Plass1 Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 (endret) Hei. Jeg har lenge slitt med et virus, så igår formaterte jeg hele harddisken og la inn xp på nytt. Idag har jeg samme viruset på pcen. Vet ikke om det er riktig å kalle det virus, men dette er hva det gjør: Når jeg bruker firefox, får jeg popup om et antivirusprogram/scanneside som kaller seg WinAnonymous som begynner å scanne selvom jeg svarer avbryt. Den fakta som det kommer med er også bare tull. Når jeg bruker Internet Explorer så får jeg noe av det samme, bare med et annet navn. Jeg har lagt ved et screenshot. Har også fått noen popups fra "Eldorado Skjermsparer". Noen nettsider kommer jeg ikke inn på, kan for eksempel ikke google noe med firefox, kommer ikke inn på facebook eller diskusjon.no Hvordan kan jeg fjerne dette? Prøvd med AVG og Ad-aware, men de finner det ikke. Noen andre som har erfaringer med samme problem/virus? Jeg har ikke vært inne på "skumle" sider på nettet, og heller ikke noen med mye rart, som ulovlige serials, juksesider for eks. poker, pornografi o.l. Har da heller ingen ANELSE om hva det kan være selv. Håper noen har svaret Takker for evt svar. Mvh Simen. Endret 6. juni 2008 av Plass1 Lenke til kommentar
snippsat Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 Hei! Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
simen_gunnar Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 Hei!Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt haha for et bra program ordna alt sammen tusen hjertelig (Plass1 lagde denne posten for meg) Lenke til kommentar
snippsat Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 (endret) Du må poste loggen,dette er program som ikke skal brukes uten veiledning. Endret 6. juni 2008 av SNIPPSAT Lenke til kommentar
simen_gunnar Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 ComboFix 08-06-05.3 - Administrator 2008-06-06 16:52:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1589 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM03e816cd.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\awvtr.dll C:\WINDOWS\system32\beqqrpnu.ini C:\WINDOWS\system32\hggebab.dll C:\WINDOWS\system32\hprjslhe.exe C:\WINDOWS\system32\ieqvbwqj.ini C:\WINDOWS\system32\jqwbvqei.dll C:\WINDOWS\system32\pskill.exe C:\WINDOWS\system32\rdpgwygv.dll C:\WINDOWS\system32\rtvwa.ini C:\WINDOWS\system32\rtvwa.ini2 C:\WINDOWS\system32\vntaqyee.dll . ((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))) . 2008-06-06 16:55 . 2008-06-06 16:55 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-06-06 16:55 . 2008-06-06 16:55 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-06-05 23:36 . 2008-06-06 08:53 <DIR> d-------- C:\WINDOWS\system32\DllCache 2008-06-05 23:36 . 2006-10-01 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-06-05 23:36 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-06-05 22:28 . 2008-06-05 22:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-06-05 22:28 . 2008-06-05 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-06-05 22:12 . 2008-06-05 22:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-06-05 22:12 . 2008-06-06 16:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-05 22:12 . 2008-06-05 22:12 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-05 22:11 . 2008-06-05 22:12 <DIR> d-------- C:\Program Files\iTunes 2008-06-05 22:11 . 2008-06-05 22:11 <DIR> d-------- C:\Program Files\iPod 2008-06-05 22:11 . 2008-06-05 22:11 <DIR> d-------- C:\Program Files\Bonjour 2008-06-05 22:10 . 2008-06-05 22:10 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-06-05 22:10 . 2008-06-05 22:10 <DIR> d-------- C:\Program Files\Apple Software Update 2008-06-05 22:10 . 2008-06-05 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-06-05 22:09 . 2008-06-05 22:09 <DIR> d-------- C:\Program Files\BitLord 2008-06-05 21:48 . 2008-06-05 21:48 1,160 --a------ C:\WINDOWS\mozver.dat 2008-06-05 21:00 . 2008-06-05 21:00 <DIR> d-------- C:\Program Files\MSBuild 2008-06-05 21:00 . 2008-06-05 21:00 <DIR> d-------- C:\Program Files\Microsoft Works 2008-06-05 21:00 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-06-05 20:59 . 2008-06-05 20:59 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-06-05 20:58 . 2008-06-05 20:58 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-06-05 20:57 . 2008-06-05 20:59 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-06-05 20:57 . 2008-06-05 20:57 <DIR> dr-h----- C:\MSOCache 2008-06-05 20:57 . 2008-06-05 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-05 20:25 . 2008-06-05 20:41 <DIR> d-------- C:\iTunes 2008-06-05 20:19 . 2008-06-05 20:24 <DIR> dr------- C:\iso 2008-06-05 19:47 . 2008-06-05 20:15 <DIR> dr------- C:\Film_serier_osv 2008-06-05 19:06 . 2008-06-05 20:55 <DIR> dr------- C:\Downloads 2008-06-05 18:50 . 2008-06-05 18:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc 2008-06-05 18:49 . 2008-06-05 18:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2008-06-05 18:49 . 2008-06-06 16:07 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-06-05 18:32 . 2008-06-05 19:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo 2008-06-05 18:31 . 2008-06-05 18:31 <DIR> d-------- C:\Program Files\Ventrilo Mix 2008-06-05 18:24 . 2008-06-05 18:24 <DIR> d-------- C:\Program Files\UltraMon 2008-06-05 18:24 . 2008-06-05 18:24 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft 2008-06-05 18:24 . 2008-06-05 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft 2008-06-05 18:24 . 2008-06-05 18:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Realtime Soft 2008-06-05 18:23 . 2008-06-05 18:23 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts 2008-06-05 18:22 . 2007-07-09 14:16 582,656 --a------ C:\WINDOWS\system32\DllCache\rpcrt4.dll 2008-06-05 18:20 . 2008-06-05 23:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-06-05 18:20 . 2008-06-05 18:22 <DIR> d-------- C:\Program Files\Windows Live 2008-06-05 18:20 . 2008-06-05 18:22 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-05 18:20 . 2008-06-05 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-05 18:20 . 2006-12-07 06:29 2,374,472 --a------ C:\WINDOWS\system32\DllCache\wmvcore.dll 2008-06-05 18:16 . 2008-06-05 18:20 <DIR> d-a------ C:\Program Files\(IE7_Standalone) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 15:35 --------- d-----w C:\Program Files\mIRC 2008-06-05 21:28 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-05 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-05 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-06-05 16:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-05 16:57 --------- d-----w C:\Program Files\Razer 2008-06-05 16:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield 2008-06-05 16:45 --------- d-----w C:\Program Files\Valve 2008-06-05 16:42 --------- d-----w C:\Program Files\Attansic 2008-06-05 16:40 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-06-05 16:40 --------- d-----w C:\Program Files\Realtek 2008-06-05 16:40 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-05 16:23 --------- d-----w C:\Program Files\Intel 2008-06-05 16:21 --------- d-----w C:\Program Files\Skype 2008-06-05 16:21 --------- d-----w C:\Program Files\CyberLink 2008-06-05 16:16 --------- d-----w C:\Program Files\Nero 2008-06-05 16:16 --------- d-----w C:\Program Files\Common Files\Ahead 2008-06-05 16:15 --------- d---a-w C:\Program Files\(VirtualDub) 2008-06-05 16:15 --------- d---a-w C:\Program Files\(Media Player Classic) 2008-06-05 16:15 --------- d-----w C:\Program Files\VideoLAN 2008-06-05 16:15 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-06-05 16:15 --------- d-----w C:\Program Files\Java 2008-06-05 16:14 --------- d---a-w C:\Program Files\Google 2008-06-05 16:14 --------- d---a-w C:\Program Files\(FlashGet) 2008-06-05 16:14 --------- d-----w C:\Program Files\Macromedia 2008-06-05 16:14 --------- d-----w C:\Program Files\DVD Shrink 2008-06-05 16:14 --------- d-----w C:\Program Files\Common Files\Macromedia 2008-06-05 16:14 --------- d-----w C:\Program Files\Common Files\Java 2008-06-05 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-06-05 16:13 --------- d-----w C:\Program Files\Winamp 2008-06-05 16:13 --------- d-----w C:\Program Files\D-Tools 2008-06-05 16:13 --------- d-----w C:\Program Files\Alcohol Soft 2008-06-05 16:12 --------- d-----w C:\Program Files\Lavasoft 2008-06-05 16:05 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2008-06-05 16:03 --------- d-----w C:\Program Files\7-Zip 2008-06-05 15:47 --------- d-----w C:\Program Files\WPIclose 2008-06-05 15:44 --------- d-----w C:\Program Files\eXPerience 2008-06-05 15:40 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-05-02 21:46 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-10-01 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 16126464 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088] "nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016] "DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-09-07 15:54 159744] "UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoInstrumentation"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoInstrumentation"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\badeballen\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 22:41] R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 22:41] R0 jahci;jahci;C:\WINDOWS\system32\drivers\jahci.sys [2006-10-01 13:00] R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 15:12] R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 17:32] R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 16:56:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-06-06 16:57:42 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-06 15:57:39 Pre-Run: 229,461,442,560 bytes free Post-Run: 229,404,024,832 bytes free 205 --- E O F --- 2008-06-05 22:41:05 Her Lenke til kommentar
snippsat Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 Ja ser bra ut dette. --- Vi kjører litt til før vi sier du er fri for virus-spyware. --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" --- Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) --- Restart --- Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt Lenke til kommentar
simen_gunnar Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 Jepp, gjør det nå, poster logger etterpå Takk for at du gidder Lenke til kommentar
simen_gunnar Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 SAS Logg SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/06/2008 at 06:50 PM Application Version : 4.15.1000 Core Rules Database Version : 3469 Trace Rules Database Version: 1460 Scan type : Complete Scan Total Scan Time : 00:12:14 Memory items scanned : 317 Memory threats detected : 0 Registry items scanned : 5488 Registry threats detected : 0 File items scanned : 14630 File threats detected : 2 Adware.Tracking Cookie track.adform.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b0xjlvmt.default\cookies.txt ] Unclassified.Unknown Origin/System C:\SYSTEM VOLUME INFORMATION\_RESTORE{78C67FD3-F987-4934-9270-1F6231A0AA04}\RP1\A0000996.EXE Adware.Vundo-Variant/PolyMorph-A C:\SYSTEM VOLUME INFORMATION\_RESTORE{78C67FD3-F987-4934-9270-1F6231A0AA04}\RP23\A0008235.DLL Hijackthis logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:55:23 PM, on 6/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\Desktop\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE') O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 7722 bytes Lenke til kommentar
snippsat Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 (endret) Ja ser bra ut Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Du bør ha et antivirusprogram,avira er bra og gratis. http://www.free-av.com/ Et bra og gratis brannvegg,online armor free. http://www.tallemu.com/ Sas forsetter du og bruke en gang iblant. Surf trygt. Endret 6. juni 2008 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå