tobiaswi Skrevet 20. september 2009 Skrevet 20. september 2009 Hei jeg har et merkelig problem på PC-en, til tider kommer det noe som høres ut som reklamesnutter på høyttalerne på PC-en. På systemet kjører et program som heter lsm32.sys som ser ut til å ligge plassert i c:\windows\system32\. Når jeg terminerer programmet dukker det etter noen sekunder opp igjen. Har ikke klart å fjerne det med noe antivirus/antispyware program heller. Fikk ikke slettet det manuelt heller. Har kjørt Spybot og oppdatert F-Secure Antivirus. Fant ikke noe særlig ut av det ved å google det heller. Noen som har tips?
Atiks Skrevet 20. september 2009 Skrevet 20. september 2009 (endret) Hei jeg hadde anbefalt deg til å laste ned MBAM der etter oppdater det fult og til slutt kjør en skann. Husk å poste loggen. Endret 20. september 2009 av snippern
k-orm Skrevet 20. september 2009 Skrevet 20. september 2009 I fremtiden når du finner filer som kjører på maskina de som du ikke vet hva er: Gå til google, skriv inn filnavnet og trykk enter. Du vil finne lenker til sider som forteller deg om hva slags fil det er. Hvis du finner ut at den er skadelig følger du Hjelp til å få fjernet malware -veiledningen.
tobiaswi Skrevet 20. september 2009 Forfatter Skrevet 20. september 2009 Takk for hjelp! Kjørte MBAM 2 ganger og fikk disse loggene: Log1: Malwarebytes' Anti-Malware 1.41 Databaseversjon: 2831 Windows 5.1.2600 Service Pack 3 20.09.2009 19:52:22 mbam-log-2009-09-20 (19-52-22).txt Skanntype: Rask Skann Objekter skannet: 7746 Tid tilbakelagt: 51 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 1 Registernøkler infisert: 4 Registerverdier infisert: 0 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 2 Minneprosesser infisert: C:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> Unloaded process successfully. Minnemoduler infisert: C:\WINDOWS\system32\usbmons.dll (Trojan.Downloader) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\usbmon (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (regedit.exe %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\usbmons.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> Quarantined and deleted successfully. Logg2: Malwarebytes' Anti-Malware 1.41 Databaseversjon: 2831 Windows 5.1.2600 Service Pack 3 20.09.2009 20:15:02 LOG2 Skanntype: Rask Skann Objekter skannet: 151048 Tid tilbakelagt: 21 minute(s), 20 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 7 Registerverdier infisert: 12 Registerfiler infisert: 4 Mapper infisert: 7 Filer infisert: 68 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\usbmons.dll (Trojan.Downloader) -> No action taken. Registernøkler infisert: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwsrv (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\btwsrv (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Trojan.Agent) -> No action taken. HKEY_CLASSES_ROOT\Applications\nxtepad.exe (Hijack.Notepad) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> No action taken. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mEv (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken. Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CLASSES_ROOT\txtfile\shell\open\command\(default) (Hijack.Notepad) -> Bad: ("C:\WINDOWS\system32\nxtepad.exe" "%1") Good: (notepad.exe %1) -> No action taken. Mapper infisert: C:\Program Files\Screensavers.com (Adware.Comet) -> No action taken. C:\Program Files\Screensavers.com\Installer (Adware.Comet) -> No action taken. C:\Program Files\Screensavers.com\Installer\bin (Adware.Comet) -> No action taken. C:\Program Files\Screensavers.com\Installer\Ready (Adware.Comet) -> No action taken. C:\Program Files\Screensavers.com\Installer\temp (Adware.Comet) -> No action taken. C:\Program Files\Screensavers.com\Installer\Upload (Adware.Comet) -> No action taken. C:\Program Files\Screensavers.com\Wallpaper (Adware.Comet) -> No action taken. Filer infisert: C:\WINDOWS\system32\usbmons.dll (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\edtxfst.sys (Trojan.Clicker) -> No action taken. C:\WINDOWS\system32\nxtepad.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\otaxyzd.sys (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tcexfst.sys (Trojan.Clicker) -> No action taken. C:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\wmdtc.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\wtukd32.exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\dvdpaly.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_672345325522.bk.old (Trojan.Refpron) -> No action taken. C:\WINDOWS\system32\tmpxr_610855337003.bk (Trojan.Refpron) -> No action taken. C:\WINDOWS\system32\dncyool32.sys (Worm.VB) -> No action taken. C:\WINDOWS\system32\dncyool64.sys (Worm.VB) -> No action taken. C:\WINDOWS\system32\tmpxr_23968650921.bk (Trojan.Refpron) -> No action taken. C:\WINDOWS\system32\tmp0_103151186068.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_107536641372.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_108897609966.bk.old (Trojan.Delf) -> No action taken. C:\WINDOWS\system32\tmp0_1198607937.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_124649394697.bk.old (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\tmp0_17945777971.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_188466868298.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_192897333114.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_490753562129.bk.old (Trojan.Refpron) -> No action taken. C:\WINDOWS\system32\tmp0_492434352210.bk.old (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\tmp0_551391170833.bk.old (Trojan.Refpron) -> No action taken. C:\WINDOWS\system32\tmp0_593634339246.bk.old (Trojan.Dropper) -> No action taken. C:\WINDOWS\system32\tmp0_607358112152.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_627870312640.bk.old (Trojan.Refpron) -> No action taken. C:\WINDOWS\system32\tmp0_632182236203.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\msncache.dll.685182 (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\msncache.dll.867089 (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\tmpxr_40894845493.bk (Trojan.Refpron) -> No action taken. C:\WINDOWS\system32\tmpxr_435932452977.bk (Trojan.Refpron) -> No action taken. C:\WINDOWS\system32\tmp0_677229755503.bk.old (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\tmp0_688936451229.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_757375603207.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_772399823922.bk.old (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\tmp0_774984285390.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_857588751203.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_872212284936.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_202224468076.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_209906431336.bk.old (Trojan.Refpron) -> No action taken. C:\WINDOWS\system32\tmp0_217353511324.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_218867747288.bk.old (Trojan.Refpron) -> No action taken. C:\WINDOWS\system32\tmp0_22053129445.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_277986576132.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_286804821425.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_31180797182.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_312829746401.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_374906763845.bk.old (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\tmp0_37518585144.bk.old (Packed.Koblu) -> No action taken. C:\WINDOWS\system32\EvdoServer.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\msrstart.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\dys.mpe (Trojan.Gumblar) -> No action taken. C:\Program Files\Screensavers.com\Wallpaper\swpstart.exe (Adware.Comet) -> No action taken. C:\Program Files\Internet Explorer\svchost.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\__c00A6F26.dat (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\andt.sys (Rootkit.Agent) -> No action taken. C:\WINDOWS\system32\dpcxool64.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\dctool32.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\dlctsd32.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\drmgs.sys (Rootkit.Agent) -> No action taken. C:\WINDOWS\system32\dxonool32.sys (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\Indt2.sys (Rootkit.Agent) -> No action taken. C:\WINDOWS\system32\mtmc.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\umtcdtw.sys (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> No action taken.
tobiaswi Skrevet 20. september 2009 Forfatter Skrevet 20. september 2009 Logg fra COMBOX: ComboFix 09-09-18.02 - Tobias 20.09.2009 20:33.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.306 [GMT 2:00] Running from: c:\documents and settings\Tobias\Desktop\ComboFix.exe AV: F-Secure Anti-Virus 5.43 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Tobias\Application Data\inst.exe c:\program files\screensavers.com c:\program files\WinPCap c:\program files\WinPCap\daemon_mgm.exe c:\program files\WinPCap\INSTALL.LOG c:\program files\WinPCap\NetMonInstaller.exe c:\program files\WinPCap\npf_mgm.exe c:\program files\WinPCap\rpcapd.exe c:\program files\WinPCap\Uninstall.exe c:\windows\Installer\112e976.msi c:\windows\Installer\112e97d.msi c:\windows\Installer\112e984.msi c:\windows\Installer\14838dd.msi c:\windows\Installer\c7c9df.msp c:\windows\Installer\e7a6a2.msp c:\windows\Installer\e7a6b8.msp c:\windows\system32\drivers\npf.sys c:\windows\system32\Install.txt c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\tmp0_186519691283.bk c:\windows\system32\tmp0_261483477132.bk c:\windows\system32\tmp0_354476342865.bk c:\windows\system32\tmp0_589973336248.bk c:\windows\system32\tmp0_658058615089.bk c:\windows\system32\tmp0_707775660082.bk c:\windows\system32\tmp0_808264368579.bk c:\windows\system32\tmp0_84811048975.bk c:\windows\system32\tmp0_94513615481.bk c:\windows\system32\tmp0_99632525031.bk c:\windows\system32\tmp1_4843936734.bk c:\windows\system32\usbmons.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll c:\windows\TEMP\IadHide4.dll C:\xcrashdump.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AFINDING -------\Legacy_AFISICX -------\Legacy_MABIDWE -------\Legacy_MACIDWE -------\Legacy_MSSQL2K6 -------\Legacy_NOBICYT -------\Legacy_NOXTCYR -------\Legacy_NOYTCYR -------\Legacy_NPF -------\Legacy_PERFMONS -------\Legacy_ROFL -------\Legacy_ROUTING -------\Legacy_ROXTCTM -------\Legacy_ROYTCTM -------\Legacy_SOBICYT -------\Legacy_SOTPECA -------\Legacy_SOXPECA -------\Legacy_TDCTXTE -------\Legacy_TDXDOWKC -------\Legacy_TDYDOWKC -------\Legacy_WSERVING -------\Legacy_WSLDOEKD -------\Service_MSSQL2K6 -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 ))))))))))))))))))))))))))))))) . 2009-09-20 17:49 . 2009-09-20 17:49 -------- d-----w- c:\documents and settings\Tobias\Application Data\Malwarebytes 2009-09-20 17:49 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-20 17:49 . 2009-09-20 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-20 17:49 . 2009-09-20 17:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-20 17:49 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-13 22:15 . 2009-09-13 22:15 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-09-10 21:02 . 2009-09-10 21:02 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2009-09-10 15:19 . 2009-09-10 15:19 -------- d-----w- c:\program files\Common Files\PCSuite 2009-09-10 15:16 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-09-10 15:16 . 2009-09-10 15:16 -------- d-----w- c:\program files\PC Connectivity Solution 2009-09-10 15:08 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-08 19:00 . 2009-09-08 19:00 -------- d-----w- c:\documents and settings\Ynez\Application Data\DivX 2009-09-07 17:09 . 2009-09-07 17:09 -------- d-sh--w- c:\documents and settings\Ynez\PrivacIE 2009-09-07 15:38 . 2009-09-07 15:38 -------- d-sh--w- c:\documents and settings\Ynez\IECompatCache 2009-09-07 15:38 . 2009-09-07 15:38 -------- d-----w- c:\documents and settings\Ynez\Local Settings\Application Data\Winamp Toolbar 2009-09-07 14:36 . 2009-09-07 14:36 -------- d-sh--w- c:\documents and settings\Ynez\IETldCache 2009-09-02 11:53 . 2009-09-02 11:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-08-30 21:13 . 2009-08-30 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-08-30 21:12 . 2009-08-30 21:12 -------- d-----w- c:\program files\AskBarDis 2009-08-26 19:34 . 2009-08-26 19:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer 2009-08-24 22:11 . 2009-08-24 22:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2009-08-24 22:11 . 2009-08-24 22:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-08-23 17:13 . 2009-09-19 16:54 -------- d-----w- c:\program files\Spybot 2009-08-23 17:13 . 2009-08-23 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-22 17:19 . 2009-08-22 17:19 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-22 17:19 . 2009-08-22 17:19 -------- d-----w- c:\program files\Reference Assemblies 2009-08-22 17:18 . 