CrazyD Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Prøver også å fjerne dette MSN viruset som sender ut meldinger med linker. Har prøvd forskjellige programmer jeg har og det virker som spammingen har stoppet, men nå popper det av og til opp noen DOS vinduer med merkelige feilmeldinger når PC-en ikke er koplet til nettet. PC-en kjørte Avira AV når dette skjedde og Guard poppet alltid opp med advarsel om en fil kalt c: a.bat som den klarte ikke fjerne/stoppe. Samt noen andre filer som den slettet men som alltid kom tilbake ved neste boot. Har stoppet system restore og som sagt prøvd flere programmer men er ikke sikker på om noen av de virkelig har fjernet problemet, siden det er noen prosesser som kjører som jeg ikke kan identifisere. Noen finner ingenting, noen klager på gamle install filer for programmer som aldri har vært noe problem før, og noen sier det er alt mulig feil ... så nå trenger jeg litt hjelp. Win XP Pro SP2 med AVG 8 installert HJT logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:59:14 AM, on 6/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\WINDOWS\system32\sysregi.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehSched.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.genxad.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Windows UDP Control Center] ehSched.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\RunServices: [Nod32 Runtime] sysregi.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163476661265 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://genxad.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.kirkegaten12.com:8133/activex/AxisCamControl.cab O16 - DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} (SpdTCtl Class) - http://speedtest.adelphia.net/customerdiag...TESTACTIVEX.CAB O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://www.kirkegaten12.com:8137/activex/AMC.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7527 bytes Combofix: ComboFix 08-06-01.6 - Admin 2008-06-03 12:53:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.674 [GMT -7:00] Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\059573.exe C:\WINDOWS\203937.exe C:\WINDOWS\Downloaded Program Files\setup.inf . ((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))) . 2008-06-03 12:45 . 2008-06-03 12:53 417,792 --a------ C:\WINDOWS\39382.got 2008-06-02 22:06 . 2008-06-02 22:06 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-06-02 19:23 . 2008-06-03 12:45 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-02 19:23 . 2008-06-02 19:23 <DIR> d-------- C:\Program Files\AVG 2008-06-02 19:23 . 2008-06-02 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-02 19:23 . 2008-06-02 19:23 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-06-02 19:23 . 2008-06-02 19:23 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-06-02 18:33 . 2008-06-02 18:33 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2008-06-02 16:39 . 2008-06-02 16:39 <DIR> d-------- C:\Program Files\Scorpio Software 2008-06-02 16:39 . 2008-06-02 16:39 <DIR> d-------- C:\Program Files\Common Files\scosoft.com 2008-06-02 14:22 . 2008-06-02 14:22 <DIR> d-------- C:\Program Files\Google 2008-06-02 14:22 . 2008-06-02 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-02 14:16 . 2008-06-02 18:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-02 13:55 . 2008-06-02 13:55 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-06-02 12:34 . 2008-06-02 12:34 <DIR> d-------- C:\Documents and Settings\Genxad\Application Data\HouseCall 6.6 2008-06-02 12:33 . 2008-06-02 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-02 11:51 . 2008-06-02 11:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-06-02 07:42 . 2008-06-02 19:23 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-02 06:43 . 2008-06-02 06:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-02 06:42 . 2008-06-02 14:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-06-02 06:42 . 2008-06-02 14:28 <DIR> d-------- C:\Documents and Settings\Genxad\Application Data\SUPERAntiSpyware.com 2008-06-01 14:39 . 2008-06-02 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-01 11:53 . 2008-06-01 14:07 53,252 --a------ C:\WINDOWS\ehSched.exe 2008-05-26 14:06 . 2008-06-02 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-24 07:37 . 2008-05-24 07:37 <DIR> d-------- C:\Program Files\Windows Live 2008-05-24 07:37 . 2008-05-24 07:37 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-24 07:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-24 07:37 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-05-24 07:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-24 07:36 . 2008-05-24 07:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-04 21:47 . 2008-05-04 21:47 <DIR> d-------- C:\Program Files\Lexmark 4200 Series 2008-05-04 21:47 . 2004-01-13 18:12 286,720 --a------ C:\WINDOWS\system32\lxbmcomm.dll 2008-05-04 21:47 . 2004-01-16 04:41 73,728 --a------ C:\WINDOWS\system32\lxbmpwr.dll 2008-05-04 21:47 . 2004-01-11 21:17 69,632 --a------ C:\WINDOWS\system32\lxbmscin.dll 2008-05-04 21:47 . 2004-01-11 21:18 57,344 --a------ C:\WINDOWS\system32\lxbmcinf.dll 2008-05-04 21:47 . 2004-01-11 21:17 49,152 --a------ C:\WINDOWS\system32\lxbmcoin.dll 2008-05-04 21:47 . 2002-11-13 10:40 40,960 --a------ C:\WINDOWS\system32\lxbmvs.dll 2008-05-04 21:47 . 2003-06-13 06:53 187 --a------ C:\WINDOWS\system32\lxbmcoin.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-29 18:21 --------- d-----w C:\Documents and Settings\Admin\Application Data\dvdcss 2008-05-22 05:11 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent 2008-05-21 04:12 24,820 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys 2008-05-06 22:23 --------- d-----w C:\Documents and Settings\Admin\Application Data\GarageGames 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2007-06-13 10:23 174,592 --sha-r C:\WINDOWS\system32\sysregi.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 13:22 86016 C:\WINDOWS\system32\nvmctray.dll] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-03-29 12:12 290816] "Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 05:04 57344] "Nod32 Runtime"="sysregi.exe" [2007-06-13 03:23 174592 C:\WINDOWS\system32\sysregi.exe] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 19:23 1177368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Nod32 Runtime"="sysregi.exe" [2007-06-13 03:23 174592 C:\WINDOWS\system32\sysregi.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75] --a------ 2002-10-14 16:09 57344 C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\TVAnts\\Tvants.exe"= "C:\\Program Files\\ABC\\abc.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "I:\\File Library\\games\\Dynamix\\Tribes2\\GameData\\Tribes2.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Documents and Settings\\Genxad\\Application Data\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Documents and Settings\\Admin\\Application Data\\GarageGames\\IAPlayer\\products\\6000\\install\\cyclomite.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~”ü"= R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 12:39] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 19:23] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 19:23] R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 11:43] S3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 12:17] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-03 12:55:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-03 12:55:59 ComboFix-quarantined-files.txt 2008-06-03 19:55:49 Pre-Run: 8,699,215,872 bytes free Post-Run: 9,026,957,312 bytes free 134 --- E O F --- 2008-05-28 20:52:04 (PS: Combofix slettet noen merkelige .exe filer ) På forhånd takk hvis noen kan hjelpe Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\WINDOWS\39382.got C:\WINDOWS\ehSched.exe C:\WINDOWS\system32\sysregi.exe c:\a.bat Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nod32 Runtime"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Nod32 Runtime"=- Lenke til kommentar
CrazyD Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 Her er ny CF logg: ComboFix 08-06-04.7 - Admin 2008-06-05 11:31:52.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.602 [GMT -7:00] Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\a.bat C:\WINDOWS\39382.got C:\WINDOWS\ehSched.exe C:\WINDOWS\system32\sysregi.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\ehSched.exe C:\WINDOWS\system32\sysregi.exe . ((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))) . 2008-06-05 10:58 . 2008-06-05 10:58 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-05 09:38 . 2008-06-05 09:38 <DIR> d-------- C:\Program Files\Windows Defender 2008-06-02 22:06 . 2008-06-02 22:06 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-06-02 19:23 . 2008-06-05 09:39 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-02 19:23 . 2008-06-02 19:23 <DIR> d-------- C:\Program Files\AVG 2008-06-02 19:23 . 2008-06-02 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-02 19:23 . 2008-06-02 19:23 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-06-02 19:23 . 2008-06-02 19:23 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-06-02 18:33 . 2008-06-02 18:33 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2008-06-02 16:39 . 2008-06-02 16:39 <DIR> d-------- C:\Program Files\Scorpio Software 2008-06-02 16:39 . 2008-06-02 16:39 <DIR> d-------- C:\Program Files\Common Files\scosoft.com 2008-06-02 14:22 . 2008-06-02 14:22 <DIR> d-------- C:\Program Files\Google 2008-06-02 14:22 . 2008-06-04 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-02 14:16 . 2008-06-02 18:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-02 13:55 . 2008-06-02 13:55 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-06-02 12:34 . 2008-06-02 12:34 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\HouseCall 6.6 2008-06-02 12:33 . 2008-06-02 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-02 11:51 . 2008-06-02 11:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-06-02 07:42 . 2008-06-02 19:23 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-02 06:43 . 2008-06-02 06:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-02 06:42 . 2008-06-02 14:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-06-02 06:42 . 2008-06-02 14:28 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com 2008-06-01 14:39 . 2008-06-02 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-26 14:06 . 2008-06-02 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-24 07:37 . 2008-05-24 07:37 <DIR> d-------- C:\Program Files\Windows Live 2008-05-24 07:37 . 2008-05-24 07:37 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-24 07:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-24 07:37 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-05-24 07:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-24 07:36 . 2008-05-24 07:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-29 18:21 --------- d-----w C:\Documents and Settings\Admin\Application Data\dvdcss 2008-05-22 05:11 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent 2008-05-21 04:12 24,820 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys 2008-05-06 22:23 --------- d-----w C:\Documents and Settings\Admin\Application Data\GarageGames 2008-05-05 04:47 --------- d-----w C:\Program Files\Lexmark 4200 Series 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 13:22 86016 C:\WINDOWS\system32\nvmctray.dll] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-03-29 12:12 290816] "Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 05:04 57344] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 19:23 1177368] "Windows UDP Control Center"="ehSched.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75] --a------ 2002-10-14 16:09 57344 C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\TVAnts\\Tvants.exe"= "C:\\Program Files\\ABC\\abc.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "I:\\File Library\\games\\Dynamix\\Tribes2\\GameData\\Tribes2.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Documents and Settings\\Admin\\Application Data\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Documents and Settings\\Admin\\Application Data\\GarageGames\\IAPlayer\\products\\6000\\install\\cyclomite.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ"= R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 12:39] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 19:23] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 19:23] R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 11:43] S3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 12:17] *Newly Created Service* - WINDEFEND . Contents of the 'Scheduled Tasks' folder "2008-06-05 16:41:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 11:33:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-05 11:33:35 ComboFix-quarantined-files.txt 2008-06-05 18:33:31 ComboFix2.txt 2008-06-05 17:18:29 Pre-Run: 9,048,551,424 bytes free Post-Run: 9,085,648,896 bytes free 134 --- E O F --- 2008-05-28 20:52:04 Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Fint, Så en ny hjt-logg. Fortell også hvordan det går med msn-problemet. Lenke til kommentar
CrazyD Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:03:03 PM, on 6/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.admin.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Windows UDP Control Center] ehSched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163476661265 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://admin.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.kirkegaten12.com:8133/activex/AxisCamControl.cab O16 - DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} (SpdTCtl Class) - http://speedtest.adelphia.net/customerdiag...TESTACTIVEX.CAB O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://www.kirkegaten12.com:8137/activex/AMC.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7304 bytes Skal la PC-en stå på litt med MSN så får vi se.. Takk for hjelpen Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O4 - HKLM\..\Run: [Windows UDP Control Center] ehSched.exe Da skulle loggene se fine ut Lenke til kommentar
CrazyD Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 Ok Takk for hjelpen...nå får vi se om det dukker opp noe mer Var mest bekymret for de rare pop-up/feilmeldingene som kom når maskinen stod på over tid Ett åpent tomt DOS vindu en feilmld - "CPU has terminated MS-DOS 16 bit application xxxx" to feilmld -"Windows image viewer - this image could not be displayed" Alt dette dukket opp bak skjermspareren Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Med backdoors trojanere så er det ikke uvanlig at det kan skje 'merkelige' ting Du får bruke PC-en litt aktivt og se om alt fungerer slik det skal (uten merkelige vindu....) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå