Petterla Skrevet 21. oktober 2008 Del Skrevet 21. oktober 2008 (endret) Hei. Jeg har et problem med malware, ikke ulikt problemet i denne tråden: https://www.diskusjon.no/index.php?showtopic=1023872. Jeg hadde som personen i denne tråden et problem med at jeg ikke fikk koblet meg på nett, men dette fikk jeg løst gjennom repairfunksjonen i SuperAntiSpyware. Det som er problemet nå i tilllegg til tråden som står linket til er at jeg ikke får oppdatert virusprogram, SAS eller Spybot. Jeg får heller ikke til å pakke ut nye programmer som MALB, som jeg jo gjerne skulle ha kjørt. Det er heller ikke mulig å kjøre systemgjennoppretting. Samt at når jeg starter opp i sikkermodus får jeg opp en blå skjerm med beskjed om at det må dumpes fysisk minne og noe mer. Jeg hadde planlagt å legge ut en hijakthis log her nå, men dessverre er det ikke så lett fra jobb, så den og combofixloggen kommer i ettermiddag. Men dersom noen har noen tips til hva som kan gjøres med oppdateringsproblemet og utpakkingsproblemet ville jo det være hyggelig. På forhånd takk Endret 26. oktober 2008 av Petterla Lenke til kommentar
r2d290 Skrevet 21. oktober 2008 Del Skrevet 21. oktober 2008 (endret) Oppdateringsproblemene er nok helt sikkert malware-relatert, så det skal vi nok få fikset Utpakkingsproblemet vet jeg ikke noe om, men vi får se hvordan det går etter at vi har fått sett på loggene edit: husk at det i tre dager fremover ikke vil være mulig å LASTE OPP logger, så du må gjøre det med å bare kopiere loggene, og lime de inn her på forumet... Endret 21. oktober 2008 av r2d290 Lenke til kommentar
Petterla Skrevet 21. oktober 2008 Forfatter Del Skrevet 21. oktober 2008 Det høres bra ut. Etter hva jeg har forstått av de andre trådene her inne er mye løst dersom man får kjørt en scan med en oppdatert versjon av SAS og MALB. Utppkaing var forøvrig muligvis et dårlig valgt ord, det er kanskje tydeligere om jeg sier innstallering. Jeg har lastet MALB ned, men får ikke kjørt .exefilen. Lenke til kommentar
norbat Skrevet 21. oktober 2008 Del Skrevet 21. oktober 2008 Last ned combofix på en pc som fungerer og last den over på den infiserte pc'n vha. minnepenn etc. Legg combofix på skrivebordet og kjør programmet. Hvis det ikke kjører fra normal tilstand, restarter du pc'n i sikker modus og kjører combofix derfra. Når combofix er ferdigkjørt, er sannsynligheten stor for at du får oppdatert SAS / installert MBAM. Kjør derfor en rask/quick scan med ett av disse programmene. Post combofix-loggen + loggen fra SAS/MBAM Lenke til kommentar
Petterla Skrevet 21. oktober 2008 Forfatter Del Skrevet 21. oktober 2008 Det skal jeg gjøre så snart arbeidsdagen er over. Et lite spørsmål i så henseende. Jeg får ikke til å starte opp i sikker modus. Da får jeg opp en blå skjerm med beskjed om dumpng a fysisk minne, og at jeg må starte på nytt. Jeg har forsøkt med repairfunksjonen i SAS, som ikke virker å virke på akkurat dette. Er det noen tips til hva som kan gjøres da? takker fo all hjelp hittil. Lenke til kommentar
Petterla Skrevet 21. oktober 2008 Forfatter Del Skrevet 21. oktober 2008 Da har jeg fått kjørt Combofix, MBAM og Hijackthis. Så da legger jeg ut loggene her og håper noen kan se kjapt på dem. Combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-10-19.04 - Mette 2008-10-21 17:10:27.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.654 [GMT 2:00] * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\Mette\Programdata\Adobe\crc.dat C:\Documents and Settings\Mette\Programdata\Adobe\Player.exe.bak C:\WINDOWS\BM2f38e0b3.txt C:\WINDOWS\esmf.exe C:\WINDOWS\system32\drivers\tdssserv.sys C:\WINDOWS\system32\epqamjon.dll C:\WINDOWS\system32\giiPoqss.ini C:\WINDOWS\system32\giiPoqss.ini2 C:\WINDOWS\system32\nojmaqpe.ini C:\WINDOWS\system32\tdssadw.dll C:\WINDOWS\system32\TDSSerrors.log C:\WINDOWS\system32\tdssinit.dll C:\WINDOWS\system32\tdssl.dll C:\WINDOWS\system32\TDSSlog.dll C:\WINDOWS\system32\tdssmain.dll C:\WINDOWS\system32\tdssserf.dll C:\WINDOWS\system32\tdssservers.dat C:\WINDOWS\system32\temp#01.exe C:\WINDOWS\system32\thun.dll C:\WINDOWS\system32\thun32.dll C:\WINDOWS\system32\VBIEWER.OCX C:\WINDOWS\system32\vbsys2.dll C:\WINDOWS\system32\vcatchpi.dll C:\WINDOWS\system32\vtUmNGww.dll C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\winsystem.exe C:\WINDOWS\system32\WINWGPX.EXE ----- BITS: Possible infected sites ----- hxxp://78.157.143.198 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 ))))))))))))))))))))))))))))))) . 2008-10-20 23:08 . 2008-10-20 23:08 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\F-Secure 2008-10-20 23:07 . 2008-10-20 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\F-Secure 2008-10-20 23:06 . 2008-10-20 23:07 <DIR> d-------- C:\Programfiler\F-Secure 2008-10-20 20:58 . 2008-10-20 22:23 <DIR> dr-h----- C:\Documents and Settings\Mette\Siste 2008-10-16 21:16 . 2008-10-16 21:16 <DIR> d-------- C:\Documents and Settings\kristin\Programdata\SUPERAntiSpyware.com 2008-10-16 20:04 . 2008-10-16 20:04 479,504 --a------ C:\WINDOWS\system32\prfh0414.dat 2008-10-16 20:04 . 2008-10-16 20:04 96,736 --a------ C:\WINDOWS\system32\prfc0414.dat 2008-10-16 19:07 . 2008-10-16 19:07 <DIR> d-------- C:\Documents and Settings\kristin\Programdata\TmpRecentIcons 2008-10-16 18:50 . 2008-10-16 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\lyhaxyle 2008-10-16 18:23 . 2008-09-05 01:52 0 --a------ C:\WINDOWS\system32\msupdater354.dat 2008-10-16 18:22 . 2008-10-16 18:22 <DIR> d-------- C:\Programfiler\Alwil Software 2008-09-30 22:36 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-09-23 18:53 . 2008-09-23 18:53 2,915,944 --a------ C:\WINDOWS\system32\drivers\appdrv01.sys 2008-09-23 18:53 . 2008-09-23 18:53 304,528 --a------ C:\WINDOWS\system32\appdrvrem01.exe 2008-09-22 22:27 . 2008-10-15 22:21 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\Pro Cycling Manager 2008 2008-09-22 22:13 . 2008-09-22 22:26 <DIR> d-------- C:\Programfiler\Cyanide 2008-09-21 16:46 . 2008-09-21 16:49 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\vlc . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-20 17:13 --------- d-----w C:\Documents and Settings\Mette\Programdata\uTorrent 2008-10-20 17:11 --------- d-----w C:\Programfiler\Clue 2008-10-19 20:57 --------- d-----w C:\Programfiler\CCleaner 2008-10-16 16:21 --------- d-----w C:\Documents and Settings\Mette\Programdata\EndNote 2008-10-13 21:20 --------- d-----w C:\Documents and Settings\kristin\Programdata\uTorrent 2008-09-30 20:50 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-09-22 13:19 --------- d-----w C:\Documents and Settings\kristin\Programdata\vlc 2008-09-21 20:05 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-09-21 19:56 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-09-21 15:03 --------- d-----w C:\Programfiler\SopCast 2008-09-21 14:39 --------- d-----w C:\Programfiler\VideoLAN 2008-09-07 16:13 --------- d-----w C:\Programfiler\Hannes Converter 2008-08-27 16:37 --------- d-----w C:\Programfiler\Telenor 2008-08-27 16:37 --------- d-----w C:\Documents and Settings\All Users\Programdata\Telenor 2008-08-26 17:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-04-03 11:28 47,104,562 ----a-w C:\Programfiler\FSAVWKS711.jar . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 155648] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 344064] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "F-Secure Manager"="C:\Programfiler\F-Secure\Common\FSM32.EXE" [2008-02-20 182936] "F-Secure TNB"="C:\Programfiler\F-Secure\FSGUI\TNBUtil.exe" [2008-02-20 895584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-09-21 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-09-21 21:56 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-11-15 14:11 267048 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Programfiler\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-11-15 11:46 204288 C:\Programfiler\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Java\\j2re1.4.2_03\\bin\\javaw.exe"= "C:\\WINDOWS\\system32\\javaw.exe"= "C:\\Programfiler\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "C:\\Programfiler\\utorrent\\utorrent.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\SopCast\\SopCast.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\PPMate\\ppmate.exe"= "C:\\Programfiler\\PPMate\\ppmnet.exe"= "C:\\Programfiler\\TVAnts\\Tvants.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "C:\\Programfiler\\Real\\RealPlayer\\realplay.exe"= "C:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\SopCast\\sopvod.exe"= "C:\\Programfiler\\BitTorrent\\btdownloadgui.exe"= "C:\\Programfiler\\Cyanide\\GameCenter\\GameCenter.exe"= "C:\\Programfiler\\Cyanide\\Pro Cycling Manager - Season 2008\\PCM.exe"= "C:\\Programfiler\\Cyanide\\Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15254:TCP"= 15254:TCP:BitComet 15254 TCP "15254:UDP"= 15254:UDP:BitComet 15254 UDP R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-23 2915944] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-02-20 62048] R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 80384] S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [ ] S4 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-02-20 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-02-20 25184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{088b6a6a-5c66-11da-9e3a-806d6172696f}] \Shell\AutoRun\command - E:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ebd9ff2-4bb8-11da-941f-0014a50d62dc}] \Shell\AutoRun\command - E:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40ac9936-6a48-11da-9e51-0014a50d62dc}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49ba46e1-2510-11da-8f8e-806d6172696f}] \shell\play\Command - "C:\Programfiler\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" . Contents of the 'Scheduled Tasks' folder 2008-04-07 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] 2008-04-07 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file) ShellExecuteHooks-{7BFC15A1-449A-4837-B2BB-9DA6A33F099E} - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Mette\Programdata\Mozilla\Firefox\Profiles\pe20te47.default\ FF -: plugin - C:\Programfiler\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\NPinfotl.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-21 17:20:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\WINDOWS\system32\scardsvr.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\system32\msdtc.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\BAsfIpM.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure\Anti-Virus\fsgk32.exe C:\Programfiler\F-Secure\common\FSMA32.EXE C:\Programfiler\DELL\NicConfigSvc\NicConfigSvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE C:\Programfiler\F-Secure\common\FSMB32.EXE C:\Programfiler\F-Secure\common\FCH32.EXE C:\Programfiler\F-Secure\common\FAMEH32.EXE C:\Programfiler\F-Secure\Anti-Virus\fsqh.exe C:\Programfiler\F-Secure\common\FNRB32.exe C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe C:\Programfiler\F-Secure\common\FIH32.exe C:\Programfiler\F-Secure\FSAUA\program\fsaua.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Apoint\ApntEx.exe C:\Programfiler\F-Secure\FSGUI\fsguidll.exe . ************************************************************************** . Completion time: 2008-10-21 17:26:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-21 15:26:31 ComboFix2.txt 2008-04-21 13:45:29 Pre-Run: 11,891,671,040 byte ledig Post-Run: 11,813,212,160 byte ledig 237 --- E O F --- 2008-10-01 21:53:55 MBAM: Jeg kjørte først en full scan, deretter oppdaget jeg at jeg ikke hadde den aller siste oppdateringen og kjørte en rask scan til. Begge loggene ligger her Gammel: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.29Database versjon: 1301 Windows 5.1.2600 Service Pack 2 21.10.2008 19:34:40 mbam-log-2008-10-21 (19-34-40).txt Skanntype: Full Skann (C:\|) Objekter skannet: 159290 Tid tilbakelagt: 1 hour(s), 30 minute(s), 29 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 2 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 7 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Qoobox\Quarantine\C\WINDOWS\esmf.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\epqamjon.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUmNGww.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP634\A0166872.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP634\A0166873.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP634\A0166876.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. MBAM ny: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.29Database versjon: 1303 Windows 5.1.2600 Service Pack 2 21.10.2008 20:25:44 mbam-log-2008-10-21 (20-25-44).txt Skanntype: Rask Skann Objekter skannet: 57036 Tid tilbakelagt: 9 minute(s), 17 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Og til slutt Hijackthis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:26:07, on 21.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\basfipm.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE C:\Programfiler\F-Secure\Common\FSMA32.EXE C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programfiler\F-Secure\Common\FSMB32.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\F-Secure\Common\FCH32.EXE C:\Programfiler\F-Secure\Common\FAMEH32.EXE C:\Programfiler\F-Secure\Anti-Virus\fsqh.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\F-Secure\Common\FNRB32.EXE C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe C:\Programfiler\F-Secure\Common\FIH32.EXE C:\Programfiler\F-Secure\FSAUA\program\fsaua.exe C:\Programfiler\Apoint\Apoint.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Apoint\Apntex.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\F-Secure\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\F-Secure\FSGUI\fsguidll.exe C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.140.160.26:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: InternetExplorer Class - {D1E45498-D865-4E91-A579-D0AAD8D3B5A4} - C:\Programfiler\Clue\Clue Add-in 7.0\Clue Addin.dll O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: CAISafe - Unknown owner - C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programfiler\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 7993 bytes . Håper noen kan se på dette. Det virker uansett som om det meste er på stell igjen nå, så takk for hjelpen så langt. Lenke til kommentar
r2d290 Skrevet 21. oktober 2008 Del Skrevet 21. oktober 2008 Da jobber jeg med saken Lenke til kommentar
r2d290 Skrevet 21. oktober 2008 Del Skrevet 21. oktober 2008 I og med at forumets wikipedia er nede, har jeg ikke tilgang på "standardtalene", så nøyaktigheten på beskjedene kan være noe redusert. Beklager dette... Gå til http://virusscan.jotti.org/ og last opp følgende filer. Deretter poster du resultatet inn i din neste post: C:\WINDOWS\system32\msupdater354.dat C:\Programfiler\FSAVWKS711.jar Kopier følgende innhold, og lim det inn i notisblokk/notisbok/notepad: File::C:\WINDOWS\system32\prfh0414.dat C:\WINDOWS\system32\prfc0414.dat Folder:: C:\Documents and Settings\All Users\Programdata\lyhaxyle LookDir:: C:\Documents and Settings\kristin\Programdata\TmpRecentIcons Lagre tekstdokumentet til skrivebordet som: CFScript Marker deretter CFScript-fila, og dra den over løveikonet til combofix. Combofix vil nå starte igjen. Kopier innholdet i loggen som combofix lager, og lim den inn hit. Lenke til kommentar
Petterla Skrevet 21. oktober 2008 Forfatter Del Skrevet 21. oktober 2008 Dette er resultatet fra online malware scan for C:\Programfiler\FSAVWKS711.jar Klikk for å se/fjerne innholdet nedenfor Scanner Malware nameA-Squared X AntiVir TR/Dropper.Gen ArcaVir X Avast X AVG Antivirus X BitDefender X ClamAV X CPsecure X Dr.Web X F-Prot Antivirus X F-Secure Anti-Virus X G DATA X Ikarus IM-Worm.Win32.Prex.D Kaspersky Anti-Virus X NOD32 X Norman Virus Control X Panda Antivirus X Sophos Antivirus X VirusBuster X VBA32 X For C:\WINDOWS\system32\msupdater354.dat fikk jeg feilbeskjed om at den ikke var mulig å laste opp grunnet en blokk av malware eller firewall. Jeg forsøkte uten firewall, det samme skjedde. combofixloggen: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-10-19.04 - Mette 2008-10-21 21:46:24.6 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.465 [GMT 2:00] Running from: C:\Documents and Settings\Mette\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Mette\Skrivebord\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\prfc0414.dat C:\WINDOWS\system32\prfh0414.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata\lyhaxyle C:\WINDOWS\system32\prfc0414.dat C:\WINDOWS\system32\prfh0414.dat . ((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 ))))))))))))))))))))))))))))))) . 2008-10-21 20:38 . 2008-10-21 20:38 <DIR> d-------- C:\Documents and Settings\kristin\Programdata\Malwarebytes 2008-10-21 17:29 . 2008-10-21 17:29 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-21 17:29 . 2008-10-21 17:29 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\Malwarebytes 2008-10-21 17:29 . 2008-10-21 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-21 17:29 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-21 17:29 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-20 23:08 . 2008-10-20 23:08 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\F-Secure 2008-10-20 23:07 . 2008-10-20 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\F-Secure 2008-10-20 23:06 . 2008-10-20 23:07 <DIR> d-------- C:\Programfiler\F-Secure 2008-10-20 20:58 . 2008-10-21 21:44 <DIR> dr-h----- C:\Documents and Settings\Mette\Siste 2008-10-16 21:16 . 2008-10-16 21:16 <DIR> d-------- C:\Documents and Settings\kristin\Programdata\SUPERAntiSpyware.com 2008-10-16 18:23 . 2008-09-05 01:52 0 --a------ C:\WINDOWS\system32\msupdater354.dat 2008-10-16 18:22 . 2008-10-16 18:22 <DIR> d-------- C:\Programfiler\Alwil Software 2008-09-30 22:36 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-09-23 18:53 . 2008-09-23 18:53 2,915,944 --a------ C:\WINDOWS\system32\drivers\appdrv01.sys 2008-09-23 18:53 . 2008-09-23 18:53 304,528 --a------ C:\WINDOWS\system32\appdrvrem01.exe 2008-09-22 22:27 . 2008-10-21 21:37 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\Pro Cycling Manager 2008 2008-09-22 22:13 . 2008-09-22 22:26 <DIR> d-------- C:\Programfiler\Cyanide 2008-09-21 16:46 . 2008-09-21 16:49 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\vlc . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-21 17:46 --------- d-----w C:\Programfiler\PPMate 2008-10-21 17:29 --------- d-----w C:\Programfiler\Clue 2008-10-21 15:42 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-10-20 17:13 --------- d-----w C:\Documents and Settings\Mette\Programdata\uTorrent 2008-10-19 20:57 --------- d-----w C:\Programfiler\CCleaner 2008-10-16 16:21 --------- d-----w C:\Documents and Settings\Mette\Programdata\EndNote 2008-10-13 21:20 --------- d-----w C:\Documents and Settings\kristin\Programdata\uTorrent 2008-09-30 20:50 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-09-22 13:19 --------- d-----w C:\Documents and Settings\kristin\Programdata\vlc 2008-09-21 19:56 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-09-21 15:03 --------- d-----w C:\Programfiler\SopCast 2008-09-21 14:39 --------- d-----w C:\Programfiler\VideoLAN 2008-09-07 16:13 --------- d-----w C:\Programfiler\Hannes Converter 2008-08-27 16:37 --------- d-----w C:\Programfiler\Telenor 2008-08-27 16:37 --------- d-----w C:\Documents and Settings\All Users\Programdata\Telenor 2008-08-26 17:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-04-03 11:28 47,104,562 ----a-w C:\Programfiler\FSAVWKS711.jar . ((((((((((((((((((((((((((((( snapshot@2008-10-21_17.26.04.78 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-21 17:48:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7c4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 155648] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 344064] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "F-Secure Manager"="C:\Programfiler\F-Secure\Common\FSM32.EXE" [2008-02-20 182936] "F-Secure TNB"="C:\Programfiler\F-Secure\FSGUI\TNBUtil.exe" [2008-02-20 895584] "Malwarebytes Anti-Malware (reboot)"="C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-16 1257104] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-09-21 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-09-21 21:56 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-11-15 14:11 267048 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Programfiler\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-11-15 11:46 204288 C:\Programfiler\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Java\\j2re1.4.2_03\\bin\\javaw.exe"= "C:\\WINDOWS\\system32\\javaw.exe"= "C:\\Programfiler\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "C:\\Programfiler\\utorrent\\utorrent.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\SopCast\\SopCast.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\PPMate\\ppmate.exe"= "C:\\Programfiler\\PPMate\\ppmnet.exe"= "C:\\Programfiler\\TVAnts\\Tvants.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "C:\\Programfiler\\Real\\RealPlayer\\realplay.exe"= "C:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\SopCast\\sopvod.exe"= "C:\\Programfiler\\BitTorrent\\btdownloadgui.exe"= "C:\\Programfiler\\Cyanide\\GameCenter\\GameCenter.exe"= "C:\\Programfiler\\Cyanide\\Pro Cycling Manager - Season 2008\\PCM.exe"= "C:\\Programfiler\\Cyanide\\Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15254:TCP"= 15254:TCP:BitComet 15254 TCP "15254:UDP"= 15254:UDP:BitComet 15254 UDP R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-23 2915944] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-02-20 62048] R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 80384] S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [ ] S4 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-02-20 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-02-20 25184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{088b6a6a-5c66-11da-9e3a-806d6172696f}] \Shell\AutoRun\command - E:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ebd9ff2-4bb8-11da-941f-0014a50d62dc}] \Shell\AutoRun\command - E:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40ac9936-6a48-11da-9e51-0014a50d62dc}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49ba46e1-2510-11da-8f8e-806d6172696f}] \shell\play\Command - "C:\Programfiler\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-04-07 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] 2008-04-07 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-21 21:49:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-21 21:51:25 ComboFix-quarantined-files.txt 2008-10-21 19:51:20 ComboFix2.txt 2008-10-21 18:54:49 ComboFix3.txt 2008-10-21 15:26:40 ComboFix4.txt 2008-04-21 13:45:29 Pre-Run: 11 660 951 552 byte ledig Post-Run: 11,640,672,256 byte ledig 177 --- E O F --- 2008-10-01 21:53:55 Og igjen, tusen hjertlig takk for hjelpen. Det er bare å sende en pm med adresse så kommer det en blomst på døren Lenke til kommentar
r2d290 Skrevet 21. oktober 2008 Del Skrevet 21. oktober 2008 Tror du limte inn feil område på jotti-siden... Resultatet bør bli noe ala: Scanner results Scan taken on 21 Oct 2008 20:17:15 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Lenke til kommentar
r2d290 Skrevet 21. oktober 2008 Del Skrevet 21. oktober 2008 Ops, gjorde en liten feil... lag nytt CFScript med koden: DirLook:: C:\Documents and Settings\kristin\Programdata\TmpRecentIcons Lenke til kommentar
Petterla Skrevet 22. oktober 2008 Forfatter Del Skrevet 22. oktober 2008 Begynner å bli litt gammel nå, så jeg måtte legge meg før den siste posten der kom. Jeg skal gjøre dette igjen så fort jeg kommer hjem. Nok en gang. Takker så mye for hjelpen Lenke til kommentar
r2d290 Skrevet 22. oktober 2008 Del Skrevet 22. oktober 2008 Vent med å takke til vi har løst problemet Lenke til kommentar
Petterla Skrevet 22. oktober 2008 Forfatter Del Skrevet 22. oktober 2008 da kommer en ny combofixlog: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-10-19.04 - Mette 2008-10-22 18:06:04.7 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.579 [GMT 2:00] Running from: C:\Documents and Settings\Mette\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Mette\Skrivebord\cfscript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 ))))))))))))))))))))))))))))))) . 2008-10-21 20:38 . 2008-10-21 20:38 <DIR> d-------- C:\Documents and Settings\kristin\Programdata\Malwarebytes 2008-10-21 17:29 . 2008-10-21 17:29 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-21 17:29 . 2008-10-21 17:29 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\Malwarebytes 2008-10-21 17:29 . 2008-10-21 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-21 17:29 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-21 17:29 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-20 23:08 . 2008-10-20 23:08 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\F-Secure 2008-10-20 23:07 . 2008-10-20 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\F-Secure 2008-10-20 23:06 . 2008-10-20 23:07 <DIR> d-------- C:\Programfiler\F-Secure 2008-10-20 20:58 . 2008-10-22 17:48 <DIR> dr-h----- C:\Documents and Settings\Mette\Siste 2008-10-16 21:16 . 2008-10-16 21:16 <DIR> d-------- C:\Documents and Settings\kristin\Programdata\SUPERAntiSpyware.com 2008-10-16 18:23 . 2008-09-05 01:52 0 --a------ C:\WINDOWS\system32\msupdater354.dat 2008-10-16 18:22 . 2008-10-16 18:22 <DIR> d-------- C:\Programfiler\Alwil Software 2008-09-30 22:36 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-09-23 18:53 . 2008-09-23 18:53 2,915,944 --a------ C:\WINDOWS\system32\drivers\appdrv01.sys 2008-09-23 18:53 . 2008-09-23 18:53 304,528 --a------ C:\WINDOWS\system32\appdrvrem01.exe 2008-09-22 22:27 . 2008-10-22 17:45 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\Pro Cycling Manager 2008 2008-09-22 22:13 . 2008-09-22 22:26 <DIR> d-------- C:\Programfiler\Cyanide . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-22 15:01 --------- d-----w C:\Programfiler\Clue 2008-10-21 17:46 --------- d-----w C:\Programfiler\PPMate 2008-10-21 15:42 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-10-20 17:13 --------- d-----w C:\Documents and Settings\Mette\Programdata\uTorrent 2008-10-19 20:57 --------- d-----w C:\Programfiler\CCleaner 2008-10-16 16:21 --------- d-----w C:\Documents and Settings\Mette\Programdata\EndNote 2008-10-13 21:20 --------- d-----w C:\Documents and Settings\kristin\Programdata\uTorrent 2008-09-30 20:50 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-09-22 13:19 --------- d-----w C:\Documents and Settings\kristin\Programdata\vlc 2008-09-21 19:56 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-09-21 15:03 --------- d-----w C:\Programfiler\SopCast 2008-09-21 14:49 --------- d-----w C:\Documents and Settings\Mette\Programdata\vlc 2008-09-21 14:39 --------- d-----w C:\Programfiler\VideoLAN 2008-09-07 16:13 --------- d-----w C:\Programfiler\Hannes Converter 2008-08-27 16:37 --------- d-----w C:\Programfiler\Telenor 2008-08-27 16:37 --------- d-----w C:\Documents and Settings\All Users\Programdata\Telenor 2008-08-26 17:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\Documents and Settings\kristin\Programdata\TmpRecentIcons ---- C:\Documents and Settings\kristin\Programdata\TmpRecentIcons\ ((((((((((((((((((((((((((((( snapshot@2008-10-21_17.26.04.78 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-22 14:50:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7c0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 155648] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 344064] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "F-Secure Manager"="C:\Programfiler\F-Secure\Common\FSM32.EXE" [2008-02-20 182936] "F-Secure TNB"="C:\Programfiler\F-Secure\FSGUI\TNBUtil.exe" [2008-02-20 895584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-09-21 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-09-21 21:56 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-11-15 14:11 267048 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Programfiler\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-11-15 11:46 204288 C:\Programfiler\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Java\\j2re1.4.2_03\\bin\\javaw.exe"= "C:\\WINDOWS\\system32\\javaw.exe"= "C:\\Programfiler\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "C:\\Programfiler\\utorrent\\utorrent.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\SopCast\\SopCast.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\PPMate\\ppmate.exe"= "C:\\Programfiler\\PPMate\\ppmnet.exe"= "C:\\Programfiler\\TVAnts\\Tvants.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "C:\\Programfiler\\Real\\RealPlayer\\realplay.exe"= "C:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\SopCast\\sopvod.exe"= "C:\\Programfiler\\BitTorrent\\btdownloadgui.exe"= "C:\\Programfiler\\Cyanide\\GameCenter\\GameCenter.exe"= "C:\\Programfiler\\Cyanide\\Pro Cycling Manager - Season 2008\\PCM.exe"= "C:\\Programfiler\\Cyanide\\Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15254:TCP"= 15254:TCP:BitComet 15254 TCP "15254:UDP"= 15254:UDP:BitComet 15254 UDP R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-23 2915944] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-02-20 62048] R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 80384] S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [ ] S4 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-02-20 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-02-20 25184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{088b6a6a-5c66-11da-9e3a-806d6172696f}] \Shell\AutoRun\command - E:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ebd9ff2-4bb8-11da-941f-0014a50d62dc}] \Shell\AutoRun\command - E:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40ac9936-6a48-11da-9e51-0014a50d62dc}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49ba46e1-2510-11da-8f8e-806d6172696f}] \shell\play\Command - "C:\Programfiler\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" . Contents of the 'Scheduled Tasks' folder 2008-04-07 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] 2008-04-07 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-22 18:10:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-22 18:13:04 ComboFix-quarantined-files.txt 2008-10-22 16:12:58 ComboFix2.txt 2008-10-21 19:51:27 ComboFix3.txt 2008-10-21 18:54:49 ComboFix4.txt 2008-10-21 15:26:40 ComboFix5.txt 2008-10-22 16:05:13 Pre-Run: 11 711 508 480 byte ledig Post-Run: 11,689,644,032 byte ledig 170 --- E O F --- 2008-10-01 21:53:55 anngående de to filene over, så fikk jeg ikke lastet dem opp noen av dem. Den ene (på 44 m slettet jeg), den andre er på 0 byte, og gir den samme feilmeldingen. Og, jo, det er virkelig verdt å takke når noen hjelper en med et problem. Så får du heller få en klem når det er bra Lenke til kommentar
r2d290 Skrevet 23. oktober 2008 Del Skrevet 23. oktober 2008 Hallo. Mappen C:\Documents and Settings\kristin\Programdata\TmpRecentIcons er tom, og kan slettes Er fortsatt usikker på disse to filene: C:\WINDOWS\system32\msupdater354.dat C:\Programfiler\FSAVWKS711.jar Du kan prøve å endre filetternavn på dem, så de heter f.eks: C:\WINDOWS\system32\msupdater354.dat.vir C:\Programfiler\FSAVWKS711.jar.vir Det vil gjøre at filene ikke fungerer som de skal. Hvis du ikke merker noen problem etter en uke eller to, kan du slette disse filene. Ellers ser loggene fine ut. Merker du noen problemer? Lenke til kommentar
Petterla Skrevet 26. oktober 2008 Forfatter Del Skrevet 26. oktober 2008 Hei. Nå kan jeg i hvertfall si takk tror jeg. Alt virker å være helt på stell her nå. Setter på en løst jeg. Og, igjen, tusen takk for hjelpen. Lenke til kommentar
r2d290 Skrevet 26. oktober 2008 Del Skrevet 26. oktober 2008 (endret) Bare hygglig ...også er det bare å komme tilbake hvis det skulle være noe mer. Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /uPS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. (Hvor blir det av den klemmen du lovte? ) -Surf trygt- Endret 26. oktober 2008 av r2d290 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå