Øystein A Skrevet 18. januar 2007 Del Skrevet 18. januar 2007 fekk melding at eg hadde fåt en trojan på maskina mi. startet desperat å søke med AVG men fant ingen ting. dagen etterpå la eg mere til att det liger filer med namn "thumb" på skrive bordet i mapper osv. desse mappene er merket usynlig men eg såg dei alikevell. fant en mappe som står "System Volume Information"+ en mappe som står "RECYCLER" kikka litt på den mappen å der er ting eg har slettet. RECYCLER mappa klarer eg å slette men ikke System Volume Information. instalerte bit defender v10 å søkte på maskina + mappene og thumb filene men heller den fant ingenting. noen som har noen gode råd? MVH Øysten A Lenke til kommentar
norbat Skrevet 18. januar 2007 Del Skrevet 18. januar 2007 Kjør langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246 Lenke til kommentar
Øystein A Skrevet 18. januar 2007 Forfatter Del Skrevet 18. januar 2007 no har eg kjørt gjennom cleaner men dissa thumb filane er der fremdeles. AVG prøvde seg men thumb vant igjen her har dere dinna "hijackthis" logen kansje det er noe der (lagt med som vedlegg fordi den er litt lang ) Lenke til kommentar
Øystein A Skrevet 18. januar 2007 Forfatter Del Skrevet 18. januar 2007 (endret) hmm fant ikke vedlegget mitt so eg får bare lege den ut på posten da Logfile of HijackThis v1.99.1 Scan saved at 23:03:14, on 18.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AlienGUIse\wbload.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe C:\program files\seekmo\seekmo.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe c:\program files\softwin\bitdefender10\bdmcon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\Grisoft\AVG Free\avgcc.exe C:\Documents and Settings\Øystein\Desktop\HijackThis.exe O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E214789DAA75760EA83FA5EF80752B94E2DE78587E442F3CCE - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\RunOnce: [AntiRK] "C:\Program Files\Softwin\BitDefender10\TaskSys.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167048500828 O17 - HKLM\System\CS2\Services\Tcpip\..\{1BAAADA7-AF02-4E2E-A5AD-E03FF3032FD4}: NameServer = 192.168.0.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Endret 18. januar 2007 av Øystein A Lenke til kommentar
norbat Skrevet 18. januar 2007 Del Skrevet 18. januar 2007 Kjør HJT og fix: O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E214789DAA75760EA83FA5EF80752B94E2DE78587E442F3CCE - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe" Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper" Bruk utforsker og slett (i bold): c:\program files\seekmo Last ned DrWeb Restart i sikke modus (tapp f8 under oppstart) Kjør drweb -den vil kjøre en expresscan. -når det er ferdig velger du Options->Change settings. i fanebladet Scan, fjern merke ved Heuristic analysis. i fanebladet Actions, forandres punktene under Malware til Rename. -velg partisjon og kjør en scan Restart i normal modus og post en ny HJT-logg (før du kjører HJT forandrer du programnavnet, hijackthis.exe, til noe annet, eks. test.exe) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå