmaq \ tbbigm.dll O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [egui] "C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ egui.exe" / hide / waitservice O4 - HKLM \ .. \ Run: [NBKeyScan] "C: \ Programfiler \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe O4 - HKLM \ .. \ Run: [MSServer] rundll32.exe C: \ Windows \ system32 \ urqRJApm.dll, # 1 O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Programfiler \ PowerISO \ PWRISOVM.EXE O4 - HKLM \ .. \ Run: [Windows Mobile-basert enhet management]% windir% \ WindowsMobile \ wmdSync.exe O4 - HKLM \ .. \ Run: [BM11f62ce8] rundll32.exe "C: \ Windows \ system32 \ uqdgqgex.dll", s O4 - HKLM \ .. \ Run: [12c51f74] rundll32.exe "C: \ Windows \ system32 \ pgyfqdhl.dll", b O4 - HKCU \ .. \ Run: [EPSON Stylus Photo R220 Series] C: \ Windows \ system32 \ Spool \ drivers \ W32X86 \ 3 \ E_FATIA IE.EXE / FU "C: \ Windows \ Temp \ E_S39A5.tmp" / EF "HKCU" O4 - HKCU \ .. \ Run: [IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] "C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NMIndexStoreSvr.exe" Aso-616B5711-6DAE-4795-A05F -39A1E5104020 O4 - HKCU \ .. \ Run: [AlcoholAutomount] "C: \ Programfiler \ Alcohol Soft \ Alcohol 120 \ axcmd.exe" / automount O4 - HKCU \ .. \ Run: [mount.exe] C: \ Programfiler \ GiPo @ Utilities \ FileUtilities.3 \ mount.exe / z O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE') O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 3 \ Office11 \ EXCEL.EXE/3000 O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 3 \ Office11 \ REFIEBAR.DLL O13 - Gopher Prefix: O22 - SharedTaskScheduler: Windows DreamScene - (E31004D1-A431-41B8-826F-E902F9D95C81) - C: \ Windows \ System32 \ DreamScene.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: ATI External Event Utility - ATI Technologies Inc. - C: \ Windows \ system32 \ Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ ekrn.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C: \ Programfiler \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe O23 - Service: NMIndexingService - Nero AG - C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - produktive Technology Inc. - C: \ Windows \ system32 \ IoctlSvc.exe O23 - Service: SessionLauncher - Unknown owner - C: \ Users \ DANIEL ~ 1 \ AppData \ Local \ Temp \ DX9 \ SessionLa uncher.exe (fil mangler) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C: \ Programfiler \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe -- End of file - 6199 bytes
__________________  |
|
#2
1 mai 2008, 09:50
| |||
| |||
| Ja, du sikkert har ganske mange nasties på PCen. Last ned Combofix av ubåter fra én av de nedenfor koblinger. (Prøv alle tre om nødvendig)Viktig! Combofix.exe MÅ lagres til og løp fra Desktop.
--------- Neste innlegg kan du legge Combofix log
__________________  |