2009-08-22 17:19 -------- d-----w- C:ee4050c4d5a3be86f42d1ce84c296 2009-08-22 17:18 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-22 17:18 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-22 17:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-22 17:18 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-22 17:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-22 17:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-22 17:18 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-22 00:33 . 2009-08-22 14:15 -------- d-----w- c:\windows\SxsCaPendDel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-20 18:28 . 2005-11-22 13:09 -------- d-----w- c:\documents and settings\Tobias\Application Data\Azureus 2009-09-14 18:27 . 2005-09-01 11:32 -------- d-----w- c:\documents and settings\Tobias\Application Data\Skype 2009-09-14 18:26 . 2008-11-29 12:13 -------- d-----w- c:\documents and settings\Tobias\Application Data\skypePM 2009-09-13 22:16 . 2006-10-01 18:00 -------- d-----w- c:\program files\DivX 2009-09-13 22:16 . 2008-09-27 12:09 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-09-13 22:11 . 2008-02-07 23:39 3532 ----a-w- C:\drmHeader.bin 2009-09-11 11:41 . 2009-09-11 11:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-09-11 11:41 . 2009-09-11 11:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-09-11 11:39 . 2007-12-21 23:27 -------- d-----w- c:\documents and settings\Tobias\Application Data\Nokia 2009-09-10 21:03 . 2008-01-31 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-10 15:19 . 2005-11-30 17:27 -------- d-----w- c:\program files\Nokia 2009-09-10 15:19 . 2005-11-30 17:27 -------- d-----w- c:\program files\Common Files\Nokia 2009-09-10 15:16 . 2007-12-21 23:27 -------- d-----w- c:\program files\DIFX 2009-09-10 15:12 . 2007-12-21 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2009-09-07 14:37 . 2005-09-01 16:07 91712 -c--a-w- c:\documents and settings\Ynez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-30 21:13 . 2005-11-22 13:09 -------- d-----w- c:\program files\Azureus 2009-08-26 19:30 . 2009-05-11 18:34 -------- d-----w- c:\documents and settings\Tobias\Application Data\Spotify 2009-08-23 21:37 . 2005-08-23 12:59 -------- d-----w- c:\program files\Winamp 2009-08-23 21:37 . 2006-03-02 08:52 -------- d-----w- c:\documents and settings\Tobias\Application Data\Winamp 2009-08-23 16:59 . 2005-09-07 16:28 -------- d-----w- c:\program files\LimeWire 2009-08-23 16:36 . 2005-08-31 21:30 91712 -c--a-w- c:\documents and settings\Tobias\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-22 17:19 . 2008-01-31 12:58 -------- d-----w- c:\program files\MSBuild 2009-08-10 15:41 . 2005-08-31 23:06 -------- d-----w- c:\program files\Java 2009-08-05 09:01 . 2003-03-31 12:00 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-07-25 03:23 . 2008-11-24 21:50 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-05 11:36 . 2005-08-24 14:14 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80651102}.dat 2009-07-05 11:36 . 2005-08-24 14:14 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000002-00001102-00000002-80651102}.dat 2009-07-03 17:09 . 2003-03-31 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2008-01-17 13:41 . 2008-01-17 13:41 518 ----a-w- c:\program files\Shortcut to Super Internet TV.lnk 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] "SpybotSD TeaTimer"="c:\program files\Spybot\TeaTimer.exe" [2009-03-05 2260480] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672] "F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2002-12-05 106571] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-07-28 53248] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-27 57344] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-16 413696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-20 1519616] "WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-02 24576] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-10-04 90112] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] "Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496] c:\documents and settings\Tobias\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] MultiMedia Master 100.lnk - c:\program files\Remotec\Multimedia Master 100\MultiMedia Master 100.exe [2006-2-8 94208] Registration-PCTV.lnk - c:\program files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe [2005-9-15 245760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\Billionton\Bluetooth-programvare\BTTray.exe [2004-11-29 569405] Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-9-15 237568] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\UnrealTournament\\System\\UnrealTournament.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "6881:TCP"= 6881:TCP:DHT "6700:TCP"= 6700:TCP:test R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [23.08.2005 18:09 24971] R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [17.08.2006 22:45 236928] R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [30.08.2009 23:12 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [30.08.2009 23:12 234888] R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\FSfilter.sys [01.09.2005 00:44 48720] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\win2k\fsgk.sys [01.09.2005 00:44 42672] R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\FSrec.sys [01.09.2005 00:44 16048] R2 FSpm;F-Secure Policy Manager;c:\program files\F-Secure\Common\FSpm.sys [01.09.2005 00:43 65328] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592] R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [01.09.2005 13:35 6400] S2 BackWeb Client - 7681197;F-Secure BackWeb;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [01.09.2005 00:44 16384] S2 solewxte;solewxte Service;c:\windows\system32\solewxte.exe --> c:\windows\system32\solewxte.exe [?] S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [12.09.2004 10:45 8320] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs BtwSrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-09-20 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www1.nrk.no/nett-tv/klipp/421920 IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: .com\*.cdon Trusted Zone: cdon.no DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.euchannels.net/update/KooPlayer.ocx DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.euchannels.net/KooPlayer.ocx DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} - hxxp://img.piczo.com/images/uploader/ssiPictureUploader.cab FF - ProfilePath - c:\documents and settings\Tobias\Application Data\Mozilla\Firefox\Profiles\kf2g2kob.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/hi/spanish/news/ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npoctoshape.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll FF - plugin: c:\program files\Octoshape Streaming Services\Tobias\octoprogram-L03-N00-U00-C00_0712211_000\npoctoshape.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - ORPHANS REMOVED - - - - HKCU-Run-WorldClock - (no file) HKLM-Run-WorldClock - (no file) AddRemove-Awave Studio_is1 - c:\program files\Awave Studio\unins000.exe AddRemove-Nokia Multimedia Factory{4CFB3821-1582-4F3B-BF8D-30986923B36B} - c:\documents and settings\All Users\Application Data\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-20 20:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1482476501-688789844-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(976) c:\windows\system32\WININET.dll c:\program files\Logitech\MouseWare\System\LgWndHk.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Logitech\iTouch\iTchHk.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_nor.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\opel\BHROOT\BIN\NT611SVC.EXE c:\opel\BHROOT\BIN\MONITOR.EXE c:\program files\Billionton\Bluetooth-programvare\bin\btwdins.exe c:\program files\F-Secure\Anti-Virus\fsgk32st.exe c:\program files\F-Secure\Anti-Virus\fsgk32.exe c:\program files\F-Secure\Anti-Virus\fssm32.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\opel\BHROOT\BIN\PORTMAP.EXE c:\opel\BHROOT\BIN\DBMANG.EXE c:\program files\F-Secure\Common\FSMA32.exe c:\program files\F-Secure\Common\FSMB32.exe c:\program files\F-Secure\Common\fch32.exe c:\program files\F-Secure\Common\FAMEH32.exe c:\program files\F-Secure\Common\FNRB32.exe c:\program files\F-Secure\Common\FIH32.exe c:\program files\F-Secure\Anti-Virus\fsav32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\progra~1\BILLIO~1\BLUETO~1\BTSTAC~1.EXE c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe . ************************************************************************** . Completion time: 2009-09-20 20:55 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-20 18:55 Pre-Run: 12 224 299 008 bytes free Post-Run: 12 549 369 856 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 355 --- E O F --- 2009-09-17 20:08
norbat Skrevet 20. september 2009 Skrevet 20. september 2009 Kjør en ny rask skann med MBAM og post loggen om den fortsatt finner noe.
tobiaswi Skrevet 20. september 2009 Forfatter Skrevet 20. september 2009 Ikke verst, gått ned fra 105 infiserte tilfeller til 0 når jeg sjekket med MBAM igjen :-) PC-en ble merkbart raskere også, mye mer ledig hurtigminne nå. Får håpe problemet er borte nå. Tusen takk for all hjelp folkens! T
Karmany. Skrevet 20. september 2009 Skrevet 20. september 2009 Om du merker noe så er det bare å kjøre MBAM igjen, den fjerner det meste!
snippsat Skrevet 21. september 2009 Skrevet 21. september 2009 (endret) Kan du poste en ny combofix logg. For og se om alt er borte,fordi du hadde mye grums og noe må kansje tas manuelt og combofix bør avinstallers. Endret 21. september 2009 av SNIPPSAT
norbat Skrevet 22. september 2009 Skrevet 22. september 2009 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Driver:: solewxte NetSvc:: BtwSrv Post ny logg
tobiaswi Skrevet 22. september 2009 Forfatter Skrevet 22. september 2009 Gjorde som beskrevet i posten ovenfor og fikk denne combofix-rapporten: ComboFix 09-09-18.02 - Tobias 22.09.2009 23:08.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.324 [GMT 2:00] Running from: c:\programmer\Anti-Malware\ComboFix.exe Command switches used :: c:\programmer\Anti-Malware\CFScript.txt AV: F-Secure Anti-Virus 5.43 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\IadHide4.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SOLEWXTE -------\Service_solewxte ((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 ))))))))))))))))))))))))))))))) . 2009-09-20 17:49 . 2009-09-20 17:49 -------- d-----w- c:\documents and settings\Tobias\Application Data\Malwarebytes 2009-09-20 17:49 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-20 17:49 . 2009-09-20 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-20 17:49 . 2009-09-20 17:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-20 17:49 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-13 22:15 . 2009-09-13 22:15 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-09-10 21:02 . 2009-09-10 21:02 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2009-09-10 15:19 . 2009-09-10 15:19 -------- d-----w- c:\program files\Common Files\PCSuite 2009-09-10 15:16 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-09-10 15:16 . 2009-09-10 15:16 -------- d-----w- c:\program files\PC Connectivity Solution 2009-09-10 15:08 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-08 19:00 . 2009-09-08 19:00 -------- d-----w- c:\documents and settings\Ynez\Application Data\DivX 2009-09-07 17:09 . 2009-09-07 17:09 -------- d-sh--w- c:\documents and settings\Ynez\PrivacIE 2009-09-07 15:38 . 2009-09-07 15:38 -------- d-sh--w- c:\documents and settings\Ynez\IECompatCache 2009-09-07 15:38 . 2009-09-07 15:38 -------- d-----w- c:\documents and settings\Ynez\Local Settings\Application Data\Winamp Toolbar 2009-09-07 14:36 . 2009-09-07 14:36 -------- d-sh--w- c:\documents and settings\Ynez\IETldCache 2009-09-02 11:53 . 2009-09-02 11:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-08-30 21:13 . 2009-08-30 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-08-30 21:12 . 2009-08-30 21:12 -------- d-----w- c:\program files\AskBarDis 2009-08-26 19:34 . 2009-08-26 19:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer 2009-08-24 22:11 . 2009-08-24 22:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2009-08-24 22:11 . 2009-08-24 22:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-20 18:28 . 2005-11-22 13:09 -------- d-----w- c:\documents and settings\Tobias\Application Data\Azureus 2009-09-19 16:54 . 2009-08-23 17:13 -------- d-----w- c:\program files\Spybot 2009-09-14 18:27 . 2005-09-01 11:32 -------- d-----w- c:\documents and settings\Tobias\Application Data\Skype 2009-09-14 18:26 . 2008-11-29 12:13 -------- d-----w- c:\documents and settings\Tobias\Application Data\skypePM 2009-09-13 22:16 . 2006-10-01 18:00 -------- d-----w- c:\program files\DivX 2009-09-13 22:16 . 2008-09-27 12:09 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-09-13 22:11 . 2008-02-07 23:39 3532 ----a-w- C:\drmHeader.bin 2009-09-11 11:41 . 2009-09-11 11:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-09-11 11:41 . 2009-09-11 11:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-09-11 11:39 . 2007-12-21 23:27 -------- d-----w- c:\documents and settings\Tobias\Application Data\Nokia 2009-09-10 21:03 . 2008-01-31 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-10 15:19 . 2005-11-30 17:27 -------- d-----w- c:\program files\Nokia 2009-09-10 15:19 . 2005-11-30 17:27 -------- d-----w- c:\program files\Common Files\Nokia 2009-09-10 15:16 . 2007-12-21 23:27 -------- d-----w- c:\program files\DIFX 2009-09-10 15:12 . 2007-12-21 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2009-09-07 14:37 . 2005-09-01 16:07 91712 -c--a-w- c:\documents and settings\Ynez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-30 21:13 . 2005-11-22 13:09 -------- d-----w- c:\program files\Azureus 2009-08-26 19:30 . 2009-05-11 18:34 -------- d-----w- c:\documents and settings\Tobias\Application Data\Spotify 2009-08-23 21:37 . 2005-08-23 12:59 -------- d-----w- c:\program files\Winamp 2009-08-23 21:37 . 2006-03-02 08:52 -------- d-----w- c:\documents and settings\Tobias\Application Data\Winamp 2009-08-23 18:06 . 2009-08-23 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-23 16:59 . 2005-09-07 16:28 -------- d-----w- c:\program files\LimeWire 2009-08-23 16:36 . 2005-08-31 21:30 91712 -c--a-w- c:\documents and settings\Tobias\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-22 17:19 . 2008-01-31 12:58 -------- d-----w- c:\program files\MSBuild 2009-08-22 17:19 . 2009-08-22 17:19 -------- d-----w- c:\program files\Reference Assemblies 2009-08-10 15:41 . 2005-08-31 23:06 -------- d-----w- c:\program files\Java 2009-08-05 09:01 . 2003-03-31 12:00 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-07-25 03:23 . 2008-11-24 21:50 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-05 11:36 . 2005-08-24 14:14 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80651102}.dat 2009-07-05 11:36 . 2005-08-24 14:14 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000002-00001102-00000002-80651102}.dat 2009-07-03 17:09 . 2003-03-31 12:00 915456 ------w- c:\windows\system32\wininet.dll 2008-01-17 13:41 . 2008-01-17 13:41 518 ----a-w- c:\program files\Shortcut to Super Internet TV.lnk 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-20_18.49.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-22 21:20 . 2009-09-22 21:20 16384 c:\windows\temp\Perflib_Perfdata_130.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] "SpybotSD TeaTimer"="c:\program files\Spybot\TeaTimer.exe" [2009-03-05 2260480] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672] "F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2002-12-05 106571] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-07-28 53248] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-27 57344] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-16 413696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-20 1519616] "WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-02 24576] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-10-04 90112] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] "Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496] c:\documents and settings\Tobias\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] MultiMedia Master 100.lnk - c:\program files\Remotec\Multimedia Master 100\MultiMedia Master 100.exe [2006-2-8 94208] Registration-PCTV.lnk - c:\program files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe [2005-9-15 245760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\Billionton\Bluetooth-programvare\BTTray.exe [2004-11-29 569405] Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-9-15 237568] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\UnrealTournament\\System\\UnrealTournament.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "6881:TCP"= 6881:TCP:DHT "6700:TCP"= 6700:TCP:test R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [23.08.2005 18:09 24971] R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [17.08.2006 22:45 236928] R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [30.08.2009 23:12 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [30.08.2009 23:12 234888] R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\FSfilter.sys [01.09.2005 00:44 48720] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\win2k\fsgk.sys [01.09.2005 00:44 42672] R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\FSrec.sys [01.09.2005 00:44 16048] R2 FSpm;F-Secure Policy Manager;c:\program files\F-Secure\Common\FSpm.sys [01.09.2005 00:43 65328] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592] R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [01.09.2005 13:35 6400] S2 BackWeb Client - 7681197;F-Secure BackWeb;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [01.09.2005 00:44 16384] S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [12.09.2004 10:45 8320] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-09-22 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www1.nrk.no/nett-tv/klipp/421920 IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: .com\*.cdon Trusted Zone: cdon.no DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.euchannels.net/update/KooPlayer.ocx DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.euchannels.net/KooPlayer.ocx DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} - hxxp://img.piczo.com/images/uploader/ssiPictureUploader.cab FF - ProfilePath - c:\documents and settings\Tobias\Application Data\Mozilla\Firefox\Profiles\kf2g2kob.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/hi/spanish/news/ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npoctoshape.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll FF - plugin: c:\program files\Octoshape Streaming Services\Tobias\octoprogram-L03-N00-U00-C00_0712211_000\npoctoshape.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - ORPHANS REMOVED - - - - Notify-usbmon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-22 23:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1482476501-688789844-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1388) c:\windows\system32\WININET.dll c:\program files\Logitech\MouseWare\System\LgWndHk.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Logitech\iTouch\iTchHk.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_nor.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Microsoft Office\Office12\1044\GrooveIntlResource.dll c:\program files\ACE Mega CoDecS Pack\SystemS\Elecard\mpeg2dmx.ax c:\program files\ACE Mega CoDecS Pack\SystemS\Gabest\vsfilter.dll c:\program files\Common Files\Roxio Shared\DLLShared\mcspmpeg.ax c:\program files\Common Files\Roxio Shared\DLLShared\mpegin.dll c:\program files\ACE Mega CoDecS Pack\SystemS\Gabest\avisplitter.ax c:\program files\Pinnacle\Shared Files\Filter\AVI_PASS.ax c:\program files\Common Files\Ahead\DSFilter\NeVideo.ax c:\program files\Common Files\Ahead\Lib\AdvrCntr2.dll c:\program files\Pinnacle\Shared Files\Filter\XLDecompress.ax . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\opel\BHROOT\BIN\NT611SVC.EXE c:\opel\BHROOT\BIN\MONITOR.EXE c:\program files\Billionton\Bluetooth-programvare\bin\btwdins.exe c:\program files\F-Secure\Anti-Virus\fsgk32st.exe c:\program files\F-Secure\Anti-Virus\fsgk32.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\F-Secure\Anti-Virus\fssm32.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\opel\BHROOT\BIN\PORTMAP.EXE c:\opel\BHROOT\BIN\DBMANG.EXE c:\program files\F-Secure\Common\FSMA32.exe c:\program files\F-Secure\Common\FSMB32.exe c:\program files\F-Secure\Common\fch32.exe c:\program files\F-Secure\Common\FAMEH32.exe c:\program files\F-Secure\Common\FNRB32.exe c:\program files\F-Secure\Common\FIH32.exe c:\program files\F-Secure\Anti-Virus\fsav32.exe c:\windows\system32\rundll32.exe c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\progra~1\BILLIO~1\BLUETO~1\BTSTAC~1.EXE c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe c:\windows\system32\notepad.exe . ************************************************************************** . Completion time: 2009-09-22 23:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-22 21:28 ComboFix2.txt 2009-09-20 18:55 Pre-Run: 12 509 417 472 bytes free Post-Run: 12 435 443 712 bytes free 290 --- E O F --- 2009-09-21 21:20
norbat Skrevet 22. september 2009 Skrevet 22. september 2009 Ser greit ut. Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Sørg forøvrig å ha programmene dine oppdatert (windows, java etc) Surf trygt!
Slush1 Skrevet 23. september 2009 Skrevet 23. september 2009 Skulle vært pålagt med spoiler i logger, som blir postet.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå