-
Innlegg
424 -
Ble med
-
Besøkte siden sist
Innholdstype
Profiler
Forum
Hendelser
Blogger
Om forumet
Innlegg skrevet av Akrobaten
-
-
Ok
Jeg er dog ingen ekspert på det å reinstallere OS (det samme som å reformatere?). Aldri gjort dette før...
-
Okei
.txt eller .doc filer da? Er jo greit å få ned info om f.eks. hvilke programmer som er installert.
-
kanskje epost og kontakter evt. favoritter.
Så favoritter kan ikke være infiserte?
Til -smash- : Dette prøvde jeg tidligere (som jeg skrev i tråden) trolig er vel MBAM også infisert av viruset...
-
Hm, jeg skjønner... Litt kjip hele greia
Men jeg tror jeg tar og kopierer alle de nødvendige filene (bilder, dokumenter og musikk) over på en DVD eller CD, for SÅ å prøve verktøyet du linket til. Det er jo greit å ha en CD/DVD med viktige filer uansett om jeg får fjernet problemet. Er det noe annet viktig jeg burde få over på disker, som ikke blir installert når jeg reinstallerer Windows?
-
Så det er rett og slett bare å gi opp?
-
Får du kjørt malwarebytes nå (evt. om du endrer filnavn). Hvis, kjør en rask skann.
Får ikke kjørt malwarebytes. Jeg får derimot kjørt Dr.Web, men denne skanninga kommer jo til å ta flere timer . Finner temmelig mange filer der som er infiserte (Win32.Virut.56)... Dette lover vel ikke bra? Ser ut til at nesten hver eneste .exe fil på maskinen inneholder dette viruset
-
Sånn, da var ComboFix ferdig. Her er loggen
ComboFix 09-04-04.01 - Martin 2009-04-12 13:44:11.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2046.1733 [GMT 2:00]
Kjører fra: c:\documents and settings\Martin\Skrivebord\ComboFix.exe
AV: Norman Virus Control ver. 5.99 *On-access scanning enabled* (Updated)
FW: Norman Personal Firewall v. 1.4 *disabled*
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Martin\reader_s.exe
C:\install.exe
c:\windows\dhcp\svchost.exe
c:\windows\Install.txt
c:\windows\system32\afisicx.exe
c:\windows\system32\at1394.sys
c:\windows\system32\comsa32.sys
c:\windows\system32\fhpatch.dll
c:\windows\system32\fiplock.dll
c:\windows\system32\frmwrk32.exe
c:\windows\system32\Install.txt
c:\windows\system32\iphy.dll
c:\windows\system32\kernel32_check.dll
c:\windows\system32\mukmil.dll
c:\windows\system32\pmnljJaW.dll
c:\windows\system32\reader_s.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\tdctxte.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\w.exe
c:\windows\system32\IpSvchostF.dll . . . . kunne ikke slettes
----- BITS: Mulige infiserte sider -----
hxxp://codecs.sytes.net
.
((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_afisicx
-------\Legacy_AT1394
-------\Legacy_dhcpsrv
-------\Legacy_sopidkc
-------\Legacy_tdctxte
-------\Service_6to4
-------\Service_afisicx
-------\Service_at1394
-------\Service_dhcpsrv
-------\Service_sopidkc
-------\Service_tdctxte
((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-12 til 2009-04-12 )))))))))))))))))))))))))))))))))
.
2009-04-12 13:07 . 2009-04-12 13:07 <DIR> d-------- c:\windows\LastGood
2009-04-12 12:16 . 2009-04-12 12:19 <DIR> d-------- C:\knoboc
2009-04-11 20:42 . 2009-04-11 20:42 <DIR> d-------- c:\windows\ERUNT
2009-04-11 20:40 . 2009-04-12 11:51 <DIR> d-------- C:\SDFix
2009-04-11 20:30 . 2009-04-12 11:52 <DIR> dr-h----- c:\documents and settings\Martin\Siste
2009-04-11 17:12 . 2009-04-11 17:12 <DIR> d-------- c:\documents and settings\Martin\Programdata\pidle
2009-04-11 17:12 . 2009-04-11 17:12 <DIR> d-------- c:\documents and settings\Martin\Programdata\_3b7b6d2e6768485b115c4e5260a73461
2009-04-11 11:46 . 2009-04-11 11:46 44 --a------ c:\windows\system32\2.tmp
2009-04-11 11:46 . 2009-04-11 11:46 0 --a------ c:\windows\system32\4.tmp
2009-04-11 11:41 . 2009-04-11 11:41 2,560 --a------ c:\windows\system32\drivers\mchInjDrv.sys
2009-04-11 11:40 . 2009-04-12 13:48 0 --------- c:\windows\system32\IpSvchostF.dll
2009-04-11 01:34 . 2009-04-01 16:22 921,387 --a------ c:\documents and settings\Martin\Programdata\svchost.exe
2009-04-11 01:34 . 2009-04-11 01:34 32 --a------ c:\documents and settings\Martin\Programdata\__t.bin
2009-04-11 01:30 . 2009-04-11 01:30 143,904 --a------ c:\windows\system32\4cb3f66f1cf909d49157377d43771549.exe
2009-04-11 01:23 . 2009-04-12 12:16 <DIR> d-------- c:\windows\system32\3361
2009-04-11 01:23 . 2009-04-12 13:44 <DIR> d-------- c:\windows\dhcp
2009-04-11 01:23 . 2009-04-11 01:23 <DIR> d-------- C:\program Files
2009-04-11 01:23 . 2009-04-11 01:23 172,032 --a------ c:\windows\system32\tcpcon.dll
2009-04-11 01:23 . 2009-04-11 11:47 110,318 --a------ c:\windows\system32\drivers\c46a8ad0.sys
2009-04-11 01:23 . 2009-04-11 01:23 108,336 --a------ c:\windows\system32\MSWINSCK.OCX
2009-04-11 01:23 . 2009-04-11 01:23 61,440 --a------ c:\windows\system32\tcpd.exe
2009-04-11 01:23 . 2009-04-10 15:00 21,704 --a------ c:\windows\system32\kk.exe
2009-04-11 01:23 . 2009-04-11 01:23 20,992 --a------ c:\windows\system32\AUTMGR.EXE
2009-04-11 01:23 . 2009-04-11 01:23 10,240 --a------ c:\windows\system32\Packer.dll
2009-04-11 01:22 . 2009-04-11 01:22 46,592 --a------ C:\ijlbdn.exe
2009-04-11 01:22 . 2009-04-11 01:22 30,208 --a------ C:\yttbgn.exe
2009-04-11 01:22 . 2009-04-11 01:22 2 --a------ C:\344307038
2009-04-11 00:40 . 2009-04-11 17:13 <DIR> d-------- c:\programfiler\Alcohol Soft
2009-04-10 21:37 . 2009-04-10 21:37 <DIR> d-------- c:\windows\LastGood.Tmp
2009-04-10 16:36 . 2009-04-10 16:36 <DIR> d-------- c:\windows\Caps
2009-04-07 17:27 . 2009-04-07 17:27 <DIR> d-------- c:\windows\nview
2009-04-07 17:27 . 2009-03-27 10:03 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-04-07 17:27 . 2009-04-07 18:02 215,383 --a------ c:\windows\system32\nvapps.xml
2009-04-07 17:27 . 2009-03-27 10:03 19,054 --a------ c:\windows\system32\nvdisp.nvu
2009-04-07 17:26 . 2009-03-27 08:14 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-03-22 18:00 . 2009-04-11 01:12 <DIR> d-------- c:\documents and settings\Martin\Tracing
2009-03-22 17:56 . 2009-03-22 17:56 <DIR> d-------- c:\programfiler\Windows Live SkyDrive
2009-03-22 17:56 . 2009-03-22 17:56 <DIR> d-------- c:\programfiler\Microsoft
2009-03-22 17:52 . 2009-03-22 17:52 <DIR> d-------- c:\programfiler\Fellesfiler\Windows Live
2009-03-14 17:16 . 2009-03-14 18:46 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-03-14 17:16 . 2009-03-14 18:46 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-03-12 21:05 . 2009-03-12 21:05 <DIR> d-------- c:\programfiler\Auslogics
2009-03-12 16:15 . 2009-03-12 16:15 <DIR> d-------- c:\programfiler\iTunes
2009-03-12 16:15 . 2009-03-12 16:15 <DIR> d-------- c:\programfiler\iPod
2009-03-12 16:15 . 2009-03-12 16:15 <DIR> d-------- c:\documents and settings\All Users\Programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 16:13 . 2009-03-12 16:14 <DIR> d-------- c:\programfiler\QuickTime
2009-03-12 16:12 . 2009-03-06 00:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 10:43 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware
2009-04-11 15:12 --------- d-----w c:\documents and settings\Martin\Programdata\uTorrent
2009-04-11 15:09 --------- d-----w c:\programfiler\Messenger Plus! Live
2009-04-11 09:41 --------- d-----w c:\documents and settings\Martin\Programdata\OpenOffice.org2
2009-04-09 19:01 --------- d-----w c:\documents and settings\Martin\Programdata\Spotify
2009-04-09 19:00 --------- d-----w c:\programfiler\foobar2000
2009-04-07 15:28 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard
2009-04-07 15:27 --------- d-----w c:\programfiler\AGEIA Technologies
2009-04-06 13:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-28 17:41 --------- d-----w c:\programfiler\Steam
2009-03-27 08:03 6,280,416 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-03-22 15:57 --------- d-----w c:\programfiler\Windows Live
2009-03-21 13:00 --------- d-----w c:\programfiler\Download Manager
2009-03-21 13:00 --------- d-----w c:\documents and settings\Martin\Programdata\IGN_DLM
2009-03-16 17:11 --------- d-----w c:\programfiler\Java
2009-03-14 16:37 --------- d-----w c:\programfiler\Windows Media Connect 2
2009-03-12 14:15 --------- d-----w c:\programfiler\Fellesfiler\Apple
2009-03-12 14:14 --------- d-----w c:\programfiler\Bonjour
2009-03-11 18:00 --------- d-----w c:\programfiler\CCleaner
2009-03-10 11:32 --------- d-----w c:\programfiler\Emote
2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 20:11 --------- d--h--w c:\programfiler\InstallShield Installation Information
2009-02-26 20:36 --------- d-----w c:\programfiler\Rhiannon Demo C1
2009-02-26 18:16 --------- d-----w c:\documents and settings\Martin\Programdata\Inkscape
2009-02-24 20:54 --------- d-----w c:\programfiler\MP3MyMP3
2009-02-24 20:51 --------- d-----w c:\programfiler\Replay Music 3
2009-02-21 12:09 --------- d-----w c:\programfiler\Spotify
2009-02-12 20:46 53,472 ----a-w c:\documents and settings\Martin\Programdata\GDIPFONTCACHEV1.DAT
2008-11-13 18:54 22,328 ----a-w c:\documents and settings\Martin\Programdata\PnkBstrK.sys
2008-04-05 12:39 411,248 ----a-w c:\programfiler\FLV PlayerRCSetup.exe
2008-03-03 16:29 357,768 ----a-w c:\documents and settings\Martin\SymXPep2.dll
2008-05-22 10:34 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008052220080523\index.dat
.
------- Sigcheck -------
2004-08-04 14:00 33792 7809a384de83e6e7256e9f033e0e87e4 c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 18:23 33792 c3601fe2a7510e5ed99276a4063eddcf c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 18:23 33792 82bb2888626872654ec2d01c836b6052 c:\windows\system32\svchost.exe
2009-04-11 01:23 86016 6f78266e7ec82a1094acfd3ffbbe2414 c:\windows\system32\3361\SVCHOST.EXE
2008-04-14 18:22 1053184 2665ef77478c0356a94712aa5013d002 c:\windows\explorer.exe
2007-06-13 15:12 1052672 93f4a6da13cd7db98ec30a86636af9d3 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:24 1052672 5dc0a5e9bc389d8815e28c56e13f647f c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 18:22 1053184 0aa1abf15b05a9e908567d886ab5bd5c c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-04 14:00 128000 fe9f47e493d5a9dd515520f9c010ce84 c:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 18:23 128000 d6cc00e1830b0e9c33f0e848b79096a7 c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 18:23 128000 6c375c89dcc11c51bc8e78a5d1dde7d9 c:\windows\system32\services.exe
2004-08-04 14:00 34816 7c505bad347cce38734deedc94a65903 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 18:22 34816 3c22972b861428d357ad1540b0c1151d c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 18:22 34816 8a7eb929a27d19f9dbbe0d2a78733b42 c:\windows\system32\ctfmon.exe
2005-06-11 02:17 77312 6993e18da4610ff88e2c0642a4ea85b2 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:53 77312 97b33b279be90897d62cf16ce25d01f8 c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-14 18:23 77312 1022f9f2799e5e0c914cd5f35595744d c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 18:23 77312 af56c8f22fa4d294f5fcc1a766bc2e95 c:\windows\system32\spoolsv.exe
2004-08-04 14:00 44032 34c8296f5c7320670ede66e845ac94c0 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 18:23 45568 d14af883fabe2d4a2e1dac99f1f1cb5a c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 18:23 45568 2cdb802457960646c23eafb21c1aa7fb c:\windows\system32\userinit.exe
2008-04-14 18:23 45568 abf69dcc2ad3cc90e8543071a8231428 c:\windows\system32\dllcache\userinit.exe
2006-07-05 12:58 986112 084211c19f21fbf01181bb546ee360a2 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
2007-04-16 18:11 987136 fd6d59e9457019f2c28ea68292ebb6e4 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2007-04-16 17:54 985600 5eed88700755d8e9b07b8abd21f4c3e3 c:\windows\$NtServicePackUninstall$\kernel32.dll
2008-04-14 18:22 990720 a865544d4bf02c7641bb388899557137 c:\windows\ServicePackFiles\i386\kernel32.dll
2009-04-11 01:23 990720 aec857fa614e07d459b7b182c1461942 c:\windows\system32\kernel32.dll
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 102400]
"igndlm.exe"="c:\programfiler\Download Manager\dlm.exe" [2009-02-24 1103216]
"Google Update"="c:\documents and settings\Martin\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-12-20 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayServer"="c:\programfiler\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 106496]
"NeroFilterCheck"="c:\programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 176128]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 61276]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1974272]
"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 69632]
"AWU"="c:\programfiler\Jensen AirLink\AWU.exe" [2005-08-09 327680]
"Norman ZANDA"="c:\norman\Npm\bin\ZLH.EXE" [2008-06-02 294000]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-01-05 434176]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 189440]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2009-03-27 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ati2sgav"="c:\windows\system32\ati2sgav.exe" [2008-09-25 239683]
c:\documents and settings\Martin\Start-meny\Programmer\Oppstart\
FIFA 09 Registration.lnk - c:\programfiler\EA Sports\FIFA 09\Support\EAregister.exe [2008-08-13 4388864]
OpenOffice.org 2.4.lnk - c:\programfiler\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 413696]
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2009-01-20 809488]
Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
NCProTray.lnk - c:\programfiler\SEC\Natural Color Pro\NCProTray.exe [2007-05-29 69700]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcbbaffba]
2003-08-23 06:10 280079 c:\windows\system32\fcbbaffba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 17:41 72208 c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aavgapi.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aawdrivertool.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aawservice.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aawtray.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aawwsc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\acthosp.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ad-aware.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ad-awareadmin.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ad-awarecommand.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\advxdwin.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentw.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alogserv.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon9x.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ants.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashbug.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashchest.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashcnsnt.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashdisp.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashlogv.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashmaisv.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashpopwz.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashquick.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashserv.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashsimp2.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashsimpl.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashskpcc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashskpck.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashupd.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashwebsv.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswchlic.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswlsvc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswmem64.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswregsvr.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswrundll.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswupdsv.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atcon.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atupdater.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atwatch.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autostart manager.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autotrace.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avciman.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcfgex.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcmgr.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgfrw.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgiproxy.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgnsx.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrsx.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgscanx.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv9.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgsrmax.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgtray.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgupd.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avupgsvc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwinnt.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwsc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitor9x.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitornt.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxquar.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxw.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blindman.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bootsafe.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccpxysvc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cdp.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfgwiz.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmgrdian.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\connectionmonitor.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpd.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpdclnt.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctrl.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctxcleanup.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dds.scr.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defalert.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defscangui.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defwatch.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\devcon.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\doors.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drvins32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ecls.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ecmd.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\eeclnt.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\efpeadm.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ehttpsrv.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\etrustcipe.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\evpn.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\expert.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fact.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fameh32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fch32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fih32fih32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fixcfg.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fnrb32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsaa.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsm32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsma32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsmb32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbmenu.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbpoll.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\generics.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guarddog.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gwfeed.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hostfileeditor.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iamstats.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\inicio.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\isrv95.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldnetmon.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldpromenu.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldscan.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdown.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luspt.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mainstub.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mbam-dor.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mbam-setup.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mbam.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mbamgui.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mbamservice.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mbklaunch.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcenui.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinst.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinsupd.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmnhdlr.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmscsvc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcods.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcsacore.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcshell.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mctool.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdate.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsrte.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgavrtcl.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgavrte.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\minilog.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\monitor.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfagent.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfalert.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfservice.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msksrver.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mwatch.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\neowatchlog.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netcfg.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nprotect.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntvdm.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntxconfig.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nui.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwnt.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwservice.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwtool16.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\panicsh.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavbckpt.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavfnsvr.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavjobs.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavprsrv.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavscrip.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcciomon.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccntmon.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccwin97.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfinder.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\platasks.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppfw.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\processwatch.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psclean.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pshost.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psksvc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psrol.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runsas.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sasinsst.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scanstub.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sdfiles.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sdisk32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sdmain.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sdshred.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sfctlcom.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sffnwsc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sosliveprotect.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\soslocalbackup.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sosonlinebackupservice.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sosuploadagent.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spybotsd.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spysweeper.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spysweeperui.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srvload.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sstorage.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssu.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssupdate.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\superantispyware.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\suppstub.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sysinspector.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sysrescue.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\teatimer.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\threatwork.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tisscan.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tisspwiz.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tistool.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmarsvc.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmas_au.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmas_oe.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmas_oeimp.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmas_oemon.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmbmsrv.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmpfw.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmproxy.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tpsrv.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tscfaubroker.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tscfcmdrlauncher.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tscfcommander.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tscfplatformcomsvr.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ufifavim.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ufnavi.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ufseagnt.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ufupdui.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\upgrader.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\visthaux.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\visthlic.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\visthupd.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmain.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\washengine.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\watchdog.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webproxy.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webtrap.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wgfe95.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wimmun32.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wizhosp.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wradmin.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wrconsumerservice.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wrctrl.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wrutil.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsctool.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\*ctfmon32]
--a------ 2009-04-01 16:22 921387 c:\documents and settings\Martin\Programdata\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 18:22 34816 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2009-03-27 10:03 13684736 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2009-03-27 10:03 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost.exe]
--a------ 2009-04-11 01:23 86016 c:\windows\system32\3361\SVCHOST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"tdctxte"=2 (0x2)
"sopidkc"=2 (0x2)
"afisicx"=2 (0x2)
"eLoggerSvc6"=2 (0x2)
"Norman ZANDA"=2 (0x2)
"nvcoas"=3 (0x3)
"NVCScheduler"=3 (0x3)
"Norman Type-R"=2 (0x2)
"nsesvc"=3 (0x3)
"Norman NJeeves"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Electronic Arts\\Kampen om Midgard II\\game.dat"=
"c:\\Programfiler\\Electronic Arts\\Heksekongen\\game.dat"=
"c:\\Programfiler\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programfiler\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Programfiler\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programfiler\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programfiler\\Autodesk\\Backburner\\server.exe"=
"c:\\Programfiler\\Crazybump Beta Test\\CrazyBump.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=
"c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Programfiler\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Programfiler\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
"c:\\WINDOWS\\system32\\3361\\svchost.exe"=
S0 NDIS_RD;Firewall Engine Type-R2; [x]
S0 sfstx;sfstx;c:\windows\system32\drivers\wuno.sys --> c:\windows\system32\drivers\wuno.sys [?]
S1 c46a8ad0;c46a8ad0;c:\windows\system32\drivers\c46a8ad0.sys [2009-04-11 110318]
S1 TDI_RD;Firewall Engine Type-R;\??\c:\windows\system32\drivers\tdi_rd.sys --> c:\windows\system32\drivers\tdi_rd.sys [?]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-01-20 10384]
S2 Ndiskio;Ndiskio;c:\norman\Nse\Bin\Ndiskio.sys [2008-06-03 20448]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
S3 mbamswissarmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-09-30 38496]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2008-06-03 19512]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-12-18 36864]
S4 nsesvc;Norman Scanner Engine Service;c:\norman\Nse\Bin\Nsesvc.exe [2009-04-10 203832]
S4 nvcoas;Norman Virus Control on-access component;c:\norman\NVC\Bin\Nvcoas.exe [2009-04-10 203832]
S4 NVCScheduler;Norman Virus Control Scheduler;c:\norman\NVC\Bin\Nvcsched.exe [2008-06-03 166968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-11-13 c:\windows\Tasks\Crysis Wars® Updates.job
- c:\windows\Installer\Crysis Wars® Updates for All Users.lnk [2008-11-13 20:54]
2009-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3176759873-1977204866-1923448002-1006.job
- c:\documents and settings\Martin\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-12-20 15:22]
2009-04-10 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 18:04]
2009-04-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 18:04]
.
- - - - TOMME PEKERE FJERNET - - - -
BHO-{2315EED1-377B-4937-BF84-D96F8129CA89} - (no file)
HKU-Default-Run-reader_s - c:\documents and settings\Martin\reader_s.exe
MSConfigStartUp-reader_s - c:\windows\System32\reader_s.exe
MSConfigStartUp-Framework Windows - frmwrk32.exe
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.online.no/
uInternet Connection Wizard,ShellNext = hxxp://www.logitech.com/index.cfm?page=downloads/finder&CRID=270&countryid=19&languageid=1
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Read with DeskBot
DPF: DirectEdit - hxxps://www.itslearning.com//file/DirectEdit.CAB
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 13:49:15
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
[HKEY_USERS\S-1-5-21-3176759873-1977204866-1923448002-1006\Software\SecuROM\License information*]
"datasecu"=hex:c7,86,83,11,55,ef,ad,00,7d,27,24,f4,5c,ce,b0,33,17,bc,e4,21,04,
95,3f,8c,3c,4e,7e,34,de,ed,71,64,bf,37,d7,0b,28,a3,39,8b,9b,42,0e,92,91,aa,\
"rkeysecu"=hex:e8,10,6e,45,9b,f5,01,02,44,9b,71,d0,bf,bb,9d,e2
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c6,f7,9e,ac,5c,a5,75,7e,9c,c0,a2,1f,36,4f,62,0f,dc,c8,57,9f,08,
b5,b8,b0,73,94,a6,7b,a5,91,00,2a,ca,f3,da,b9,08,02,ee,fc,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):04,5b,b9,aa,56,e0,f5,10,28,a7,57,9d,2e,a7,a6,58,d1,17,32,d4,88,
d2,75,b1,a1,25,2c,b8,25,46,0d,05,f9,9c,be,98,a0,e0,c2,66,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a3c28736-fefe-4ea9-90ff-22b18e655e1e}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006c
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{cfe39b15-758d-44b3-840a-6b64467b742d}]
@Denied: (Full) (Everyone)
"Model"=dword:00000095
"Therad"=dword:0000000f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'winlogon.exe'(252)
c:\windows\system32\tcpcon.dll
c:\windows\system32\fcbbaffba.dll
c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll
c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll
c:\programfiler\Bonjour\mdnsNSP.dll
.
Tidspunkt ferdig: 2009-04-12 13:54:28 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2009-04-12 11:54:25
ComboFix2.txt 2008-09-30 09:15:36
Pre-Run: 276 670 947 328 byte ledig
Post-Run: 276,826,685,440 byte ledig
860 --- E O F --- 2009-03-14 17:05:22
-
Ser ut til at jeg ikke har "WINDOWS RECOVERY CONSOLE" installert. Det kreves en internettilgang for å installere dette, og det har jo ikke jeg nå i sikkermodus...
-
Argh, jeg får ikke kjørt combofix riktig fordi jeg får beskjed om at Norman Virus Control kjører... Hvordan skal jeg få stoppet Norman når jeg ikke kommer meg inn på programmet gjennom oppgavelinjen eller start-menyen...
-
Oi, nå skjedde det noe her. Endret navnet på Combofixe.exe på skrivebordet til "knoboc.exe" (tilfeldig navn). Nå vil programmet kjøre! Får beskjeden "Combofix has expired. Click Yes to run in REDUCED FUNCTIONALITY mode. Click No to exit"
EDIT: programmet ble borte da jeg trykket No, så jeg flyttet det til skrivebordet igjen. Nå kan jeg kjøre det, MED det originale navnet!
-
Neida... Malwarebytes og Combofix virker ikke nå heller. Kan det ha noe med at det var en ting jeg ikke fikk fjernet fra Tjenester?
-
Ok, prøv følgende:
Fra Start->Kjør, skriv: msconfig
Gå til fanearket Tjenester og fjern merket framfor følgende tjenester:
sopidkc
tdctxte
at1394.sys
afisicx.exe
Gå til fanearket Oppstart og fjern merket framfor oppstartselementene:
svchost.exe
*ctfmon32
reader_s
Framework Windows
Restart pc'n og prøv combofix og malwarebytes en gang til.
Skal jeg restarte i sikker modus eller vanlig?
Finner forresten ikke at1394.sys på fanearket tjenester :/
-
Når jeg kjører SDFix, og velger "Y" (å kjøre programmet, i motsetning til bare en diagnose), skjer det ingen ting. Alt på skjermen forsvinner, bortsett fra Sikkermodus-ikonene i hvert hjørne av skjermen, teksten øverst på skjermen og musepekeren... Virker ikke som om programmet fungerer for meg :S
-
Så selv i sikker modus får du ikke kjørt verken Combofix eller Malwarebytes?
Prøv da følgende:
Last ned SDFix.exe.
Pakk ut programmet.
Restart i sikker modus (tapp f8 under oppstart)
Kjør RunThis.bat i SDfix-mappa.
Det lages en rapport (Report.txt) som du poster.
Combofix og Malwarebytes funker ikke i sikker modus, nei. Og i vanlig modus får jeg ikke startet PCen ordentlig. Nettet fungerer heller ikke.
Programmet er nå brent over på en CD; skal få kjørt det på den infiserte PCen straks
-
Start pc'n i sikker modus og se om du får kjørt Combofix og Malwarebytes derfra.
Det er det jeg prøver... Jeg kommer jo ikke inn på PCen ordentlig når jeg starter den normalt.
-
Ja de er en god del grums der.
Kan du prøve og få over combofix og kjørt den.
Har fått over combofix, men det skjer ingen verdens ting når jeg dobbeltklikker på den
-
Sånn, da har jeg fått kjørt den fila på den infiserte PCen. Her er DDS loggen
DDS (Ver_09-03-16.01) - NTFSx86 NETWORK Run by Martin at 17:59:09,65 on 11.04.2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2046.1721 [GMT 2:00] AV: Norman Virus Control ver. 5.99 *On-access scanning enabled* (Updated) FW: Norman Personal Firewall v. 1.4 *disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Martin\Skrivebord\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.online.no/ uInternet Connection Wizard,ShellNext = hxxp://www.logitech.com/index.cfm?page=downloads/finder&CRID=270&countryid=19&languageid=1 uInternet Settings,ProxyOverride = *.local BHO: - No File BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\programfiler\hp\smart web printing\hpswp_framework.dll BHO: MMklkl: {1428a472-5260-404e-9977-7ecdf1daf936} - c:\windows\system32\mukmil.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {2315EED1-377B-4937-BF84-D96F8129CA89} - No File BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\pmnljJaW.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programfiler\java\jre6\bin\ssv.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\programfiler\moyea\flv downloader\MoyeaCth.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [NVIDIA nTune] "c:\programfiler\nvidia corporation\ntune\nTuneCmd.exe" clear uRun: [igndlm.exe] c:\programfiler\download manager\dlm.exe /windowsstart /startifwork uRun: [Google Update] "c:\documents and settings\martin\lokale innstillinger\programdata\google\update\GoogleUpdate.exe" /c mRun: [TrayServer] c:\programfiler\magix\movie_edit_pro_12_e-version\TrayServer.exe mRun: [NeroFilterCheck] c:\programfiler\fellesfiler\ahead\lib\NeroCheck.exe mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe mRun: [JMB36X Configure] "c:\windows\system32\JMRaidSetup.exe" boot mRun: [HP Software Update] "c:\programfiler\hp\hp software update\HPWuSchd2.exe" mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTHelper] CTHELPER.EXE mRun: [AWU] "c:\programfiler\jensen airlink\AWU.exe" -nogui mRun: [Norman ZANDA] "c:\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH mRun: [Adobe Reader Speed Launcher] "c:\programfiler\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [QuickTime Task] "c:\programfiler\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\programfiler\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\programfiler\java\jre6\bin\jusched.exe" mRun: [nwiz] nwiz.exe /install mRun: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe" mRun: [*ctfmon32] "c:\documents and settings\martin\programdata\svchost.exe" mRun: [reader_s] c:\windows\system32\reader_s.exe mRun: [Framework Windows] frmwrk32.exe mRunOnce: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe" mRunOnce: [MessengerPlusLiveUninstall] "c:\docume~1\martin\lokale~1\temp\MsgPlusUninstall.exe" /Cleanup dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [reader_s] c:\documents and settings\martin\reader_s.exe mExplorerRun: [ati2sgav] "c:\windows\system32\ati2sgav.exe" StartupFolder: c:\docume~1\martin\start-~1\progra~1\oppstart\fifa09~1.lnk - c:\programfiler\ea sports\fifa 09\support\EAregister.exe StartupFolder: c:\docume~1\martin\start-~1\progra~1\oppstart\openof~1.lnk - c:\programfiler\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\hpdigi~1.lnk - c:\programfiler\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\logite~1.lnk - c:\programfiler\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\micros~1.lnk - c:\programfiler\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\ncprot~1.lnk - c:\programfiler\sec\natural color pro\NCProTray.exe StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\nkvmon~1.lnk - c:\programfiler\nikon\nkview5\NkvMon.exe IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Read with DeskBot IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\programfiler\hp\smart web printing\hpswp_extensions.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\programfiler\hp\smart web printing\hpswp_extensions.dll DPF: DirectEdit - hxxps://www.itslearning.com//file/DirectEdit.CAB DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Notify: fcbbaffba - c:\windows\system32\fcbbaffba.dll Notify: LBTWlgn - c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll Notify: pmnljJaW - pmnljJaW.dll AppInit_DLLs: rveupg.dll hewmvo.dll jbmulk.dll,c:\progra~1\thunmail\testabd.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\pmnljJaW.dll ============= SERVICES / DRIVERS =============== S0 NDIS_RD;Firewall Engine Type-R2; [x] S0 sfstx;sfstx;c:\windows\system32\drivers\wuno.sys --> c:\windows\system32\drivers\wuno.sys [?] S1 c46a8ad0;c46a8ad0;c:\windows\system32\drivers\c46a8ad0.sys [2009-4-11 110318] S1 TDI_RD;Firewall Engine Type-R;\??\c:\windows\system32\drivers\tdi_rd.sys --> c:\windows\system32\drivers\tdi_rd.sys [?] S2 afisicx;afisicx Service;c:\windows\system32\afisicx.exe [2004-8-4 194048] S2 dhcpsrv;Dhcp server;c:\windows\dhcp\svchost.exe [2009-4-11 254464] S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-1-20 10384] S2 Ndiskio;Ndiskio;c:\norman\nse\bin\Ndiskio.sys [2008-6-3 20448] S2 Norman ZANDA;Norman ZANDA;c:\norman\npm\bin\Zanda.exe [2008-6-4 429176] S2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2004-8-4 193536] S2 tdctxte;tdctxte Service;c:\windows\system32\tdctxte.exe [2004-8-4 193024] S3 at1394;at1394;c:\windows\system32\at1394.sys [2004-8-4 2304] S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\programfiler\fellesfiler\symantec shared\eengine\eraserutildrv10741.sys --> c:\programfiler\fellesfiler\symantec shared\eengine\EraserUtilDrv10741.sys [?] S3 mbamswissarmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-9-30 38496] S3 nsesvc;Norman Scanner Engine Service;c:\norman\nse\bin\Nsesvc.exe [2009-4-10 203832] S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2008-6-3 19512] S3 nvcoas;Norman Virus Control on-access component;c:\norman\nvc\bin\Nvcoas.exe [2009-4-10 203832] S3 NVCScheduler;Norman Virus Control Scheduler;c:\norman\nvc\bin\Nvcsched.exe [2008-6-3 166968] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-12-18 36864] =============== Created Last 30 ================ 2009-04-11 17:13 <DIR> --d-hr-- c:\documents and settings\martin\Siste 2009-04-11 17:12 <DIR> --d----- c:\docume~1\martin\progra~1\pidle 2009-04-11 17:12 <DIR> --d----- c:\docume~1\martin\progra~1\_3b7b6d2e6768485b115c4e5260a73461 2009-04-11 11:46 22,528 a------- c:\windows\system32\frmwrk32.exe 2009-04-11 11:46 35,328 a------- c:\windows\system32\reader_s.exe 2009-04-11 11:46 35,328 a------- c:\documents and settings\martin\reader_s.exe 2009-04-11 11:46 0 a------- c:\windows\system32\4.tmp 2009-04-11 11:46 44 a------- c:\windows\system32\2.tmp 2009-04-11 11:41 2,560 a------- c:\windows\system32\drivers\mchInjDrv.sys 2009-04-11 11:40 0 a------- c:\windows\system32\IpSvchostF.dll 2009-04-11 01:34 32 a------- c:\docume~1\martin\progra~1\__t.bin 2009-04-11 01:34 921,387 a------- c:\docume~1\martin\progra~1\svchost.exe 2009-04-11 01:30 143,904 a------- c:\windows\system32\4cb3f66f1cf909d49157377d43771549.exe 2009-04-11 01:29 201,216 a------- c:\windows\system32\mukmil.dll 2009-04-11 01:22 46,592 a------- C:\ijlbdn.exe 2009-04-11 01:22 30,208 a------- C:\yttbgn.exe 2009-04-11 01:22 2 a------- C:\344307038 2009-04-11 01:20 35,840 a------- c:\windows\system32\pmnljJaW.dll 2009-04-11 00:40 <DIR> --d----- c:\programfiler\Alcohol Soft 2009-04-10 21:37 <DIR> --d----- c:\windows\LastGood.Tmp 2009-04-10 16:36 <DIR> --d----- c:\windows\Caps 2009-04-07 17:27 215,383 a------- c:\windows\system32\nvapps.xml 2009-04-07 17:27 453,152 a------- c:\windows\system32\nvudisp.exe 2009-04-07 17:27 19,054 a------- c:\windows\system32\nvdisp.nvu 2009-04-07 17:27 <DIR> --d----- c:\windows\nview 2009-04-07 17:26 453,152 a------- c:\windows\system32\NVUNINST.EXE 2009-03-22 18:00 <DIR> --d----- c:\documents and settings\martin\Tracing 2009-03-22 17:56 <DIR> --d----- c:\programfiler\Microsoft 2009-03-22 17:56 <DIR> --d----- c:\programfiler\Windows Live SkyDrive 2009-03-22 17:52 <DIR> --d----- c:\programfiler\fellesfiler\Windows Live 2009-03-14 17:16 23,392 a------- c:\windows\system32\nscompat.tlb 2009-03-14 17:16 16,832 a------- c:\windows\system32\amcompat.tlb 2009-03-12 21:05 <DIR> --d----- c:\programfiler\Auslogics ==================== Find3M ==================== 2009-04-11 11:47 110,318 a------- c:\windows\system32\drivers\c46a8ad0.sys 2009-04-11 01:23 61,440 a------- c:\windows\system32\tcpd.exe 2009-04-11 01:23 990,720 a------- c:\windows\system32\kernel32_check.dll 2009-04-11 01:23 172,032 a------- c:\windows\system32\tcpcon.dll 2009-04-11 01:23 20,992 a------- c:\windows\system32\AUTMGR.EXE 2009-04-11 01:23 10,240 a------- c:\windows\system32\Packer.dll 2009-04-10 15:00 21,704 a------- c:\windows\system32\kk.exe 2009-04-10 14:11 231,424 a------- c:\windows\system32\w.exe 2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-04-02 14:31 410,138 a------- c:\windows\system32\perfh014.dat 2009-04-02 14:31 72,104 a------- c:\windows\system32\perfc014.dat 2009-03-06 00:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll 2009-03-06 00:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys 2009-02-24 22:25 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL 2009-02-12 22:46 53,472 a------- c:\docume~1\martin\progra~1\GDIPFONTCACHEV1.DAT 2009-02-09 16:08 1,846,784 a------- c:\windows\system32\win32k.sys 2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll 2009-01-16 18:24 70,936 a------- c:\windows\system32\PhysXLoader.dll 2008-11-13 20:54 22,328 a------- c:\docume~1\martin\progra~1\PnkBstrK.sys 2008-04-05 14:39 411,248 a------- c:\programfiler\FLV PlayerRCSetup.exe 2008-03-03 18:29 357,768 a------- c:\documents and settings\martin\SymXPep2.dll 2008-05-22 12:34 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale innstillinger\logg\history.ie5\mshist012008052220080523\index.dat ============= FINISH: 17:59:33,70 ===============
-
Prøve andre punkt,virker det ikke må du prøve og overføre combofix.
Akkurat brent en CD nå. Lurer dog på to ting først.
1: Kan det hende at systemgjenoppretting fungerer hvis jeg starter PCen i sikkermodus?
2: Hver gang PCen starter i sikkermodus får jeg spørsmål om jeg vil la være å loade (tror det var det det stod) sptd.sys. Kan denne fila ha noe med problemene å gjøre?
-
Du må sette den tilbalbake,til en dato du vet sikkerhet at nettet virket.
Jeg vet med sikkerhet at nettet fungerte i går ettermiddag. Men jeg restartet PCen nå, og kjørte den i sikkermodus, og fikk beskjeden at den ikke kunne gjenopprettes til det punktet...
-
Sånn, da var gjenoppretting fra tidligere i går (punktet ble tydeligvis laget da jeg avinstallerte et program) satt i gang. Skriver mer når gjenopprettinga er ferdig
Forresten, var ikke helt sikker på om du skjønte det (på de tidligere postene virket det ikke sånn ); jeg skriver dette på en annen PC enn den infiserte
EDIT: Hm, dette var rart. Jeg får fremdeles service.exe-feilmeldinga, og bare en svart bakgrunn med musepekeren på, etter å ha gjenopprettet fra et punkt i går...
-
Du kan bare prøve og putte dem i karantene.
Lager norman noe logg så er det ønskelig og se den.
Restartet PCen nå... PCen funker fremdeles dårlig, fikk feilmeldingen til services.exe, og tingene på skrivebordet dukker rett og slett ikke opp... Bare en svart bakgrunn og musepekeren.
-
Takk for det
Norman har til nå funnet 5 infiserte objekter... Burde jeg slette dem / putte dem i karantene først? Kan jo hende nettet vil fungere når de forsvinner
-
Last ned DDS.scr
Post loggen den lager.
Som sagt kommer jeg meg ikke inn på Chrome eller IE i sikkermodus
-
I går kveld ble jeg angrepet av malware av et eller annet slag. Fordi alt hang seg, og antivirusprogrammet ikke ville kjøre normalt, valgte jeg å skru av PCen. Da jeg i dag skrudde den på, ble jeg møtt av denne beskjeden:
services.exe - Programfeil
Instruksjonen i "0x003e0687" refererte til adresse "0x003e0687". Minnet kunne ikke være "written".
Etter dette fikk jeg beskjed om at PCen ville bli startet på nytt. Dette skjedde om og om igjen. Til slutt fikk jeg valget å starte PCen i sikkermodus da jeg prøvde å starte den. Den skrudde seg til slutt på, men internett virker ikke normalt. På IE får jeg beskjed om at siden ikke kan vises, mens på Google Chrome får jeg denne beskjeden:
chrome.exe - Programfeil
Programmet ble ikke riktig initialisert(0xc0000005). Klikk OK for å avslutte.
De tre programmene som står i veiledningen (som jeg hadde installert fra før av) starter simpelthen ikke når jeg dobbeltklikker på dem. Jeg kjører nå et søk med Norman Virus Control, men har ikke så altfor store forhåpninger... Noen som er villige til å hjelpe?
[Løst]Infisert av virus e.l.; PC starter ikke normalt
i IKT-drift og sikkerhet
Skrevet
Stasjonær. Den ble bygd av komplett.no, så jeg er ikke 100% sikker på om jeg fikk med CD. Skal sjekke i morgen