Jump to content
Sign in to follow this  
PsykoRage

Virus alert! hvordan få bort?

Recommended Posts

Tror jeg har spurt om dette før, men husker ikke hvordan jeg fikk det bort sist.

Jeg surfet rundt på nettet, plutselig dukket det opp et tegn nede på verktøylinjen.

Det er et tegn som skifter mellom disse: Uten_navn.bmp

Denne kommer også opp samtidig: Uten_navn2.bmp

Pluss at når jeg skal starte Ad-Aware så søker den, etter 30sec kommer det opp at explorer.exe ikke svarer, og så kan jeg velge send eller ikke send rapport, hvis jeg bare lar det være, restarter maskinen uten forvarsel.

 

Hjelp mottas med takk

Share this post


Link to post

Ah, en liten Smitfraudinfeksjon (variant Spyfalcon, sannsynligvis). Medisinen finner du her:

http://siri.geekstogo.com/SmitfraudFix.php

 

Du kan like gjerne kjøre alternativ 2 (clean) med det samme, da diagnosen er entydig.. Husk at den må kjøres i safe mode.

 

Etterpå legger du ut en logg fra HijackThis (du finner'n f eks hos www.merijn.org), "do a scan and save a log", i tilfelle det skulle være mer grums.

 

Bernt K

Share this post


Link to post

Pc'en restarter fortsann når jeg kjører Ad-Aware.

 

Men her er HiJackThis-loggenSkjult tekst: (Marker innholdet i feltet for å se teksten):

Logfile of HijackThis v1.99.1

Scan saved at 14:13:29, on 15.08.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Programfiler\Stardock\Object Desktop\WindowBlinds\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Ideazon\Zboard Software\Driver\ZboardTray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\D-Tools\daemon.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe

C:\Programfiler\ClamWin\bin\ClamTray.exe

C:\Programfiler\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe

C:\WINDOWS\system32\85190b72.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\HDD Thermometer\HDD Thermometer.exe

C:\Programfiler\HACE\Mmm\Mmm.exe

C:\Programfiler\Ideazon\Zboard Software\Driver\Zboard.exe

C:\PROGRA~1\SCURIT~1\msiexec.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Gunnar Gulbrandsen\Mine dokumenter\?racle\w?auclt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\regsvr32.exe

C:\Programfiler\WinRAR\WinRAR.exe

C:\DOCUME~1\GUNNAR~1\LOKALE~1\Temp\Rar$EX00.578\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.logitech.com/?BW=2&OS=05.0...=nor&PI=IT&CT=D

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {B744941D-2AF0-270F-DBF7-5217B6850AC4} - C:\WINDOWS\system32\ldpntch.dll

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\system32\compstuig.dll

O2 - BHO: (no name) - {B744941D-2AF0-270F-DBF7-5217B6850AC4} - C:\WINDOWS\system32\ldpntch.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ClamWin] "C:\Programfiler\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe

O4 - HKLM\..\Run: [85190b72.exe] C:\WINDOWS\system32\85190b72.exe

O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Programfiler\HDD Thermometer\HDD Thermometer.exe

O4 - HKCU\..\Run: [Mmm] "C:\Programfiler\HACE\Mmm\Mmm.exe"

O4 - HKCU\..\Run: [steam] "e:\spill\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Eurn] "C:\PROGRA~1\SCURIT~1\msiexec.exe" -vt yazr

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [85190b72.exe] C:\Documents and Settings\Gunnar Gulbrandsen\Lokale innstillinger\Programdata\85190b72.exe

O4 - Startup: CCleaner.lnk = C:\Programfiler\CCleaner\ccleaner.exe

O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe

O8 - Extra context menu item: &Google-søk - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Koblinger bakover - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Lignende sider - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136727398062

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\scanregw.dll

O20 - Winlogon Notify: h618 - C:\WINDOWS\g519093.dll

O20 - Winlogon Notify: h619 - C:\WINDOWS\g5716328.dll

O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FELLES~1\Stardock\mcpstub.dll (file missing)

O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll

O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Share this post


Link to post

Ikke bare en Smitfraudsak, plukk ned og bruk cwshredder (du finner den hos Trend, bruk google).

Og så tror jeg nesten du bør slå til med Ewido kjørt i safe mode. Setup går fram av sida.

Denne:

C:\Documents and Settings\Gunnar Gulbrandsen\Mine dokumenter\?racle\w?auclt.exe

bruker du Killbox på, ta hele mappa c:\..\..\?racle\

 

Vi skal også prøve L2Mfix, da jeg synes en 020-sak minner om det: Prøv denne framgangsmåten:

http://www.computing.net/security/wwwboard/forum/17828.html, kjør bare alt 1, og legg ut loggen.

 

Etterpå ser vi gjerne en blodfersk HJTlogg.

 

Jeg regner med at det vil fortsatt være igjen noe snusk, men vi får se.

 

Bernt K

Share this post


Link to post

cwshredder finner ingen feil.

 

Killbox finner ikke: C:\Documents and Settings\Gunnar Gulbrandsen\Mine dokumenter\?racle\w?auclt.exe

 

Men skal prøve resten

Edited by PsykoRage

Share this post


Link to post

Du har bedt windows om å vise deg systemfiler, skjulte filer osv, ja?

Finner du folderen

C:\Documents and Settings\Gunnar Gulbrandsen\Mine dokumenter\?racle\

 

tar du hele møkka. Hele folderen er svineri.

 

Bernt K

Share this post


Link to post

Har ikke hatt tid til å sjekke med ewido før nå, men her har du en logg Skjult tekst: (Marker innholdet i feltet for å se teksten):

Logfile of HijackThis v1.99.1

Scan saved at 16:01:42, on 28.08.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Programfiler\Stardock\Object Desktop\WindowBlinds\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Ideazon\Zboard Software\Driver\ZboardTray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\D-Tools\daemon.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe

C:\Programfiler\ClamWin\bin\ClamTray.exe

C:\Programfiler\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe

C:\Programfiler\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\HDD Thermometer\HDD Thermometer.exe

C:\Programfiler\HACE\Mmm\Mmm.exe

E:\spill\steam\steam.exe

C:\PROGRA~1\SCURIT~1\msiexec.exe

C:\Programfiler\Ideazon\Zboard Software\Driver\Zboard.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\?dobe\?hkntfs.exe

C:\FRAPS\FRAPS.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\WinRAR\WinRAR.exe

C:\DOCUME~1\GUNNAR~1\LOKALE~1\Temp\Rar$EX00.047\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.logitech.com/?BW=2&OS=05.0...=nor&PI=IT&CT=D

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {CEA4CE06-2BEE-7443-9D84-0022558A7CC8} - C:\WINDOWS\system32\mfse.dll (file missing)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {92F79C57-2CB3-2111-97FE-772223FF7AC3} - C:\WINDOWS\system32\odu.dll (file missing)

R3 - URLSearchHook: (no name) - {A81A9CD0-7A39-75C2-1FA5-72F2CE7113C6} - C:\WINDOWS\system32\ghahekg.dll

O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll

O2 - BHO: (no name) - {92F79C57-2CB3-2111-97FE-772223FF7AC3} - C:\WINDOWS\system32\odu.dll (file missing)

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\system32\compstuig.dll (file missing)

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll

O2 - BHO: (no name) - {A81A9CD0-7A39-75C2-1FA5-72F2CE7113C6} - C:\WINDOWS\system32\ghahekg.dll

O2 - BHO: (no name) - {CEA4CE06-2BEE-7443-9D84-0022558A7CC8} - C:\WINDOWS\system32\mfse.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ClamWin] "C:\Programfiler\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe

O4 - HKLM\..\Run: [!ewido] "C:\Programfiler\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKLM\..\Run: [LogonStudio] "C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Programfiler\HDD Thermometer\HDD Thermometer.exe

O4 - HKCU\..\Run: [Mmm] "C:\Programfiler\HACE\Mmm\Mmm.exe"

O4 - HKCU\..\Run: [steam] "e:\spill\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Eurn] "C:\PROGRA~1\SCURIT~1\msiexec.exe" -vt ndrv

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [85190b72.exe] C:\Documents and Settings\Gunnar Gulbrandsen\Lokale innstillinger\Programdata\85190b72.exe

O4 - HKCU\..\Run: [Nnbiit] C:\Programfiler\?dobe\?hkntfs.exe

O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE

O4 - Startup: CCleaner.lnk = C:\Programfiler\CCleaner\ccleaner.exe

O8 - Extra context menu item: &Google-søk - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Koblinger bakover - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Lignende sider - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136727398062

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: wbsys.dll

O20 - Winlogon Notify: h618 - C:\WINDOWS\g519093.dll (file missing)

O20 - Winlogon Notify: h619 - C:\WINDOWS\g5716328.dll

O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FELLES~1\Stardock\mcpstub.dll (file missing)

O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing)

O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Share this post


Link to post

Velvel, har du kjørt Ewido i safe mode? Loggen derfra ville være kjekt. Det ser ut som SmitFraudvarianten og L2M nå er uskadeliggjort.

 

Søren heller; denne:

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll

ER en CWvariant. Det er mer enda.

Alle disse:

R3 - URLSearchHook: (no name) - {CEA4CE06-2BEE-7443-9D84-0022558A7CC8} - C:\WINDOWS\system32\mfse.dll (file missing)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {92F79C57-2CB3-2111-97FE-772223FF7AC3} - C:\WINDOWS\system32\odu.dll (file missing)

R3 - URLSearchHook: (no name) - {A81A9CD0-7A39-75C2-1FA5-72F2CE7113C6} - C:\WINDOWS\system32\ghahekg.dll

O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll

O2 - BHO: (no name) - {92F79C57-2CB3-2111-97FE-772223FF7AC3} - C:\WINDOWS\system32\odu.dll (file missing)

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\system32\compstuig.dll (file missing)

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll

O2 - BHO: (no name) - {A81A9CD0-7A39-75C2-1FA5-72F2CE7113C6} - C:\WINDOWS\system32\ghahekg.dll

O2 - BHO: (no name) - {CEA4CE06-2BEE-7443-9D84-0022558A7CC8} - C:\WINDOWS\system32\mfse.dll (file missing)

O4 - HKCU\..\Run: [Mmm] "C:\Programfiler\HACE\Mmm\Mmm.exe"

O4 - HKCU\..\Run: [Eurn] "C:\PROGRA~1\SCURIT~1\msiexec.exe" -vt ndrv

O4 - HKCU\..\Run: [85190b72.exe] C:\Documents and Settings\Gunnar Gulbrandsen\Lokale innstillinger\Programdata\85190b72.exe

O4 - HKCU\..\Run: [Nnbiit] C:\Programfiler\?dobe\?hkntfs.exe

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162

O20 - Winlogon Notify: h618 - C:\WINDOWS\g519093.dll (file missing)

O20 - Winlogon Notify: h619 - C:\WINDOWS\g5716328.dll

 

er bæsj. Jeg antar det ikke vil hjelpe å "fixe" dem med HJT, så:

 

Jeg ser at ?racle har mutert til ?dobe i

C:\Programfiler\?dobe\?hkntfs.exe

 

Unnskyld ropinga: HENT DEG ET AVprogram! Avast! og AVG er gode og gratis. Ewido strekker ikke til.

 

Her må du til med AVprogram i safe mode, spysweeper (trialversjon), Panda Activescan, Trend Housecall, ccleaner gjentatte ganger.

Kjør disse, ccleaner nok en gang, Panda en gang til, og legg ut Pandaloggen med en fersk HJTlogg.

 

Bernt K /(Sorry, jeg er litt presset på tid...)

Share this post


Link to post

gjennopprett pc'n til før du fekk den dritten du, det hjalp med meg :)

 

mye enklere enn å begynne å rote i root-filene siden det kan føkke opp windows...

 

 

EDIT: ja dette var en artig bump.... :ermm:

Edited by Storleer

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...