Scotty Skrevet 10. juni 2006 Skrevet 10. juni 2006 (endret) Hei! Har hatt flere viruser på denne laptopen før. Og nå går den veldig tregt til tider, og det kommer tonnevis av reklame popups i IE. Skjult tekst: (Marker innholdet i feltet for å se teksten): Logfile of HijackThis v1.99.1 Scan saved at 13:22:03, on 10.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\Programfiler\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TFNF5.exe c:\progra~1\intern~1\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\system32\macromed\flash\GetFlash.exe C:\Documents and Settings\test1\Skrivebord\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hsxqftqfvlhstkqngrq.com/JL4YiEr...NF/uGo6Ygl.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ijkqzpmmwhewzaxguvjhdt.com/JL4Y...GK5LIkgfO8.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O1 - Hosts: 64.233.167.104 www.sophos.com O1 - Hosts: 64.233.167.104 www.mcafee.com O1 - Hosts: 64.233.167.104 www.viruslist.com O1 - Hosts: 64.233.167.104 www.f-secure.com O1 - Hosts: 64.233.167.104 www.avp.com O1 - Hosts: 64.233.167.104 www.kaspersky.com O1 - Hosts: 64.233.167.104 www.networkassociates.com O1 - Hosts: 64.233.167.104 www.ca.com O1 - Hosts: 64.233.167.104 www.my-etrust.com O1 - Hosts: 64.233.167.104 www.nai.com O1 - Hosts: 64.233.167.104 www.grisoft.com O1 - Hosts: 64.233.167.104 symantec.com O1 - Hosts: 64.233.167.104 sophos.com O1 - Hosts: 64.233.167.104 mcafee.com O1 - Hosts: 64.233.167.104 liveupdate.symantecliveupdate.com O1 - Hosts: 64.233.167.104 viruslist.com O1 - Hosts: 64.233.167.104 f-secure.com O1 - Hosts: 64.233.167.104 kaspersky.com O1 - Hosts: 64.233.167.104 kaspersky-labs.com O1 - Hosts: 64.233.167.104 avp.com O1 - Hosts: 64.233.167.104 networkassociates.com O1 - Hosts: 64.233.167.104 ca.com O1 - Hosts: 64.233.167.104 mast.mcafee.com O1 - Hosts: 64.233.167.104 my-etrust.com O1 - Hosts: 64.233.167.104 download.mcafee.com O1 - Hosts: 64.233.167.104 dispatch.mcafee.com O1 - Hosts: 64.233.167.104 secure.nai.com O1 - Hosts: 64.233.167.104 nai.com O1 - Hosts: 64.233.167.104 us.mcafee.com O1 - Hosts: 64.233.167.104 rads.mcafee.com O1 - Hosts: 64.233.167.104 trendmicro.com O1 - Hosts: 64.233.167.104 grisoft.com O1 - Hosts: 64.233.167.104 sandbox.norman.no O1 - Hosts: 64.233.167.104 www.pandasoftware.com O1 - Hosts: 64.233.167.104 uk.trendmicro-europe.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O2 - BHO: (no name) - {1FBF919E-59EA-84DF-5BBE-C546A109CB97} - C:\DOCUME~1\test1\PROGRA~1\ONCEDE~1\IDLE FOUR.exe O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file) O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programfiler\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20 O4 - HKLM\..\Run: [TouchED] C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [avnort] C:\WINDOWS\system32\serbw.exe O4 - HKLM\..\Run: [blah Second Cool Mpeg] C:\Documents and Settings\All Users\Programdata\Idle Mode Blah Second\JUMPSECOND.exe O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\system32\serbw.exe O4 - HKCU\..\Run: [Remote Find] C:\DOCUME~1\test1\PROGRA~1\RECTFL~1\byte view junk.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe Endret 10. juni 2006 av _Scotty_
berxter Skrevet 10. juni 2006 Skrevet 10. juni 2006 Du har fått deg en søt liten orm; Symantec kaller den w32.serflog.a. De har et fjerningsverktøy, men først må du fikse hostsfila di. Den finner du i C:\WINDOWS\system32\drivers\etc, og den heter hosts. Åpne den i Notepad og slett hele innholdet. Så legger du inn denne linja: 127.0.0.1 localhost og lagrer som hosts. Alt det andre i fila er bare grums og informasjon. Da skulle du få tilgang til http://securityresponse.symantec.com/avcen...moval.tool.html som du så kjører. Så anbefaler jeg at du laster ned Ewido, installerer og oppdaterer, men ikke kjører; restarter i safe mode (f8 under oppstart) og flesker til med Ewido. Så restarter du på vanlig vis; henter ned ccleaner, kjører den og legger ut en blodfersk HJTlogg. Bernt K
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå