ontel Skrevet 14. oktober 2008 Del Skrevet 14. oktober 2008 (endret) Har fått virus "bloodhound" , som ikke Norton får fjernet. Har fulgt anvisningen på dette forum, og legger ut filene i håp om at det lar seg fikse..... Fikk ikke endret navn på hijackthis.exe . Må kanskje gjøres førprogrammet lagres på skrivebordet. Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:29:20, on 14.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe C:\WINDOWS\system32\gearsec.exe C:\Programfiler\Ahead\InCD\InCDsrv.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe C:\Programfiler\Ahead\InCD\InCD.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\QuickTime\QTTask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\internet explorer\iexplore.exe C:\WINDOWS\system32\mshearts.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: {771d43cf-c4b2-5309-f5b4-ff9643be3ede} - {ede3eb34-69ff-4b5f-9035-2b4cfc34d177} - C:\WINDOWS\system32\wvctzs.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [inCD] C:\Programfiler\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: WinCinema Manager.lnk = C:\Programfiler\Sandisk\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex/ImageUploader3.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: wvctzs.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programfiler\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 12392 bytes Combofix: mboFix 08-10-12.01 - Odd-Helge 2008-10-14 15:43:12.2 - NTFSx86 Running from: C:\Documents and Settings\Odd-Helge\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\Janne\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Odd-Helge\Programdata\Adobe\Player.exe C:\Documents and Settings\Odd-Helge\Programdata\FunWebProducts C:\Documents and Settings\Odd-Helge\Programdata\FunWebProducts\Data\Odd-Helge\avatar.dat C:\Documents and Settings\Odd-Helge\Programdata\FunWebProducts\Data\Odd-Helge\register.dat C:\Documents and Settings\Odd-Helge\Programdata\FunWebProducts\Data\Odd-Helge\zbucks.dat C:\WINDOWS\system32\uninstall.exe . ((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 ))))))))))))))))))))))))))))))) . 2008-10-14 15:37 . 2008-10-14 15:37 <DIR> dr-h----- C:\Documents and Settings\Odd-Helge\Siste 2008-10-14 15:15 . 2008-10-14 15:15 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-10-14 15:08 . 2008-10-14 15:08 <DIR> d-------- C:\WINDOWS\system32\no 2008-10-14 15:08 . 2008-10-14 15:08 <DIR> d-------- C:\WINDOWS\l2schemas 2008-10-14 14:54 . 2008-10-14 14:54 <DIR> d-------- C:\Programfiler\Trend Micro 2008-10-14 12:45 . 2008-10-14 12:45 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-14 12:45 . 2008-10-14 12:45 <DIR> d-------- C:\Documents and Settings\Odd-Helge\Programdata\Malwarebytes 2008-10-14 12:45 . 2008-10-14 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-14 12:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 12:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-14 06:02 . 2008-10-14 15:51 93,918 --a------ C:\WINDOWS\system32\drivers\e6cda624.sys 2008-10-13 20:06 . 2008-10-13 20:06 109,568 --a------ C:\WINDOWS\system32\wvctzs.dll 2008-10-13 20:06 . 2008-10-13 20:06 109,568 --a------ C:\WINDOWS\system32\weiurenu.dll 2008-10-02 17:51 . 2008-10-02 17:53 <DIR> d-------- C:\Documents and Settings\Odd-Helge\logitech 2008-10-02 17:50 . 2008-10-02 17:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Remote Control USB Driver 2008-10-02 17:50 . 2008-10-02 17:51 <DIR> d-------- C:\Programfiler\Fellesfiler\Remote Control Software Common 2008-10-02 17:49 . 2008-10-02 17:50 <DIR> d-------- C:\Programfiler\Logitech 2008-10-02 17:49 . 2008-10-02 17:49 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2008-10-02 17:48 . 2008-10-02 17:48 <DIR> d-------- C:\Documents and Settings\Odd-Helge\Programdata\InstallShield 2008-10-01 20:19 . 2006-11-10 11:48 97,184 -ra------ C:\WINDOWS\system32\drivers\SE30mdm.sys 2008-10-01 20:19 . 2006-11-10 11:48 9,360 -ra------ C:\WINDOWS\system32\drivers\SE30mdfl.sys 2008-10-01 20:19 . 2006-11-10 11:48 6,240 -ra------ C:\WINDOWS\system32\drivers\SE30cmnt.sys 2008-10-01 20:19 . 2006-11-10 11:48 6,240 -ra------ C:\WINDOWS\system32\drivers\SE30cm.sys 2008-10-01 20:16 . 2006-11-10 11:48 61,600 -ra------ C:\WINDOWS\system32\drivers\SE30bus.sys 2008-10-01 20:16 . 2006-11-10 11:48 5,872 -ra------ C:\WINDOWS\system32\drivers\SE30whnt.sys 2008-10-01 20:16 . 2006-11-10 11:48 5,872 -ra------ C:\WINDOWS\system32\drivers\SE30wh.sys 2008-09-20 16:56 . 2008-09-20 16:56 <DIR> d-------- C:\Programfiler\iTunes 2008-09-20 16:56 . 2008-09-20 16:56 <DIR> d-------- C:\Programfiler\iPod 2008-09-20 16:56 . 2008-09-20 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-20 16:40 . 2008-09-20 16:40 <DIR> d-------- C:\Programfiler\Safari 2008-09-20 16:38 . 2008-09-20 16:38 <DIR> d-------- C:\Programfiler\Bonjour 2008-09-17 09:26 . 2008-04-14 18:22 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll 2008-09-17 09:26 . 2008-04-14 18:22 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll 2008-09-17 09:26 . 2008-04-14 18:22 276,992 --------- C:\WINDOWS\system32\wmphoto.dll 2008-09-17 09:26 . 2008-04-14 18:22 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-09-17 09:26 . 2008-04-14 18:22 53,248 --------- C:\WINDOWS\system32\tsgqec.dll 2008-09-17 09:26 . 2008-04-14 18:22 50,688 --------- C:\WINDOWS\system32\tspkg.dll 2008-09-17 09:24 . 2008-04-14 18:21 651,264 --------- C:\WINDOWS\system32\dot3ui.dll 2008-09-14 21:43 . 2008-09-14 21:43 <DIR> d-------- C:\Documents and Settings\CAMILLA\Programdata\Teleca 2008-09-14 21:39 . 2008-09-14 21:39 <DIR> d-------- C:\Documents and Settings\CAMILLA\Programdata\Sony Ericsson . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-14 13:44 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-10-14 11:31 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-10-14 07:11 --------- d-----w C:\Programfiler\PokerStars 2008-10-14 06:49 --------- d-----w C:\Programfiler\MSN Messenger 2008-10-14 06:49 --------- d-----w C:\Programfiler\Messenger Plus! Live 2008-10-13 09:55 35,674 ----a-w C:\Documents and Settings\Odd-Helge\Programdata\wklnhst.dat 2008-10-13 09:16 --------- d-----w C:\Programfiler\DC++ 2008-10-12 19:19 --------- d-----w C:\Programfiler\Microsoft Picture It! 9 2008-10-07 19:40 --------- d-----w C:\Programfiler\Norton Internet Security 2008-10-02 15:50 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-09-20 16:17 --------- d-----w C:\Documents and Settings\Odd-Helge\Programdata\Apple Computer 2008-09-20 15:04 --------- d-----w C:\Programfiler\Apple Software Update 2008-09-20 14:53 --------- d-----w C:\Programfiler\QuickTime 2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-27 08:46 --------- d-----w C:\Programfiler\Java 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-02-03 20:09 3,944 ----a-w C:\Documents and Settings\CAMILLA\Programdata\wklnhst.dat 2007-05-08 15:27 71,640 ----a-w C:\Documents and Settings\Odd-Helge\Programdata\GDIPFONTCACHEV1.DAT 2004-03-27 08:33 0 ----a-w C:\Documents and Settings\Janne\Programdata\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ede3eb34-69ff-4b5f-9035-2b4cfc34d177}] 2008-10-13 20:06 109568 --a------ C:\WINDOWS\system32\wvctzs.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-10-14 1576176] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-04-02 4616192] "Omnipage"="C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 406016] "InCD"="C:\Programfiler\Ahead\InCD\InCD.exe" [2003-09-15 1212466] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-03-01 52840] "PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-09-10 289576] "nwiz"="nwiz.exe" [2003-04-02 C:\WINDOWS\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "DJSNetCN"="C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 54928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ WinCinema Manager.lnk - C:\Programfiler\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-09-25 303104] Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] InterVideo WinCinema Manager.lnk - C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-03-23 98304] Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-02 67128] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-08-27 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-08-27 10:38 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wvctzs.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Programfiler\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032] R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2003-12-01 53248] R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528] S3 ACCSKMD;Canon Camera Storage Device;C:\WINDOWS\system32\DRIVERS\accskmd.sys [2002-06-26 26240] S3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 12160] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 84608] S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE30bus.sys [2006-11-10 61600] S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE30mdfl.sys [2006-11-10 9360] S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE30mdm.sys [2006-11-10 97184] S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536] S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360] S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088] S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624] S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704] S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432] S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800] S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800] S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-05-15 38656] S3 ZDNDIS5;ZDNDIS5 Protocol Driver;C:\WINDOWS\System32\ZDNDIS5.SYS [2002-10-30 16157] *Newly Created Service* - COMHOST *Newly Created Service* - mbamswissarmy . Contents of the 'Scheduled Tasks' folder 2008-10-14 C:\WINDOWS\Tasks\A9FD6980918F1F8C.job - c:\docume~1\odd-he~1\progra~1\intranew\PlusUpSixth.exe [] 2008-09-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-03 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - Odd-Helge.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2007-03-22 19:43] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Player - C:\Documents and Settings\Odd-Helge\Programdata\Adobe\Player.exe HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe HKLM-Run-YeppStudioAgent - C:\Programfiler\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = R0 -: HKLM-Main,Start Page = hxxp://www.msn.no/ R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: &Search O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - %~$path:i O16 -: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} - hxxp://www.eurofoto.no/activex/ImageUploader3.cab C:\WINDOWS\Downloaded Program Files\ImageUploader3.inf C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-14 15:50:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\e6cda624] "ImagePath"="\SystemRoot\System32\drivers\e6cda624.sys" . Completion time: 2008-10-14 16:07:27 ComboFix-quarantined-files.txt 2008-10-14 14:07:15 Pre-Run: 30,587,019,264 byte ledig Post-Run: 30,564,757,504 byte ledig 235 --- E O F --- 2008-10-14 13:18:30 mbam: Malwarebytes' Anti-Malware 1.28 Database versjon: 1267 Windows 5.1.2600 Service Pack 3 14.10.2008 16:28:10 mbam-log-2008-10-14 (16-28-10).txt Skanntype: Rask Skann Objekter skannet: 57126 Tid tilbakelagt: 6 minute(s), 36 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 2 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) mvh Odd-H Endret 17. oktober 2008 av ontel Lenke til kommentar
r2d290 Skrevet 14. oktober 2008 Del Skrevet 14. oktober 2008 Hallo Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: C:\WINDOWS\system32\drivers\e6cda624.sys C:\WINDOWS\system32\wvctzs.dll Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Lenke til kommentar
ontel Skrevet 15. oktober 2008 Forfatter Del Skrevet 15. oktober 2008 Hallo Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: C:\WINDOWS\system32\drivers\e6cda624.sys C:\WINDOWS\system32\wvctzs.dll Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Lenke til kommentar
ontel Skrevet 15. oktober 2008 Forfatter Del Skrevet 15. oktober 2008 Hallo Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: C:\WINDOWS\system32\drivers\e6cda624.sys C:\WINDOWS\system32\wvctzs.dll Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Heisan. Fulgte dine anvisninger, men ble stoppet av brannmur eller virus. Følgende svar for første fil: The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file. Prøvde å slå av brannmur, uten at det hjalp. Fant ingeting på:C:\WINDOWS\system32\wvctzs.dll Lenke til kommentar
r2d290 Skrevet 15. oktober 2008 Del Skrevet 15. oktober 2008 Merker du noe mer til problemene med PC-en? Lenke til kommentar
ontel Skrevet 15. oktober 2008 Forfatter Del Skrevet 15. oktober 2008 Merker du noe mer til problemene med PC-en? Hmmmmm. Virker som alt forløper normalt nå, med unntak av irriterende "pop-ups" som stadig vekk gjør nettopp det, popper opp... Ellers så ligger ikonene på skiveborsdet, og Windows automatiske oppdateringer lyser atter grønt, og lar seg slå på. Mvh Ontel Lenke til kommentar
r2d290 Skrevet 15. oktober 2008 Del Skrevet 15. oktober 2008 Hvor er det norton finner denne infeksjonen "bloodhound"? Hva heter filen? last opp følgende filer på www.virustotal.com C:\WINDOWS\system32\wvctzs.dll C:\WINDOWS\system32\weiurenu.dll Får du noen resultater på de der? Lenke til kommentar
ontel Skrevet 15. oktober 2008 Forfatter Del Skrevet 15. oktober 2008 Hvor er det norton finner denne infeksjonen "bloodhound"? Hva heter filen? last opp følgende filer på www.virustotal.com C:\WINDOWS\system32\wvctzs.dll C:\WINDOWS\system32\weiurenu.dll Får du noen resultater på de der? Husker ikke plasseringen dessverre.....har ikke sett bloodhound viruset eller idag. Men popups florerer. Ikke noe resultat på C:\WINDOWS\system32\weiurenu.dll[/b] men på C:\WINDOWS\system32\wvctzs.dll fant jeg følgende 3 filer; File wvctzs.dll received on 10.15.2008 17:03:03 (CET) Current status: finished Result: 3/36 (8.33%) Compact Print results eSafe 7.0.17.0 2008.10.15 Suspicious File Microsoft 1.4005 2008.10.15 Trojan:Win32/Conhook.D TrendMicro 8.700.0.1004 2008.10.15 TROJ_CONHOOK.CF Lenke til kommentar
r2d290 Skrevet 15. oktober 2008 Del Skrevet 15. oktober 2008 Hei igjen. Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: C:\WINDOWS\system32\wvctzs.dll C:\WINDOWS\system32\weiurenu.dll Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt senere... Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene: O20 - AppInit_DLLs: wvctzs.dll Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post, sammen med combofix-loggen ref. tidligere i denne posten. Lenke til kommentar
ontel Skrevet 15. oktober 2008 Forfatter Del Skrevet 15. oktober 2008 Hei igjen. Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: C:\WINDOWS\system32\wvctzs.dll C:\WINDOWS\system32\weiurenu.dll Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt senere... Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene: O20 - AppInit_DLLs: wvctzs.dll Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post, sammen med combofix-loggen ref. tidligere i denne posten. Her er loggfilene: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:03:57, on 15.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe C:\WINDOWS\system32\gearsec.exe C:\Programfiler\Ahead\InCD\InCDsrv.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe C:\Programfiler\Ahead\InCD\InCD.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\QuickTime\QTTask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [inCD] C:\Programfiler\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WinCinema Manager.lnk = C:\Programfiler\Sandisk\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex/ImageUploader3.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programfiler\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 12418 bytes og 2002-07-08 11:44:12 24,576 C:\Qoobox\Quarantine\C\WINDOWS\system32\Uninstall.exe.vir 2007-03-22 12:54:16 53 C:\Qoobox\Quarantine\C\Documents and Settings\Janne\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML.vir 2007-06-21 18:02:03 341 C:\Qoobox\Quarantine\C\Documents and Settings\Odd-Helge\Programdata\FunWebProducts\Data\Odd-Helge\register.dat.vir 2007-06-21 21:40:51 99 C:\Qoobox\Quarantine\C\Documents and Settings\Odd-Helge\Programdata\FunWebProducts\Data\Odd-Helge\zbucks.dat.vir 2008-08-27 08:47:30 41,081 C:\Qoobox\Quarantine\C\Documents and Settings\Odd-Helge\Programdata\FunWebProducts\Data\Odd-Helge\avatar.dat.vir 2008-10-13 09:28:20 16,896 C:\Qoobox\Quarantine\C\Documents and Settings\Odd-Helge\Programdata\Adobe\Player.exe.vir 2008-10-13 10:30:16 8,823 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat.vir 2008-10-13 10:30:17 8,823 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat.vir 2008-10-13 18:06:31 109,568 C:\Qoobox\Quarantine\C\WINDOWS\system32\weiurenu.dll.vir 2008-10-13 18:06:31 109,568 C:\Qoobox\Quarantine\C\WINDOWS\system32\wvctzs.dll.vir 2008-10-14 14:06:40 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat 2008-10-14 14:06:41 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat 2008-10-14 14:06:41 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat 2008-10-14 14:06:46 161 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Player.reg.dat 2008-10-14 14:06:49 179 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-YeppStudioAgent.reg.dat 2008-10-14 14:06:49 185 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-My Web Search Bar Search Scope Monitor.reg.dat 2008-10-15 16:01:06 19,596 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2008-10-15 16:02:12 162 C:\Qoobox\Quarantine\catchme.log 2008-10-15 16:36:56 416 C:\Qoobox\Quarantine\Registry_backups\BHO-{ede3eb34-69ff-4b5f-9035-2b4cfc34d177}.reg.dat mvh ontel Lenke til kommentar
r2d290 Skrevet 15. oktober 2008 Del Skrevet 15. oktober 2008 combofix-loggen er ikke fulstendig... Hvis det ikke står mer enn dette i c:/combofix.txt har det skjedd en feil. Kjør isåfall samme prosedyre med CFScript på nytt... Lenke til kommentar
ontel Skrevet 15. oktober 2008 Forfatter Del Skrevet 15. oktober 2008 combofix-loggen er ikke fulstendig... Hvis det ikke står mer enn dette i c:/combofix.txt har det skjedd en feil. Kjør isåfall samme prosedyre med CFScript på nytt... Sorry.... Her kommer resten. ComboFix 08-10-12.01 - Odd-Helge 2008-10-15 17:56:30.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.194 [GMT 2:00] Running from: C:\Documents and Settings\Odd-Helge\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Odd-Helge\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\weiurenu.dll C:\WINDOWS\system32\wvctzs.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\weiurenu.dll C:\WINDOWS\system32\wvctzs.dll . ((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 ))))))))))))))))))))))))))))))) . 2008-10-14 20:28 . 2008-10-15 17:53 <DIR> dr-h----- C:\Documents and Settings\Odd-Helge\Siste 2008-10-14 15:08 . 2008-10-14 15:08 <DIR> d-------- C:\WINDOWS\system32\no 2008-10-14 15:08 . 2008-10-14 15:08 <DIR> d-------- C:\WINDOWS\l2schemas 2008-10-14 14:54 . 2008-10-14 14:54 <DIR> d-------- C:\Programfiler\Trend Micro 2008-10-14 12:45 . 2008-10-14 12:45 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-14 12:45 . 2008-10-14 12:45 <DIR> d-------- C:\Documents and Settings\Odd-Helge\Programdata\Malwarebytes 2008-10-14 12:45 . 2008-10-14 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-14 12:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 12:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-14 06:02 . 2008-10-15 18:20 93,918 --a------ C:\WINDOWS\system32\drivers\e6cda624.sys 2008-10-02 17:51 . 2008-10-02 17:53 <DIR> d-------- C:\Documents and Settings\Odd-Helge\logitech 2008-10-02 17:50 . 2008-10-02 17:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Remote Control USB Driver 2008-10-02 17:50 . 2008-10-02 17:51 <DIR> d-------- C:\Programfiler\Fellesfiler\Remote Control Software Common 2008-10-02 17:49 . 2008-10-02 17:50 <DIR> d-------- C:\Programfiler\Logitech 2008-10-02 17:49 . 2008-10-02 17:49 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2008-10-02 17:48 . 2008-10-02 17:48 <DIR> d-------- C:\Documents and Settings\Odd-Helge\Programdata\InstallShield 2008-10-01 20:19 . 2006-11-10 11:48 97,184 -ra------ C:\WINDOWS\system32\drivers\SE30mdm.sys 2008-10-01 20:19 . 2006-11-10 11:48 9,360 -ra------ C:\WINDOWS\system32\drivers\SE30mdfl.sys 2008-10-01 20:19 . 2006-11-10 11:48 6,240 -ra------ C:\WINDOWS\system32\drivers\SE30cmnt.sys 2008-10-01 20:19 . 2006-11-10 11:48 6,240 -ra------ C:\WINDOWS\system32\drivers\SE30cm.sys 2008-10-01 20:16 . 2006-11-10 11:48 61,600 -ra------ C:\WINDOWS\system32\drivers\SE30bus.sys 2008-10-01 20:16 . 2006-11-10 11:48 5,872 -ra------ C:\WINDOWS\system32\drivers\SE30whnt.sys 2008-10-01 20:16 . 2006-11-10 11:48 5,872 -ra------ C:\WINDOWS\system32\drivers\SE30wh.sys 2008-09-20 16:56 . 2008-09-20 16:56 <DIR> d-------- C:\Programfiler\iTunes 2008-09-20 16:56 . 2008-09-20 16:56 <DIR> d-------- C:\Programfiler\iPod 2008-09-20 16:56 . 2008-09-20 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-20 16:40 . 2008-09-20 16:40 <DIR> d-------- C:\Programfiler\Safari 2008-09-20 16:38 . 2008-09-20 16:38 <DIR> d-------- C:\Programfiler\Bonjour 2008-09-17 09:26 . 2008-04-14 18:22 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll 2008-09-17 09:26 . 2008-04-14 18:22 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll 2008-09-17 09:26 . 2008-04-14 18:22 276,992 --------- C:\WINDOWS\system32\wmphoto.dll 2008-09-17 09:26 . 2008-04-14 18:22 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-09-17 09:26 . 2008-04-14 18:22 53,248 --------- C:\WINDOWS\system32\tsgqec.dll 2008-09-17 09:26 . 2008-04-14 18:22 50,688 --------- C:\WINDOWS\system32\tspkg.dll 2008-09-17 09:24 . 2008-04-14 18:21 651,264 --------- C:\WINDOWS\system32\dot3ui.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-15 15:25 --------- d-----w C:\Programfiler\PokerStars 2008-10-15 08:04 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-10-14 18:26 --------- d-----w C:\Programfiler\B2BPOKER 2008-10-14 18:17 35,674 ----a-w C:\Documents and Settings\Odd-Helge\Programdata\wklnhst.dat 2008-10-14 11:31 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-10-14 06:49 --------- d-----w C:\Programfiler\MSN Messenger 2008-10-14 06:49 --------- d-----w C:\Programfiler\Messenger Plus! Live 2008-10-13 09:16 --------- d-----w C:\Programfiler\DC++ 2008-10-12 19:19 --------- d-----w C:\Programfiler\Microsoft Picture It! 9 2008-10-07 19:40 --------- d-----w C:\Programfiler\Norton Internet Security 2008-10-02 15:50 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-09-20 16:17 --------- d-----w C:\Documents and Settings\Odd-Helge\Programdata\Apple Computer 2008-09-20 15:04 --------- d-----w C:\Programfiler\Apple Software Update 2008-09-20 14:53 --------- d-----w C:\Programfiler\QuickTime 2008-09-14 19:43 --------- d-----w C:\Documents and Settings\CAMILLA\Programdata\Teleca 2008-09-14 19:39 --------- d-----w C:\Documents and Settings\CAMILLA\Programdata\Sony Ericsson 2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-27 08:46 --------- d-----w C:\Programfiler\Java 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-02-03 20:09 3,944 ----a-w C:\Documents and Settings\CAMILLA\Programdata\wklnhst.dat 2007-05-08 15:27 71,640 ----a-w C:\Documents and Settings\Odd-Helge\Programdata\GDIPFONTCACHEV1.DAT 2004-03-27 08:33 0 ----a-w C:\Documents and Settings\Janne\Programdata\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-10-14 1576176] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-04-02 4616192] "Omnipage"="C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 406016] "InCD"="C:\Programfiler\Ahead\InCD\InCD.exe" [2003-09-15 1212466] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-03-01 52840] "PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-09-10 289576] "nwiz"="nwiz.exe" [2003-04-02 C:\WINDOWS\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "DJSNetCN"="C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 54928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ WinCinema Manager.lnk - C:\Programfiler\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-09-25 303104] Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] InterVideo WinCinema Manager.lnk - C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-03-23 98304] Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-02 67128] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-08-27 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-08-27 10:38 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wvctzs.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Programfiler\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032] R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2003-12-01 53248] S3 ACCSKMD;Canon Camera Storage Device;C:\WINDOWS\system32\DRIVERS\accskmd.sys [2002-06-26 26240] S3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 12160] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 84608] S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE30bus.sys [2006-11-10 61600] S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE30mdfl.sys [2006-11-10 9360] S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE30mdm.sys [2006-11-10 97184] S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536] S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360] S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088] S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624] S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704] S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432] S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800] S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800] S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-05-15 38656] S3 ZDNDIS5;ZDNDIS5 Protocol Driver;C:\WINDOWS\System32\ZDNDIS5.SYS [2002-10-30 16157] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder 2008-10-15 C:\WINDOWS\Tasks\A9FD6980918F1F8C.job - c:\docume~1\odd-he~1\progra~1\intranew\PlusUpSixth.exe [] 2008-10-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-03 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - Odd-Helge.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2007-03-22 19:43] . - - - - ORPHANS REMOVED - - - - BHO-{ede3eb34-69ff-4b5f-9035-2b4cfc34d177} - C:\WINDOWS\system32\wvctzs.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-15 18:13:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\e6cda624] "ImagePath"="\SystemRoot\System32\drivers\e6cda624.sys" . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Fellesfiler\Symantec Shared\CCSETMGR.EXE C:\Programfiler\Fellesfiler\Symantec Shared\CCEVTMGR.EXE C:\Programfiler\Fellesfiler\Symantec Shared\CCPROXY.EXE C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\scardsvr.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Ahead\InCD\incdsrv.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Microsoft Office\Office10\WINWORD.EXE C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Microsoft Works\WkDStore.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\Messenger\msmsgs.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Completion time: 2008-10-15 18:37:49 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-15 16:37:28 ComboFix2.txt 2008-10-14 14:07:29 Pre-Run: 31 046 676 480 byte ledig Post-Run: 30,976,471,040 byte ledig 238 --- E O F --- 2008-10-14 13:18:30 Lenke til kommentar
r2d290 Skrevet 16. oktober 2008 Del Skrevet 16. oktober 2008 Fint. Pokerstars og b2bpoker. ER det noe du bruker? Du har dessuten messenger plus installert. Dette anbefaler jeg deg at du avinstallerer, hvis du ikke MÅ ha det... Lenke til kommentar
ontel Skrevet 16. oktober 2008 Forfatter Del Skrevet 16. oktober 2008 Fint. Pokerstars og b2bpoker. ER det noe du bruker? Du har dessuten messenger plus installert. Dette anbefaler jeg deg at du avinstallerer, hvis du ikke MÅ ha det... Pokerstar er i bruk..... IKKE b2bpoker.....ukjent. Messenger + skal oxo avinstalleres. Prøver dette i noen dager, før [LØST] knappen aktiveres. Takk for all hjelp så langt r2d290. Lenke til kommentar
r2d290 Skrevet 16. oktober 2008 Del Skrevet 16. oktober 2008 får du avinstallert b2bpoker fra legg til/fjern programmer? Hvis ikke, burde det gå greit å bare slette mappen C:\Programfiler\B2BPOKER Ellers så må combofix avinstalleres på en litt spesiell måte, så du må si ifra når du mener problemet er løst, så vi får avinstallert combofix Lenke til kommentar
ontel Skrevet 17. oktober 2008 Forfatter Del Skrevet 17. oktober 2008 får du avinstallert b2bpoker fra legg til/fjern programmer? Hvis ikke, burde det gå greit å bare slette mappen C:\Programfiler\B2BPOKER Ellers så må combofix avinstalleres på en litt spesiell måte, så du må si ifra når du mener problemet er løst, så vi får avinstallert combofix joda... nu går alt så meget bedre. Må combofix avistalleres? Ontel. Lenke til kommentar
r2d290 Skrevet 17. oktober 2008 Del Skrevet 17. oktober 2008 Ja, combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /u PS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
ontel Skrevet 17. oktober 2008 Forfatter Del Skrevet 17. oktober 2008 Ja, combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /uPS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. Ok... Combofix er fjernet, sammen med viruset. Takk for god hjelp -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå