dataen har blitt monko

[Major]

plutelig så har dataen min blitt heilt f**** nesten alle ikoner har blitt blanke..

har jeg blitt hacka eller noe ??

eller er det bare et virus som ikke nod32 finner??

[Marzo]

Du har nok fått deg et monko virus retteresagt mogo!

 

Jeg sliter med å forstå hva du mener her, men er det kun ikonene dine som har blitt visket ut? Eller er det flere symtomer?

 

Kjør en In-depth analysis på hele maskinen din...

[Harvester]

Og ta en hijack logg, og legg den ut

[Major]

kan dere forklarer hvor jeg kan finne den testen?

og jeg finner jo ingen virus

[Brian]

kan dere forklarer hvor jeg kan finne den testen?

og jeg finner jo ingen virus

7160642[/snapback]

 

du laster ned programmet hijackthis f. eks. her

Så kjører du programmet og legger ut loggen her.

[TCi]

Stikk heller hit du: http://safety.live.com

 

Kjør en full sjekk og vent tålmodig. Det tar en stund avhengig av diskplassen som blir brukt. Om du har problemer prøvd Trendmicro sin.

 

Det er ikke alltid lokale antivirusprogrammer finner virus, pga. mange virus skjuler seg for disse, samt deaktiverer programmet.

[Major]

thx for hjelpen skal prøve det når jeg kommer hjem fra skolen:=)

[Major]

Logfile of HijackThis v1.99.1

Scan saved at 12:37:20, on 27.10.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\D-Link\Air Utility\AirCFG.exe

C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

D:\programmer\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\LogMeIn\LogMeInSystray.exe

D:\program\Gmail Notifier\G001-1.0.25.0\gnotify.exe

D:\program\PowerISO\PWRISOVM.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

D:\programmer\Phone\Skype.exe

C:\Documents and Settings\mikal\My Documents\utorrent.exe

D:\Valve\Steam\Steam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

D:\programmer\Xfire\Xfire.exe

D:\programmer\firefox.exe

D:\programmer\WinRAR.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\mikal\LOCALS~1\Temp\Rar$EX01.516\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.isyd.no/subTemplate3.aspx?m=743

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe

O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "D:\programmer\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\program\Gmail Notifier\G001-1.0.25.0\gnotify.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "D:\programmer\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\mikal\My Documents\utorrent.exe"

O4 - HKCU\..\Run: [steam] D:\Valve\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "D:\program\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Xfire.lnk = D:\programmer\Xfire\Xfire.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\program\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\program\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{A5107576-B88B-4B9C-8EE5-632C54513093}: NameServer = 82.116.64.37

O17 - HKLM\System\CCS\Services\Tcpip\..\{B5451D70-6BB3-40C1-B30B-515541D6441A}: NameServer = 82.116.64.37

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[GeirGrusom]

CO4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe

 

Slett begge disse med Hijackthis (Correct eller hva det nå en står)

Det er som regel trygt å fjerne ting fra Run nøkkelen, siden det bare er programmer som starter opp, og aldri noe som Windows må ha for å starte.

[morgan_kane]

vis du ikke kan se ikonene på skrivebordet og sånt kan det hende at explorer.exe ikke har startet. sånn starter du explorer.exe du trykker ctrl-alt-delete tastene da får do opp oppgavevelgeren, du trykker ny oppgave og skriver explorer.exe der og trukker ok