TBJ Skrevet 25. august 2008 Del Skrevet 25. august 2008 (endret) Hei Naboen har også fått virus (eller annet svineri) på maskinen. Det ligger nå et utropstegn nede i systemtray'en og så dukker det opp en melding om at det er kommet virus (husker ikke detajert hva som sto der), men trykket man på den, ville maskina laste ned et antivirus program som garantert ikke er det som den utgir seg for. Jeg har kjørt CCleaner, Malwarebytes' Anti-Malware (MBAM), Combofix og tilslutt HijackThis. Håper "dritten" er nå blitt fjernet. Jeg har ikke fikset noe på listen HijackThis kom frem med. Jeg legger opp loggene her, så jeg håper noen kan hjelpe meg med å titte på de. mbam-log-08-25-2008 (12-24-59).txt ****************************************** Malwarebytes' Anti-Malware 1.25 Database versjon: 1087 Windows 5.1.2600 Service Pack 2 12:25:05 25.08.2008 mbam-log-08-25-2008 (12-24-59).txt Skanntype: Rask Skann Objekter skannet: 47152 Tid tilbakelagt: 3 minute(s), 31 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0024920 (Trojan.Vundo) -> No action taken. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ****************************************************************************************** ********* *************************************** ComboFix.txt *************** ComboFix 08-08-24.02 - Administrator 2008-08-25 12:26:48.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.339 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Trude Bjørnstad\Cookies\trude_bjø[email protected][1].txt C:\Documents and Settings\Trude Bjørnstad\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Trude Bjørnstad\Programdata\macromedia\Flash Player\#SharedObjects\AP9GM65W\interclick.com C:\Documents and Settings\Trude Bjørnstad\Programdata\macromedia\Flash Player\#SharedObjects\AP9GM65W\interclick.com\ud.sol C:\Documents and Settings\Trude Bjørnstad\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Trude Bjørnstad\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\WINDOWS\Downloaded Program Files\setup.inf C:\xcrashdump.dat D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))) . 2008-08-25 12:08 . 2008-08-25 12:25 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-08-25 11:52 . 2008-08-25 11:52 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-08-25 11:52 . 2008-08-25 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-08-25 11:52 . 2008-08-25 11:52 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Malwarebytes 2008-08-25 11:52 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-25 11:52 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-24 15:00 . 2008-08-24 15:01 <DIR> d-------- C:\Temp\MPSampleSubmit 2008-08-23 21:16 . 2008-08-23 21:16 <DIR> d-------- C:\Temp\sv8fg.tmp 2008-08-23 21:15 . 2008-08-23 21:15 <DIR> d-------- C:\Temp\WPDNSE 2008-08-23 17:36 . 2008-08-23 17:39 <DIR> d-------- C:\Temp\7ZipSfx.000 2008-08-21 18:52 . 2008-08-22 15:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-21 18:52 . 2008-08-21 18:56 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-19 13:51 . 2008-08-20 09:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-14 20:32 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-24 17:09 --------- d-----w C:\Programfiler\PeerGuardian2 2008-08-23 19:16 --------- d-----w C:\Documents and Settings\Trude Bjørnstad\Programdata\OpenOffice.org2 2008-08-23 19:16 --------- d-----w C:\Documents and Settings\Trude Bjørnstad\Programdata\OpenOffice.org2 2008-08-23 19:16 --------- d-----w C:\Documents and Settings\Trude Bjørnstad\Programdata\OpenOffice.org2 2008-08-23 15:37 --------- d-----w C:\Programfiler\Google 2008-08-22 18:33 --------- d-----w C:\Programfiler\Java 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-18 08:50 --------- d-----w C:\Programfiler\Avanquest update 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:33 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:24 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:57 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:23 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:22 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:43 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2006-09-06 09:30 164 ----a-w C:\Documents and Settings\Trude Bjørnstad\Programdata\wklnhst.dat 2006-09-06 09:30 164 ----a-w C:\Documents and Settings\Trude Bjørnstad\Programdata\wklnhst.dat 2006-09-06 09:30 164 ----a-w C:\Documents and Settings\Trude Bjørnstad\Programdata\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05 344064] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 22:50 729178] "QPService"="C:\Programfiler\HP\QuickPlay\QPService.exe" [2005-12-12 11:39 94208] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57 405504] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-08-01 14:26 233534] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45 507904] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-06-04 19:02 949376] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-11-12 15:56 282624] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "Malwarebytes Anti-Malware (reboot)"="C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2008-08-17 15:01 1195640] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968] C:\Documents and Settings\Trude Bj›rnstad\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.0.lnk - C:\Programfiler\OpenOffice.org 2.0\program\quickstart.exe [2006-06-27 23:58:04 393216] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520] HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30 73728] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] --------- 2005-10-11 10:23 1187840 C:\WINDOWS\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\system32\\dmremote.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:DMremote S3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 11:06] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-08-24 C:\WINDOWS\Tasks\AB0B76839184F55B.job - c:\docume~1\trudeb~1\progra~1\axisbr~1\downloadacidglue.exe [] 2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13] 2008-08-25 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . - - - - ORPHANS REMOVED - - - - HKCU-Run-MSMSGS - C:\Programfiler\Messenger\msmsgs.exe Notify-6208d1dd382 - C:\WINDOWS\system32\__c008485A.dat MSConfigStartUp-SLOWBLAHFIVEDATE - C:\Documents and Settings\All Users\Programdata\Acefirstslowblah\EXTRA LOGO.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.hp.com O8 -: &Google Search - C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html O8 -: &Translate English Word - C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html O8 -: Backward Links - C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html O8 -: Cached Snapshot of Page - C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html O8 -: Similar Pages - C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html O8 -: Translate Page into English - C:\Programfiler\Google\GoogleToolbar1.dll/cmtrans.html . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-25 12:29:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe???????????q????|?p???? ???B?????????????hLC???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-25 12:29:52 ComboFix-quarantined-files.txt 2008-08-25 10:29:50 Pre-Run: 1,015,779,328 byte ledig Post-Run: 6,063,652,864 byte ledig 177 --- E O F --- 2008-08-21 14:20:42 ****************************************************************************************** ********* **************************************** hijackthis.log **************'* Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:43:06, on 25.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Google Search - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe -- End of file - 6589 bytes Endret 27. august 2008 av TBJ Lenke til kommentar
r2d290 Skrevet 25. august 2008 Del Skrevet 25. august 2008 Hold deg til ett forum! Det er de samme personene som hjelper deg her og på itpro.no, så du får ikke noe rasker hjelp uansett. Bestem deg for hvilket forum du vil fortsette i, og raporter tråden din i det andre forumet (og be moderator stenge). (dette gjelder selvsagt begge postene du har lagt ut (for deg selv, og naboen). Lenke til kommentar
TBJ Skrevet 25. august 2008 Forfatter Del Skrevet 25. august 2008 Beklager. Det er nå gjort og jeg fortsetter her. Lenke til kommentar
norbat Skrevet 25. august 2008 Del Skrevet 25. august 2008 Bruk utfosker til å bla deg fram til Tasks-mappa og slett fila (i fet): C:\WINDOWS\Tasks\AB0B76839184F55B.job Hvordan går det med problemet? Lenke til kommentar
TBJ Skrevet 25. august 2008 Forfatter Del Skrevet 25. august 2008 Bruk utfosker til å bla deg fram til Tasks-mappa og slett fila (i fet):C:\WINDOWS\Tasks\AB0B76839184F55B.job Hvordan går det med problemet? Den AB0B76839184F55B jobben jeg slettet, innholdt noen om nedlasting av downloadacidglue.exe hver time. Hørtes tvilsomt ut. Uansett. Borte er'n. Tar noen runder med NOD32, så får vi se. Lenke til kommentar
norbat Skrevet 26. august 2008 Del Skrevet 26. august 2008 Fila var knyttet til adware av typen Lop.com Gi gjerne tilbakemelding på om NOD finner noe av interesse. Etterpå avlslutter vi med å rydde litt opp. Lenke til kommentar
TBJ Skrevet 27. august 2008 Forfatter Del Skrevet 27. august 2008 NOD fant noe til slutt. Det ser ut som alt faenskapet nå er borte. Saken løst. Takk for hjelpen, Lenke til kommentar
r2d290 Skrevet 27. august 2008 Del Skrevet 27. august 2008 Du er ikke ferdig enda, så du bør fjerne ordet "LØST" midlertidig... Combofix må avinstalleres (du får nærmere info om det), men jeg vet ikke om det var noe opprydding norbat ville nevne først? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå