FuzzFuet Skrevet 18. september 2006 Del Skrevet 18. september 2006 (endret) Har blitt smittet av denneMSN ormen Hva skal jeg gjøre nå? Har Zonealarm og den fandt litt av hvert. Men den fjærnet litt av det. En HijackThis log: Skjult tekst: (Marker innholdet i feltet for å se teksten): Logfile of HijackThis v1.99.1Scan saved at 19:43:53, on 18.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\Programfiler\Executive Software\Diskeeper\DkService.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\CyberLink\Shared files\RichVideo.exe D:\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe D:\ATI Tray Tools\atitray.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Messenger\msmsgs.exe D:\SpeedFan\speedfan.exe d:\Mine Dokumenter\Spill\CS Source\Steam.exe C:\Documents and Settings\Ole Einar\sprY.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Ole Einar\Xinstall.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cidaemon.exe D:\Opera\Opera.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Ole Einar\Skrivebord\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programfiler\ToolBar888\MyToolBar.dll O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\STARDO~1\SDIEInt.dll O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programfiler\ToolBar888\MyToolBar.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction O4 - HKCU\..\Run: [AtiTrayTools] "D:\ATI Tray Tools\atitray.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msgs.exe" /background O4 - Startup: SpeedFan.lnk = D:\SpeedFan\speedfan.exe O4 - Startup: Steam.lnk = d:\Mine Dokumenter\Spill\CS Source\Steam.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Download with Star Downloader - D:\Star Downloader\sdie.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programfiler\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared files\RichVideo.exe O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - D:\Sandra Professional 2005\RpcDataSrv.exe (file missing) O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - D:\Sandra Professional 2005\RpcSandraSrv.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Noen andre som har hatt denne og har ideer om hvordan og bli kvitt den? Endret 18. september 2006 av LockNess Lenke til kommentar
morra Skrevet 18. september 2006 Del Skrevet 18. september 2006 (endret) C:\Documents and Settings\Ole Einar\sprY.exe - UnknownC:\Documents and Settings\Ole Einar\Xinstall.exe - Unknown R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger - Nasty O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programfiler\ToolBar888\MyToolBar.dll - Nasty O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programfiler\ToolBar888\MyToolBar.dll - Nasty O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - h ttp://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab - Possibly nasty Noen du (ikke) kjenner igjen? Tror nok du vil kunne slette de i uthevet skrift... Endret 18. september 2006 av morra Lenke til kommentar
Pozzolan Skrevet 18. september 2006 Del Skrevet 18. september 2006 I og med at denne ormen er såpass ny vil jeg ikke garantere at dette funker. 1. Last ned killbox (google it) 2. Last ned CWShredder (ikke kjør den enda) 3. Start maskinen i sikkermodus. 4. Slett disse med Killbox. C:\Documents and Settings\Ole Einar\sprY.exe C:\Documents and Settings\Ole Einar\Xinstall.exe Hele C:\Programfiler\ToolBar888\ mappen c:\windows\system32\dllcache\win32\winlogon.exe 5. Slett disse med hijackthis O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - D:\Sandra Professional 2005\RpcSandraSrv.exe (file missing) O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - D:\Sandra Professional 2005\RpcDataSrv.exe (file missing) O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programfiler\ToolBar888\MyToolBar.dll O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programfiler\ToolBar888\MyToolBar.dll 6. Kjør så CWShredder 7. Ta en online virusscan og post resultatet her (se signatur) 8. Post så en bloderfersk hijackthis logg fra vanlig windows modus. Husk at jeg ikke garanterar at dette vil fungere da du er den første jeg hjelper med dette problemet. En guide til de fleste programmene jeg nevnte her finner du i guiden i signaturen min. Lenke til kommentar
FuzzFuet Skrevet 18. september 2006 Forfatter Del Skrevet 18. september 2006 Takker Mange av disse tipsene fikk jeg av deg i en annen post her Har sletta alfa.exe, Xinstall.exe osv. men de kommer tilbake Lenke til kommentar
Pozzolan Skrevet 18. september 2006 Del Skrevet 18. september 2006 Prøv med å slå av system restore før du sletter dem i sikkermodus. Kan være at de gjemmer seg i system restore. Lenke til kommentar
ShareFun Skrevet 18. september 2006 Del Skrevet 18. september 2006 (endret) Hvordan gjør man det? Har forresten også det jævla viruset. Edit: This is the opening screen for System Restore, accessible by clicking [start] [All Programs] [Accessories] [system Tools] [system Restore]. Choose from the bulleted options on the right whether you want to restore your computer to an earlier time or create a new restore point for future use. Endret 18. september 2006 av Sfun Lenke til kommentar
Lord-of-the-End-Times Skrevet 18. september 2006 Del Skrevet 18. september 2006 Jeg er n00b og jeg har fått det også Si fra hvis noen finner ut hvordan man fjerner det. Lenke til kommentar
Pozzolan Skrevet 18. september 2006 Del Skrevet 18. september 2006 Kan du lage en ny tråd der du poster en hiajckthis logg. Har lyst til å se om du har de samme prosessene som trådstarter. Lenke til kommentar
Lord-of-the-End-Times Skrevet 18. september 2006 Del Skrevet 18. september 2006 Hvordan legger jeg ut loggen? Lenke til kommentar
Pozzolan Skrevet 18. september 2006 Del Skrevet 18. september 2006 Les guiden min Lenke til kommentar
Lord-of-the-End-Times Skrevet 18. september 2006 Del Skrevet 18. september 2006 Done. Sjekk: https://www.diskusjon.no/index.php?showtopic=634167 Lenke til kommentar
Evil-Duck Skrevet 19. september 2006 Del Skrevet 19. september 2006 http://www.nettavisen.no/it/article743361.ece Mvh EvilDuck91 Lenke til kommentar
FuzzFuet Skrevet 20. september 2006 Forfatter Del Skrevet 20. september 2006 (endret) Da har jeg gjort det stealty sa i post 3 og her er en HijackThis log etter det: Skjult tekst: (Marker innholdet i feltet for å se teksten): Logfile of HijackThis v1.99.1Scan saved at 08:05:22, on 20.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\Programfiler\Executive Software\Diskeeper\DkService.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\CyberLink\Shared files\RichVideo.exe D:\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe D:\ATI Tray Tools\atitray.exe D:\SpeedFan\speedfan.exe D:\BitLord\BitLord.exe C:\WINDOWS\System32\msiexec.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Ole Einar\Skrivebord\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hardware.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\STARDO~1\SDIEInt.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [AtiTrayTools] "D:\ATI Tray Tools\atitray.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msgs.exe" /background O4 - Startup: SpeedFan.lnk = D:\SpeedFan\speedfan.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Download with Star Downloader - D:\Star Downloader\sdie.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programfiler\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared files\RichVideo.exe O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - D:\Sandra Professional 2005\RpcDataSrv.exe (file missing) O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - D:\Sandra Professional 2005\RpcSandraSrv.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Får ikke postet resultatet fra virus scanen for etter skolen, for jeg fikk den i HTML ting og aner ikke hvordan jeg skal gjøre det, så jeg vinner ikke mer nå siden jeg må på skolen om ca.. Nå Endret 20. september 2006 av LockNess Lenke til kommentar
Pozzolan Skrevet 20. september 2006 Del Skrevet 20. september 2006 Loggen så bra ut den. Men jeg lurer på hva som kommer opp hvis du skriver about:blank i IE. Er det en side så må vi fjerne en infeksjon. Er siden blank så er pcen friskmeldt Lenke til kommentar
FuzzFuet Skrevet 20. september 2006 Forfatter Del Skrevet 20. september 2006 Siden forblir blank når jeg skriver "about:blank" i IE Så du sier at jeg er kvitt MSN ormen og all den jaevelskapen den stelte i stand? Lenke til kommentar
Pozzolan Skrevet 20. september 2006 Del Skrevet 20. september 2006 Hvis du ikke sliter med noe annet så vil jeg si ja. Loggen viser ikke noe galt. Lenke til kommentar
FuzzFuet Skrevet 20. september 2006 Forfatter Del Skrevet 20. september 2006 Kult, PCen er normal nå Takk skal du ha stealthy for at du tar deg tid og hjelper både meg og mange andre Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå