King-Nothing Skrevet 17. august 2008 Del Skrevet 17. august 2008 (endret) Jeg har aldri vært plaget med hverken virus eller spyware, men nå har jeg fått et msn-virus som jeg ikke blir kvitt. Det sender ut denne teksten til folk: nsfw *************com/bjx?/Jessica+Alba Mod- advarsel: Ikke gå inn på denne linken, inneholder virus. Har kjørt følgende programmer uten hell: Ad-Aware AVG 8 Internet Security SAS Hijackthis MsnCleaner Logg fra Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:02:58, on 17.08.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Syncrosoft\POS\H2O\cledx.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\Explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\notepad.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\AVG\AVG8\avgui.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 6891 bytes SAS-Log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/17/2008 at 01:22 AM Application Version : 4.15.1000 Core Rules Database Version : 3538 Trace Rules Database Version: 1527 Scan type : Quick Scan Total Scan Time : 00:39:13 Memory items scanned : 574 Memory threats detected : 0 Registry items scanned : 435 Registry threats detected : 0 File items scanned : 19433 File threats detected : 0 Combofix-Log: ComboFix 08-08-16.01 - Dag 2008-08-17 11:43:25.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1044.18.1011 [GMT 2:00] Running from: C:\Users\Dag\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\msvcsv60.dll . ((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))) . 2008-08-17 01:18 . 2008-08-17 01:18 43 --a------ C:\Windows\System32\DelReboot 2008-08-17 01:17 . 2008-08-17 01:18 <DIR> d-------- C:\MSNCleaner 2008-08-17 00:41 . 2008-08-17 00:41 <DIR> d-------- C:\Users\Dag\AppData\Roaming\SUPERAntiSpyware.com 2008-08-17 00:41 . 2008-08-17 00:41 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-08-17 00:41 . 2008-08-17 00:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-08-17 00:39 . 2008-08-17 00:39 <DIR> d-------- C:\Program Files\CCleaner 2008-08-17 00:31 . 2008-08-17 00:31 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-16 20:34 . 2008-08-16 20:38 <DIR> d-------- C:\Windows\System32\drivers\Avg 2008-08-16 20:34 . 2008-08-16 20:41 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys 2008-08-16 20:34 . 2008-08-16 20:34 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys 2008-08-16 20:34 . 2008-08-16 20:41 12,936 --a------ C:\Windows\System32\drivers\avgrkx86.sys 2008-08-16 20:34 . 2008-08-16 20:41 10,520 --a------ C:\Windows\System32\avgrsstx.dll 2008-08-16 19:25 . 2008-08-17 11:35 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-08-16 19:25 . 2008-08-16 19:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-16 19:11 . 2008-08-16 19:11 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-16 14:34 . 2008-08-16 14:47 <DIR> d-------- C:\Users\Dag\AppData\Roaming\TeamViewer 2008-08-16 14:33 . 2008-08-16 14:33 <DIR> d-------- C:\Users\Dag\temp 2008-08-16 14:33 . 2008-08-16 14:34 <DIR> d-------- C:\Program Files\TeamViewer3 2008-08-16 14:32 . 2008-08-16 14:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-08-15 23:01 . 2008-04-17 02:35 171,136 -rahs---- C:\grldr 2008-08-15 20:51 . 2008-08-15 20:51 354,560 --a------ C:\Windows\System32\TuneUpDefragService.exe 2008-08-15 20:48 . 2008-04-04 14:51 28,416 --a------ C:\Windows\System32\uxtuneup.dll 2008-08-15 20:48 . 2008-04-04 14:51 16,640 --a------ C:\Windows\System32\authuitu.dll 2008-08-15 20:47 . 2008-08-15 20:47 <DIR> d-------- C:\Users\Dag\AppData\Roaming\TuneUp Software 2008-08-15 20:46 . 2008-08-15 20:46 <DIR> d-------- C:\ProgramData\TuneUp Software 2008-08-15 20:46 . 2008-08-15 20:52 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-08-15 20:45 . 2008-08-17 00:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-15 18:37 . 2008-08-15 18:37 <DIR> d-------- C:\Program Files\COMPANY_SHORT_NAME 2008-08-15 13:55 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-15 07:15 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-08-15 07:15 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll 2008-08-15 07:15 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll 2008-08-15 07:15 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-15 07:15 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll 2008-08-15 07:14 . 2008-08-15 07:14 <DIR> d-------- C:\Windows\Sun 2008-08-09 16:07 . 2008-08-09 16:07 <DIR> d-------- C:\Program Files\FriendBot 2008-08-09 13:42 . 2008-08-09 13:42 <DIR> d-------- C:\Program Files\FriendAdder Combo Pack 2008-08-09 12:41 . 2008-08-09 12:48 <DIR> d-------- C:\Program Files\FriendBlasterPro 2008-08-09 12:41 . 2005-07-15 12:49 245,760 --a------ C:\Windows\System32\aUpdateNow.ocx 2008-08-09 12:41 . 2000-07-15 00:00 101,888 --a------ C:\Windows\System32\VB6STKIT.DLL 2008-08-07 20:56 . 2008-08-07 20:56 <DIR> d-------- C:\Program Files\Toontrack 2008-08-06 08:57 . 2008-08-06 08:57 <DIR> d-------- C:\Program Files\PSP_AUDIOWARE 2008-08-06 08:57 . 2005-09-04 17:46 4,059,136 --a------ C:\Windows\System32\PSP MasterComp.dll 2008-08-06 08:57 . 2005-07-26 12:20 339,968 --a------ C:\Windows\System32\pspmcdx.dll 2008-08-02 11:18 . 2008-08-16 20:44 <DIR> d-------- C:\Users\Dag\AppData\Roaming\uTorrent 2008-08-02 11:18 . 2008-08-02 11:18 <DIR> d-------- C:\Program Files\uTorrent 2008-07-30 18:47 . 2008-07-30 21:39 <DIR> d-------- C:\Program Files\DC++ 2008-07-18 12:45 . 2008-07-18 12:45 <DIR> d-------- C:\Program Files\Google . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-16 18:34 --------- d-----w C:\ProgramData\avg8 2008-08-16 01:05 --------- d-----w C:\Program Files\Windows Mail 2008-08-15 16:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-15 11:56 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-09 14:52 --------- d-----w C:\Program Files\Steam 2008-08-09 06:40 --------- d-----w C:\Program Files\PokerStars 2008-08-05 10:44 27,649 ----a-w C:\Users\Dag\AppData\Roaming\nvModes.dat 2008-08-03 17:57 --------- d-----w C:\Program Files\Common Files\Steam 2008-08-02 09:17 --------- d-----w C:\Program Files\Azureus 2008-07-28 21:11 --------- d-----w C:\Users\Dag\AppData\Roaming\Azureus 2008-07-27 21:09 --------- d-----w C:\Program Files\Opera 2008-07-27 19:20 --------- d-----w C:\Program Files\Java 2008-07-12 12:24 --------- d-----w C:\Program Files\Bonjour 2008-07-11 17:04 --------- d-----w C:\Program Files\PKR 2008-07-11 11:40 --------- d-----w C:\Users\Dag\AppData\Roaming\Apple Computer 2008-07-11 08:35 --------- d-----w C:\Program Files\QuickTime 2008-07-10 07:35 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys 2008-07-07 19:34 --------- d-----w C:\ProgramData\Banner Maker Pro for Flash 2008-07-07 19:13 --------- d-----w C:\Program Files\Banner Maker Pro for Flash 2 2008-07-07 19:08 --------- d---a-w C:\ProgramData\TEMP 2008-07-07 18:52 --------- d-----w C:\Program Files\Antares Audio Technologies 2008-07-03 15:14 --------- d-----w C:\Program Files\Safari 2008-06-28 19:15 --------- d-----w C:\Users\Dag\AppData\Roaming\Waves Audio 2008-06-28 19:15 --------- d-----w C:\Program Files\Waves 2008-06-28 14:19 --------- d-----w C:\Program Files\Steinberg 2008-06-28 14:19 --------- d-----w C:\Program Files\IK Multimedia 2008-06-28 14:19 --------- d-----w C:\Program Files\Common Files\DigiDesign 2008-06-28 14:18 --------- d-----w C:\Users\Dag\AppData\Roaming\InstallShield 2008-06-28 13:52 --------- d-----w C:\Program Files\Alesis 2008-06-27 14:44 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-26 01:03 --------- d-----w C:\Program Files\Microsoft Games 2008-06-25 19:42 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-06-25 19:32 --------- d-----w C:\ProgramData\NVIDIA 2008-06-25 19:30 174 --sha-w C:\Program Files\desktop.ini 2008-06-25 19:22 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-25 19:22 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-25 19:22 --------- d-----w C:\Program Files\Windows Journal 2008-06-25 19:22 --------- d-----w C:\Program Files\Windows Collaboration 2008-06-25 19:22 --------- d-----w C:\Program Files\Windows Calendar 2008-06-25 19:21 --------- d-----w C:\Program Files\Windows Defender 2008-06-25 19:03 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-06-25 19:03 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-06-23 22:41 --------- d-----w C:\Program Files\AusLogics BoostSpeed 2008-06-23 22:23 --------- d-----w C:\Users\Dag\AppData\Roaming\UseNeXT 2008-06-23 22:23 --------- d-----w C:\Users\Dag\AppData\Roaming\IDMComp 2008-06-23 22:23 --------- d-----w C:\Program Files\Winamp 2008-06-23 22:23 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-06-21 20:46 --------- d-----w C:\ProgramData\Apple Computer 2008-06-21 20:46 --------- d-----w C:\Program Files\iTunes 2008-06-21 20:46 --------- d-----w C:\Program Files\iPod 2008-06-21 07:31 --------- d-----w C:\Program Files\Common Files\Apple 2008-06-15 09:31 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll 2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll 2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll 2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe 2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll 2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll 2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll 2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll 2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll 2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll 2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll 2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll 2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll 2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll 2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll 2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll 2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin 2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 11:45 215552] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 04:59 307200] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2002-06-19 10:49 73728] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-27 01:52 8530464] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-16 20:41 1235736] C:\Users\Dag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-05-04 18:17:10 3450608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKLM\~\startupfolder\C:^Users^Dag^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Users\Dag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\Windows\pss\Adobe Gamma.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-11-27 01:52 81920 C:\Windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] --a------ 2007-11-27 01:52 86016 C:\Windows\System32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-07-17 21:28 1271032 C:\Program Files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2803818403-3452385999-1421148871-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{3631DA8B-AE96-4949-B529-63455BB5F17C}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{F2D4AB7E-D368-4239-8C8E-D63466A51E0A}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{93CF76C6-A5E2-4684-A05A-57FB6178F026}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{1BE0D0D1-BE03-4C20-83E8-0F4DAEC8CF9F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{7EAA0A12-5B44-4F90-9BA3-42A4426D8CCD}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{66E3DB6A-13CC-42C3-96EC-73808A47CDAB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0FDBECBF-13FA-443B-9396-737C4B6A656D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{75708D85-62B2-4D6C-9BCC-D50AA76DF061}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{939BECA8-0188-441A-A492-D34E4DEF3137}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{BCF8BF6C-A4D8-444C-83A7-F5981952BCC2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{0B7DB5B3-84B8-46A4-ABD8-769DC94442EC}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{2C314A11-48A8-4CD4-B5F0-233EB9C1C396}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{41BCE4DD-540B-4B14-8A19-80A3D69570E0}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{DB2B8813-C708-444C-9FC8-0CCC66BA715A}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever ";TCP Query User{17D85314-EE89-408C-93A2-D2B2AA433C56}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{C56919EF-E290-43CF-9904-B8A4E1394726}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{75F78184-033B-4033-9965-A02BE2E6154A}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{5C0FDCAE-2ACF-4694-B7AA-7D9A43FD3452}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "{1D432EF1-B14E-4B2E-AB89-C2036318237D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{23E87528-6D24-4D06-B0B7-5FFC4B149766}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{A912763A-DC32-4D03-BECC-A58F372255F1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{44A21525-369C-47CC-873B-EB0345E06B9F}C:\\program files\\steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\[email protected]\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{1466BE09-1BFF-4AC0-AFA0-69D6448BF544}C:\\program files\\steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\[email protected]\counter-strike\hl.exe:Half-Life Launcher "{FFB424D1-88CA-4510-BE05-BC7EF9C24DE4}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{A5D2E67E-7297-4310-AF53-8084AD1591BF}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{97B63EC2-E73E-4AAC-A577-A61745D89159}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{A834E842-A81C-4BD9-AD80-FB5C71E50E4A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{D744BD91-41CC-479D-AFCB-85790198C736}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{F0CD8DEE-3042-47D9-A809-07194C50FE5B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{0FE4E561-D021-4F1D-AA29-8B54CB9F95CF}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++ "UDP Query User{7D261FD5-08C6-43E7-9F3D-A746CCE03DF2}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++ "{98B16FBA-B6C0-40BD-804A-F46DEB0DF1D3}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{046D9A32-C582-49C9-986F-73E9DF533466}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{5434FD9B-2901-4B74-B656-357246DA9EE0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{865680CB-78C0-4A2B-AEE9-0913B27353BC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{3194EE0B-F5A8-482C-82F6-37E3C02A9CF0}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{1D80F4D6-65A3-4F72-BA0B-AB3D97B2547B}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "{63B88181-CE66-43E5-B4F9-27D5A8367C2B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{2D0C98F1-4A16-433E-85BF-C718EAF6B2EF}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{3560BD1B-5BA5-427E-A25A-B35F781EF8B3}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{5DE7B907-4854-4FF8-9E6E-A7CAE4C9C9B2}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [2008-08-16 20:41] R0 Stealth;Stealth;C:\Windows\system32\DRIVERS\stealth.sys [2002-06-21 10:58] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-16 20:41] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-16 20:41] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42] R2 TeamViewer;TeamViewer 3;C:\Program Files\TeamViewer3\TeamViewer_Host.exe [2007-12-17 12:53] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 09:33] R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-08-16 20:34] R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51] S3 cmeu0wdm;CardMan 2020;C:\Windows\system32\DRIVERS\cmeu0wdm.sys [2005-05-23 09:30] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-02 11:33] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-15 20:51] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8759cdb1-19ef-11dd-a5b7-000df032a5cb}] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8759d77b-19ef-11dd-a5b7-000df032a5cb}] \shell\AutoRun\command - I:\autorun.exe *Newly Created Service* - AVGLDX86 *Newly Created Service* - AVGWFPX [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . Contents of the 'Scheduled Tasks' folder 2008-08-17 C:\Windows\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 09:59] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-nwiz - nwiz.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Dag\AppData\Roaming\Mozilla\Firefox\Profiles\g2rtyna9.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.hardware.no FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-17 11:51:09 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll -> 8:\Windows\system32\ieframe.dll -> 8:\Windows\system32\NSI.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\conime.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\AVG\AVG8\avgam.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgnsx.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\wbem\WMIADAP.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-08-17 12:00:07 - machine was rebooted [Dag] ComboFix-quarantined-files.txt 2008-08-17 09:59:48 Pre-Run: 55,506,997,248 byte ledig Post-Run: 55,410,790,400 byte ledig 315 --- E O F --- 2008-08-15 11:57:05 Endret 17. august 2008 av Zeph Lenke til kommentar
r2d290 Skrevet 17. august 2008 Del Skrevet 17. august 2008 (endret) PS: Til andre som leser denne tråden: ikke gå inn på linken ovenfor. Kan trådstarter redigere vekk denne linken? For å være helt sikker på at vi får vekk alt, vil jeg gjerne se en Combofix-logg: Last ned Combofix (av sUBs), og legg det på Skrivebordet. Kjør combofix.exe, og følg veiledningen. Du får et spørsmål om at "Roughly 1/100 machines failed to make it through the disinfection process!! Are you sure you want to do this??" - Svar Yes Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Post loggfilen fra Combofix (c:\combofix.txt) Post også en ny HijackThis-logg. Endret 17. august 2008 av r2d290 Lenke til kommentar
araziel Skrevet 17. august 2008 Del Skrevet 17. august 2008 Hum, vet ikke om det er dette da jeg ikke kommer inn på sida, men er jo et triksy msn-sak som går rundt der folk logger seg inn med msn-infoen for å "se bilder" eller lignende. Gjør du det får folka passordet/brukernavnet og logger seg på deg remotely senere og sender meldinger, eneste du kan gjøre da er å endre passord da det ikke er et virus per se. Lenke til kommentar
King-Nothing Skrevet 17. august 2008 Forfatter Del Skrevet 17. august 2008 Beklager for linken. Har lagt opp log fra Combofix og ny log fra Hijackthis nå. Lenke til kommentar
r2d290 Skrevet 17. august 2008 Del Skrevet 17. august 2008 Hum, vet ikke om det er dette da jeg ikke kommer inn på sida, men er jo et triksy msn-sak som går rundt der folk logger seg inn med msn-infoen for å "se bilder" eller lignende.Gjør du det får folka passordet/brukernavnet og logger seg på deg remotely senere og sender meldinger, eneste du kan gjøre da er å endre passord da det ikke er et virus per se. admin/mod har selvsagt endret på linken, så folk som ikke vet hva de driver med ikke skal gå inn på den. Jeg var inne på siden fra linux, der det så ut som du skulle se en film, men du måtte laste ned en codec for å se filmen. Lenke til kommentar
araziel Skrevet 17. august 2008 Del Skrevet 17. august 2008 Ah, beklager. Brukte rett link, men sitter på skolenett så tipper den er sperra der. Er det installeringsfjas er det nok virus ja, bare se bort fra min post tidligere. Lenke til kommentar
r2d290 Skrevet 17. august 2008 Del Skrevet 17. august 2008 Se der ja. Nå så loggene rene ut. Bruk MSN litt, og gi tilbakemelding på om MSN sender ut flere linker, og om maskinen ellers fungerer som den skal. Når du har blitt utsatt for et angrep som dette, bør du alltid bytte passord. Hvis du har hotmail, gjør du dette ved å trykke på "konto" nede til høyre i inboxen din, og trykker "Endre" ved siden av der det står "Passord". Online Poker room C:\Program Files\PKR Og Pokerstars Bruker du disse? Lenke til kommentar
King-Nothing Skrevet 17. august 2008 Forfatter Del Skrevet 17. august 2008 (endret) De bruker jeg ja. Skal si ifra om det skjer igjen. Takk for hjelpen! Endret 17. august 2008 av King-Nothing Lenke til kommentar
r2d290 Skrevet 17. august 2008 Del Skrevet 17. august 2008 Si ifra uansett om det skjer igjen eller ikke. Vi er nemlig ikke helt ferdig med alt som skal gjøres enda (combofix må fjernes etc.) Lenke til kommentar
King-Nothing Skrevet 21. august 2008 Forfatter Del Skrevet 21. august 2008 Det har ikke skjedd siden sist jeg skrev her. Har også byttet passord. Lenke til kommentar
r2d290 Skrevet 21. august 2008 Del Skrevet 21. august 2008 Fint å høre Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /u PS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Du kan avinstallere HijackThis: Start HijackThis, velg None of the above, just start the program. Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert. SAS bør du beholde. De andre antispywareprogrammene kan du gjerne fjerne hvis du vil. Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
King-Nothing Skrevet 21. august 2008 Forfatter Del Skrevet 21. august 2008 Slettet Combofix fra skrivebordet etter at jeg kjørte det og nå får jeg bare opp en feilmelding når jeg prøver å avinstallere. Lenke til kommentar
r2d290 Skrevet 22. august 2008 Del Skrevet 22. august 2008 Installér det på nytt, og så avinstallerer du det igjen. Lenke til kommentar
Duckhunter Skrevet 23. august 2008 Del Skrevet 23. august 2008 Bare av nysjerrighet, hvorfor må man avisntallere Cmbofix etter at man er ferdig med det? Har til dags dato ikke hatt msn-virus, og er glad for det... virker som noe ordentlig dritt!!! Lenke til kommentar
raWrz Skrevet 23. august 2008 Del Skrevet 23. august 2008 (endret) fordi mange virus "gjemmer" seg for det og hvis du bruker det en annen gang så finner ikke combofix viruset fordi det har gjemt seg for det (av ren tipping ) Endret 23. august 2008 av Submit Lenke til kommentar
Duckhunter Skrevet 23. august 2008 Del Skrevet 23. august 2008 Aha, god tipping Submit... En mulig forklaring ja Lenke til kommentar
norbat Skrevet 23. august 2008 Del Skrevet 23. august 2008 Combofix oppdateres ikke automatisk. Man må derfor laste ned nyeste versjon om det har gått noen dager før man skal bruke det igjen. Når man avinstallerer combofix vil man også få slettet karantenefiler etc. inkl. systemgjenopprettingspunkter slik at man ikke blir infisert ved en evt. gjenoppretting senere. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå