Notifikationer

Markér alle som læst Log ud

Slettet bruger

06. oktober 2007 - 22:54 Der er 4 kommentarer og
1 løsning

hijack og drweb files til kommentar

Der er forud kørt Ewido - CCleaner - SUPERantiSPY og fjernet over 2000 uønskede emner

drweb
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A0055068.exe;C:\System Volume Information\_restore{C58AC4C0-057A-4784-85A7-7A4A5F25F56A}\RP172;Trojan.Fakealert;Deleted.;
A0056459.dll;C:\System Volume Information\_restore{C58AC4C0-057A-4784-85A7-7A4A5F25F56A}\RP172;Adware.Zango;Deleted.;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

HijackThis
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:07, on 06-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {033C620D-3272-41A7-9380-70ECF1A17D03} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {ad3a6aa1-6a7b-2248-4cd4-02f797c80b29} - {92b08c79-7f20-4dc4-8422-b7a61aa6a3da} - C:\WINDOWS\system32\phyatoup.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Program Files\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?1e9e8f98a2064ecc82d3169ca0bc991f
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Program Files\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?1e9e8f98a2064ecc82d3169ca0bc991f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: nnnopqp - C:\WINDOWS\SYSTEM32\nnnopqp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O24 - Desktop Component 0: (no name) - http://img.ekstrabladet.dk/images/06/09/11/sp-tirsdag.jpg

--
End of file - 6873 bytes

Synes godt om

arlet Juniormester

07. oktober 2007 - 09:35 #1

Det var meget der var fjernet ;-)

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

Synes godt om

Slettet bruger

07. oktober 2007 - 13:30 #2

ComboFix-log

ComboFix 07-10-07.1 - Niels 2007-10-07 10:40:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.187 [GMT 2:00]
Running from: F:\ComboFix\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\HotbarSA
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEula.mht
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
C:\Documents and Settings\Niels\Application Data\HbTools
C:\Documents and Settings\Niels\Application Data\HbTools\HbTools.log
C:\Documents and Settings\Niels\Application Data\HbTools\v3.0\HbTools\dynamic\1070542.sdf
C:\Documents and Settings\Niels\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10807
C:\Documents and Settings\Niels\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26664
C:\Documents and Settings\Niels\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64414
C:\Documents and Settings\Niels\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\66836
C:\Documents and Settings\Niels\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\75013
C:\Documents and Settings\Niels\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\93921
C:\Documents and Settings\Niels\ResErrors.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\cfhkj.bak1
C:\WINDOWS\system32\cfhkj.bak2
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.tmp
C:\WINDOWS\system32\dccdd.tmp
C:\WINDOWS\system32\ewsxnxau.dll
C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.bak2
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.bak2
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.tmp
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.bak2
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jvvgxexj.dll
C:\WINDOWS\system32\khotpkld.dll
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\mhcddviy.dll
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\phyatoup.dll
C:\WINDOWS\system32\poolagrx.dll
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.ini

.
((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 10:40 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 22:59 <DIR> d-------- C:\Program Files\jv16 PowerTools
2007-10-06 21:48 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2007-10-06 21:31 <DIR> d-------- C:\cureit
2007-10-06 20:26 <DIR> d-------- C:\Hijack
2007-10-06 17:26 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-10-06 17:17 83,008 --a------ C:\WINDOWS\system32\lmfuunpq.dll
2007-10-06 17:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-06 17:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-06 17:16 <DIR> d-------- C:\Documents and Settings\Niels\Application Data\SUPERAntiSpyware.com
2007-10-06 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-06 16:42 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-06 16:42 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-06 16:42 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-06 16:42 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-06 16:42 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-06 16:42 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-06 16:42 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-06 16:42 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-10-06 16:42 <DIR> d-------- C:\Program Files\Alwil Software
2007-10-06 16:17 <DIR> d-------- C:\Program Files\CCleaner
2007-10-06 16:06 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-10-06 16:06 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-10-05 13:56 <DIR> d-------- C:\Documents and Settings\Niels\Application Data\NoWayVirus
2007-09-18 14:42 <DIR> d-------- C:\Documents and Settings\Niels\Application Data\WeatherDPA
2007-09-18 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-09-16 13:16 23,552 --a------ C:\WINDOWS\system32\nnnopqp.dll
2007-09-14 17:55 <DIR> d-------- C:\Program Files\Nokia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 17:26 --------- d-------- C:\Program Files\DesignPro
2007-10-06 16:13 --------- d-------- C:\Documents and Settings\Niels\Application Data\Lavasoft
2007-09-14 17:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{033C620D-3272-41A7-9380-70ECF1A17D03}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 02:07 C:\WINDOWS\system32\HdAShCut.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-23 01:34]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 19:37 C:\WINDOWS\RTHDCPL.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-07-02 00:58 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-05-19 00:57]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-03 10:15]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 19:50]
"WireLessMouse"="C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 21:48]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 16:59]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-10-06 18:59]

C:\Documents and Settings\Niels\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2002-07-18 11:58:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-10-06 18:59 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopqp]
nnnopqp.dll 2007-09-16 13:16 23552 C:\WINDOWS\system32\nnnopqp.dll

R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido\security suite\guard.sys
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-07 06:18:11 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 13:25:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aavmker4]

.
Completion time: 2007-10-07 13:27:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 13:27
.
--- E O F ---

Synes godt om

arlet Juniormester

07. oktober 2007 - 14:56 #3

Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------
File::
C:\WINDOWS\system32\lmfuunpq.dll
C:\WINDOWS\system32\aswBoot.exe
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\WINDOWS\system32\nnnopqp.dll

Folder::
C:\Documents and Settings\Niels\Application Data\NoWayVirus
C:\Documents and Settings\Niels\Application Data\WeatherDPA
-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Genstart. Kopier indholdet af Combofix.txt her ind sammen med en ny hijackthis

Synes godt om

Slettet bruger

07. oktober 2007 - 17:38 #4

Jeg har afleveret computeren den skulle til Vejle inden aften

Jeg kiggede selv lidt på det, jeg kan huske at jeg slettede
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

og

Folder::
C:\Documents and Settings\Niels\Application Data\NoWayVirus
C:\Documents and Settings\Niels\Application Data\WeatherDPA

der var et par stykker i Hijack også

O2 - BHO: (no name) - {033C620D-3272-41A7-9380-70ECF1A17D03} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Men tak for hjælpen, vi ser hvordan det går, men det kørte da uden problemer, så må vi tage det op senere hvis der viser sig problemer.

Læg svar

Synes godt om

arlet Juniormester

07. oktober 2007 - 17:55 #5

Det gør jeg så..

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS