tranzer Skrevet 10. november 2007 Del Skrevet 10. november 2007 Hei.. Det var asso sånn at jeg drev å snakka med en venn av meg så plutselig kom det sånn here is my fotoalbum of my friends og sånt og så kom det en liten zip fil på 25kb.. så godtokk jeg da =/ og så var det virus da.. Så det jeg lurte på er om det er noen av dere som har fått dette.. eller hvordan jeg kan fjerne denne Takker for all svar Lenke til kommentar
norbat Skrevet 10. november 2007 Del Skrevet 10. november 2007 Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
tranzer Skrevet 10. november 2007 Forfatter Del Skrevet 10. november 2007 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:24:40, on 10.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system\lsass.exe C:\WINDOWS\system\lsass.exe C:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe D:\Programmer\BearShare\BearShare.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Ripper-90\Desktop\HJJ\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [shdef] C:\WINDOWS\shdef.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Lsass Services] C:\WINDOWS\system\lsass.exe O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 3008 bytes Lenke til kommentar
norbat Skrevet 10. november 2007 Del Skrevet 10. november 2007 Last ned SDFix til skrivebordet. Dobbeltklikk på SDFix.exe og det vil pakke seg ut til ei mappe i C:\SDFix Restart PC-en i sikker modus (tapp F8 under oppstart, velg sikker modus) Åpne SDFix-mappa og dobbeltklikk på 'RunThis.bat' for å starte programmet Velg Y for å starte rensingen PC-en vil restarte, og SDFix vil fortsette. Når SDFix er ferdig poster du loggen den lager + ny hjt-logg. Lenke til kommentar
tranzer Skrevet 11. november 2007 Forfatter Del Skrevet 11. november 2007 hmm hvor finner jeg loggen til SDFix da, men iaffal her er den hjt-loggen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:07:25, on 11.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Ripper-90\Desktop\HJJ\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second O4 - HKLM\..\RunOnce: [sDFix] C:\SDFix\RunThis.bat /second O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 2312 bytes Lenke til kommentar
tranzer Skrevet 11. november 2007 Forfatter Del Skrevet 11. november 2007 syr den kom opp nå omg men dette er iaffal SDFix Report SDFix: Version 1.114 Run by Ripper-90 on 11.11.2007 at 13:01 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\DOCUME~1\RIPPER~1\LOCALS~1\Temp\abc123.pid - Deleted C:\DOCUME~1\RIPPER~1\LOCALS~1\Temp\uninstall.exe - Deleted C:\WINDOWS\IMG-0012.zip - Deleted C:\WINDOWS\nkit.dll - Deleted C:\WINDOWS\offlog.txt - Deleted C:\WINDOWS\scvhost.exe - Deleted C:\WINDOWS\shdef.exe - Deleted C:\WINDOWS\system\lsass.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 13:09:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:14,be,ad,c8,8c,f5,88,ac,6f,0f,44,a8,a7,34,c2,f2,db,e9,2c,d8,a2,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001] "a0"=hex:20,01,00,00,56,a2,46,36,3f,78,ae,15,42,5a,3d,d4,46,f6,ad,41,18,.. "khjeh"=hex:4b,61,c5,f6,35,d4,b4,a7,7b,83,af,7d,df,74,f8,57,c3,c9,dd,5f,1f,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40] "khjeh"=hex:ac,d3,1e,06,7e,34,98,08,30,b2,2b,03,62,7f,15,fb,6b,3a,f5,f3,bc,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:14,be,ad,c8,8c,f5,88,ac,6f,0f,44,a8,a7,34,c2,f2,db,e9,2c,d8,a2,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001] "a0"=hex:20,01,00,00,56,a2,46,36,3f,78,ae,15,42,5a,3d,d4,46,f6,ad,41,18,.. "khjeh"=hex:4b,61,c5,f6,35,d4,b4,a7,7b,83,af,7d,df,74,f8,57,c3,c9,dd,5f,1f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40] "khjeh"=hex:ac,d3,1e,06,7e,34,98,08,30,b2,2b,03,62,7f,15,fb,6b,3a,f5,f3,bc,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD49D856-2FC7-E6F6-4C4E-3917D9CFE221}] "ablbiibgdidooonfoplabkbfjgocnkhhkg"=hex:65,62,6c,62,64,70,6d,61,69,6e,65,6c,69,63,64,67,66,6d,6b,66,65,.. "bblbiibgdidooonfopeaajmghbjpdijegjol"=hex:61,62,67,65,6f,66,6e,69,64,6d,61,69,68,69,70,66,68,63,63,64,70,.. scanning hidden files ... C:\Documents and Settings\Ripper-90\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{ABCFA304-D215-049B-E93E-0C4643471CF3}\16\16-{E62CB03C-BCB1-4E96-8B89-907C555A5F75}-v16-{E62CB03C-BCB1-4E96-8B89-907C555A5F75}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1207614 bytes hidden from API C:\Documents and Settings\Ripper-90\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{ABCFA304-D215-049B-E93E-0C4643471CF3}\16\16-{E62CB03C-BCB1-4E96-8B89-907C555A5F75}-v16-{E62CB03C-BCB1-4E96-8B89-907C555A5F75}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 85314 bytes hidden from API C:\Documents and Settings\Ripper-90\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{ABCFA304-D215-049B-E93E-0C4643471CF3}\16\16-{E62CB03C-BCB1-4E96-8B89-907C555A5F75}-v16-{E62CB03C-BCB1-4E96-8B89-907C555A5F75}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3 6114 bytes hidden from API C:\Documents and Settings\Ripper-90\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{ABCFA304-D215-049B-E93E-0C4643471CF3}\16\16-{E62CB03C-BCB1-4E96-8B89-907C555A5F75}-v16-{E62CB03C-BCB1-4E96-8B89-907C555A5F75}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 134240 bytes hidden from API scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 4 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"="C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe:*:Enabled:VoipDiscount" "D:\\Programmer\\Steam\\steamapps\\alban2k\\counter-strike\\hl.exe"="D:\\Programmer\\Steam\\steamapps\\alban2k\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "D:\\Programmer\\Azureus\\Azureus.exe"="D:\\Programmer\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "D:\\Programmer\\BearShare\\BearShare.exe"="D:\\Programmer\\BearShare\\BearShare.exe:*:Enabled:BearShare" "D:\\Programmer\\mirc\\mirc.exe"="D:\\Programmer\\mirc\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer" "D:\\DOWNLOAD\\asd\\TF2_Nosteam\\TF2 Game\\hl2.exe"="D:\\DOWNLOAD\\asd\\TF2_Nosteam\\TF2 Game\\hl2.exe:*:Enabled:hl2" "D:\\Spill\\BF\\BF2.exe"="D:\\Spill\\BF\\BF2.exe:*:Enabled:Battlefield 2" "C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Enabled:Wish Application" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client" "D:\\Programmer\\Steam\\Steam.exe"="D:\\Programmer\\Steam\\Steam.exe:*:Enabled:Steam" "C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.exe:*:Enabled:Microsoft Windows" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App" "C:\\Program Files\\KVIrc\\kvirc.exe"="C:\\Program Files\\KVIrc\\kvirc.exe:*:Enabled:kvirc" "C:\\WINDOWS\\system\\lsass.exe"="C:\\WINDOWS\\system\\lsass.exe:*:Enabled:Windows Sharing" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Sun 7 Oct 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe" Sat 20 Oct 2007 888 ...HR --- "C:\Documents and Settings\Ripper-90\Application Data\SecuROM\UserData\securom_v7_01.bak" Finished! Lenke til kommentar
norbat Skrevet 11. november 2007 Del Skrevet 11. november 2007 Kunne du lage hjt-loggen fra normal tilstand? Lenke til kommentar
tranzer Skrevet 11. november 2007 Forfatter Del Skrevet 11. november 2007 mener ?? når jeg ikke er i safe boot ? Lenke til kommentar
norbat Skrevet 11. november 2007 Del Skrevet 11. november 2007 Ja, la PC-en start opp vanlig. Derfra lager du en hjt-logg. Lenke til kommentar
tranzer Skrevet 11. november 2007 Forfatter Del Skrevet 11. november 2007 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:51:28, on 11.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CursorXP\CursorXP.exe C:\Documents and Settings\Ripper-90\Desktop\HJJ\HijackThis.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\wscntfy.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 2437 bytes Lenke til kommentar
norbat Skrevet 11. november 2007 Del Skrevet 11. november 2007 Ser greit ut dette. Hvordan kjører pc? Vi kan ta en liten sjekk til: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt). Lenke til kommentar
tranzer Skrevet 11. november 2007 Forfatter Del Skrevet 11. november 2007 ComboFix 07-11-08.1 - Ripper-90 2007-11-11 18:23:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.601 [GMT 1:00] Running from: C:\Documents and Settings\Ripper-90\Desktop\combo\ComboFix.exe * Created a new restore point . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\sfsync02.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SFSYNC02 -------\sfsync02 ((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))) . 2007-11-11 18:22 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-11 13:01 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-09 23:10 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-04 22:29 <DIR> d-------- C:\Documents and Settings\Ripper-90\download 2007-11-04 22:29 <DIR> d-------- C:\Documents and Settings\Ripper-90\.kvirc 2007-11-04 22:28 <DIR> d-------- C:\Program Files\KVIrc 2007-11-04 14:59 <DIR> d-------- C:\Program Files\Real 2007-11-04 14:59 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-11-04 14:59 <DIR> d-------- C:\Program Files\Common Files\Real 2007-11-04 14:55 <DIR> d-------- C:\My Downloads 2007-10-30 22:17 <DIR> d-------- C:\Documents and Settings\Ripper-90\Application Data\AdobeUM 2007-10-30 22:10 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-10-28 14:41 <DIR> d-------- C:\Program Files\DivX 2007-10-24 20:27 1,156 --a------ C:\WINDOWS\mozver.dat 2007-10-24 17:07 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-22 19:43 <DIR> d-------- C:\WINDOWS\vbSkinner 2007-10-21 16:17 <DIR> d-------- C:\Documents and Settings\Ripper-90\Application Data\Media Player Classic 2007-10-19 15:55 <DIR> dr-h----- C:\Documents and Settings\Ripper-90\Application Data\SecuROM 2007-10-19 15:55 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-10-12 22:06 8,512 --ah----- C:\WINDOWS\system32\mlfcache.dat 2007-10-12 18:13 <DIR> d-------- C:\Program Files\Gabest . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-11 17:25 --------- d-----w C:\Documents and Settings\Ripper-90\Application Data\Azureus 2007-11-10 14:55 --------- d-----w C:\Program Files\Azureus 2007-11-09 22:10 --------- d-----w C:\Documents and Settings\Ripper-90\Application Data\Lavasoft 2007-11-03 23:14 --------- d-----w C:\Program Files\SpeedFan 2007-11-01 19:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-01 15:28 --------- d-----w C:\Documents and Settings\Ripper-90\Application Data\Skype 2007-10-12 11:41 --------- d-----w C:\Documents and Settings\Ripper-90\Application Data\Hamachi 2007-10-07 19:09 --------- d-----w C:\Program Files\Project64 v1.5 2007-10-05 10:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-04 23:31 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-10-04 23:14 --------- d-----w C:\Program Files\Hamachi 2007-10-04 21:31 --------- d-----w C:\Program Files\Common Files\Stardock 2007-10-04 20:58 --------- d-----w C:\Program Files\Stardock 2007-10-04 20:56 --------- d-----w C:\Program Files\CursorXP 2007-10-04 17:35 --------- d-----w C:\Documents and Settings\Ripper-90\Application Data\JLC's Software 2007-10-04 17:34 --------- d-----w C:\Program Files\JLC's Software 2007-10-04 15:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-10-04 13:50 --------- d-----w C:\Program Files\Creative 2007-09-30 13:24 --------- d-----w C:\Documents and Settings\Ripper-90\Application Data\Ventrilo 2007-09-29 18:05 --------- d-----w C:\Documents and Settings\Ripper-90\Application Data\Creative 2007-09-27 05:49 --------- d-----w C:\Program Files\XviD 2007-09-26 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool 2007-09-26 21:37 --------- d-----w C:\Documents and Settings\Ripper-90\Application Data\vlc 2007-09-26 21:36 --------- d-----w C:\Program Files\VideoLAN 2007-09-26 16:52 --------- d-----w C:\Program Files\Skype 2007-09-26 16:52 --------- d-----w C:\Program Files\Common Files\Skype 2007-09-26 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-09-26 08:59 --------- d-----w C:\Documents and Settings\Ripper-90\Application Data\VoipDiscount 2007-09-26 08:58 --------- d-----w C:\Program Files\DAEMON Tools 2007-09-25 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-09-25 16:59 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-09-25 16:59 --------- d-----w C:\Program Files\Java 2007-09-25 16:53 --------- d-----w C:\Program Files\Common Files\Java 2007-09-25 16:49 --------- d-----w C:\Program Files\PowerISO 2007-09-25 16:40 --------- d-----w C:\Program Files\VoipDiscount.com 2007-09-25 16:31 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-25 16:24 --------- d-----w C:\Program Files\MSN Messenger 2007-09-25 16:06 --------- d-----w C:\Program Files\Realtek Sound Manager 2007-09-25 16:06 --------- d-----w C:\Program Files\Intel 2007-09-25 16:06 --------- d-----w C:\Program Files\AvRack 2007-09-25 16:00 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-05-14 08:47 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 16:14] "nwiz"="nwiz.exe" [2007-10-04 16:14 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 16:14] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VoipDiscount"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2006-12-14 14:18] "CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ripper-90^Start Menu^Programs^Startup^hamachi.lnk] backup=C:\WINDOWS\pss\hamachi.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ripper-90^Start Menu^Programs^Startup^Stardock ObjectDock.lnk] backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP] C:\Program Files\CursorXP\CursorXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys S3 RivaTuner32;RivaTuner32;\??\D:\Programmer\Riva Tuner\RivaTuner v2.06\RivaTuner32.sys S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 18:26:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-11 18:26:59 - machine was rebooted . --- E O F --- Lenke til kommentar
norbat Skrevet 11. november 2007 Del Skrevet 11. november 2007 Fint. Hvordan virker ting og tang nå? Lenke til kommentar
Gjest Slettet+19283741 Skrevet 11. november 2007 Del Skrevet 11. november 2007 (endret) Jeg fikk også en fil via msn for noen mnd siden med en bat eller exe fil, husker ikke helt. Men tror det var et virus. Noen som kan se om det er noe som lurer på systemet mitt? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:40:05, on 11.11.2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16546) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Winamp Remote\bin\orbtray.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\McAfee\MSK\mskagent.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Winamp Remote\bin\Orb.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\WDBtnMgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Opera\Opera.exe C:\Windows\system32\conime.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\RMClock\RMClock.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [] rem O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: RightMark CPU Clock Utility.lnk = C:\Program Files\RMClock\RMClock.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe -- End of file - 8910 bytes Endret 11. november 2007 av Slettet+19283741 Lenke til kommentar
tranzer Skrevet 11. november 2007 Forfatter Del Skrevet 11. november 2007 ja du fikk det du å ja.. var det sånn at se på mine bilder av mine venner eller noe så kom det en sånn zip fil på 25kb ? Lenke til kommentar
norbat Skrevet 11. november 2007 Del Skrevet 11. november 2007 Var ikke all verden å se i den loggen, milleniam Denne, O4 - HKLM\..\Run: [] rem, har jeg ikke sett før. Finner forøvrig lite info om den, så ta og fix den vha. hjt. Hvis du ikke opplever noe 'uvanlig', så tror jeg du bare kan kjøre en scan med av-programmet ditt og hvis det ikke finner noe så kan du ta det med ro. Lenke til kommentar
Gjest Slettet+19283741 Skrevet 11. november 2007 Del Skrevet 11. november 2007 ja du fikk det du å ja.. var det sånn at se på mine bilder av mine venner eller noe så kom det en sånn zip fil på 25kb ? Fikk en zip fil først ja. Hva er det viruset gjør egentlig? Kun å videreformidle det? Lenke til kommentar
tranzer Skrevet 12. november 2007 Forfatter Del Skrevet 12. november 2007 det begynte å lægge ved msn at det begynte å komme sånne popupps osv.. slitsomt =/ Lenke til kommentar
Gjest Slettet+19283741 Skrevet 12. november 2007 Del Skrevet 12. november 2007 det begynte å lægge ved msn at det begynte å komme sånne popupps osv.. slitsomt =/ Jeg har ikke hatt det slik. Med nærmere ettertanke så mener jeg å huske at jeg kjørte en scan med avg også fjerna den viruset. Lenke til kommentar
tranzer Skrevet 12. november 2007 Forfatter Del Skrevet 12. november 2007 jeg kjører den med Registry Mechanic.. så jeg har en spm til Norbat.. er det en bra antivirus ? eller har du en bedre ? en som tar vekk de store ikke bare sånne småe bugs Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå