Opelduude Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 (endret) ...instalert seg selv på pc-en min. Har kjørt den Hijakthis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:53:55, on 28.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\cisvc.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\BearShare\BearShare.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\cidaemon.exe C:\Programfiler\Java\jre1.5.0_06\bin\jucheck.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\Grisoft\AVG7\avgcc.exe C:\WINDOWS\explorer.exe C:\Programfiler\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe -- End of file - 7749 bytes Har to synelige programmer på pc-en en verktøyslinje og "uptown engine" sånn side som popper opp hver gang jeg er på nettet. Verktøyslinja heter "mirar" snart så jeg formaterer så jeg får bort den driten, har kjørt avg og den finner ikkeno, det tror jeg ikke noe på. Noen som har opplevd noe lignende, og fått fjerna det? Endret 28. desember 2007 av bowlingman Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 (endret) Lukk nettleseren. Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab Last ned SAS (gratisversjonen), installer, oppdater og kjør en full (Complete) scan. Post ny hjt-logg + loggen fra SAS (preferences->statistics/logs) Endret 28. desember 2007 av norbat Lenke til kommentar
Opelduude Skrevet 28. desember 2007 Forfatter Del Skrevet 28. desember 2007 Lukk nettleseren. Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab Last ned SAS (gratisversjonen), installer, oppdater og kjør en full (Complete) scan. Post ny hjt-logg + loggen fra SAS (preferences->statistics/logs) Skal prøve det ja Som jeg så du skrev i en annen logg så kommer det mye dritt fra bearshare har selv det. Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 Om ikke fildelingsprogrammet man bruker i seg selv nødvendigvis inneholder tilleggsprogram (adware etc.), så vil man en eller annen gang laste ned noe som skaper trøbbel. Så man får nesten veie + og - sider ved slikt Anbefaler egentlig å kjøre gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246, men kjør gjennom veiledningen gitt i denne posten, så ser vi hvordan det går. Lenke til kommentar
Opelduude Skrevet 28. desember 2007 Forfatter Del Skrevet 28. desember 2007 (endret) Jeg er villig til å gjøre det meste for en ren pc. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:24:25, on 28.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\cisvc.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\BearShare\BearShare.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\cidaemon.exe C:\Programfiler\Java\jre1.5.0_06\bin\jucheck.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\Grisoft\AVG7\avgcc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe -- End of file - 7252 bytes Har sletta de filene som du ba meg merke og den toobaren ble borte Håper den "uptown engine" driten ble borte også. skal prøve de SAS greia nå så skal du få se loggen Endret 28. desember 2007 av bowlingman Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 SAS-scannen tar gjerne en liten time ved full scan ... Den siste hjt-loggen din ser fin ut (hvis vi ser bort ifra Bearshare). Hvis ikke SAS tar fila C:\WINDOWS\system32\WinNB58.dll, så kan du fjerne den manuelt (via utforsker). Men, la oss se SAS-loggen når den er klar Lenke til kommentar
Opelduude Skrevet 28. desember 2007 Forfatter Del Skrevet 28. desember 2007 SAS-scannen tar gjerne en liten time ved full scan ... Den siste hjt-loggen din ser fin ut (hvis vi ser bort ifra Bearshare). Hvis ikke SAS tar fila C:\WINDOWS\system32\WinNB58.dll, så kan du fjerne den manuelt (via utforsker). Men, la oss se SAS-loggen når den er klar Den "uptown engine" forsvant ikke men det virka som om pc-en går litt lettere nå. Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 Vi skal nok få has på denne uptown engine også, men la SAS få scanne ferdig først. Lenke til kommentar
Opelduude Skrevet 28. desember 2007 Forfatter Del Skrevet 28. desember 2007 Vi skal nok få has på denne uptown engine også, men la SAS få scanne ferdig først. Den driver på den. Når den er ferdig skal jeg la den slette alt den har oppdaga av tvilsomme ting? Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 Ja, sørg bare for at alt er avmerket i lista (vanligvis så er det det). PC-en vil mest sannsynlig bli restartet etterpå. Lenke til kommentar
Opelduude Skrevet 28. desember 2007 Forfatter Del Skrevet 28. desember 2007 Ja, sørg bare for at alt er avmerket i lista (vanligvis så er det det). PC-en vil mest sannsynlig bli restartet etterpå. ok, skal du ha logg fra begge programmene etter en evt restart? Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 Nei, bare SAS-loggen. Fortell også om uptown engine har gitt seg. Lenke til kommentar
Opelduude Skrevet 28. desember 2007 Forfatter Del Skrevet 28. desember 2007 (endret) Nei, bare SAS-loggen. Fortell også om uptown engine har gitt seg. [skjult] SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/28/2007 at 09:26 PM Application Version : 3.9.1008 core Rules Database Version : 3259 Trace Rules Database Version: 1270 Scan type : Complete Scan Total Scan Time : 00:50:26 Memory items scanned : 571 Memory threats detected : 4 Registry items scanned : 5287 Registry threats detected : 142 File items scanned : 31232 File threats detected : 44 Trojan.WinFixer C:\WINDOWS\SYSTEM32\PMKJJ.DLL C:\WINDOWS\SYSTEM32\PMKJJ.DLL HKLM\Software\Classes\CLSID\{8E8B16D7-9F15-414B-95EC-F35FBE33B519} HKCR\CLSID\{8E8B16D7-9F15-414B-95EC-F35FBE33B519} HKCR\CLSID\{8E8B16D7-9F15-414B-95EC-F35FBE33B519}\InprocServer32 HKCR\CLSID\{8E8B16D7-9F15-414B-95EC-F35FBE33B519}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8B16D7-9F15-414B-95EC-F35FBE33B519} BearShare File Sharing Client C:\PROGRAMFILER\BEARSHARE\BEARSHARE.EXE C:\PROGRAMFILER\BEARSHARE\BEARSHARE.EXE [bearShare] C:\PROGRAMFILER\BEARSHARE\BEARSHARE.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\START-MENY\PROGRAMMER\BEARSHARE.LNK C:\DOCUMENTS AND SETTINGS\RUNE KARLSEN\SKRIVEBORD\BEARSHARE.LNK C:\WINDOWS\Prefetch\BEARSHARE.EXE-19787EF4.pf Trojan.SearchTool C:\WINDOWS\SYSTEM32\UPMEDIA\CONTENTTOOL.DLL C:\WINDOWS\SYSTEM32\UPMEDIA\CONTENTTOOL.DLL HKLM\Software\Classes\CLSID\{5015BF9D-173C-474B-9AF3-77D4D23A4135} HKCR\CLSID\{5015BF9D-173C-474B-9AF3-77D4D23A4135} HKCR\CLSID\{5015BF9D-173C-474B-9AF3-77D4D23A4135} HKCR\CLSID\{5015BF9D-173C-474B-9AF3-77D4D23A4135}\InprocServer32 HKCR\CLSID\{5015BF9D-173C-474B-9AF3-77D4D23A4135}\InprocServer32#ThreadingModel HKCR\CLSID\{5015BF9D-173C-474B-9AF3-77D4D23A4135}\ProgID HKCR\CLSID\{5015BF9D-173C-474B-9AF3-77D4D23A4135}\Programmable HKCR\CLSID\{5015BF9D-173C-474B-9AF3-77D4D23A4135}\TypeLib HKCR\CLSID\{5015BF9D-173C-474B-9AF3-77D4D23A4135}\VersionIndependentProgID HKLM\Software\Classes\CLSID\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057} HKCR\CLSID\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057} HKCR\CLSID\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057} HKCR\CLSID\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}\InprocServer32 HKCR\CLSID\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}\InprocServer32#ThreadingModel HKCR\CLSID\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}\ProgID HKCR\CLSID\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}\Programmable HKCR\CLSID\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}\TypeLib HKCR\CLSID\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}\VersionIndependentProgID HKLM\Software\Classes\CLSID\{92C3F342-45DA-4511-853A-B3836AAFF5F5} HKCR\CLSID\{92C3F342-45DA-4511-853A-B3836AAFF5F5} HKCR\CLSID\{92C3F342-45DA-4511-853A-B3836AAFF5F5} HKCR\CLSID\{92C3F342-45DA-4511-853A-B3836AAFF5F5}\InprocServer32 HKCR\CLSID\{92C3F342-45DA-4511-853A-B3836AAFF5F5}\InprocServer32#ThreadingModel HKCR\CLSID\{92C3F342-45DA-4511-853A-B3836AAFF5F5}\ProgID HKCR\CLSID\{92C3F342-45DA-4511-853A-B3836AAFF5F5}\Programmable HKCR\CLSID\{92C3F342-45DA-4511-853A-B3836AAFF5F5}\TypeLib HKCR\CLSID\{92C3F342-45DA-4511-853A-B3836AAFF5F5}\VersionIndependentProgID HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057} C:\SYSTEM VOLUME INFORMATION\_RESTORE{3D419849-1197-4061-845A-54BF968A6B65}\RP99\A0029072.DLL Adware.Mirar/NetNucleus C:\WINDOWS\SYSTEM32\WINNB58.DLL C:\WINDOWS\SYSTEM32\WINNB58.DLL HKLM\Software\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32 HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Version HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BuildName HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Show3X HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#ShowType HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#PopupCount HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BlockEnable HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#WalkThrough HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\TypeLib HKLM\Software\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32 HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\TypeLib HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49} HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0 HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0 HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\win32 HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\InprocServer32 HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\InprocServer32#ThreadingModel HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\ProgID HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\Programmable HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\TypeLib HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\VersionIndependentProgID HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D} HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32 HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1} HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid32 HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib#Version HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D} HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32 HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F} HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32 HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version HKCR\NN_Bar_Dummy.NN_BarDummy HKCR\NN_Bar_Dummy.NN_BarDummy\CLSID HKCR\NN_Bar_Dummy.NN_BarDummy\CurVer HKCR\NN_Bar_Dummy.NN_BarDummy.1 HKCR\NN_Bar_Dummy.NN_BarDummy.1\CLSID HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7} HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0 HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0 HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\win32 HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\FLAGS HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\HELPDIR HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#{8A0DCBDB-6E20-489C-9041-C1E8A0352E75} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System32\WinATS.dll [ ] C:\DOCUMENTS AND SETTINGS\RUNE KARLSEN\LOKALE INNSTILLINGER\TEMP\MIRAR_VC_SETUP_876260_V58IE7.EXE C:\DOCUMENTS AND SETTINGS\RUNE KARLSEN\LOKALE INNSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\EYRPLB1R\WINATS[1].CAB C:\PROGRAMFILER\BACKUPS\BACKUP-20071228-202352-172.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3D419849-1197-4061-845A-54BF968A6B65}\RP110\A0029953.DLL C:\WINDOWS\MIRARDOWNLOADER_876260.EXE C:\WINDOWS\SYSTEM32\WINDMY.DLL C:\WINDOWS\Prefetch\MIRARDOWNLOADER_876260.EXE-1EC670E5.pf Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32 HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\FCCBXXX.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} Adware.SearchTool HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7} HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7} HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7} HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7}\Implemented Categories HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7}\Implemented Categories\{00021494-0000-0000-C000-000000000046} HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7}\InprocServer32 HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\UPMEDIA\SEARCHTOOL.DLL HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7} HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7} HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7} HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}\Implemented Categories HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}\InprocServer32 HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}\InprocServer32#ThreadingModel Browser Hijacker.Internet Explorer Zone Hijack HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https okies\rune karlsen@tradedoubler[1].txt Adware.WhenU HKCR\WUSN.1 HKCR\WUSN.1#WUSN_Id Trace.Known Threat Sources C:\Documents and Settings\Rune Karlsen\Lokale innstillinger\Temporary Internet Files\Content.IE5\URWFW1OX\rd-fakeout2-720x300[1].gif [/skjult] Etter restarten fikk jeg litt panikk for da kom det fram en meny: Start windows på vanlig måte, sikkerhetsmodus osv... Starta på vanelig måte men da restarta maskina seg så restarta i sikkerhetsmodus og tok backup av musikken og filene mine. tok da og restarta og da var det ingen problemer. Har ikke merka noen "uptown engine" enda Du skal ha mange tusen takk for hjelpen :wub: !! Endret 28. desember 2007 av bowlingman Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 (endret) Du hadde rimelig mye rammel, så det er vanlig at du får en slik reaksjon (restart, blåskjerm etc. men etter en restart skal det være ok igjen). Ser at både fila WinNB58.dll og filer knyttet til Uptown Engine ble fjernet, så jeg vil anta at du ikke får noe mer problemer knyttet til dette. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Endret 28. desember 2007 av norbat Lenke til kommentar
Opelduude Skrevet 28. desember 2007 Forfatter Del Skrevet 28. desember 2007 Du hadde rimelig mye rammel, så det er vanlig at du får en slik reaksjon (restart, blåskjerm etc. men etter en restart skal det være ok igjen). Ser at både fila WinNB58.dll og filer knyttet til Uptown Engine ble fjernet, så jeg vil anta at du ikke får noe mer problemer knyttet til dette. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Har gjort det, alle gjenopprettingsfilene blir jo sletta? Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 Ja, det er meningen. Lenke til kommentar
Opelduude Skrevet 28. desember 2007 Forfatter Del Skrevet 28. desember 2007 Ja, det er meningen. Jaja, da håper jeg at jeg er 110% virusfri. Igjen mange tusen takk for hjelpen Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 Vil mene at du er virusfri. For å ta en ekstra sjekk, kan du gjøre følgende: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt). Den kan fortelle om det ligger noe rusk igjen. Lenke til kommentar
Opelduude Skrevet 28. desember 2007 Forfatter Del Skrevet 28. desember 2007 (endret) Har kjørt den, sender deg loggen i pm pga av jeg ikke gidder å fjerne navnet mitt på filnavnene Endret 28. desember 2007 av bowlingman Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 Ok, litt opprydding: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen (PM). File:: C:\WINDOWS\system32\jjkmp.ini2 C:\WINDOWS\system32\jjkmp.ini C:\Documents and Settings\Karlsen\Programdata\internaldb41.dat C:\Documents and Settings\Karlsen\Programdata\internaldb8467.dat C:\Documents and Settings\Karlsen\Programdata\internaldb6334.dat Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BearShare"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbxxx] Etter en restart kan du poste en hjt-logg her. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå