RMBB Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Hei, trenger en liten sjekk på denne HJT loggen:) På forhånd takk Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:48:46, on 14.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\D-Tools\daemon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Documents and Settings\Hest\Lokale innstillinger\Temporary Internet Files\Content.IE5\64AJ3GRC\HiJackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179242788154 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179243819842 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5588 bytes Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Loggen ser fin ut. Var det bare en sjekk eller har du mistanke om noe? Du bør oppdatere til IE 7 Du bør også oppdatere JAVA: http://java.com/en/download/index.jsp Lenke til kommentar
RMBB Skrevet 14. januar 2008 Forfatter Del Skrevet 14. januar 2008 Ok, det skal jeg gjøre. Det er pc-en til faren min. Han hadde fått opp en melding om at "Jesus loves you" Eller noe, så hadde maskinen slått seg av. Har kjørt diverse scanner men finner ikke noe på maskin, så lurte på om jeg kunne ha oversett noe. Lenke til kommentar
norbat Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 Vi kan prøve en annen scan som evt. kan vise mer: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) Lenke til kommentar
Devil123 Skrevet 15. januar 2008 Del Skrevet 15. januar 2008 Hei, trenger en liten sjekk på denne HJT loggen:)På forhånd takk Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:48:46, on 14.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\D-Tools\daemon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Documents and Settings\Hest\Lokale innstillinger\Temporary Internet Files\Content.IE5\64AJ3GRC\HiJackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179242788154 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179243819842 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5588 bytes jeg finner 1 feil, nesten rart at ingen andre ser den...C:\WINDOWS\system32\lsass.exe...det er det berømte msn-viruset... Lenke til kommentar
RMBB Skrevet 16. januar 2008 Forfatter Del Skrevet 16. januar 2008 Haha, er det det?! Hvordan fjerner jeg det? Hva gjør det av skade? Sikker på at det er MSN virus? lsass Lenke til kommentar
norbat Skrevet 16. januar 2008 Del Skrevet 16. januar 2008 Jeg tror vi lar C:\WINDOWS\system32\lsass.exe få være i fred på PC-en. Lenke til kommentar
RMBB Skrevet 16. januar 2008 Forfatter Del Skrevet 16. januar 2008 Da har jeg fått kjørt en scan:) ComboFix 08-01-16.4 - Hest 2008-01-17 17:58:04.1 - NTFSx86 Running from: C:\Documents and Settings\Hest\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))) . 2008-01-17 17:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 22:25 . 2008-01-08 22:25 <DIR> d-------- C:\Programfiler\uTorrent 2008-01-08 22:25 . 2008-01-09 00:18 <DIR> d-------- C:\Documents and Settings\Hest\Programdata\uTorrent 2008-01-06 18:22 . 2008-01-06 18:22 24,455 --a------ C:\WINDOWS\THEBIB~1.hlp 2008-01-05 23:38 . 2008-01-05 23:38 <DIR> d-------- C:\Programfiler\MSXML 6.0 2008-01-04 23:16 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-01-04 19:47 . 2008-01-04 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-01-04 19:46 . 2008-01-04 19:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-04 19:23 . 2008-01-04 19:23 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7 2008-01-04 19:23 . 2008-01-06 11:40 <DIR> d-------- C:\Documents and Settings\Hest\Programdata\AVG7 2008-01-04 19:22 . 2008-01-04 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-01-04 19:22 . 2008-01-06 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7 2008-01-04 19:06 . 2008-01-04 19:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-01-04 19:02 . 2008-01-04 21:00 <DIR> d-------- C:\Programfiler\Telenor 2008-01-04 19:02 . 2008-01-04 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Telenor 2007-12-23 13:12 . 2007-12-23 13:12 <DIR> d-------- C:\Programfiler\Universal Interactive 2007-12-23 13:10 . 2008-01-04 21:02 73,898 --a------ C:\empsiklasttrace.xml 2007-12-23 12:54 . 2007-12-23 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 15:32 --------- d-----w C:\Programfiler\K-Lite Codec Pack 2008-01-12 15:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-01-04 18:47 --------- d-----w C:\Programfiler\Lavasoft 2007-12-15 11:30 --------- d-----w C:\Programfiler\Bullfrog 2007-12-02 14:56 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-02 14:55 --------- d-----w C:\Programfiler\Disney Interactive 2007-12-02 14:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Disney Interactive . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2006-10-22 12:22 86016] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19 4841472] "nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896] "OpwareSE4"="C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304] "Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-04 19:22 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-04 19:22 219136] R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 07:07] S3 bfastfao;bfastfao;C:\DOCUME~1\Hest\LOKALE~1\Temp\bfastfao.sys [2001-07-18 16:32] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-17 18:14:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-17 18:18:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-17 17:18:43 . 2008-01-09 22:34:23 --- E O F --- Lenke til kommentar
norbat Skrevet 16. januar 2008 Del Skrevet 16. januar 2008 Ikke så mye å se i den loggen Vet du hva denne fila kommer fra: C:\WINDOWS\THEBIB~1.hlp (~1 = forkortelse.) Lenke til kommentar
RMBB Skrevet 16. januar 2008 Forfatter Del Skrevet 16. januar 2008 Mest sannsynelig til skjermbeskytteren.. "The Bible Scenes" Den ligger rett ved siden av den der inne.. Lenke til kommentar
norbat Skrevet 16. januar 2008 Del Skrevet 16. januar 2008 ok, er det fortsatt problemer av noe slag, eller fungerer alt greit nå? Lenke til kommentar
RMBB Skrevet 17. januar 2008 Forfatter Del Skrevet 17. januar 2008 Alt funker bra, tror ikke det har vert noe problem heller. Fordi jeg viste faren min den skjermbeskytteren og da sa han at det var den som hadde kommet opp:P Men, men, fikk da rensket og oppdatert litt på maskinen i alle fall, takk for hjelpen! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå