kristianguffen Skrevet 10. januar 2008 Del Skrevet 10. januar 2008 (endret) Her er combofix-loggen min: ComboFix 08-01-10.2 - Ragnhild 2008-01-10 19:54:38.1 - FAT32x86 Running from: C:\Documents and Settings\Ragnhild\Lokale innstillinger\Temporary Internet Files\Content.IE5\1FNT7HZ8\ComboFix[1].exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\NFU A-A 3\err.log C:\WINDOWS\system32\autorun.ini C:\WINDOWS\system32\stera.log . ((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))) . 2008-01-10 19:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-10 18:42 . 2008-01-10 18:42 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-01-10 18:42 . 2008-01-10 18:42 <DIR> d-------- C:\Documents and Settings\Ragnhild\Programdata\SUPERAntiSpyware.com 2008-01-10 18:42 . 2008-01-10 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-10 18:41 . 2008-01-10 18:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-10 18:37 . 2008-01-10 18:37 <DIR> dr-h----- C:\Documents and Settings\Ragnhild\Siste 2008-01-10 18:34 . 2008-01-10 18:34 <DIR> d-------- C:\Programfiler\CCleaner 2008-01-10 16:40 . 2008-01-10 16:40 <DIR> d-------- C:\Programfiler\iTunes 2008-01-10 16:40 . 2008-01-10 16:40 <DIR> d-------- C:\Programfiler\iPod 2008-01-10 16:40 . 2008-01-10 16:40 <DIR> d-------- C:\Documents and Settings\Ragnhild\Programdata\Apple Computer 2008-01-10 16:40 . 2008-01-10 19:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-10 16:40 . 2008-01-10 16:40 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-10 16:38 . 2008-01-10 16:38 <DIR> d-------- C:\Programfiler\QuickTime 2008-01-10 16:34 . 2008-01-10 16:34 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-01-10 16:30 . 2008-01-10 16:30 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-01-04 19:00 . 2008-01-04 19:00 <DIR> d-------- C:\Documents and Settings\NFU A-A 3\Programdata\castdrawface 2008-01-02 21:25 . 2008-01-02 21:25 268 --ah----- C:\sqmdata08.sqm 2008-01-02 21:25 . 2008-01-02 21:25 244 --ah----- C:\sqmnoopt08.sqm 2007-12-27 19:09 . 2007-12-27 19:09 <DIR> d-------- C:\Programfiler\Circle Developement 2007-12-27 19:09 . 2007-12-27 19:09 <DIR> d-------- C:\Programfiler\castdrawface 2007-12-27 19:09 . 2007-12-27 19:09 <DIR> d-------- C:\Documents and Settings\Ragnhild\Programdata\castdrawface 2007-12-27 19:09 . 2007-12-27 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\file joy proc deaf 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-06 13:58 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-10-30 10:20 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:57 8,460,800 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-11 06:14 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll 2007-10-11 06:14 658,944 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-11 06:14 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-11 06:14 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-11 06:14 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-11 06:14 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-10-11 06:14 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-11 06:14 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-10-11 06:14 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-10-11 06:14 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-10-11 06:14 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-11 06:14 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-11 06:14 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-10-11 06:14 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-11 06:14 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-10-11 06:14 1,054,720 ----a-w C:\WINDOWS\system32\dllcache\danim.dll 2007-10-11 06:14 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll 2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 14:17 192512] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768] "LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768] "PowerKey"="C:\Programfiler\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208] "LManager"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632] "CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480] "LMgrOSD"="C:\Programfiler\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664] "Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2005-07-25 13:34 81920] "eRecoveryService"="C:\Programfiler\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26 352256] "EEventManager"="C:\Programfiler\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 14:09 102400] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2006-10-16 16:16 26248] "Proc Deaf Delete Peak"="C:\Documents and Settings\All Users\Programdata\file joy proc deaf\link mapi.exe" [2008-01-10 19:49 1529344] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-12-11 10:56 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys [2005-10-07 10:49] R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14] R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07] R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-10-16 16:16] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08] R2 int15.sys;int15.sys;C:\Programfiler\Acer\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 POWERKEY;POWERKEY;C:\Programfiler\Launch Manager\POWERKEY.sys [2000-12-19 18:29] S0 wasfsd;wasfsd;C:\WINDOWS\system32\drivers\wasfsd.sys [] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 Boonty Games;Boonty Games;"C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe" [2007-03-28 15:04] *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-11-28 15:14:56 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - NFU A-A 3.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exec/TASK: "2008-01-10 18:00:08 C:\WINDOWS\Tasks\B131F8DF919668CF.job" - c:\docume~1\ragnhild\progra~1\castdr~1\Support Tick User.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-10 19:56:52 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-10 19:57:20 ComboFix-quarantined-files.txt 2008-01-10 18:57:18 . 2007-12-31 20:01:05 --- E O F --- Endret 13. januar 2008 av Skagen Tre-ords-regelen. Lenke til kommentar
kristianguffen Skrevet 10. januar 2008 Forfatter Del Skrevet 10. januar 2008 (endret) Her er SAS-loggen: SUPERAntiSpyware Scan Log <a href="http://www.superantispyware.com" target="_blank"><a href="http://www.superantispyware.com" target="_blank">http://www.superantispyware.com</a></a> Generated 01/10/2008 at 07:28 PM Application Version : 3.9.1008 Core Rules Database Version : 3259 Trace Rules Database Version: 1270 Scan type : Complete Scan Total Scan Time : 00:44:07 Memory items scanned : 525 Memory threats detected : 0 Registry items scanned : 4505 Registry threats detected : 0 File items scanned : 31862 File threats detected : 107 Trojan.ErrorSafe C:\WINDOWS\SYSTEM32\ERRORSAFESETUP.EXE Malware.DriveCleaner C:\WINDOWS\DOWNLOADED PROGRAM FILES\UDC6H_0001_D19M0709NETINSTALLER.EXE C:\DOCUMENTS AND SETTINGS\NFU A-A 3\LOKALE INNSTILLINGER\TEMP\ICD1.TMP\UDC6H_0001_D19M0709NETINSTALLER.EXE Trojan.WinAntiSpyware/WinAntiVirus 2006 C:\DOCUMENTS AND SETTINGS\NFU A-A 3\LOKALE INNSTILLINGER\TEMP\~WA6PSETUP.EXE Adware.Tracking Cookie Hijackthis-loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:01:58, on 10.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\acer\epm\epm-dm.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\Launch Manager\LaunchAp.exe C:\Programfiler\Launch Manager\PowerKey.exe C:\Programfiler\Launch Manager\HotkeyApp.exe C:\Programfiler\Launch Manager\OSDCtrl.exe C:\Programfiler\Launch Manager\Wbutton.exe C:\Programfiler\Acer\eRecovery\Monitor.exe C:\Programfiler\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Trend Micro\Test\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.handball.no/p1.asp?site=2" target="_blank"><a href="http://www.handball.no/p1.asp?site=2" target="_blank">http://www.handball.no/p1.asp?site=2</a></a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://global.acer.com/" target="_blank"><a href="http://global.acer.com/" target="_blank">http://global.acer.com/</a></a> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.handball.no" target="_blank"><a href="http://www.handball.no" target="_blank">http://www.handball.no</a></a> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Programfiler\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Programfiler\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Programfiler\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programfiler\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Programfiler\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Programfiler\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [EEventManager] C:\Programfiler\EPSON\Creativity Suite\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Programdata\file joy proc deaf\link mapi.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - <a href="http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab" target="_blank"><a href="http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab" target="_blank">http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab</a></a> O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - <a href="http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab" target="_blank"><a href="http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab" target="_blank">http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab</a></a> O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - <a href="http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab" target="_blank"><a href="http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab" target="_blank">http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab</a></a> O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - <a href="http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab" target="_blank"><a href="http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab" target="_blank">http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab</a></a> O17 - HKLM\System\CCS\Services\Tcpip\..\{BB3C942F-A086-4448-A457-BE230215A261}: NameServer = 148.122.208.99,148.122.161.3 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Boonty Games - BOONTY - C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O24 - Desktop Component 0: (no name) - <a href="http://tbn0.google.com/images?q=tbn:u3rHuh...toareg_main.jpg" target="_blank"><a href="http://tbn0.google.com/images?q=tbn:u3rHuh...toareg_main.jpg" target="_blank">http://tbn0.google.com/images?q=tbn:u3rHuh...toareg_main.jpg</a></a> O24 - Desktop Component 1: (no name) - <a href="http://www.in.gr/auto/parousiaseis/foto_bi...aab_9-7X_01.jpg" target="_blank"><a href="http://www.in.gr/auto/parousiaseis/foto_bi...aab_9-7X_01.jpg" target="_blank">http://www.in.gr/auto/parousiaseis/foto_bi...aab_9-7X_01.jpg</a></a> O24 - Desktop Component 10: (no name) - <a href="http://www.lscm.com.my/admin/news/liverpool%20logo.jpg" target="_blank"><a href="http://www.lscm.com.my/admin/news/liverpool%20logo.jpg" target="_blank">http://www.lscm.com.my/admin/news/liverpool%20logo.jpg</a></a> O24 - Desktop Component 2: (no name) - <a href="http://www.ruotequipe.com/media/galleria/e...ck%20-%20Q7.jpg" target="_blank"><a href="http://www.ruotequipe.com/media/galleria/e...ck%20-%20Q7.jpg" target="_blank">http://www.ruotequipe.com/media/galleria/e...ck%20-%20Q7.jpg</a></a> O24 - Desktop Component 3: (no name) - <a href="http://www.amotor.no/images/saab/saab_9_7x.jpg" target="_blank"><a href="http://www.amotor.no/images/saab/saab_9_7x.jpg" target="_blank">http://www.amotor.no/images/saab/saab_9_7x.jpg</a></a> O24 - Desktop Component 4: (no name) - <a href="http://www.dn.no/multimedia/archive/00094/..._GL-_94819i.jpg" target="_blank"><a href="http://www.dn.no/multimedia/archive/00094/..._GL-_94819i.jpg" target="_blank">http://www.dn.no/multimedia/archive/00094/..._GL-_94819i.jpg</a></a> O24 - Desktop Component 5: (no name) - <a href="http://www.moller.no/media/urs/e/f/c/l/505...dC7U/sfs2K7.jpg" target="_blank"><a href="http://www.moller.no/media/urs/e/f/c/l/505...dC7U/sfs2K7.jpg" target="_blank">http://www.moller.no/media/urs/e/f/c/l/505...dC7U/sfs2K7.jpg</a></a> O24 - Desktop Component 6: (no name) - <a href="http://tbn0.google.com/images?q=tbn:mHD373...ouareg_PS_V.jpg" target="_blank"><a href="http://tbn0.google.com/images?q=tbn:mHD373...ouareg_PS_V.jpg" target="_blank">http://tbn0.google.com/images?q=tbn:mHD373...ouareg_PS_V.jpg</a></a> O24 - Desktop Component 7: (no name) - <a href="http://www.edmunds.com/media/reviews/top10....sclass.500.jpg" target="_blank"><a href="http://www.edmunds.com/media/reviews/top10....sclass.500.jpg" target="_blank">http://www.edmunds.com/media/reviews/top10....sclass.500.jpg</a></a> O24 - Desktop Component 8: (no name) - <a href="http://magazine.avtoindex.com/images/forum...-class_2009.jpg" target="_blank"><a href="http://magazine.avtoindex.com/images/forum...-class_2009.jpg" target="_blank">http://magazine.avtoindex.com/images/forum...-class_2009.jpg</a></a> O24 - Desktop Component 9: (no name) - <a href="http://www.arabalarmax.com/data/media/29/w...urbo_2007_1.jpg" target="_blank"><a href="http://www.arabalarmax.com/data/media/29/w...urbo_2007_1.jpg" target="_blank">http://www.arabalarmax.com/data/media/29/w...urbo_2007_1.jpg</a></a> -- End of file - 9858 bytes rootlog: ********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh 10.01.2008 20:04:31,37 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a> Rootkit scan 2008-01-10 20:04:31 Windows 5.1.2600 Service Pack 2 scanning hidden processes ... IPC error: 2 Systemet finner ikke angitt fil. scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... IPC error: 2 Systemet finner ikke angitt fil. hidden processes: 0 hidden services: 0 hidden files: 0 Endret 11. januar 2008 av kristianguffen Lenke til kommentar
norbat Skrevet 10. januar 2008 Del Skrevet 10. januar 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Programdata\file joy proc deaf\link mapi.exe O23 - Service: Boonty Games - BOONTY - C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Folder:: C:\Programfiler\Fellesfiler\BOONTY Shared C:\Documents and Settings\NFU A-A 3\Programdata\castdrawface C:\Programfiler\castdrawface C:\Documents and Settings\Ragnhild\Programdata\castdrawface C:\Documents and Settings\All Users\Programdata\file joy proc deaf Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Proc Deaf Delete Peak"=- Post Combofix-loggen + ny hjt-logg. Lenke til kommentar
kristianguffen Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 Her er den nye combofix-loggen: ComboFix 08-01-11.3 - Ragnhild 2008-01-12 11:53:42.2 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.174 [GMT 1:00] Running from: C:\Documents and Settings\Ragnhild\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Ragnhild\Skrivebord\CFScript.txt..txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata\file joy proc deaf C:\Documents and Settings\All Users\Programdata\file joy proc deaf\link mapi.exe C:\Documents and Settings\NFU A-A 3\Programdata\castdrawface C:\Documents and Settings\Ragnhild\Programdata\castdrawface C:\Documents and Settings\Ragnhild\Programdata\castdrawface\Support Tick User.exe C:\Programfiler\castdrawface C:\Programfiler\Fellesfiler\BOONTY Shared C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))) . 2008-01-12 11:43 . 2008-01-12 11:43 106 --a------ C:\delete.bat 2008-01-12 00:31 . 2008-01-12 00:32 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2008-01-11 22:48 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys 2008-01-11 22:46 . 2008-01-11 22:46 <DIR> d-------- C:\Programfiler\Windows Live Toolbar 2008-01-11 22:45 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-01-11 22:43 . 2008-01-11 22:43 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition 2008-01-11 22:29 . 2008-01-11 22:29 <DIR> d--hs---- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-01-11 22:28 . 2008-01-11 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-01-11 21:53 . 2008-01-11 21:53 <DIR> d-------- C:\NoLopBackups 2008-01-10 23:41 . 2008-01-11 22:44 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-01-10 20:01 . 2008-01-10 20:01 <DIR> d-------- C:\Programfiler\Trend Micro 2008-01-10 19:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-10 18:42 . 2008-01-10 18:42 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-01-10 18:42 . 2008-01-10 18:42 <DIR> d-------- C:\Documents and Settings\Ragnhild\Programdata\SUPERAntiSpyware.com 2008-01-10 18:42 . 2008-01-10 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-10 18:41 . 2008-01-10 18:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-10 18:37 . 2008-01-10 18:37 <DIR> dr-h----- C:\Documents and Settings\Ragnhild\Siste 2008-01-10 18:34 . 2008-01-10 18:34 <DIR> d-------- C:\Programfiler\CCleaner 2008-01-10 16:40 . 2008-01-10 16:40 <DIR> d-------- C:\Programfiler\iTunes 2008-01-10 16:40 . 2008-01-10 16:40 <DIR> d-------- C:\Programfiler\iPod 2008-01-10 16:40 . 2008-01-10 16:40 <DIR> d-------- C:\Documents and Settings\Ragnhild\Programdata\Apple Computer 2008-01-10 16:40 . 2008-01-12 11:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-10 16:40 . 2008-01-10 16:40 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-10 16:38 . 2008-01-10 16:38 <DIR> d-------- C:\Programfiler\QuickTime 2008-01-10 16:34 . 2008-01-10 16:34 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-01-10 16:30 . 2008-01-10 16:30 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-01-02 21:25 . 2008-01-02 21:25 268 --ah----- C:\sqmdata08.sqm 2008-01-02 21:25 . 2008-01-02 21:25 244 --ah----- C:\sqmnoopt08.sqm 2007-12-27 19:09 . 2007-12-27 19:09 <DIR> d-------- C:\Programfiler\Circle Developement . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-11-06 13:58 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-30 10:20 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:57 8,460,800 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-10_19.56.59,68 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-10 18:54:18 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-12 10:53:18 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-10 18:54:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-12 10:53:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-10 18:54:18 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-12 10:53:18 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-10 18:54:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-12 10:53:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-10 18:54:18 3,452,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-12 10:53:18 3,452,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-10 18:54:18 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-12 10:53:18 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE + 2008-01-11 21:44:32 125,472 ----a-r C:\WINDOWS\Installer\{21667E3B-5BD0-49F9-A1EE-BB50D5A306F4}\WLXPhotoGalleryIcon.exe + 2008-01-11 21:38:42 86,746 ----a-r C:\WINDOWS\Installer\{29CB1674-DE1D-4D39-A871-FA0194FC58E9}\wlmail.exe - 2007-09-27 16:37:54 12,288 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-01-11 23:31:54 12,288 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2007-09-27 16:37:54 135,168 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-01-11 23:31:54 135,168 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\misc.exe - 2007-09-27 16:37:54 11,264 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-01-11 23:31:56 11,264 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2007-09-27 16:37:54 27,136 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-01-11 23:31:56 27,136 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2007-09-27 16:37:54 4,096 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-01-11 23:31:56 4,096 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2007-09-27 16:37:54 794,624 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-01-11 23:31:56 794,624 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2007-09-27 16:37:54 249,856 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-01-11 23:31:54 249,856 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2007-09-27 16:37:54 23,040 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-01-11 23:31:56 23,040 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2007-09-27 16:37:54 286,720 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-01-11 23:31:54 286,720 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2007-09-27 16:37:54 409,600 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-01-11 23:31:54 409,600 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-01-11 21:41:14 29,926 ----a-r C:\WINDOWS\Installer\{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}\MsblIco.Exe - 2004-08-04 16:00:00 49,152 ----a-w C:\WINDOWS\system32\dllcache\wdigest.dll + 2006-03-24 04:39:58 49,152 ----a-w C:\WINDOWS\system32\dllcache\wdigest.dll - 2006-04-20 12:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2007-10-30 17:20:56 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2007-10-17 12:53:16 43,816 ----a-w C:\WINDOWS\system32\DRVSTORE\fssfltr_FB301EB9307D2FAB641A9804E59C568C22487732\fssfltr.sys - 2007-12-02 23:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe - 2006-08-08 09:40:06 41,842 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-11 22:29:10 42,102 ----a-w C:\WINDOWS\system32\perfc009.dat - 2006-08-08 09:40:06 48,338 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-01-11 22:29:10 48,648 ----a-w C:\WINDOWS\system32\perfc014.dat - 2006-08-08 09:40:06 316,184 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-11 22:29:10 316,444 ----a-w C:\WINDOWS\system32\perfh009.dat - 2006-08-08 09:40:06 323,110 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-01-11 22:29:10 323,404 ----a-w C:\WINDOWS\system32\perfh014.dat + 2006-10-24 11:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll - 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2006-10-16 15:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll - 2006-09-25 16:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe + 2006-10-16 15:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe - 2004-08-04 14:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll + 2006-03-24 04:39:58 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll + 2006-10-24 11:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll + 2006-10-24 11:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll + 2006-10-24 11:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll + 2005-09-22 22:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll + 2005-09-22 22:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll + 2005-09-22 22:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] 2007-10-17 13:53 57384 --a------ C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 14:17 192512] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768] "LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768] "PowerKey"="C:\Programfiler\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208] "LManager"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632] "CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480] "LMgrOSD"="C:\Programfiler\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664] "Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2005-07-25 13:34 81920] "eRecoveryService"="C:\Programfiler\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26 352256] "EEventManager"="C:\Programfiler\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 14:09 102400] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2006-10-16 16:16 26248] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-12-11 10:56 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "fssui"="C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" [2007-10-17 13:53 243240] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys [2005-10-07 10:49] R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14] R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07] R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-10-16 16:16] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08] R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53] R2 fsssvc;Windows Live OneCare Tryggere for familien;"C:\Programfiler\Windows Live\Tryggere for familien\fsssvc.exe" [2007-10-17 13:53] R2 int15.sys;int15.sys;C:\Programfiler\Acer\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 POWERKEY;POWERKEY;C:\Programfiler\Launch Manager\POWERKEY.sys [2000-12-19 18:29] S0 wasfsd;wasfsd;C:\WINDOWS\system32\drivers\wasfsd.sys [] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S4 Boonty Games;Boonty Games;"C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe" [] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-01-11 19:35:44 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - NFU A-A 3.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exec/TASK: "2008-01-11 23:13:02 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-12 11:55:35 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-12 11:56:04 ComboFix-quarantined-files.txt 2008-01-12 10:56:02 ComboFix2.txt 2008-01-10 18:57:22 . 2008-01-11 23:31:59 --- E O F --- Men Jeg har jo ikke noen ny hjt-logg, jeg scannet jo uten at den lagret noen logg..? Skal jeg scanne på nytt, sånn at den lagrer en logg, eller? Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Ja, det gjør du. Legg også loggene mellom -spoiler- , da bli de skjult noe som gjør tråden litt mer oversiktlig Lenke til kommentar
kristianguffen Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 (endret) Sånn? : Klikk for å se/fjerne spoilerteksten nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:27:56, on 12.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\acer\epm\epm-dm.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\Launch Manager\LaunchAp.exe C:\Programfiler\Launch Manager\PowerKey.exe C:\Programfiler\Launch Manager\HotkeyApp.exe C:\Programfiler\Launch Manager\OSDCtrl.exe C:\Programfiler\Launch Manager\Wbutton.exe C:\Programfiler\Acer\eRecovery\Monitor.exe C:\Programfiler\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\explorer.exe C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Trend Micro\Test\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.handball.no/p1.asp?site=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.handball.no R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Programfiler\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Programfiler\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Programfiler\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programfiler\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Programfiler\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Programfiler\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [EEventManager] C:\Programfiler\EPSON\Creativity Suite\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [fssui] "C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" -autorun O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BB3C942F-A086-4448-A457-BE230215A261}: NameServer = 148.122.208.99,148.122.161.3 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O24 - Desktop Component 0: (no name) - http://tbn0.google.com/images?q=tbn:u3rHuh...toareg_main.jpg O24 - Desktop Component 1: (no name) - http://www.in.gr/auto/parousiaseis/foto_bi...aab_9-7X_01.jpg O24 - Desktop Component 10: (no name) - http://www.lscm.com.my/admin/news/liverpool%20logo.jpg O24 - Desktop Component 2: (no name) - http://www.ruotequipe.com/media/galleria/e...ck%20-%20Q7.jpg O24 - Desktop Component 3: (no name) - http://www.amotor.no/images/saab/saab_9_7x.jpg O24 - Desktop Component 4: (no name) - http://www.dn.no/multimedia/archive/00094/..._GL-_94819i.jpg O24 - Desktop Component 5: (no name) - http://www.moller.no/media/urs/e/f/c/l/505...dC7U/sfs2K7.jpg O24 - Desktop Component 6: (no name) - http://tbn0.google.com/images?q=tbn:mHD373...ouareg_PS_V.jpg O24 - Desktop Component 7: (no name) - http://www.edmunds.com/media/reviews/top10....sclass.500.jpg O24 - Desktop Component 8: (no name) - http://magazine.avtoindex.com/images/forum...-class_2009.jpg O24 - Desktop Component 9: (no name) - http://www.arabalarmax.com/data/media/29/w...urbo_2007_1.jpg -- End of file - 10173 bytes Klikk for å se/fjerne spoilerteksten nedenfor Endret 12. januar 2008 av kristianguffen Lenke til kommentar
kristianguffen Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 Tusen takk for all hjelp! Men er jeg helt virusfri nå da? Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Ja, etter litt opprydding nå Bruk utforsker til å slette: C:\NoLopBackups C:\WINDOWS\imsins.BAK Du kan avinstallere Combofix: Klikk: Start->Kjør Skriv: ComboFix /u Tøm systemgjenopprettingsmappa: Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå