Sewero Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Fikk virus fra en på msn, pleier å være forsiktig men var uvøren akkurat der og da. Poster 2 logger her. Håper noen kan hjelpe. Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 21:45:53, on 20.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\mqggmtkkw.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\program files\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\uTorrent\utorrent.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [mqggmtkkw] C:\WINDOWS\system32\mqggmtkkw.exe O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Print Spooler Service (iq7eaaiayyus) - Unknown owner - C:\WINDOWS\system32\mqggmtkkw.exe ComboFix log: ComboFix 08-01-20.1 - Christian 2008-01-20 21:41:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1451 [GMT 1:00] Running from: C:\Documents and Settings\Christian\Desktop\ComboFix(2).exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))) . 2008-01-20 21:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-20 21:33 . 2008-01-20 21:33 <DIR> d-------- C:\Program Files\KillWinamp 2008-01-20 20:29 . 2008-01-20 20:29 244 --ah----- C:\sqmnoopt19.sqm 2008-01-20 20:29 . 2008-01-20 20:29 232 --ah----- C:\sqmdata19.sqm 2008-01-20 19:06 . 2008-01-20 19:06 268 --ah----- C:\sqmdata18.sqm 2008-01-20 19:06 . 2008-01-20 19:06 244 --ah----- C:\sqmnoopt18.sqm 2008-01-18 23:33 . 2008-01-18 23:33 <DIR> d-------- C:\Program Files\Alwil Software 2008-01-18 23:33 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-01-18 23:33 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2008-01-18 23:33 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2008-01-18 23:16 . 2008-01-18 23:16 268 --ah----- C:\sqmdata17.sqm 2008-01-18 23:16 . 2008-01-18 23:16 244 --ah----- C:\sqmnoopt17.sqm 2008-01-18 23:15 . 2008-01-18 23:15 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\ATI 2008-01-18 23:15 . 2008-01-18 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI 2008-01-18 23:15 . 2008-01-18 23:15 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-01-18 23:13 . 2008-01-18 23:11 135,168 --a------ C:\WINDOWS\system32\mqggmtkkw.exe 2008-01-18 20:31 . 2008-01-18 20:31 268 --ah----- C:\sqmdata16.sqm 2008-01-18 20:31 . 2008-01-18 20:31 244 --ah----- C:\sqmnoopt16.sqm 2008-01-18 15:17 . 2008-01-18 15:17 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-18 15:16 . 2008-01-18 15:16 <DIR> d-------- C:\Program Files\iTunes 2008-01-18 15:16 . 2008-01-18 15:16 <DIR> d-------- C:\Program Files\iPod 2008-01-18 15:15 . 2008-01-18 15:16 <DIR> d-------- C:\Program Files\QuickTime 2008-01-17 19:27 . 2008-01-17 19:27 244 --ah----- C:\sqmnoopt15.sqm 2008-01-17 19:27 . 2008-01-17 19:27 232 --ah----- C:\sqmdata15.sqm 2008-01-17 07:17 . 2008-01-17 07:17 268 --ah----- C:\sqmdata14.sqm 2008-01-17 07:17 . 2008-01-17 07:17 244 --ah----- C:\sqmnoopt14.sqm 2008-01-16 19:09 . 2008-01-16 19:09 244 --ah----- C:\sqmnoopt13.sqm 2008-01-16 19:09 . 2008-01-16 19:09 232 --ah----- C:\sqmdata13.sqm 2008-01-16 19:08 . 2008-01-16 19:08 268 --ah----- C:\sqmdata12.sqm 2008-01-16 19:08 . 2008-01-16 19:08 244 --ah----- C:\sqmnoopt12.sqm 2008-01-16 06:20 . 2008-01-16 06:20 244 --ah----- C:\sqmnoopt11.sqm 2008-01-16 06:20 . 2008-01-16 06:20 232 --ah----- C:\sqmdata11.sqm 2008-01-16 00:47 . 2008-01-16 00:47 244 --ah----- C:\sqmnoopt10.sqm 2008-01-16 00:47 . 2008-01-16 00:47 232 --ah----- C:\sqmdata10.sqm 2008-01-15 22:41 . 2008-01-15 22:41 268 --ah----- C:\sqmdata09.sqm 2008-01-15 22:41 . 2008-01-15 22:41 244 --ah----- C:\sqmnoopt09.sqm 2008-01-15 07:09 . 2008-01-15 07:09 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\Apple Computer 2008-01-15 07:09 . 2008-01-20 13:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-15 07:08 . 2008-01-15 07:08 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-01-15 07:08 . 2008-01-15 07:08 <DIR> d-------- C:\Program Files\Apple Software Update 2008-01-15 07:08 . 2008-01-15 07:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-15 07:08 . 2008-01-15 07:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-01-13 19:38 . 2008-01-13 19:38 268 --ah----- C:\sqmdata08.sqm 2008-01-13 19:38 . 2008-01-13 19:38 244 --ah----- C:\sqmnoopt08.sqm 2008-01-13 02:16 . 2008-01-13 02:16 244 --ah----- C:\sqmnoopt07.sqm 2008-01-13 02:16 . 2008-01-13 02:16 232 --ah----- C:\sqmdata07.sqm 2008-01-13 01:15 . 2008-01-13 01:15 244 --ah----- C:\sqmnoopt06.sqm 2008-01-13 01:15 . 2008-01-13 01:15 232 --ah----- C:\sqmdata06.sqm 2008-01-12 20:25 . 2008-01-12 20:25 268 --ah----- C:\sqmdata05.sqm 2008-01-12 20:25 . 2008-01-12 20:25 244 --ah----- C:\sqmnoopt05.sqm 2008-01-11 23:14 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-01-11 19:19 . 2008-01-11 19:19 268 --ah----- C:\sqmdata04.sqm 2008-01-11 19:19 . 2008-01-11 19:19 244 --ah----- C:\sqmnoopt04.sqm 2008-01-11 16:27 . 2008-01-11 16:27 532 --a------ C:\WINDOWS\eReg.dat 2008-01-11 16:20 . 2008-01-11 16:20 <DIR> d-------- C:\Program Files\EA GAMES 2008-01-10 22:11 . 2008-01-10 22:11 268 --ah----- C:\sqmdata03.sqm 2008-01-10 22:11 . 2008-01-10 22:11 244 --ah----- C:\sqmnoopt03.sqm 2008-01-10 22:07 . 2008-01-10 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-01-10 22:06 . 2008-01-10 22:06 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-01-10 22:05 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-01-10 22:04 . 2008-01-10 22:04 <DIR> d-------- C:\Program Files\MSBuild 2008-01-10 22:04 . 2008-01-10 22:04 <DIR> d-------- C:\Program Files\Microsoft Works 2008-01-10 22:03 . 2008-01-10 22:03 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-01-10 22:01 . 2008-01-10 22:03 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-01-10 22:01 . 2008-01-10 22:01 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-01-10 22:00 . 2008-01-10 22:00 <DIR> dr-h----- C:\MSOCache 2008-01-10 22:00 . 2008-01-10 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-10 20:33 . 2008-01-10 20:33 <DIR> d-------- C:\Program Files\LimeWire 2008-01-10 20:33 . 2008-01-10 20:33 <DIR> d-------- C:\Documents and Settings\Christian\Incomplete 2008-01-10 20:33 . 2008-01-17 17:26 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\LimeWire 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-10 07:06 . 2008-01-10 07:06 244 --ah----- C:\sqmnoopt02.sqm 2008-01-10 07:06 . 2008-01-10 07:06 232 --ah----- C:\sqmdata02.sqm 2008-01-10 06:57 . 2008-01-10 06:57 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0 2008-01-10 06:57 . 2008-01-10 06:57 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0 2008-01-09 23:14 . 2008-01-20 21:36 244 --ah----- C:\sqmnoopt01.sqm 2008-01-09 23:14 . 2008-01-20 21:36 232 --ah----- C:\sqmdata01.sqm 2008-01-09 21:48 . 2008-01-09 21:48 <DIR> d-------- C:\WINDOWS\Sun 2008-01-09 21:48 . 2008-01-20 21:34 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\uTorrent 2008-01-09 21:39 . 2008-01-09 21:39 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\vlc 2008-01-09 21:31 . 2008-01-20 13:52 <DIR> d-------- C:\WINDOWS\system32\Lang 2008-01-09 21:31 . 2008-01-09 21:31 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-01-09 21:31 . 2008-01-09 21:31 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-01-09 21:29 . 2008-01-09 21:29 <DIR> d-------- C:\WINDOWS\system32\RTCOM 2008-01-09 21:28 . 2005-12-13 09:29 9,710,592 -r------- C:\WINDOWS\RTLCPL.exe 2008-01-09 21:28 . 2005-12-19 10:37 4,127,232 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2008-01-09 21:28 . 2005-10-21 06:49 356,352 -r------- C:\WINDOWS\RtlUpd.exe 2008-01-09 21:28 . 2005-11-02 07:54 266,240 -r------- C:\WINDOWS\system32\RTSndMgr.Cpl 2008-01-09 21:28 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-01-09 21:27 . 2008-01-09 21:27 <DIR> d-------- C:\Program Files\Realtek 2008-01-09 21:27 . 2005-12-19 07:52 15,797,248 -r------- C:\WINDOWS\RTHDCPL.exe 2008-01-09 21:27 . 2005-12-13 09:15 2,809,856 -r------- C:\WINDOWS\alcwzrd.exe 2008-01-09 21:27 . 2005-12-08 09:42 2,142,208 -r------- C:\WINDOWS\MicCal.exe 2008-01-09 21:27 . 2005-04-16 15:20 487,424 -r------- C:\WINDOWS\RtlExUpd.dll 2008-01-09 21:27 . 2005-05-03 11:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2008-01-09 21:26 . 2008-01-09 21:26 24,706 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-01-09 21:26 . 2000-03-29 15:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2008-01-09 21:26 . 2004-08-13 03:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys 2008-01-09 21:13 . 2008-01-09 21:13 <DIR> d-------- C:\Program Files\EVEREST Ultimate Edition . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-20 12:52 --------- d-----w C:\Program Files\Steam 2008-01-18 14:55 --------- d-----w C:\Program Files\ATI Technologies 2008-01-11 16:44 29,392 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-01-11 15:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-10 21:08 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-09 20:48 --------- d-----w C:\Program Files\uTorrent 2008-01-09 19:36 --------- d-----w C:\Program Files\Winamp 2008-01-09 19:09 863,744 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-01-09 19:06 83,456 ----a-w C:\WINDOWS\system32\charmap.exe 2008-01-09 19:06 78,848 ----a-w C:\WINDOWS\system32\rtcshare.exe 2008-01-09 19:06 75,776 ----a-w C:\WINDOWS\system32\magnify.exe 2008-01-09 19:06 734,208 ----a-w C:\WINDOWS\system32\mstsc.exe 2008-01-09 19:06 72,704 ----a-w C:\WINDOWS\system32\winchat.exe 2008-01-09 19:06 70,656 ----a-w C:\WINDOWS\notepad.exe 2008-01-09 19:06 57,344 ----a-w C:\WINDOWS\system32\narrator.exe 2008-01-09 19:06 53,248 ----a-w C:\WINDOWS\system32\utilman.exe 2008-01-09 19:06 52,224 ----a-w C:\WINDOWS\system32\syncapp.exe 2008-01-09 19:06 492,032 ----a-w C:\WINDOWS\system32\wiaacmgr.exe 2008-01-09 19:06 45,056 ----a-w C:\WINDOWS\system32\rcimlby.exe 2008-01-09 19:06 441,856 ----a-w C:\WINDOWS\system32\sol.exe 2008-01-09 19:06 391,680 ----a-w C:\WINDOWS\system32\cmd.exe 2008-01-09 19:06 360,960 ----a-w C:\WINDOWS\system32\mspaint.exe 2008-01-09 19:06 292,864 ----a-w C:\WINDOWS\system32\osk.exe 2008-01-09 19:06 260,096 ----a-w C:\WINDOWS\system32\sndrec32.exe 2008-01-09 19:06 158,720 ----a-w C:\WINDOWS\system32\sndvol32.exe 2008-01-09 19:06 151,552 ----a-w C:\WINDOWS\system32\wscript.exe 2008-01-09 19:06 130,560 ----a-w C:\WINDOWS\system32\mshearts.exe 2008-01-09 19:06 122,880 ----a-w C:\WINDOWS\system32\winmine.exe 2008-01-09 19:06 117,760 ----a-w C:\WINDOWS\system32\calc.exe 2008-01-09 19:06 1,978,880 ----a-w C:\WINDOWS\system32\spider.exe 2008-01-09 19:06 1,949,184 ----a-w C:\WINDOWS\system32\logonui.exe 2008-01-09 19:06 1,687,040 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-01-09 19:06 1,404,416 ----a-w C:\WINDOWS\system32\cards.dll 2008-01-09 19:05 92,160 ----a-w C:\WINDOWS\system32\cabview.dll 2008-01-09 19:05 83,968 ----a-w C:\WINDOWS\system32\mydocs.dll 2008-01-09 19:05 80,896 ----a-w C:\WINDOWS\system32\icmui.dll 2008-01-09 19:05 80,896 ----a-w C:\WINDOWS\system32\dfrgres.dll 2008-01-09 19:05 8,192 ----a-w C:\WINDOWS\system32\wpabaln.exe 2008-01-09 19:05 750,080 ----a-w C:\WINDOWS\system32\wiashext.dll 2008-01-09 19:05 67,584 ----a-w C:\WINDOWS\system32\batmeter.dll 2008-01-09 19:05 59,392 ----a-w C:\WINDOWS\system32\sendmail.dll 2008-01-09 19:05 587,776 ----a-w C:\WINDOWS\system32\shimgvw.dll 2008-01-09 19:05 55,296 ----a-w C:\WINDOWS\system32\migpwd.exe 2008-01-09 19:05 475,136 ----a-w C:\WINDOWS\system32\zipfldr.dll 2008-01-09 19:05 440,320 ----a-w C:\WINDOWS\system32\freecell.exe 2008-01-09 19:05 402,944 ----a-w C:\WINDOWS\system32\fontext.dll 2008-01-09 19:05 4,795,904 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-01-09 19:05 394,752 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-01-09 19:05 390,144 ----a-w C:\WINDOWS\system32\themeui.dll 2008-01-09 19:05 347,136 ----a-w C:\WINDOWS\system32\tourstart.exe 2008-01-09 19:05 331,776 ----a-w C:\WINDOWS\system32\mstask.dll 2008-01-09 19:05 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe 2008-01-09 19:05 31,744 ----a-w C:\WINDOWS\system32\stimon.exe 2008-01-09 19:05 224,256 ----a-w C:\WINDOWS\regedit.exe 2008-01-09 19:05 218,624 ----a-w C:\WINDOWS\system32\syncui.dll 2008-01-09 19:05 200,192 ----a-w C:\WINDOWS\system32\moricons.dll 2008-01-09 19:05 2,273,792 ----a-w C:\WINDOWS\system32\netshell.dll 2008-01-09 19:05 194,048 ----a-w C:\WINDOWS\system32\photowiz.dll 2008-01-09 19:05 186,368 ----a-w C:\WINDOWS\system32\accwiz.exe 2008-01-09 19:05 168,960 ----a-w C:\WINDOWS\system32\mobsync.exe 2008-01-09 19:05 162,304 ----a-w C:\WINDOWS\system32\netid.dll 2008-01-09 19:05 139,264 ----a-w C:\WINDOWS\system32\stobject.dll 2008-01-09 19:05 132,096 ----a-w C:\WINDOWS\system32\hotplug.dll 2008-01-09 19:05 126,976 ----a-w C:\WINDOWS\system32\msiexec.exe 2008-01-09 19:05 115,712 ----a-w C:\WINDOWS\system32\cleanmgr.exe 2008-01-09 19:05 112,640 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-01-09 19:05 103,936 ----a-w C:\WINDOWS\system32\shrpubw.exe 2008-01-09 19:05 100,864 ----a-w C:\WINDOWS\system32\ahui.exe 2008-01-09 19:05 1,658,880 ----a-w C:\WINDOWS\explorer.exe 2008-01-09 19:05 1,477,120 ----a-w C:\WINDOWS\system32\msgina.dll 2008-01-09 19:04 840,192 ----a-w C:\WINDOWS\system32\rasdlg.dll 2008-01-09 19:04 738,304 ----a-w C:\WINDOWS\system32\comctl32.dll 2008-01-09 19:04 500,224 ----a-w C:\WINDOWS\system32\cmdial32.dll 2008-01-09 19:04 32,768 ----a-w C:\WINDOWS\hh.exe 2008-01-09 19:04 218,624 ----a-w C:\WINDOWS\system32\taskmgr.exe 2008-01-09 19:04 189,952 ----a-w C:\WINDOWS\system32\credui.dll 2008-01-09 19:00 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-01-09 16:17 --------- d-----w C:\Program Files\Marvell 2008-01-09 16:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-09 16:09 --------- d-----w C:\Program Files\DAEMON Tools 2008-01-09 16:06 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-09 16:05 --------- d-----w C:\Program Files\VideoLAN 2008-01-09 16:04 --------- d-----w C:\Program Files\Java 2008-01-09 16:04 --------- d-----w C:\Program Files\Common Files\Java 2008-01-09 16:04 --------- d-----w C:\Program Files\AMD 2008-01-09 16:03 --------- d-----w C:\Documents and Settings\Christian\Application Data\InstallShield 2008-01-09 15:57 --------- d--h--w C:\Program Files\Uninstall Information 2008-01-09 15:46 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2007-12-14 22:00 1266936] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38 35328] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592] "RTHDCPL"="RTHDCPL.EXE" [2005-12-19 07:52 15797248 C:\WINDOWS\RTHDCPL.exe] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "mqggmtkkw"="C:\WINDOWS\system32\mqggmtkkw.exe" [2008-01-18 23:11 135168] R2 iq7eaaiayyus;Print Spooler Service;C:\WINDOWS\system32\mqggmtkkw.exe [2008-01-18 23:11] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-18 08:10:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-20 21:43:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-20 21:43:34 Lenke til kommentar
Programvare Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Innstaller og kjør programmet Ccleaner. Det rydder opp i litt snusk, men vent til noen som har mer peiling enn meg kan kikke på loggene. Lenke til kommentar
Sewero Skrevet 20. januar 2008 Forfatter Del Skrevet 20. januar 2008 "viruset" vises som en liten hvit prikk øverst i venstre hjørne, funker ikke å høyre klikke på den eller noe. Lenke til kommentar
norbat Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\WINDOWS\system32\mqggmtkkw.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mqggmtkkw"=- Lenke til kommentar
InsertNumLock Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 Her kan du sjekke Hijack loggen, http://www.hijackthis.de O4 - HKLM\..\Run: [mqggmtkkw] C:\WINDOWS\system32\mqggmtkkw.exe O23 - Service: Print Spooler Service (iq7eaaiayyus) - Unknown owner - C:\WINDOWS\system32\mqggmtkkw.exe C:\WINDOWS\system32\mqggmtkkw.exe Lenke til kommentar
Sewero Skrevet 21. januar 2008 Forfatter Del Skrevet 21. januar 2008 Ny logg: ComboFix 08-01-20.1 - Christian 2008-01-21 19:12:13.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1428 [GMT 1:00] Running from: C:\Documents and Settings\Christian\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Christian\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\mqggmtkkw.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mqggmtkkw.exe . ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))) . 2008-01-20 22:00 . 2008-01-20 22:00 <DIR> d-------- C:\Program Files\Yahoo! 2008-01-20 21:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-20 21:33 . 2008-01-20 21:33 <DIR> d-------- C:\Program Files\KillWinamp 2008-01-20 20:29 . 2008-01-20 20:29 244 --ah----- C:\sqmnoopt19.sqm 2008-01-20 20:29 . 2008-01-20 20:29 232 --ah----- C:\sqmdata19.sqm 2008-01-20 19:06 . 2008-01-20 19:06 268 --ah----- C:\sqmdata18.sqm 2008-01-20 19:06 . 2008-01-20 19:06 244 --ah----- C:\sqmnoopt18.sqm 2008-01-18 23:33 . 2008-01-18 23:33 <DIR> d-------- C:\Program Files\Alwil Software 2008-01-18 23:33 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-01-18 23:33 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2008-01-18 23:33 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2008-01-18 23:16 . 2008-01-18 23:16 268 --ah----- C:\sqmdata17.sqm 2008-01-18 23:16 . 2008-01-18 23:16 244 --ah----- C:\sqmnoopt17.sqm 2008-01-18 23:15 . 2008-01-18 23:15 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\ATI 2008-01-18 23:15 . 2008-01-18 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI 2008-01-18 23:15 . 2008-01-18 23:15 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-01-18 20:31 . 2008-01-18 20:31 268 --ah----- C:\sqmdata16.sqm 2008-01-18 20:31 . 2008-01-18 20:31 244 --ah----- C:\sqmnoopt16.sqm 2008-01-18 15:17 . 2008-01-18 15:17 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-18 15:16 . 2008-01-18 15:16 <DIR> d-------- C:\Program Files\iTunes 2008-01-18 15:16 . 2008-01-18 15:16 <DIR> d-------- C:\Program Files\iPod 2008-01-18 15:15 . 2008-01-18 15:16 <DIR> d-------- C:\Program Files\QuickTime 2008-01-17 19:27 . 2008-01-17 19:27 244 --ah----- C:\sqmnoopt15.sqm 2008-01-17 19:27 . 2008-01-17 19:27 232 --ah----- C:\sqmdata15.sqm 2008-01-17 07:17 . 2008-01-17 07:17 268 --ah----- C:\sqmdata14.sqm 2008-01-17 07:17 . 2008-01-17 07:17 244 --ah----- C:\sqmnoopt14.sqm 2008-01-16 19:09 . 2008-01-16 19:09 244 --ah----- C:\sqmnoopt13.sqm 2008-01-16 19:09 . 2008-01-16 19:09 232 --ah----- C:\sqmdata13.sqm 2008-01-16 19:08 . 2008-01-16 19:08 268 --ah----- C:\sqmdata12.sqm 2008-01-16 19:08 . 2008-01-16 19:08 244 --ah----- C:\sqmnoopt12.sqm 2008-01-16 06:20 . 2008-01-16 06:20 244 --ah----- C:\sqmnoopt11.sqm 2008-01-16 06:20 . 2008-01-16 06:20 232 --ah----- C:\sqmdata11.sqm 2008-01-16 00:47 . 2008-01-16 00:47 244 --ah----- C:\sqmnoopt10.sqm 2008-01-16 00:47 . 2008-01-16 00:47 232 --ah----- C:\sqmdata10.sqm 2008-01-15 22:41 . 2008-01-15 22:41 268 --ah----- C:\sqmdata09.sqm 2008-01-15 22:41 . 2008-01-15 22:41 244 --ah----- C:\sqmnoopt09.sqm 2008-01-15 07:09 . 2008-01-15 07:09 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\Apple Computer 2008-01-15 07:09 . 2008-01-21 19:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-15 07:08 . 2008-01-15 07:08 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-01-15 07:08 . 2008-01-15 07:08 <DIR> d-------- C:\Program Files\Apple Software Update 2008-01-15 07:08 . 2008-01-15 07:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-15 07:08 . 2008-01-15 07:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-01-13 19:38 . 2008-01-13 19:38 268 --ah----- C:\sqmdata08.sqm 2008-01-13 19:38 . 2008-01-13 19:38 244 --ah----- C:\sqmnoopt08.sqm 2008-01-13 02:16 . 2008-01-13 02:16 244 --ah----- C:\sqmnoopt07.sqm 2008-01-13 02:16 . 2008-01-13 02:16 232 --ah----- C:\sqmdata07.sqm 2008-01-13 01:15 . 2008-01-13 01:15 244 --ah----- C:\sqmnoopt06.sqm 2008-01-13 01:15 . 2008-01-13 01:15 232 --ah----- C:\sqmdata06.sqm 2008-01-12 20:25 . 2008-01-12 20:25 268 --ah----- C:\sqmdata05.sqm 2008-01-12 20:25 . 2008-01-12 20:25 244 --ah----- C:\sqmnoopt05.sqm 2008-01-11 23:14 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-01-11 19:19 . 2008-01-11 19:19 268 --ah----- C:\sqmdata04.sqm 2008-01-11 19:19 . 2008-01-11 19:19 244 --ah----- C:\sqmnoopt04.sqm 2008-01-11 16:27 . 2008-01-11 16:27 532 --a------ C:\WINDOWS\eReg.dat 2008-01-11 16:20 . 2008-01-11 16:20 <DIR> d-------- C:\Program Files\EA GAMES 2008-01-10 22:11 . 2008-01-10 22:11 268 --ah----- C:\sqmdata03.sqm 2008-01-10 22:11 . 2008-01-10 22:11 244 --ah----- C:\sqmnoopt03.sqm 2008-01-10 22:07 . 2008-01-10 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-01-10 22:06 . 2008-01-10 22:06 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-01-10 22:05 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-01-10 22:04 . 2008-01-10 22:04 <DIR> d-------- C:\Program Files\MSBuild 2008-01-10 22:04 . 2008-01-10 22:04 <DIR> d-------- C:\Program Files\Microsoft Works 2008-01-10 22:03 . 2008-01-10 22:03 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-01-10 22:01 . 2008-01-10 22:03 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-01-10 22:01 . 2008-01-10 22:01 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-01-10 22:00 . 2008-01-10 22:00 <DIR> dr-h----- C:\MSOCache 2008-01-10 22:00 . 2008-01-10 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-10 20:33 . 2008-01-10 20:33 <DIR> d-------- C:\Program Files\LimeWire 2008-01-10 20:33 . 2008-01-10 20:33 <DIR> d-------- C:\Documents and Settings\Christian\Incomplete 2008-01-10 20:33 . 2008-01-21 16:22 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\LimeWire 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-10 07:06 . 2008-01-10 07:06 244 --ah----- C:\sqmnoopt02.sqm 2008-01-10 07:06 . 2008-01-10 07:06 232 --ah----- C:\sqmdata02.sqm 2008-01-10 06:57 . 2008-01-10 06:57 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0 2008-01-10 06:57 . 2008-01-10 06:57 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0 2008-01-09 23:14 . 2008-01-20 21:36 244 --ah----- C:\sqmnoopt01.sqm 2008-01-09 23:14 . 2008-01-20 21:36 232 --ah----- C:\sqmdata01.sqm 2008-01-09 21:48 . 2008-01-09 21:48 <DIR> d-------- C:\WINDOWS\Sun 2008-01-09 21:48 . 2008-01-21 19:13 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\uTorrent 2008-01-09 21:39 . 2008-01-09 21:39 <DIR> d-------- C:\Documents and Settings\Christian\Application Data\vlc 2008-01-09 21:31 . 2008-01-21 19:15 <DIR> d-------- C:\WINDOWS\system32\Lang 2008-01-09 21:31 . 2008-01-09 21:31 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-01-09 21:31 . 2008-01-09 21:31 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-01-09 21:29 . 2008-01-09 21:29 <DIR> d-------- C:\WINDOWS\system32\RTCOM 2008-01-09 21:28 . 2005-12-13 09:29 9,710,592 -r------- C:\WINDOWS\RTLCPL.exe 2008-01-09 21:28 . 2005-12-19 10:37 4,127,232 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2008-01-09 21:28 . 2005-10-21 06:49 356,352 -r------- C:\WINDOWS\RtlUpd.exe 2008-01-09 21:28 . 2005-11-02 07:54 266,240 -r------- C:\WINDOWS\system32\RTSndMgr.Cpl 2008-01-09 21:28 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-01-09 21:27 . 2008-01-09 21:27 <DIR> d-------- C:\Program Files\Realtek 2008-01-09 21:27 . 2005-12-19 07:52 15,797,248 -r------- C:\WINDOWS\RTHDCPL.exe 2008-01-09 21:27 . 2005-12-13 09:15 2,809,856 -r------- C:\WINDOWS\alcwzrd.exe 2008-01-09 21:27 . 2005-12-08 09:42 2,142,208 -r------- C:\WINDOWS\MicCal.exe 2008-01-09 21:27 . 2005-04-16 15:20 487,424 -r------- C:\WINDOWS\RtlExUpd.dll 2008-01-09 21:27 . 2005-05-03 11:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2008-01-09 21:26 . 2008-01-09 21:26 24,706 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-01-09 21:26 . 2000-03-29 15:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2008-01-09 21:26 . 2004-08-13 03:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys 2008-01-09 21:13 . 2008-01-09 21:13 <DIR> d-------- C:\Program Files\EVEREST Ultimate Edition . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-21 18:15 --------- d-----w C:\Program Files\Steam 2008-01-18 14:55 --------- d-----w C:\Program Files\ATI Technologies 2008-01-11 16:44 29,392 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-01-11 15:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-10 21:08 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-09 20:48 --------- d-----w C:\Program Files\uTorrent 2008-01-09 19:36 --------- d-----w C:\Program Files\Winamp 2008-01-09 19:09 863,744 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-01-09 19:06 83,456 ----a-w C:\WINDOWS\system32\charmap.exe 2008-01-09 19:06 78,848 ----a-w C:\WINDOWS\system32\rtcshare.exe 2008-01-09 19:06 75,776 ----a-w C:\WINDOWS\system32\magnify.exe 2008-01-09 19:06 734,208 ----a-w C:\WINDOWS\system32\mstsc.exe 2008-01-09 19:06 72,704 ----a-w C:\WINDOWS\system32\winchat.exe 2008-01-09 19:06 70,656 ----a-w C:\WINDOWS\notepad.exe 2008-01-09 19:06 57,344 ----a-w C:\WINDOWS\system32\narrator.exe 2008-01-09 19:06 53,248 ----a-w C:\WINDOWS\system32\utilman.exe 2008-01-09 19:06 52,224 ----a-w C:\WINDOWS\system32\syncapp.exe 2008-01-09 19:06 492,032 ----a-w C:\WINDOWS\system32\wiaacmgr.exe 2008-01-09 19:06 45,056 ----a-w C:\WINDOWS\system32\rcimlby.exe 2008-01-09 19:06 441,856 ----a-w C:\WINDOWS\system32\sol.exe 2008-01-09 19:06 391,680 ----a-w C:\WINDOWS\system32\cmd.exe 2008-01-09 19:06 360,960 ----a-w C:\WINDOWS\system32\mspaint.exe 2008-01-09 19:06 292,864 ----a-w C:\WINDOWS\system32\osk.exe 2008-01-09 19:06 260,096 ----a-w C:\WINDOWS\system32\sndrec32.exe 2008-01-09 19:06 158,720 ----a-w C:\WINDOWS\system32\sndvol32.exe 2008-01-09 19:06 151,552 ----a-w C:\WINDOWS\system32\wscript.exe 2008-01-09 19:06 130,560 ----a-w C:\WINDOWS\system32\mshearts.exe 2008-01-09 19:06 122,880 ----a-w C:\WINDOWS\system32\winmine.exe 2008-01-09 19:06 117,760 ----a-w C:\WINDOWS\system32\calc.exe 2008-01-09 19:06 1,978,880 ----a-w C:\WINDOWS\system32\spider.exe 2008-01-09 19:06 1,949,184 ----a-w C:\WINDOWS\system32\logonui.exe 2008-01-09 19:06 1,687,040 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-01-09 19:06 1,404,416 ----a-w C:\WINDOWS\system32\cards.dll 2008-01-09 19:05 92,160 ----a-w C:\WINDOWS\system32\cabview.dll 2008-01-09 19:05 83,968 ----a-w C:\WINDOWS\system32\mydocs.dll 2008-01-09 19:05 80,896 ----a-w C:\WINDOWS\system32\icmui.dll 2008-01-09 19:05 80,896 ----a-w C:\WINDOWS\system32\dfrgres.dll 2008-01-09 19:05 8,192 ----a-w C:\WINDOWS\system32\wpabaln.exe 2008-01-09 19:05 750,080 ----a-w C:\WINDOWS\system32\wiashext.dll 2008-01-09 19:05 67,584 ----a-w C:\WINDOWS\system32\batmeter.dll 2008-01-09 19:05 59,392 ----a-w C:\WINDOWS\system32\sendmail.dll 2008-01-09 19:05 587,776 ----a-w C:\WINDOWS\system32\shimgvw.dll 2008-01-09 19:05 55,296 ----a-w C:\WINDOWS\system32\migpwd.exe 2008-01-09 19:05 475,136 ----a-w C:\WINDOWS\system32\zipfldr.dll 2008-01-09 19:05 440,320 ----a-w C:\WINDOWS\system32\freecell.exe 2008-01-09 19:05 402,944 ----a-w C:\WINDOWS\system32\fontext.dll 2008-01-09 19:05 4,795,904 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-01-09 19:05 394,752 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-01-09 19:05 390,144 ----a-w C:\WINDOWS\system32\themeui.dll 2008-01-09 19:05 347,136 ----a-w C:\WINDOWS\system32\tourstart.exe 2008-01-09 19:05 331,776 ----a-w C:\WINDOWS\system32\mstask.dll 2008-01-09 19:05 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe 2008-01-09 19:05 31,744 ----a-w C:\WINDOWS\system32\stimon.exe 2008-01-09 19:05 224,256 ----a-w C:\WINDOWS\regedit.exe 2008-01-09 19:05 218,624 ----a-w C:\WINDOWS\system32\syncui.dll 2008-01-09 19:05 200,192 ----a-w C:\WINDOWS\system32\moricons.dll 2008-01-09 19:05 2,273,792 ----a-w C:\WINDOWS\system32\netshell.dll 2008-01-09 19:05 194,048 ----a-w C:\WINDOWS\system32\photowiz.dll 2008-01-09 19:05 186,368 ----a-w C:\WINDOWS\system32\accwiz.exe 2008-01-09 19:05 168,960 ----a-w C:\WINDOWS\system32\mobsync.exe 2008-01-09 19:05 162,304 ----a-w C:\WINDOWS\system32\netid.dll 2008-01-09 19:05 139,264 ----a-w C:\WINDOWS\system32\stobject.dll 2008-01-09 19:05 132,096 ----a-w C:\WINDOWS\system32\hotplug.dll 2008-01-09 19:05 126,976 ----a-w C:\WINDOWS\system32\msiexec.exe 2008-01-09 19:05 115,712 ----a-w C:\WINDOWS\system32\cleanmgr.exe 2008-01-09 19:05 112,640 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-01-09 19:05 103,936 ----a-w C:\WINDOWS\system32\shrpubw.exe 2008-01-09 19:05 100,864 ----a-w C:\WINDOWS\system32\ahui.exe 2008-01-09 19:05 1,658,880 ----a-w C:\WINDOWS\explorer.exe 2008-01-09 19:05 1,477,120 ----a-w C:\WINDOWS\system32\msgina.dll 2008-01-09 19:04 840,192 ----a-w C:\WINDOWS\system32\rasdlg.dll 2008-01-09 19:04 738,304 ----a-w C:\WINDOWS\system32\comctl32.dll 2008-01-09 19:04 500,224 ----a-w C:\WINDOWS\system32\cmdial32.dll 2008-01-09 19:04 32,768 ----a-w C:\WINDOWS\hh.exe 2008-01-09 19:04 218,624 ----a-w C:\WINDOWS\system32\taskmgr.exe 2008-01-09 19:04 189,952 ----a-w C:\WINDOWS\system32\credui.dll 2008-01-09 19:00 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-01-09 16:17 --------- d-----w C:\Program Files\Marvell 2008-01-09 16:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-09 16:09 --------- d-----w C:\Program Files\DAEMON Tools 2008-01-09 16:06 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-09 16:05 --------- d-----w C:\Program Files\VideoLAN 2008-01-09 16:04 --------- d-----w C:\Program Files\Java 2008-01-09 16:04 --------- d-----w C:\Program Files\Common Files\Java 2008-01-09 16:04 --------- d-----w C:\Program Files\AMD 2008-01-09 16:03 --------- d-----w C:\Documents and Settings\Christian\Application Data\InstallShield 2008-01-09 15:57 --------- d--h--w C:\Program Files\Uninstall Information 2008-01-09 15:46 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-20_21.43.23,59 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-20 20:41:39 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-21 18:12:03 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-20 20:41:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-21 18:12:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-20 20:41:40 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-21 18:12:04 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-20 20:41:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-21 18:12:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-20 20:41:40 1,630,208 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-21 18:12:04 1,630,208 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-20 20:41:40 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-21 18:12:04 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2007-12-14 22:00 1266936] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38 35328] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592] "RTHDCPL"="RTHDCPL.EXE" [2005-12-19 07:52 15797248 C:\WINDOWS\RTHDCPL.exe] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "mqggmtkkw"="C:\WINDOWS\system32\mqggmtkkw.exe" [ ] S2 iq7eaaiayyus;Print Spooler Service;C:\WINDOWS\system32\mqggmtkkw.exe [] . Contents of the 'Scheduled Tasks' folder "2008-01-18 08:10:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-21 19:15:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-21 19:16:34 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-21 18:16:32 ComboFix2.txt 2008-01-20 20:43:35 Lenke til kommentar
norbat Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 Fint, så poster du en ny hjt-logg, så fjerner vi restene vha. den. Lenke til kommentar
Sewero Skrevet 21. januar 2008 Forfatter Del Skrevet 21. januar 2008 Logfile of HijackThis v1.99.1 Scan saved at 21:55:27, on 21.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\program files\steam\steam.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\Program Files\uTorrent\utorrent.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\RunServices: [mqggmtkkw] C:\WINDOWS\system32\mqggmtkkw.exe O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Print Spooler Service (iq7eaaiayyus) - Unknown owner - C:\WINDOWS\system32\mqggmtkkw.exe (file missing) Ikke noe forskjell hitill, fortsatt samme prikken på skriverbordet.. Lenke til kommentar
norbat Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 Klikk: Start->Kjør Skriv: cmd Fra ledetekst, skriv: sc stop iq7eaaiayyus (klikk: Enter) sc delete iq7eaaiayyus (klikk: Enter) Lukk vinduet Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer (de du finner) og klikk Fix checked: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\RunServices: [mqggmtkkw] C:\WINDOWS\system32\mqggmtkkw.exe O23 - Service: Print Spooler Service (iq7eaaiayyus) - Unknown owner - C:\WINDOWS\system32\mqggmtkkw.exe (file missing) Den 'prikken', er det en fil? Lenke til kommentar
Sewero Skrevet 21. januar 2008 Forfatter Del Skrevet 21. januar 2008 Vet ikke hva den prikken er, får ikke gjort noe med den, verken flytte den eller høyre klikke på den. Lenke til kommentar
norbat Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 (endret) Og det hjelper ikke å bytte bakgrunnsbilde heller? Sjekk om 023-linja er tilstede eller ei i en hjt-logg. Endret 21. januar 2008 av norbat Lenke til kommentar
Sewero Skrevet 22. januar 2008 Forfatter Del Skrevet 22. januar 2008 Funker ikke å bytte bakgrunn, første jeg testet O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Print Spooler Service (iq7eaaiayyus) - Unknown owner - C:\WINDOWS\system32\mqggmtkkw.exe (file missing) Lenke til kommentar
norbat Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Åpne tjenestelista (fra kjør-vinduet, skriv: services.msc) Finn tjenesten Print Spooler Service, høyreklikk og velg egenskaper. Under oppstartstype velger du Deaktivert. Lenke til kommentar
Neddo Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Sjekk ut denne Ukas løsning: Få fjernet MSN-viruset som herjer Lenke til kommentar
Sewero Skrevet 22. januar 2008 Forfatter Del Skrevet 22. januar 2008 Åpne tjenestelista (fra kjør-vinduet, skriv: services.msc)Finn tjenesten Print Spooler Service, høyreklikk og velg egenskaper. Under oppstartstype velger du Deaktivert. tjenestelista? Hva er det? Jeg kan en del pc men aldri hørt det før. Lenke til kommentar
Sewero Skrevet 22. januar 2008 Forfatter Del Skrevet 22. januar 2008 MSNFix 1.639-2 C:\Documents and Settings\Christian\Desktop\MSNFix Scan done at 22.01.2008 - 16:39:13,95 By Christian normal mode ************************ Checking Files ... $$ Service Found $$ ... iq7eaaiayyus ************************ Checking Folders No Folders Found ************************ Deleting malware Files ... $$ Service iq7eaaiayyus deleted ... iq7eaaiayyus .. OK ... C:\WINDOWS\system32\mqggmtkkw.exe .. OK ... C:\WINDOWS\system32\mqggmtkkw.exe ************************ Registry Cleaning ************************ Suspect Files No files found The File and Registry deletions have been saved in 22.01.2008_16393987.zip ------------------------------------------------------------------------ Author : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- Lenke til kommentar
Programvare Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Åpne tjenestelista (fra kjør-vinduet, skriv: services.msc)Finn tjenesten Print Spooler Service, høyreklikk og velg egenskaper. Under oppstartstype velger du Deaktivert. tjenestelista? Hva er det? Jeg kan en del pc men aldri hørt det før. Tjenestelista er en liste med alle tjenestene til forskjellige programmer og funsksjoner. Noen er aktiverte, noen er deaktiverte. Noen starter automatisk, noen starter manuelt. Lenke til kommentar
Sewero Skrevet 22. januar 2008 Forfatter Del Skrevet 22. januar 2008 Hvor er den lista? Lenke til kommentar
Programvare Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Hvor er den lista? norbat forklarer deg jo hvordan du skal finne den fram. (fra kjør-vinduet, skriv: services.msc) Lenke til kommentar
Sewero Skrevet 22. januar 2008 Forfatter Del Skrevet 22. januar 2008 Fortsatt samme prikken i bakgrunnen Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå