Micrap Skrevet 15. januar 2009 Del Skrevet 15. januar 2009 Hei, jeg har nettopp måttet kjøre en recovery på PCen min grunnet Malware, og jeg sender her inn noen logger ifølge anbefaling fra Norbat (https://www.diskusjon.no/index.php?showtopic=691246). Vil bare kort si hva jeg har gjort: Jeg (re-)startet med å kjøre systemgjenoppretting fra dvd (hadde heldigvis gjenopprettingsdisker) etter at PCen min låste seg fullstendig og ingen andre forsøk på å komme i gang igjen virket. Det som er litt spesielt i mitt tilfelle, er at jeg kjørte systemgjenoppretting på en annen disk (og en annen utgave av Windows XP) enn den som krasjet. Saken er at jeg en periode har kjørt en annen XP-utgave fra den disken/partisjonen som i loggfilene kalles G: (fordi denne disken er litt raskere, og fordi jeg ikke tenkte på at jeg kunne bruke gjenopprettingsdisker da jeg skulle starte fra scratch sist gang). Nå er jeg da tilbake med en "ny" XP på C:, og har i grunnen planer om å formatere G: og bruke den til fyllplass - men siden jeg har lyst til å være helt sikker på at jeg ikke får flere problemer pga. dette, sender jeg nå loggene til dere... Dette har jeg (bl.a.) gjort etter gjenopprettingen: 1 Kjørt Norton Removal Tool (Norton fulgte med XPen/maskinen min) 2 Installert Nod32 Business Edition v 3.0.672 3 Gått gjennom Norbats veiledning. NB: Kjørte to skanninger med MBAM, en hurtigskanning på C: og en full skanning på de andre diskene/partisjonene (siden jeg regnet med å finne uhumskheter der også). Begge disse loggene er med nedenfor. OK, her er loggfilene: Malwarebytes' Anti-Malware 1.33 Databaseversjon: 1656 Windows 5.1.2600 Service Pack 2 15.01.2009 21:03:39 mbam-log-2009-01-15 (21-03-39).txt Skanntype: Rask Skann Objekter skannet: 57738 Tid tilbakelagt: 5 minute(s), 14 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 3 Filer infisert: 6 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Filer infisert: C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\2007 Jul 25 - 10_24_02 PM_281.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\2007 Jul 25 - 10_24_03 PM_656.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\2007 Jul 25 - 10_50_14 PM_406.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups\2007-07-25_22-26-02.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.33 Databaseversjon: 1656 Windows 5.1.2600 Service Pack 2 15.01.2009 21:51:00 mbam-log-2009-01-15 (21-51-00).txt Skanntype: Full Skann (D:\|E:\|F:\|G:\|H:\|) Objekter skannet: 170591 Tid tilbakelagt: 37 minute(s), 0 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 8 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: G:\Documents and Settings\per gunnar\Local Settings\Temporary Internet Files\Content.IE51N6MQLD\divx[1] (Trojan.Vundo) -> Quarantined and deleted successfully. G:\Documents and Settings\per gunnar\Local Settings\Temporary Internet Files\Content.IE5\I18CPNRS\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. G:\Documents and Settings\per gunnar\Local Settings\Temporary Internet Files\Content.IE5\KUSQIJNO\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully. G:\WINDOWS\system32\opnonlLf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. G:\WINDOWS\system32\nnnliHBU.dll (Trojan.Vundo) -> Quarantined and deleted successfully. G:\WINDOWS\system32\bxwhxuba.dll (Trojan.Vundo) -> Quarantined and deleted successfully. G:\WINDOWS\system32\inskyt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. G:\WINDOWS\system32\xagkomwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. ComboFix 09-01-13.04 - Compaq_Administrator 2009-01-15 21:58:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3006.2510 [GMT 1:00] Kjører fra: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\COMPAQ~1\LOCALS~1\Temp\install_flash_player.exe c:\documents and settings\Compaq_Administrator\Application Data\inst.exe D:\Autorun.inf . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-15 til 2009-01-15 ))))))))))))))))))))))))))))))))) . 2009-01-15 20:51 . 2009-01-15 20:51 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes 2009-01-15 20:51 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-15 20:50 . 2009-01-15 20:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-15 20:50 . 2009-01-15 20:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-15 20:50 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-15 20:34 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-01-15 20:33 . 2009-01-15 20:33 <DIR> d-------- c:\program files\MSBuild 2009-01-15 20:31 . 2009-01-15 20:31 <DIR> d-------- c:\program files\Microsoft.NET 2009-01-15 20:26 . 2009-01-15 20:26 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\DAEMON Tools Pro 2009-01-15 20:26 . 2009-01-15 20:26 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\DAEMON Tools Lite 2009-01-15 20:26 . 2009-01-15 20:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-01-15 20:24 . 2009-01-15 20:26 <DIR> d-------- c:\program files\DAEMON Tools Toolbar 2009-01-15 20:18 . 2009-01-15 20:26 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\DAEMON Tools 2009-01-15 20:18 . 2009-01-15 20:18 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-15 20:14 . 2003-01-14 13:38 14,002 --a------ c:\windows\system32\ssgb1mon.dll 2009-01-15 20:13 . 2009-01-15 20:13 <DIR> d-------- c:\windows\Samsung 2009-01-15 20:13 . 2003-09-08 09:36 204,800 --------- c:\windows\system32\SSRemove.exe 2009-01-15 20:13 . 2003-07-29 08:57 40,448 --------- c:\windows\system32\drivers\DGIVECP.SYS 2009-01-15 20:13 . 2003-07-21 12:50 8,478 --------- c:\windows\system32\SP119.ICO 2009-01-15 20:08 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-01-15 20:08 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys 2009-01-15 20:02 . 2009-01-15 20:02 <DIR> d-------- c:\program files\ESET 2009-01-15 05:01 . 2009-01-15 20:08 <DIR> dr-hs---- c:\windows\system32\dllcache 2009-01-14 22:10 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys 2009-01-14 22:10 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\dllcache\bthport.sys 2009-01-14 21:54 . 2009-01-14 21:54 <DIR> d-------- c:\program files\MSXML 4.0 2009-01-14 21:43 . 2008-08-14 11:00 2,180,352 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-01-14 21:43 . 2008-08-14 10:58 2,136,064 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-01-14 21:43 . 2008-08-14 10:22 2,057,728 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-01-14 21:43 . 2008-08-14 10:22 2,015,744 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-01-14 21:43 . 2009-01-14 21:43 1,885 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_RJ107AA-UUW SR2019SC EL680_YC_0Pres_QCZB650_E64NOemREA1_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.07_T060802_WXP2_L409_M3007_J500_7AMD_8Athlon 64_92.2_#070330_N_Z_G10DE0241.MRK 2009-01-14 21:42 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-14 21:39 . 2006-01-02 21:14 <DIR> d-------- c:\documents and settings\Compaq_Administrator\WINDOWS 2009-01-14 21:39 . 2009-01-14 21:46 <DIR> d-------- c:\documents and settings\Compaq_Administrator 2009-01-14 21:38 . 2006-01-02 21:14 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS 2009-01-14 21:38 . 2006-01-02 21:41 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-01-14 21:31 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll 2009-01-14 21:31 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2009-01-14 21:31 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-15 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-15 19:33 --------- d-----w c:\program files\Microsoft Works 2009-01-15 18:53 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-12-12 17:27 3,067,392 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll 2008-10-20 18:39 286,720 ----a-w c:\windows\iun507.exe 2008-10-20 18:32 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT 2008-10-20 18:30 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 14:18 18,432 ----a-w c:\windows\system32\dllcache\iedw.exe 2008-05-03 08:49 47,360 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\pcouffin.sys 2007-05-03 17:37 48,504 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT 2007-04-08 21:46 87,608 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\ezpinst.exe 2007-04-01 16:58 22 --sha-w c:\windows\SMINST\HPCD.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208] "DAEMON Tools Lite"="e:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "Google Update"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-15 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll] "RTHDCPL"="RTHDCPL.EXE" [2006-07-22 c:\windows\RTHDCPL.EXE] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe] "nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - SPTD . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] 2009-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357426624-3680040698-3593667466-1006.job - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-15 20:44] 2009-01-14 c:\windows\Tasks\Internett-tjenester.job - c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 19:23] 2007-08-08 c:\windows\Tasks\RegistrySmart Scheduled Scan.job - c:\program files\RegistrySmart\RegistrySmart.exe [] 2007-08-08 c:\windows\Tasks\RegistrySmart Scheduled Scan.job - c:\program files\RegistrySmart [] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-PCDrProfiler - (no file) . ------- Tilleggsskanning ------- . uStart Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2 uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=64&bd=PRESARIO&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=64&bd=PRESARIO&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=64&bd=PRESARIO&pf=desktop IE: &Google-søk - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Oversett engelsk ord - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Koblinger bakover - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Lignende sider - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Øyeblikksbilde av siden i hurtigbufferen - c:\program files\Google\GoogleToolbar1.dll/cmcache.html . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-15 22:01:15 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-01-15 22:02:49 ComboFix-quarantined-files.txt 2009-01-15 21:02:32 Pre-Run: 35 326 189 568 bytes free Post-Run: 35,554,562,048 byte ledig 163 --- E O F --- 2009-01-14 21:31:53 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:12:12, on 15.01.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\arservice.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe E:\Programfiler\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Trend Micro\HijackThis\Drit.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] E:\Programfiler\DAEMON Tools Lite\daemon.exe -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O8 - Extra context menu item: &Google-søk - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Koblinger bakover - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Lignende sider - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7464 bytes Takk for tålmodigheten! Mvh Micrap Lenke til kommentar
norbat Skrevet 15. januar 2009 Del Skrevet 15. januar 2009 (endret) Hei, og velkommen til forumet C:-disken ser grei ut og du bør nå oppdatere windows til SP3 via Windows Update (start->alle programmer->windows update). Oppdater også Java, Flash player og Adobe reader, om du bruker dette. Bruk utforsker til å slette følgende fil: c:\windows\Tasks\RegistrySmart Scheduled Scan.job G:-disken hadden en Vundo-infeksjon, og det ligger antakelig flere Vundo-filer der som burde ha vært fjernet om du ikke har tenkt å formatere den. Du sier du har tenkt å formatere den - det gjør du (åpne Min Datamaskin, høyreklikk på G-stasjonen, velg Formater...) Endret 15. januar 2009 av norbat Lenke til kommentar
Micrap Skrevet 16. januar 2009 Forfatter Del Skrevet 16. januar 2009 Hei, og velkommen til forumet C:-disken ser grei ut og du bør nå oppdatere windows til SP3 via Windows Update (start->alle programmer->windows update). Oppdater også Java, Flash player og Adobe reader, om du bruker dette. Bruk utforsker til å slette følgende fil: c:\windows\Tasks\RegistrySmart Scheduled Scan.job G:-disken hadden en Vundo-infeksjon, og det ligger antakelig flere Vundo-filer der som burde ha vært fjernet om du ikke har tenkt å formatere den. Du sier du har tenkt å formatere den - det gjør du (åpne Min Datamaskin, høyreklikk på G-stasjonen, velg Formater...) Hei, mange takk for raskt svar! Skal gjøre som du sier... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå