tyDi Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 (endret) Jaja, har tydeligvis fått Trojan.Brisv.A!inf jeg da. Har kjørt antivirus osv., men blir ikke kvitt det. Det bare står at jeg må granske det. Går da inn på sikkerhetsloggen og prøver å bruke fjern knappen, men det står at det ikke kan slettes. Kan også gå inn på websiden og se hva jeg skal gjøre for å fjerne den. 1. Disable System Restore (Windows Me/XP). 2. Update the virus definitions. 3. Run a full system scan. Noe som ikke er så veldig hjelpsomt siden jeg bare får den samme beskjeden igjen uten å få fjernet den. En ting til, når jeg trykker på avslutt så stopper pc'n opp på "Avslutt-siden" om dere skjønner. (Logger av, lagrer data, avslutter) Den blir altså på avslutt, skjermen fryser ikke, men den vil bare ikke slå seg av. Den sto sånn i 6 timer mens jeg sov, uten at noe hadde skjedd når jeg våknet. Noen som kan hjelpe? Takk! Endret 19. februar 2009 av omglazergunpewpew Lenke til kommentar
Pizzaen Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 Kjør gjennom denne veiledningen og post loggene i denne tråden så kommer det noen og ser på de og veileder deg videre Lenke til kommentar
tyDi Skrevet 15. februar 2009 Forfatter Del Skrevet 15. februar 2009 Kjør gjennom denne veiledningen og post loggene i denne tråden så kommer det noen og ser på de og veileder deg videre ahh, sorry Lenke til kommentar
tyDi Skrevet 15. februar 2009 Forfatter Del Skrevet 15. februar 2009 Kjør gjennom denne veiledningen og post loggene i denne tråden så kommer det noen og ser på de og veileder deg videre Vet hvilken fil den er i nå, er det fortsatt nødvendig å poste loggen? Lenke til kommentar
norbat Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 Ja, for om det ligger andre filer som hører til infeksjonen, kan problemet oppstå like fort som det forsvant. Lenke til kommentar
tyDi Skrevet 19. februar 2009 Forfatter Del Skrevet 19. februar 2009 (endret) DDS Klikk for å se/fjerne innholdet nedenfor DDS (Ver_09-02-01.01) - NTFSx86 Run by Vebjørn at 2:34:12.56 on 2009-02-19 Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3071.1921 [GMT 1:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) FW: Norton Internet Security *enabled* ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\pmservice.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Vebjørn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS18XPEG\dds[1].scr C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.no/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=81&bd=Pavilion&pf=laptop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local BHO: Koblingshjelpeprogram for Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0" mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\mpcstar\codecs\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll/206 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1232728950355&h=bc973da95b373d73ee34581c7bd4379b/&filename=jinstall-6u11-windows-i586-jc.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab LSA: Notification Packages = scecli DPPWDFLT ================= FIREFOX =================== FF - ProfilePath - c:\users\vebjrn~1\appdata\roaming\mozilla\firefox\profiles\i8f01lgf.default\ FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin.dll FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin2.dll FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin3.dll FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin4.dll FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin5.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); ============= SERVICES / DRIVERS =============== R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090212.002\IDSvix86.sys [2009-2-13 270384] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-4-10 149352] R2 PremierOpinion;PremierOpinion;c:\windows\system32\pmservice.exe [2008-6-8 86016] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-23 99376] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-6-13 41008] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888] =============== Created Last 30 ================ 2009-02-19 02:21 387,463,324 a------- c:\windows\MEMORY.DMP 2009-02-19 01:55 <DIR> --d----- c:\users\vebjrn~1\appdata\roaming\Malwarebytes 2009-02-19 01:55 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-02-19 01:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-19 01:55 <DIR> --d----- c:\programdata\Malwarebytes 2009-02-19 01:55 <DIR> --d----- c:\progra~2\Malwarebytes 2009-02-19 01:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-02-15 01:46 428,544 a------- c:\windows\system32\EncDec.dll 2009-02-15 01:46 217,088 a------- c:\windows\system32\psisrndr.ax 2009-02-15 01:46 293,376 a------- c:\windows\system32\psisdecd.dll 2009-02-15 01:46 177,664 a------- c:\windows\system32\mpg2splt.ax 2009-02-15 01:46 80,896 a------- c:\windows\system32\MSNP.ax 2009-02-11 12:55 827,392 a------- c:\windows\system32\wininet.dll 2009-02-11 12:55 1,383,424 a------- c:\windows\system32\mshtml.tlb 2009-02-06 14:55 <DIR> --d----- c:\programdata\WindowsSearch ==================== Find3M ==================== 2009-02-19 02:34 17,825,792 a--sh--- c:\users\vebjørn\NTUSER.DAT 2009-02-19 02:11 6,736 a------- c:\windows\system32\drivers\PROCEXP90.SYS 2009-02-19 02:03 318,976 a------- c:\windows\system32\CF21021.exe 2009-02-17 17:59 27,525 a------- c:\users\vebjrn~1\appdata\roaming\nvModes.dat 2009-02-09 07:05 452,334 a------- c:\windows\system32\perfh014.dat 2009-02-09 07:05 76,478 a------- c:\windows\system32\perfc014.dat 2009-01-30 17:24 14,600 a------- c:\windows\help\oem\scripts\HC_InstallHPHC.exe 2009-01-29 22:17 858 a------- c:\users\vebjrn~1\appdata\roaming\wklnhst.dat 2009-01-09 14:24 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-09 14:24 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-09 14:24 806 a------- c:\windows\system32\drivers\SYMEVENT.INF 2008-12-28 16:28 143,360 a------- c:\windows\inf\infstrng.dat 2008-12-28 16:28 51,200 a------- c:\windows\inf\infpub.dat 2008-12-28 16:28 86,016 a------- c:\windows\inf\infstor.dat 2008-12-22 23:38 31 a------- c:\users\vebjørn\jagex_runescape_preferences.dat 2008-12-08 02:40 410,984 a------- c:\windows\system32\deploytk.dll 2008-07-14 09:55 308,600 a------- c:\programdata\NortonProtectionMemo.exe 2008-07-14 09:55 308,600 a------- c:\progra~2\NortonProtectionMemo.exe 2008-06-12 02:08 665,600 a------- c:\windows\inf\drvindex.dat 2008-05-22 18:51 174 a--sh--- c:\program files\desktop.ini 2008-04-10 16:53 61,224 a------- c:\users\vebjørn\GoToAssistDownloadHelper.exe 2008-02-26 02:55 294,254 a------- c:\windows\inf\perflib414\perfi.dat 2008-02-26 02:55 294,254 a------- c:\windows\inf\perflib414\perfh.dat 2008-02-26 02:55 35,166 a------- c:\windows\inf\perflib414\perfd.dat 2008-02-26 02:55 35,166 a------- c:\windows\inf\perflib414\perfc.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib000\perfi.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib000\perfh.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib000\perfd.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib000\perfc.dat 2008-07-22 21:19 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2008-07-22 21:19 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2008-07-22 21:19 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat ============= FINISH: 2:34:51.48 =============== Attach.txt MBAM Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.34Databaseversjon: 1749 Windows 6.0.6001 Service Pack 1 19.02.2009 02:02:29 mbam-log-2009-02-19 (02-02-29).txt Skanntype: Rask Skann Objekter skannet: 61875 Tid tilbakelagt: 5 minute(s), 1 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Gjorde som du skrev på ITpro siden jeg klarte å rote det til med combofix. Må bare legge til at jeg har kjørt programmet fra symantec som skal fjerne den, men det funket ikke. Vet også hvor filen er, men går ikke ann å slette. Endret 19. februar 2009 av omglazergunpewpew Lenke til kommentar
norbat Skrevet 19. februar 2009 Del Skrevet 19. februar 2009 Kan du oppgi hvor filen ligger og hva den heter? Vil tro at du kan fjerne den fra sikker modus? Lenke til kommentar
tyDi Skrevet 19. februar 2009 Forfatter Del Skrevet 19. februar 2009 (endret) Kan du oppgi hvor filen ligger og hva den heter? Vil tro at du kan fjerne den fra sikker modus? Yes, alle sangene på incomplete mappa på limewire var infiserte. Fjernet de i sikker modus, skal bare skanne for å se om det er helt borte. Edit: Ja, ifølge norton er det helt borte. Takker og bukker norbat Endret 19. februar 2009 av omglazergunpewpew Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå