Nettsiden lukkes automatisk - logg

[khelberg]

Heisann!

 

Broren min har et problem med nettleserne sine (både IE, Opera og Firefox). Nettleserne lukkes automatisk på visse nettsteder. Det virker som at det er nettsider med informasjon om hvordan man kan bli kvitt problemet som lukkes - sider med info om hijack, spybot, online virusscan osv. lukkes automatisk.

 

Har kjørt spybot, ad-aware, norman og microsoft sin safety.live.com i safe mode uten at det hjalp.

 

Loggen ser slik ut:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:32:52, on 22.01.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\hjemme\Skrivebord\test\test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Programfiler\Brother\Brmfl04a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [WinService] c:\windows\system32\Ttt.exe

O4 - HKCU\..\Run: [AVantivirus] c:\windows\Avconsol.exe

O4 - HKCU\..\Run: [servicewin] c:\windows\system32\Hide32.exe

O4 - HKCU\..\Run: [system] c:\windows\Zap.exe

O4 - HKCU\..\Run: [winupdate] c:\windows\sysact.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Status Monitor.lnk = C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: ABB MMS Server for AC 800M (MMSService) - Unknown owner - C:\Programfiler\ABB Industrial IT\Control IT\Common Files\MMS Server for AC 800M\MMSService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ABB RNRP Service (RnrpSvc) - ABB Automation Technologies - C:\Programfiler\Fellesfiler\ABB Industrial IT\rnrp\bin\rnrpsvc.exe

[norbat]

Last ned DrWeb

 

Last ned SAS, installer og oppdater.

 

Restart i sikker modus

 

Kjør drweb-cureit.exe (si ja til å kjøre en express scan)

Når dette er ferdig klikker du på Option -> Change settings.

Under fanearket Scan, fjerner du haken ved Heuristic analysis.

Under fanearket Actions, skal alle punkt under Malware settes til Rename.

Velg partisjon du vil scanne og klikk deretter på den grønne pilen for

å starte scanningen. Velg "yes to all" når det finner noe for første gang.

 

Kjør deretter en full scan med SAS.

 

Restart i normal modus

 

Post en ny HJT-logg + SAS-loggen (preferences->statistics/logs)

[Korka]

jeg har samme problem, når jeg ser på filmer med windows media player på break.com etc så lukker nettleseren seg, bruker firefox men har prøvd med internett ex!

[norbat]

jeg har samme problem, når jeg ser på filmer med windows media player på break.com etc så lukker nettleseren seg, bruker firefox men har prøvd med internett ex!

7774942[/snapback]

 

 

Problemet til trådstarter er en Trj/MsnZombie.A infeksjon. At en nettleser lukkes kan skyldes andre ting. Du kan følge veiledningen i følgende post:

https://www.diskusjon.no/index.php?showtopic=691246

 

Start en ny tråd og post loggene der

[khelberg]

Logfile of HijackThis v1.99.1

Scan saved at 01:54:36, on 24.01.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\hjemme\Skrivebord\test\test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.no

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Programfiler\Brother\Brmfl04a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [system] c:\windows\Zap.exe

O4 - HKCU\..\Run: [winupdate] c:\windows\sysact.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [WinService] c:\windows\system32\Ttt.exe

O4 - HKCU\..\Run: [AVantivirus] c:\windows\Avconsol.exe

O4 - HKCU\..\Run: [servicewin] c:\windows\system32\Hide32.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Status Monitor.lnk = C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: ABB MMS Server for AC 800M (MMSService) - Unknown owner - C:\Programfiler\ABB Industrial IT\Control IT\Common Files\MMS Server for AC 800M\MMSService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ABB RNRP Service (RnrpSvc) - ABB Automation Technologies - C:\Programfiler\Fellesfiler\ABB Industrial IT\rnrp\bin\rnrpsvc.exe

 

SUPERAntiSpyware Scan Log

Generated 01/24/2007 at 01:43 AM

 

Application Version : 3.5.1016

 

Core Rules Database Version : 3170

Trace Rules Database Version: 1180

 

Scan type : Quick Scan

Total Scan Time : 00:16:00

 

Memory items scanned : 204

Memory threats detected : 0

Registry items scanned : 878

Registry threats detected : 11

File items scanned : 20162

File threats detected : 72

 

Adware.Tracking Cookie

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@adbrite[2].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@drivecleaner[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@adrevolver[2].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@st[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@doubleclick[1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@superstats[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@elitemoviepass[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@adtech[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@xiti[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@indextools[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@click24[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@fastclick[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@shinystat[1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@tradedoubler[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][5].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@advertising[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@advertpro[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][3].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@clicktorrent[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@mediaplex[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@adsrevenue[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@casalemedia[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@yourdailymedia[2].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@imrworldwide[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][4].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@sexchatten[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@adultadworld[1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@xxxporn[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@toplist[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@nextag[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][3].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@click4itnow[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

 

Malware.AntiVermins

HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}

HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\DjouhlYn

HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\InprocServer32

HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\InprocServer32#ThreadingModel

HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\mePvcddyizvo

HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\pobjvdkijlc

HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\ProgID

HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\VersionIndependentProgID

HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\vwLevaUa

HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\wGonxsec

HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\zhhhfozbeCyiA

Endret 24. januar 2007 av khelberg

[norbat]

Oppdater SuperAntispyware

 

Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper"

 

Kjør HJT og fix:

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O4 - HKCU\..\Run: [WinService] c:\windows\system32\Ttt.exe

O4 - HKCU\..\Run: [AVantivirus] c:\windows\Avconsol.exe

O4 - HKCU\..\Run: [servicewin] c:\windows\system32\Hide32.exe

O4 - HKCU\..\Run: [system] c:\windows\Zap.exe

O4 - HKCU\..\Run: [winupdate] c:\windows\sysact.exe

 

Restart i sikker modus modus (tapp f8 under oppstart)

 

Bruk utforsker til å finne og slette (i bold)

c:\windows\system32\Ttt.exe

c:\windows\Avconsol.exe

c:\windows\system32\Hide32.exe

c:\windows\Zap.exe

c:\windows\sysact.exe

 

Kjør en ny SAS scan

 

Restart i normal modus

 

Post en ny HJT-logg + loggen fra SAS

[khelberg]

Ser ut til at det er løst med dette - takk for hjelpen. Her er de siste loggene:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:41:19, on 24.01.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Norman\Bin\Zanda.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\Fellesfiler\ABB Industrial IT\rnrp\bin\rnrpsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\nipsvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\HP\QuickPlay\QPService.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe

C:\Programfiler\Brother\ControlCenter2\brctrcen.exe

C:\Norman\bin\ZLH.EXE

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\hjemme\Skrivebord\test\test.exe

\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boroy.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Programfiler\Brother\Brmfl04a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Status Monitor.lnk = C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: ABB MMS Server for AC 800M (MMSService) - Unknown owner - C:\Programfiler\ABB Industrial IT\Control IT\Common Files\MMS Server for AC 800M\MMSService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ABB RNRP Service (RnrpSvc) - ABB Automation Technologies - C:\Programfiler\Fellesfiler\ABB Industrial IT\rnrp\bin\rnrpsvc.exe

 

-----------

 

SUPERAntiSpyware Scan Log

Generated 01/24/2007 at 11:35 AM

 

Application Version : 3.5.1016

 

Core Rules Database Version : 3170

Trace Rules Database Version: 1180

 

Scan type : Complete Scan

Total Scan Time : 00:26:27

 

Memory items scanned : 169

Memory threats detected : 0

Registry items scanned : 5869

Registry threats detected : 0

File items scanned : 31996

File threats detected : 18

 

Adware.Tracking Cookie

C:\Documents and Settings\hjemme\Cookies\[email protected][2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@adbrite[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@2o7[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@apmebf[2].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@traffic-tracker[2].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@tradedoubler[2].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@advertising[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@mediaplex[1].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@adsrevenue[2].txt

C:\Documents and Settings\hjemme\Cookies\[email protected][1].txt

C:\Documents and Settings\hjemme\Cookies\hjemme@imrworldwide[2].txt

[norbat]

Loggen er ren

 

Det er lurt å nullstille restore-mappa slik at man slipper å få tilbake infiserte filer ved en evt. gjenoppretting.

 

Kontrollpanel->system->systemgjenoppretting

Sett merke framfor: "Slå av systemgj........."

Restart pc

Fjern merket du nettopp satte.

 

Lag deg et nytt gjenopprettingspunkt manuelt:

Tilbehør->systemverktøy->systemgjenoppretting. Lag en nytt punkt. Navgi det, klikk 'Opprett'.

Endret 24. januar 2007 av norbat

[tchelberg]

Loggen er ren 

 

Det er lurt å nullstille restore-mappa slik at man slipper å få tilbake infiserte filer ved en evt. gjenoppretting.

 

Kontrollpanel->system->systemgjenoppretting

Sett merke framfor: "Slå av systemgj........."

Restart pc

Fjern merket du nettopp satte.

 

Lag deg et nytt gjenopprettingspunkt manuelt:

Tilbehør->systemverktøy->systemgjenoppretting. Lag en nytt punkt. Navgi det, klikk 'Opprett'.

7792823[/snapback]

 

 

Hei !

Broder´n har stått for "kommunikasjonen"

pga. infisert PC.

Vil bare takke masse for hjelpen - supert