Crisz Skrevet 8. august 2008 Del Skrevet 8. august 2008 Hei! jeg har prøvd, og prøvd, og prøvd. en eg får det ikke til,jeg har fått et virus mednavn " C:\WINDOWS\system32\nnnnMEtR.dll " og det vil ikke bli fjernet:( jegbruker eset smart security, det fungerer såvidt greit da det blokkerer viruset hele tiden, men jeg får ikke fjernet viruset. den bruker masse prossesor kraft og ram på å prøve å blokke viruset, jeg bruker win xp media center edition 2005. håper noen kan helpe meg! Lenke til kommentar
norbat Skrevet 8. august 2008 Del Skrevet 8. august 2008 Punkt 1: Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster senere. Punkt 2: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) + loggen fra MBAM Lenke til kommentar
Crisz Skrevet 8. august 2008 Forfatter Del Skrevet 8. august 2008 tusen milliarder takk! nå er det fikset! her er loggen til malewarebytes: Malwarebytes' Anti-Malware 1.24 Database versjon: 1034 Windows 5.1.2600 Service Pack 3 23:24:16 08.08.2008 mbam-log-8-8-2008 (23-24-16).txt Skanntype: Rask Skann Objekter skannet: 44252 Tid tilbakelagt: 17 minute(s), 3 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 4 Registernøkler infisert: 14 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 10 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\siatdjtn.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\sfyigbcq.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\nnnnMEtR.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\zxegts.dll (Trojan.Vundo) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72143d14-82a4-4f3e-8d5d-5fc29375a257} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{72143d14-82a4-4f3e-8d5d-5fc29375a257} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{57a52e74-004c-464b-96cc-4dfe5366ea02} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57a52e74-004c-464b-96cc-4dfe5366ea02} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnnmetr (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run0caddf0 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm03f9ee6c (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{57a52e74-004c-464b-96cc-4dfe5366ea02} (Trojan.Vundo) -> Delete on reboot. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\zxegts.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\siatdjtn.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\ntjdtais.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sfyigbcq.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\nnnnMEtR.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\iqdebvra.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM03f9ee6c.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM03f9ee6c.txt (Trojan.Vundo) -> Quarantined and deleted successfully. og her er loggfilen til combofix: ComboFix 08-08-08.05 - Administrator 2008-08-08 23:58:06.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.211 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\gvepwv.dll C:\WINDOWS\system32\ijmpsBeg.ini C:\WINDOWS\system32\ijmpsBeg.ini2 C:\WINDOWS\system32\kwahhsyo.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mpfmhktp.ini C:\WINDOWS\system32\MSVolume.dll . ((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 ))))))))))))))))))))))))))))))) . 2008-09-26 09:24 . 2008-09-26 09:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0 2008-09-25 09:36 . 2008-09-25 09:59 <DIR> d-------- C:\Program Files\Driver Magician 2008-09-25 09:36 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll 2008-09-25 09:36 . 2005-01-12 11:19 456,536 --a------ C:\WINDOWS\system32\XCEEDZIP.DLL 2008-09-25 09:36 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx 2008-09-25 09:36 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\Comdlg32.ocx 2008-09-25 09:36 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\Msinet.ocx 2008-09-25 09:36 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin 2008-09-24 17:19 . 2008-09-24 17:19 <DIR> d-------- C:\Program Files\filehippo.com 2008-09-24 15:49 . 2008-09-30 12:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.purple 2008-09-24 15:29 . 2008-09-24 15:49 <DIR> d-------- C:\Program Files\Aspell 2008-09-24 15:15 . 2008-09-24 15:49 <DIR> d-------- C:\Program Files\Pidgin 2008-09-24 15:14 . 2008-09-24 15:14 <DIR> d-------- C:\Program Files\Common Files\GTK 2008-09-24 14:02 . 2008-09-24 14:06 301 --a------ C:\WINDOWS\wininit.ini 2008-09-23 19:14 . 2008-09-23 19:14 34 --a------ C:\WINDOWS\system32\oeminfo.ini 2008-09-23 18:50 . 2008-09-23 18:50 <DIR> d-------- C:\Program Files\Ashampoo 2008-09-23 18:42 . 2008-09-23 18:42 7,564 --a------ C:\WINDOWS\system32\vfuojiyd.dll 2008-09-23 18:41 . 2008-09-23 18:41 <DIR> d-------- C:\Program Files\Lavasoft 2008-09-23 18:39 . 2008-09-23 18:39 7,564 --a------ C:\WINDOWS\system32\mpaugeym.dll 2008-09-23 18:36 . 2008-09-23 18:36 7,564 --a------ C:\WINDOWS\system32\ptabdfdl.dll 2008-09-23 15:14 . 2008-09-23 15:14 7,564 --a------ C:\WINDOWS\system32\phfenffc.dll 2008-08-28 00:34 . 2008-09-23 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-28 00:32 . 2008-08-28 00:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-27 23:26 . 2008-09-24 17:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-27 23:26 . 2008-09-25 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-26 01:24 . 2008-08-26 01:24 <DIR> d-------- C:\WINDOWS\ie8updates 2008-08-25 12:22 . 2008-08-25 12:22 <DIR> d-------- C:\Program Files\TVersity 2008-08-08 23:00 . 2008-08-08 23:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-08-08 22:59 . 2008-08-08 23:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-08 22:59 . 2008-08-08 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-08 22:59 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-08 22:59 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-23 17:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire 2008-09-23 05:50 --------- d-----w C:\Program Files\Java 2008-08-27 21:52 --------- d-----w C:\Program Files\SoundSpectrum 2008-08-27 21:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SoundSpectrum 2008-08-26 13:33 --------- d-----w C:\Program Files\ESET 2008-08-08 21:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-06-22 11:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\fltk.org 2008-06-22 11:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GetRightToGo 2008-06-18 20:32 --------- d-----w C:\Program Files\Windows Desktop Search 2008-06-18 20:26 --------- d-----w C:\Program Files\Opera 9.5 beta 2008-06-18 18:32 --------- d-----w C:\Program Files\LimeWire 2008-06-15 22:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-06-14 16:16 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-12 21:24 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-06-12 21:17 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-06-12 21:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DAEMON Tools 2008-06-09 20:49 --------- d-----w C:\Program Files\Common Files\SRS Labs Shared 2008-06-09 20:48 --------- d-----w C:\Program Files\SRS Labs 2008-06-09 20:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Hardcoded Software 2008-06-09 20:17 --------- d-----w C:\Program Files\iTunes 2008-06-09 20:16 --------- d-----w C:\Program Files\iPod 2008-06-09 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-09 20:15 --------- d-----w C:\Program Files\QuickTime 2008-06-09 20:15 --------- d-----w C:\Program Files\Bonjour 2008-06-09 20:13 --------- d-----w C:\Program Files\Apple Software Update 2008-06-09 20:12 --------- d-----w C:\Program Files\Common Files\Apple 2008-06-09 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-06-09 14:05 --------- d-----w C:\Program Files\Foxit Software 2008-06-09 13:10 --------- d-----w C:\Program Files\ImTOO . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 14:42 15360] "filehippo.com"="C:\Program Files\filehippo.com\UpdateChecker.exe" [2008-07-03 19:08 137216] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 19:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 19:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 19:36 114688] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 21:13 1032192] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 23:13 176128] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 12:48 1392640] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 16:00 33648] "CAP3ON"="C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-08-21 17:00 22528] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 14:42 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2007-09-23 19:10 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= S3 AJWRAG;AJWRAG;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AJWRAG.exe [] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kd9brx4l.default\ FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-09 00:03:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\CAP3RSK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3SWK.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\igfxsrvc.exe . ************************************************************************** . Completion time: 2008-08-09 0:07:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-08 22:06:49 Pre-Run: 59,060,600,832 bytes free Post-Run: 59,039,842,304 byte ledig 178 --- E O F --- 2008-08-25 23:24:50 Lenke til kommentar
Kramstogen Skrevet 8. august 2008 Del Skrevet 8. august 2008 (endret) Jeg, som mange andre har også fått det "virusprogrammet" winXP 2008(husker ikke navnet i farta). Jeg gikk i sikkermodus og slettet mappen, så nå er det borte, men pcen går fortsatt seint, og jeg får ikke skiftet bakgrunn på skrivebordet. Har installert Spybot Search & Destroy for å se om det er noe rusk igjen i systemet, er dette et program som funker? Ser det står "OBS! Brukes på eget ansvar!" i tittellinjen, som ikke akkurat lover godt. Kjører et søk nå, og den finner i det minste spyware. Når jeg starter opp pcen får jeg en feilmelding om en fil som ikke finnes, mistenker at den har blitt slettet av winXO 2008 greia. Nå har skjerminnstillingsmenyen blitt slik(se vedlegg), det mangler to eller tre faner, sannsynligvis av den manglende filen. Fins det noen tips for dette? Jeg kan høyreklikke på et bilde og bruke "bruk som skrivebordsbakgrunn", men da får jeg ikke endret farge, størrelse osv. Endret 8. august 2008 av Kramstogen Lenke til kommentar
snippsat Skrevet 9. august 2008 Del Skrevet 9. august 2008 (endret) crisz. Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\system32\vfuojiyd.dll C:\WINDOWS\system32\mpaugeym.dll C:\WINDOWS\system32\ptabdfdl.dll C:\WINDOWS\system32\phfenffc.dll Driver:: S3 AJWRAG Kramstogen. Norbat post #2 Kjør det,lag en ny post med logger fra MBAM og combofix. Endret 9. august 2008 av SNIPPSAT Lenke til kommentar
Crisz Skrevet 9. august 2008 Forfatter Del Skrevet 9. august 2008 her er loggfilen til malwarebytes: Malwarebytes' Anti-Malware 1.24 Database versjon: 1034 Windows 5.1.2600 Service Pack 3 11:34:36 09.08.2008 mbam-log-8-9-2008 (11-34-36).txt Skanntype: Full Skann (C:\|) Objekter skannet: 80840 Tid tilbakelagt: 32 minute(s), 31 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 2 Filer infisert: 3 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Documents and Settings\Administrator\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully. Filer infisert: C:\System Volume Information\_restore{8B391B5E-FCF4-4F3E-A20C-E33AAD29B5DA}\RP68\A0012855.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{8B391B5E-FCF4-4F3E-A20C-E33AAD29B5DA}\RP70\A0015942.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\ErrorKiller\Log\2008 Aug 09 - 12_38_00 AM_736.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully. og her er loggfilen til combofix: ComboFix 08-08-08.07 - Administrator 2008-08-09 10:56:47.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.176 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\mpaugeym.dll C:\WINDOWS\system32\phfenffc.dll C:\WINDOWS\system32\ptabdfdl.dll C:\WINDOWS\system32\vfuojiyd.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mpaugeym.dll C:\WINDOWS\system32\phfenffc.dll C:\WINDOWS\system32\ptabdfdl.dll C:\WINDOWS\system32\vfuojiyd.dll . ((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 ))))))))))))))))))))))))))))))) . 2008-09-26 09:24 . 2008-09-26 09:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0 2008-09-25 09:36 . 2008-09-25 09:59 <DIR> d-------- C:\Program Files\Driver Magician 2008-09-25 09:36 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll 2008-09-25 09:36 . 2005-01-12 11:19 456,536 --a------ C:\WINDOWS\system32\XCEEDZIP.DLL 2008-09-25 09:36 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx 2008-09-25 09:36 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\Comdlg32.ocx 2008-09-25 09:36 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\Msinet.ocx 2008-09-25 09:36 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin 2008-09-24 17:19 . 2008-09-24 17:19 <DIR> d-------- C:\Program Files\filehippo.com 2008-09-24 15:49 . 2008-09-30 12:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.purple 2008-09-24 15:29 . 2008-09-24 15:49 <DIR> d-------- C:\Program Files\Aspell 2008-09-24 15:15 . 2008-08-09 00:43 <DIR> d-------- C:\Program Files\Pidgin 2008-09-24 15:14 . 2008-09-24 15:14 <DIR> d-------- C:\Program Files\Common Files\GTK 2008-09-24 14:02 . 2008-09-24 14:06 301 --a------ C:\WINDOWS\wininit.ini 2008-09-23 19:14 . 2008-09-23 19:14 34 --a------ C:\WINDOWS\system32\oeminfo.ini 2008-09-23 18:50 . 2008-09-23 18:50 <DIR> d-------- C:\Program Files\Ashampoo 2008-09-23 18:41 . 2008-09-23 18:41 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-28 00:34 . 2008-09-23 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-28 00:32 . 2008-08-28 00:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-27 23:26 . 2008-08-09 10:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-27 23:26 . 2008-08-09 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-26 01:24 . 2008-08-26 01:24 <DIR> d-------- C:\WINDOWS\ie8updates 2008-08-25 12:22 . 2008-08-25 12:22 <DIR> d-------- C:\Program Files\TVersity 2008-08-09 01:17 . 2008-08-09 01:17 209 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-08-09 01:10 . 2008-08-09 01:10 <DIR> d-------- C:\WINDOWS\LastGood 2008-08-09 00:51 . 2008-08-09 00:51 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-08-09 00:38 . 2008-08-09 00:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ErrorKiller 2008-08-09 00:24 . 2008-08-09 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CrystalIdea Software 2008-08-09 00:23 . 2008-08-09 00:23 <DIR> d-------- C:\Program Files\Uninstall Tool 2008-08-08 23:00 . 2008-08-08 23:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-08-08 22:59 . 2008-08-08 23:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-08 22:59 . 2008-08-08 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-08 22:59 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-08 22:59 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-23 17:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire 2008-09-23 05:50 --------- d-----w C:\Program Files\Java 2008-08-27 21:52 --------- d-----w C:\Program Files\SoundSpectrum 2008-08-27 21:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SoundSpectrum 2008-08-26 13:33 --------- d-----w C:\Program Files\ESET 2008-08-09 08:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-08-08 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-22 11:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\fltk.org 2008-06-22 11:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GetRightToGo 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-18 20:32 --------- d-----w C:\Program Files\Windows Desktop Search 2008-06-18 20:26 --------- d-----w C:\Program Files\Opera 9.5 beta 2008-06-18 18:32 --------- d-----w C:\Program Files\LimeWire 2008-06-15 22:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-06-14 16:16 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-12 21:17 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-06-12 21:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DAEMON Tools 2008-06-10 16:56 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys 2008-06-10 16:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys 2008-06-10 16:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys 2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-06-09 20:49 --------- d-----w C:\Program Files\Common Files\SRS Labs Shared 2008-06-09 20:48 --------- d-----w C:\Program Files\SRS Labs 2008-06-09 20:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Hardcoded Software 2008-06-09 20:17 --------- d-----w C:\Program Files\iTunes 2008-06-09 20:16 --------- d-----w C:\Program Files\iPod 2008-06-09 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-09 20:15 --------- d-----w C:\Program Files\QuickTime 2008-06-09 14:05 --------- d-----w C:\Program Files\Foxit Software 2008-06-09 13:10 --------- d-----w C:\Program Files\ImTOO 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-09_ 0.05.58.14 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe + 2008-05-09 10:45:15 512,000 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll + 2008-05-09 10:45:16 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll + 2008-05-09 10:45:16 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll + 2008-05-09 10:45:16 430,080 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll + 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe + 2008-05-09 10:45:17 90,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll + 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe + 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll - 2005-08-05 21:01:54 239,104 ----a-w C:\WINDOWS\Driver Cache\i386\psisdecd.dll + 2006-10-09 14:12:14 235,008 ----a-w C:\WINDOWS\Driver Cache\i386\psisdecd.dll - 2005-10-11 15:39:38 1,863,680 ----a-w C:\WINDOWS\ehome\ehcm.dll + 2006-10-09 14:16:00 1,863,680 ----a-w C:\WINDOWS\ehome\ehcm.dll - 2005-10-11 15:32:46 864,256 ----a-w C:\WINDOWS\ehome\ehepg.dll + 2006-10-09 14:07:44 868,352 ----a-w C:\WINDOWS\ehome\ehepg.dll - 2005-10-11 15:40:36 332,288 ----a-w C:\WINDOWS\ehome\ehglid.dll + 2006-10-09 14:17:04 328,704 ----a-w C:\WINDOWS\ehome\ehglid.dll - 2004-08-10 11:11:48 178,688 ----a-w C:\WINDOWS\ehome\ehkeyctl.dll + 2006-10-09 14:18:32 178,176 ----a-w C:\WINDOWS\ehome\ehkeyctl.dll - 2005-10-11 15:43:18 3,219,456 ----a-w C:\WINDOWS\ehome\ehshell.exe + 2006-10-09 14:19:14 3,223,552 ----a-w C:\WINDOWS\ehome\ehshell.exe - 2005-08-05 21:01:58 492,032 ----a-w C:\WINDOWS\ehome\ehui.dll + 2006-10-09 14:16:30 558,592 ----a-w C:\WINDOWS\ehome\ehui.dll - 2005-08-05 20:06:02 105,984 ----a-w C:\WINDOWS\ehome\mstvcapn.dll + 2006-10-09 14:12:52 107,008 ----a-w C:\WINDOWS\ehome\mstvcapn.dll + 2006-10-27 03:55:38 138,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL + 2006-10-27 22:16:36 46,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL + 2008-08-08 23:10:45 10,134 ----a-r C:\WINDOWS\Installer\{58E05C78-4785-443D-8A1B-CBFF49C2A84E}\callmsi.exe + 2008-08-08 23:10:45 140,544 ----a-r C:\WINDOWS\Installer\{58E05C78-4785-443D-8A1B-CBFF49C2A84E}\egui.exe - 2008-05-23 05:29:13 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-08-08 22:58:33 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2008-05-23 05:29:14 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2008-08-08 22:58:33 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2008-05-23 05:29:13 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-08-08 22:58:33 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-05-23 05:29:13 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-08-08 22:58:33 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-05-23 05:29:14 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-08-08 22:58:33 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-05-23 05:29:14 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-08-08 22:58:33 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-05-23 05:29:14 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2008-08-08 22:58:33 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-05-23 05:29:13 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-08-08 22:58:33 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-05-23 05:29:14 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-08-08 22:58:33 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2008-05-23 05:29:14 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-08-08 22:58:33 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-05-23 05:29:14 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-08-08 22:58:33 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-05-23 05:29:13 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2008-08-08 22:58:33 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2008-06-10 16:56:08 30,728 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\epfwndis.sys - 2008-04-14 12:42:16 139,264 ----a-w C:\WINDOWS\system32\cscript.exe + 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\system32\cscript.exe + 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys + 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe + 2008-06-20 17:46:57 147,968 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll - 2005-10-11 15:39:38 1,863,680 -c--a-w C:\WINDOWS\system32\dllcache\ehcm.dll + 2006-10-09 14:16:00 1,863,680 -c--a-w C:\WINDOWS\system32\dllcache\ehcm.dll - 2005-10-11 15:32:46 864,256 -c--a-w C:\WINDOWS\system32\dllcache\ehepg.dll + 2006-10-09 14:07:44 868,352 -c--a-w C:\WINDOWS\system32\dllcache\ehepg.dll - 2004-08-10 11:11:48 269,312 -c--a-w C:\WINDOWS\system32\dllcache\ehglid.dll + 2006-10-09 14:17:04 328,704 -c--a-w C:\WINDOWS\system32\dllcache\ehglid.dll - 2005-10-11 15:43:18 3,219,456 -c--a-w C:\WINDOWS\system32\dllcache\ehshell.exe + 2006-10-09 14:19:14 3,223,552 -c--a-w C:\WINDOWS\system32\dllcache\ehshell.exe - 2005-08-05 21:01:58 492,032 -c--a-w C:\WINDOWS\system32\dllcache\ehui.dll + 2006-10-09 14:16:30 558,592 -c--a-w C:\WINDOWS\system32\dllcache\ehui.dll - 2005-08-05 21:01:54 356,352 -c--a-w C:\WINDOWS\system32\dllcache\encdec.dll + 2006-10-09 14:12:44 456,192 -c--a-w C:\WINDOWS\system32\dllcache\encdec.dll - 2008-03-04 02:51:38 557,056 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll + 2008-05-09 10:53:39 512,000 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll - 2005-10-11 15:39:32 1,669,120 -c--a-w C:\WINDOWS\system32\dllcache\msvidctl.dll + 2006-10-09 14:15:52 1,669,632 -c--a-w C:\WINDOWS\system32\dllcache\msvidctl.dll + 2008-06-20 17:46:57 245,248 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll - 2005-08-05 21:01:54 239,104 -c--a-w C:\WINDOWS\system32\dllcache\psisdecd.dll + 2006-10-09 14:12:14 235,008 -c--a-w C:\WINDOWS\system32\dllcache\psisdecd.dll - 2005-08-05 21:01:54 282,112 -c--a-w C:\WINDOWS\system32\dllcache\sbe.dll + 2006-10-09 14:12:40 291,840 -c--a-w C:\WINDOWS\system32\dllcache\sbe.dll + 2008-05-09 10:53:39 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll + 2008-05-09 10:53:40 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll + 2008-06-20 11:51:12 361,600 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys + 2008-06-20 11:08:27 225,856 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys - 2008-03-04 03:01:22 434,176 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll + 2008-05-09 10:53:40 430,080 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll + 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe + 2008-05-09 10:53:40 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll - 2008-04-14 12:41:54 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2005-08-05 21:01:54 356,352 ----a-w C:\WINDOWS\system32\encdec.dll + 2006-10-09 14:12:44 456,192 ----a-w C:\WINDOWS\system32\encdec.dll - 2008-03-04 02:51:38 557,056 ----a-w C:\WINDOWS\system32\jscript.dll + 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\jscript.dll - 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe - 2005-08-05 21:01:54 239,104 ----a-w C:\WINDOWS\system32\psisdecd.dll + 2006-10-09 14:12:14 235,008 ----a-w C:\WINDOWS\system32\psisdecd.dll - 2008-04-14 12:42:42 155,648 ----a-w C:\WINDOWS\system32\wscript.exe + 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 14:42 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 19:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 19:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 19:36 114688] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 21:13 1032192] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 23:13 176128] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 12:48 1392640] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 14:42 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2007-09-23 19:10 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= S3 AJWRAG;AJWRAG;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AJWRAG.exe [] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [] *Newly Created Service* - CATCHME *Newly Created Service* - EKRN . Contents of the 'Scheduled Tasks' folder 2008-08-08 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job - C:\Program Files\ErrorKiller\ErrorKiller.exe [] 2008-08-08 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job - C:\Program Files\ErrorKiller [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-09 10:58:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-09 10:59:53 ComboFix-quarantined-files.txt 2008-08-09 08:59:47 ComboFix2.txt 2008-08-08 22:07:09 Pre-Run: 60,856,311,808 bytes free Post-Run: 60,852,023,296 byte ledig 276 --- E O F --- 2008-08-08 23:00:41 og som sagt, tusen tusen takk! du hjalp meg veldig!:D:D:D:D så er pcen rask igjen! før gikk den snegletregt. Lenke til kommentar
norbat Skrevet 9. august 2008 Del Skrevet 9. august 2008 Bruk utforsker til å finne og slett, hvis tilstede: C:\Documents and Settings\Administrator\Application Data\ErrorKiller C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job Det er muig du må slå på "vis skjulte filer og mapper" for å finne de (kontrollpanel->mappealternativer->vis->"vis skjulte filer og mapper" Lenke til kommentar
Kramstogen Skrevet 9. august 2008 Del Skrevet 9. august 2008 Her er ComboFix loggen jeg fikk opp, nå er skrivebordsproblemet løst! Tusen takk! ComboFix 08-08-08.07 - simon-olderskog.al 2008-08-09 12:41:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.555 [GMT 2:00] Running from: C:\Documents and Settings\simon-olderskog.al\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\simon-olderskog.al\Programdata\rhcc38j0e9cl C:\WINDOWS\system32\lphc938j0e9cl.exe C:\WINDOWS\system32\phc938j0e9cl.bmp . ((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 ))))))))))))))))))))))))))))))) . 2008-08-09 01:18 . 2008-08-09 01:18 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-08-09 01:18 . 2008-08-09 01:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-08-09 00:38 . 2008-08-09 00:38 94,208 --a------ C:\WINDOWS\system32\103F.tmp 2008-08-01 22:26 . 2008-08-01 22:26 <DIR> d-------- C:\Programfiler\Sun 2008-07-29 05:14 . 2008-08-05 01:44 <DIR> d-------- C:\Programfiler\mIRC 2008-07-29 05:14 . 2008-08-05 01:48 <DIR> d-------- C:\Documents and Settings\simon-olderskog.al\Programdata\mIRC 2008-07-28 11:37 . 2008-07-28 11:37 <DIR> d-------- C:\Documents and Settings\simon-olderskog.al\Programdata\vlc 2008-07-28 11:33 . 2008-07-28 11:33 <DIR> d-------- C:\Programfiler\VideoLAN 2008-07-22 17:17 . 2008-07-22 17:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-07-22 17:17 . 2008-07-24 06:03 137,472 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-22 17:17 . 2008-07-24 06:02 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-07-22 17:17 . 2008-07-22 17:17 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-07-14 16:59 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-07-14 16:59 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-07-13 18:35 . 2008-07-13 18:35 <DIR> d-------- C:\Programfiler\GameSpy Arcade 2008-07-13 14:13 . 1999-09-30 13:41 766 --------- C:\WINDOWS\attwns.ico 2008-07-13 14:09 . 2000-10-03 15:54 2,998 --a------ C:\WINDOWS\setup.ico 2008-07-13 14:07 . 2008-07-13 14:07 <DIR> d-------- C:\Programfiler\Sierra On-Line 2008-07-13 14:06 . 2008-07-13 14:06 <DIR> d-------- C:\Documents and Settings\simon-olderskog.al\WINDOWS 2008-07-13 14:06 . 1998-01-23 12:22 304,128 --a------ C:\WINDOWS\IsUninst.exe 2008-07-13 14:05 . 2008-07-13 14:09 635 --a------ C:\WINDOWS\Sierra.ini 2008-07-13 13:57 . 2008-07-13 13:57 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite 2008-07-13 13:51 . 2008-07-13 13:51 <DIR> d-------- C:\Documents and Settings\simon-olderskog.al\Programdata\DAEMON Tools 2008-07-13 13:51 . 2008-07-13 13:51 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-13 11:18 . 2008-07-13 11:18 <DIR> d-------- C:\Documents and Settings\simon-olderskog.al\Programdata\AdobeUM 2008-07-13 01:22 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-07-13 01:22 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-07-12 12:19 . 2008-07-12 12:19 <DIR> d-------- C:\Programfiler\uTorrent 2008-07-12 12:19 . 2008-07-13 13:48 <DIR> d-------- C:\Documents and Settings\simon-olderskog.al\Programdata\uTorrent 2008-07-12 05:43 . 2008-07-12 05:43 <DIR> d-------- C:\Programfiler\Yahoo! 2008-07-11 21:24 . 2008-07-11 21:24 268,435,456 --ahs---- C:\WinPEpge.sys 2008-07-11 20:26 . 2008-07-11 20:26 <DIR> d-------- C:\Documents and Settings\simon-olderskog.al\Programdata\Apple Computer 2008-07-11 20:25 . 2008-07-11 20:25 <DIR> d-------- C:\Programfiler\iTunes 2008-07-11 20:25 . 2008-07-11 20:25 <DIR> d-------- C:\Programfiler\iPod 2008-07-11 20:25 . 2008-07-11 20:25 <DIR> d-------- C:\Programfiler\Bonjour 2008-07-11 20:24 . 2008-07-11 20:24 <DIR> d-------- C:\Programfiler\QuickTime 2008-07-11 20:24 . 2008-07-11 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-07-11 20:23 . 2008-07-11 20:23 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-07-11 20:23 . 2008-07-11 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-07-11 20:23 . 2008-07-10 09:35 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-11 19:50 . 2008-08-09 02:08 <DIR> d-------- C:\Documents and Settings\simon-olderskog.al\Contacts 2008-07-11 19:50 . 2008-07-11 19:50 268 --ah----- C:\sqmdata00.sqm 2008-07-11 19:50 . 2008-07-11 19:50 244 --ah----- C:\sqmnoopt00.sqm 2008-07-11 19:33 . 2008-07-11 19:49 <DIR> d-------- C:\Programfiler\Windows Live 2008-07-11 19:33 . 2008-07-11 19:49 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-07-11 19:33 . 2008-07-11 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-07-11 14:20 . 2008-07-11 14:20 <DIR> d-------- C:\Programfiler\Opera 2008-07-11 12:43 . 2006-06-26 08:48 <DIR> d---s---- C:\Documents and Settings\simon-olderskog.al\UserData 2008-07-11 12:43 . 2008-07-12 12:19 <DIR> dr------- C:\Documents and Settings\simon-olderskog.al\Start-meny 2008-07-11 12:43 . 2006-06-23 17:07 <DIR> d--h----- C:\Documents and Settings\simon-olderskog.al\Skrivere 2008-07-11 12:43 . 2008-08-09 12:39 <DIR> d-------- C:\Documents and Settings\simon-olderskog.al\Skrivebord 2008-07-11 12:43 . 2008-08-09 03:53 <DIR> dr-h----- C:\Documents and Settings\simon-olderskog.al\Siste 2008-07-11 12:43 . 2006-06-26 08:22 <DIR> d-------- C:\Documents and Settings\simon-olderskog.al\Programdata\Intel 2008-07-11 12:43 . 2006-06-26 09:31 <DIR> d-------- C:\Documents and Settings\simon-olderskog.al\Programdata\CyberLink 2008-07-11 12:43 . 2008-08-09 12:44 <DIR> dr-h----- C:\Documents and Settings\simon-olderskog.al\Programdata 2008-07-11 12:43 . 2008-07-28 20:29 <DIR> dr------- C:\Documents and Settings\simon-olderskog.al\Mine dokumenter 2008-07-11 12:43 . 2006-06-23 15:13 <DIR> d--h----- C:\Documents and Settings\simon-olderskog.al\Maler 2008-07-11 12:43 . 2008-08-09 12:44 <DIR> d--h----- C:\Documents and Settings\simon-olderskog.al\Lokale innstillinger 2008-07-11 12:43 . 2008-07-11 12:43 <DIR> dr------- C:\Documents and Settings\simon-olderskog.al\Favoritter 2008-07-11 12:43 . 2006-08-11 09:10 <DIR> d--h----- C:\Documents and Settings\simon-olderskog.al\AndrMask 2008-07-11 12:43 . 2008-08-09 00:59 <DIR> d-------- C:\Documents and Settings\simon-olderskog.al . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-09 02:02 --------- d-----w C:\Programfiler\OCS Inventory Agent 2008-08-01 20:26 --------- d-----w C:\Programfiler\Java 2008-07-13 18:36 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-07-13 16:20 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-11 09:36 --------- d-----w C:\Programfiler\iFinger 2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-02-05 08:49 66 ----a-w C:\Documents and Settings\olevigadm\ocsinventory.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-07-08 18:22 486856] "Steam"="c:\documents and settings\simon-olderskog.al\mine dokumenter\my games\steam\steam.exe" [2008-07-14 18:56 1271032] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2005-10-07 14:13 176128] "IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "Norman ZANDA"="C:\NORMAN\bin\ZLH.EXE" [2005-05-25 13:11 135168] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "DVDLauncher"="C:\Programfiler\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 10:51 49152] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 15:35 397312 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2006-06-23 15:30:38 24576] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] iFinger.lnk - C:\Programfiler\iFinger\iFinger.exe [2007-09-18 14:47:44 2701824] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Opera\\opera.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Documents and Settings\\simon-olderskog.al\\Mine dokumenter\\My Games\\Soldat\\Soldat.exe"= "C:\\Documents and Settings\\simon-olderskog.al\\Mine dokumenter\\My Games\\Steam\\steamapps\\torbiz\\counter-strike\\hl.exe"= "C:\\Documents and Settings\\simon-olderskog.al\\Mine dokumenter\\My Games\\Counter-Strike 1.6\\hl.exe"= "C:\\Documents and Settings\\simon-olderskog.al\\Mine dokumenter\\My Games\\Wolfenstein - Enemy Territory\\ET.exe"= "C:\\Programfiler\\mIRC\\mirc.exe"= R2 ASFIPmon;Broadcom ASF IP Monitor;C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe [2005-10-18 17:11] R2 Ndiskio;Ndiskio;C:\NORMAN\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R2 OCS INVENTORY;OCS INVENTORY SERVICE;C:\Programfiler\OCS Inventory Agent\ocsservice.exe [2008-03-01 14:08] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56] R3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-07-10 09:35] S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\bin\nvcfsr.sys [2007-01-09 15:25] S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25] S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25] S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25] S3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\bin\nvcoas.exe [2007-12-12 12:45] S3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE [2007-05-23 14:23] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36388716-4f2c-11dd-a40d-806d6172696f}] \Shell\AutoRun\command - E:\openme.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKLM-Run-lphc938j0e9cl - C:\WINDOWS\system32\lphc938j0e9cl.exe HKLM-Run-SMrhcc38j0e9cl - C:\Programfiler\rhcc38j0e9cl\rhcc38j0e9cl.exe . ------- Supplementary Scan ------- . R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://itsl.ntvgs.no/ R1 -: HKCU-Internet Settings,ProxyOverride = <local> O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-09 12:44:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-09 12:45:34 ComboFix-quarantined-files.txt 2008-08-09 10:45:30 Pre-Run: 22,849,155,072 byte ledig Post-Run: 23,168,536,576 byte ledig 176 Lenke til kommentar
norbat Skrevet 9. august 2008 Del Skrevet 9. august 2008 Kramstogen: Bruk utforsker til å finne og slett følgende fil: C:\WINDOWS\system32\103F.tmp Ut over dette ser loggen din fin ut. Du bør fjerne combofix. Det gjør du ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Lenke til kommentar
Kramstogen Skrevet 9. august 2008 Del Skrevet 9. august 2008 Done and done! Tusen hjertelig takk for hjelpen! Lenke til kommentar
Crisz Skrevet 9. august 2008 Forfatter Del Skrevet 9. august 2008 Ja! tusen takk for hjelpen fra meg og Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå