Gå til innhold

Hjelp Til å få fjernet malware...?

Micrap

Av Micrap
i IKT-drift og sikkerhet

Anbefalte innlegg

Micrap

Micrap

Skrevet
Skrevet

Hei, jeg har nettopp måttet kjøre en recovery på PCen min grunnet Malware, og jeg sender her inn noen logger ifølge anbefaling fra Norbat (https://www.diskusjon.no/index.php?showtopic=691246). Vil bare kort si hva jeg har gjort:

 

Jeg (re-)startet med å kjøre systemgjenoppretting fra dvd (hadde heldigvis gjenopprettingsdisker) etter at PCen min låste seg fullstendig og ingen andre forsøk på å komme i gang igjen virket.

 

Det som er litt spesielt i mitt tilfelle, er at jeg kjørte systemgjenoppretting på en annen disk (og en annen utgave av Windows XP) enn den som krasjet. Saken er at jeg en periode har kjørt en annen XP-utgave fra den disken/partisjonen som i loggfilene kalles G: (fordi denne disken er litt raskere, og fordi jeg ikke tenkte på at jeg kunne bruke gjenopprettingsdisker da jeg skulle starte fra scratch sist gang). Nå er jeg da tilbake med en "ny" XP på C:, og har i grunnen planer om å formatere G: og bruke den til fyllplass - men siden jeg har lyst til å være helt sikker på at jeg ikke får flere problemer pga. dette, sender jeg nå loggene til dere...

 

Dette har jeg (bl.a.) gjort etter gjenopprettingen:

1 Kjørt Norton Removal Tool (Norton fulgte med XPen/maskinen min)

2 Installert Nod32 Business Edition v 3.0.672

3 Gått gjennom Norbats veiledning.

 

NB: Kjørte to skanninger med MBAM, en hurtigskanning på C: og en full skanning på de andre diskene/partisjonene (siden jeg regnet med å finne uhumskheter der også). Begge disse loggene er med nedenfor.

 

OK, her er loggfilene:

 

Malwarebytes' Anti-Malware 1.33

Databaseversjon: 1656

Windows 5.1.2600 Service Pack 2

 

15.01.2009 21:03:39

mbam-log-2009-01-15 (21-03-39).txt

 

Skanntype: Rask Skann

Objekter skannet: 57738

Tid tilbakelagt: 5 minute(s), 14 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 3

Filer infisert: 6

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\2007 Jul 25 - 10_24_02 PM_281.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\2007 Jul 25 - 10_24_03 PM_656.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\2007 Jul 25 - 10_50_14 PM_406.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups\2007-07-25_22-26-02.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

 

 

 

 

 

Malwarebytes' Anti-Malware 1.33

Databaseversjon: 1656

Windows 5.1.2600 Service Pack 2

 

15.01.2009 21:51:00

mbam-log-2009-01-15 (21-51-00).txt

 

Skanntype: Full Skann (D:\|E:\|F:\|G:\|H:\|)

Objekter skannet: 170591

Tid tilbakelagt: 37 minute(s), 0 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 8

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

G:\Documents and Settings\per gunnar\Local Settings\Temporary Internet Files\Content.IE51N6MQLD\divx[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\Documents and Settings\per gunnar\Local Settings\Temporary Internet Files\Content.IE5\I18CPNRS\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\Documents and Settings\per gunnar\Local Settings\Temporary Internet Files\Content.IE5\KUSQIJNO\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\opnonlLf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\nnnliHBU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\bxwhxuba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\inskyt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

G:\WINDOWS\system32\xagkomwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

 

ComboFix 09-01-13.04 - Compaq_Administrator 2009-01-15 21:58:04.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3006.2510 [GMT 1:00]

Kjører fra: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)

* Opprettet nytt gjenopprettingspunkt

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\install_flash_player.exe

c:\documents and settings\Compaq_Administrator\Application Data\inst.exe

D:\Autorun.inf

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-15 til 2009-01-15 )))))))))))))))))))))))))))))))))

.

 

2009-01-15 20:51 . 2009-01-15 20:51 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes

2009-01-15 20:51 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-15 20:50 . 2009-01-15 20:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-15 20:50 . 2009-01-15 20:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-15 20:50 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-15 20:34 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll

2009-01-15 20:33 . 2009-01-15 20:33 <DIR> d-------- c:\program files\MSBuild

2009-01-15 20:31 . 2009-01-15 20:31 <DIR> d-------- c:\program files\Microsoft.NET

2009-01-15 20:26 . 2009-01-15 20:26 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\DAEMON Tools Pro

2009-01-15 20:26 . 2009-01-15 20:26 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\DAEMON Tools Lite

2009-01-15 20:26 . 2009-01-15 20:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2009-01-15 20:24 . 2009-01-15 20:26 <DIR> d-------- c:\program files\DAEMON Tools Toolbar

2009-01-15 20:18 . 2009-01-15 20:26 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\DAEMON Tools

2009-01-15 20:18 . 2009-01-15 20:18 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2009-01-15 20:14 . 2003-01-14 13:38 14,002 --a------ c:\windows\system32\ssgb1mon.dll

2009-01-15 20:13 . 2009-01-15 20:13 <DIR> d-------- c:\windows\Samsung

2009-01-15 20:13 . 2003-09-08 09:36 204,800 --------- c:\windows\system32\SSRemove.exe

2009-01-15 20:13 . 2003-07-29 08:57 40,448 --------- c:\windows\system32\drivers\DGIVECP.SYS

2009-01-15 20:13 . 2003-07-21 12:50 8,478 --------- c:\windows\system32\SP119.ICO

2009-01-15 20:08 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2009-01-15 20:08 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys

2009-01-15 20:02 . 2009-01-15 20:02 <DIR> d-------- c:\program files\ESET

2009-01-15 05:01 . 2009-01-15 20:08 <DIR> dr-hs---- c:\windows\system32\dllcache

2009-01-14 22:10 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys

2009-01-14 22:10 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\dllcache\bthport.sys

2009-01-14 21:54 . 2009-01-14 21:54 <DIR> d-------- c:\program files\MSXML 4.0

2009-01-14 21:43 . 2008-08-14 11:00 2,180,352 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2009-01-14 21:43 . 2008-08-14 10:58 2,136,064 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-01-14 21:43 . 2008-08-14 10:22 2,057,728 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-01-14 21:43 . 2008-08-14 10:22 2,015,744 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2009-01-14 21:43 . 2009-01-14 21:43 1,885 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_RJ107AA-UUW SR2019SC EL680_YC_0Pres_QCZB650_E64NOemREA1_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.07_T060802_WXP2_L409_M3007_J500_7AMD_8Athlon 64_92.2_#070330_N_Z_G10DE0241.MRK

2009-01-14 21:42 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys

2009-01-14 21:39 . 2006-01-02 21:14 <DIR> d-------- c:\documents and settings\Compaq_Administrator\WINDOWS

2009-01-14 21:39 . 2009-01-14 21:46 <DIR> d-------- c:\documents and settings\Compaq_Administrator

2009-01-14 21:38 . 2006-01-02 21:14 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS

2009-01-14 21:38 . 2006-01-02 21:41 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec

2009-01-14 21:31 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll

2009-01-14 21:31 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys

2009-01-14 21:31 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-15 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-01-15 19:33 --------- d-----w c:\program files\Microsoft Works

2009-01-15 18:53 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-12-12 17:27 3,067,392 ----a-w c:\windows\system32\dllcache\mshtml.dll

2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll

2008-10-20 18:39 286,720 ----a-w c:\windows\iun507.exe

2008-10-20 18:32 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT

2008-10-20 18:30 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll

2008-10-15 14:18 18,432 ----a-w c:\windows\system32\dllcache\iedw.exe

2008-05-03 08:49 47,360 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\pcouffin.sys

2007-05-03 17:37 48,504 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT

2007-04-08 21:46 87,608 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\ezpinst.exe

2007-04-01 16:58 22 --sha-w c:\windows\SMINST\HPCD.sys

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]

"DAEMON Tools Lite"="e:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

"Google Update"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-15 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 c:\windows\RTHDCPL.EXE]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]

"nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]

R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - SPTD

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe []

 

2009-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357426624-3680040698-3593667466-1006.job

- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-15 20:44]

 

2009-01-14 c:\windows\Tasks\Internett-tjenester.job

- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 19:23]

 

2007-08-08 c:\windows\Tasks\RegistrySmart Scheduled Scan.job

- c:\program files\RegistrySmart\RegistrySmart.exe []

 

2007-08-08 c:\windows\Tasks\RegistrySmart Scheduled Scan.job

- c:\program files\RegistrySmart []

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-PCDrProfiler - (no file)

 

 

.

------- Tilleggsskanning -------

.

uStart Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=64&bd=PRESARIO&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=64&bd=PRESARIO&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=64&bd=PRESARIO&pf=desktop

IE: &Google-søk - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Oversett engelsk ord - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Koblinger bakover - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Lignende sider - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Øyeblikksbilde av siden i hurtigbufferen - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-15 22:01:15

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-01-15 22:02:49

ComboFix-quarantined-files.txt 2009-01-15 21:02:32

 

Pre-Run: 35 326 189 568 bytes free

Post-Run: 35,554,562,048 byte ledig

 

163 --- E O F --- 2009-01-14 21:31:53

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:12:12, on 15.01.2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\arservice.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

E:\Programfiler\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\Program Files\Trend Micro\HijackThis\Drit.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] E:\Programfiler\DAEMON Tools Lite\daemon.exe -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O8 - Extra context menu item: &Google-søk - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Koblinger bakover - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Lignende sider - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 7464 bytes

 

 

 

Takk for tålmodigheten! :)

Mvh

Micrap

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet (endret)

Hei, og velkommen til forumet :)

 

C:-disken ser grei ut og du bør nå oppdatere windows til SP3 via Windows Update (start->alle programmer->windows update). Oppdater også Java, Flash player og Adobe reader, om du bruker dette.

Bruk utforsker til å slette følgende fil:

c:\windows\Tasks\RegistrySmart Scheduled Scan.job

 

G:-disken hadden en Vundo-infeksjon, og det ligger antakelig flere Vundo-filer der som burde ha vært fjernet om du ikke har tenkt å formatere den. Du sier du har tenkt å formatere den - det gjør du (åpne Min Datamaskin, høyreklikk på G-stasjonen, velg Formater...)

Endret av norbat
Lenke til kommentar
Micrap

Micrap

Skrevet
  • Forfatter
Skrevet
Hei, og velkommen til forumet :)

 

C:-disken ser grei ut og du bør nå oppdatere windows til SP3 via Windows Update (start->alle programmer->windows update). Oppdater også Java, Flash player og Adobe reader, om du bruker dette.

Bruk utforsker til å slette følgende fil:

c:\windows\Tasks\RegistrySmart Scheduled Scan.job

 

G:-disken hadden en Vundo-infeksjon, og det ligger antakelig flere Vundo-filer der som burde ha vært fjernet om du ikke har tenkt å formatere den. Du sier du har tenkt å formatere den - det gjør du (åpne Min Datamaskin, høyreklikk på G-stasjonen, velg Formater...)

 

Hei,

 

mange takk for raskt svar! :)

Skal gjøre som du sier...

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...