slippern Skrevet 3. juni 2008 Forfatter Skrevet 3. juni 2008 Men den C:\a.bat kan ikke slettes. pga Norman tar å setter den i karantene. å blir flyttet i fra C:\ Filen kommer hele tiden opp på nytt.
r2d290 Skrevet 3. juni 2008 Skrevet 3. juni 2008 (endret) kan du ikke slette den fra karantene da? edit: glem det. tror jeg leste feil. Det kommer altså en ny a.bat med en gang norman setter den i karantene? Endret 3. juni 2008 av r2d290
slippern Skrevet 3. juni 2008 Forfatter Skrevet 3. juni 2008 Har fått dem ut av karantene. slette filene. var 2stk. håper dem er borte..
slippern Skrevet 3. juni 2008 Forfatter Skrevet 3. juni 2008 (endret) Filen kom tilbake. nå tok jeg den ut av karantene. den prøvde med en gang å fucke opp Norman. lagret en kopi å prøvde å åpne å se hva som stod inni den. men fikk ikke tilgang. Endret 3. juni 2008 av slippern
norbat Skrevet 3. juni 2008 Skrevet 3. juni 2008 (endret) Kjør en gang til med følgend innhold i CFScript-fila: File:: C:\WINDOWS\system32\sysregi.exe C:\a.bat Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Nod32 Runtime"=- Trenger ingen ny logg. Fortell hvordan PC-en kjører. Endret 3. juni 2008 av norbat
fre4k Skrevet 3. juni 2008 Skrevet 3. juni 2008 ComboFix 08-06-01.6 - ADMIN 2008-06-02 23:10:32.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.884 [GMT 2:00] Running from: C:\Documents and Settings\ADMIN\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\059573.exe C:\WINDOWS\images.zip . ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))) . 2008-06-02 22:35 . 2008-06-02 22:34 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-06-02 22:34 . 2008-06-02 22:34 <DIR> d-------- C:\WINDOWS\Sun 2008-06-02 22:34 . 2008-06-02 22:35 <DIR> d-------- C:\Documents and Settings\ADMIN\.housecall6.6 2008-06-02 22:02 . 2008-06-02 22:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-02 22:02 . 2008-06-02 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-02 21:36 . 2008-06-02 21:36 <DIR> d--h----- C:\WINDOWS\PIF 2008-06-02 21:30 . 2008-06-02 21:30 53,252 -r-hs---- C:\WINDOWS\ehSched.exe 2008-06-01 13:06 . 2008-06-01 13:06 <DIR> d-------- C:\WINDOWS\LastGood 2008-06-01 01:57 . 2008-06-01 01:57 <DIR> d-------- C:\Logs 2008-06-01 01:34 . 2008-06-01 02:00 <DIR> d-------- C:\Program Files\World of Warcraft 2008-05-31 21:02 . 2008-06-01 01:32 <DIR> d-------- C:\Program Files\WoW-2.3.0.7561-enGB 2008-05-31 21:02 . 2008-06-01 01:45 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-05-31 03:24 . 2008-05-31 03:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-05-31 03:09 . 2008-05-31 03:09 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-05-30 15:01 . 2008-05-30 15:01 <DIR> d-------- C:\Program Files\Red Kawa 2008-05-30 15:01 . 2008-05-30 15:01 <DIR> d-------- C:\Program Files\AviSynth 2.5 2008-05-30 14:39 . 2008-06-01 06:53 54,400 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx 2008-05-30 14:39 . 2008-06-01 06:53 54,400 --a------ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx 2008-05-30 14:39 . 2008-06-01 06:53 788 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx 2008-05-30 14:37 . 2007-02-26 15:24 94,208 --a------ C:\WINDOWS\system32\cttele32.dll 2008-05-29 07:48 . 2008-05-29 07:48 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-05-28 19:22 . 2008-05-28 19:22 <DIR> d-------- C:\Program Files\Microsoft Games 2008-05-28 19:22 . 2008-05-29 12:11 <DIR> d-------- C:\Program Files\GameSpy Arcade 2008-05-28 18:26 . 2008-05-28 18:26 <DIR> d-------- C:\Program Files\directx 2008-05-28 18:23 . 2008-05-28 18:26 <DIR> d-------- C:\Program Files\Sudden Strike II 2008-05-26 23:24 . 2008-05-26 23:24 <DIR> d-------- C:\Program Files\BODYGRAMLOUD 2008-05-25 23:51 . 2008-05-25 23:55 720,896 --a------ C:\WINDOWS\iun6002.exe 2008-05-25 23:50 . 2008-05-25 23:56 <DIR> d-------- C:\Program Files\Command And Conquer Red Alert 2 Yuri's Revenge 2008-05-25 20:01 . 2008-05-25 20:01 <DIR> d-------- C:\Program Files\Winamp Now Playing AutoHotkey script 2008-05-25 16:40 . 2008-05-25 19:37 <DIR> d-------- C:\Program Files\SopCast 2008-05-24 21:34 . 2008-05-24 21:54 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-05-24 21:06 . 2008-04-10 12:08 71,184 -ra------ C:\WINDOWS\system32\drivers\DefragFS.sys 2008-05-24 21:05 . 2008-05-24 21:05 <DIR> d-------- C:\Program Files\Raxco 2008-05-24 21:05 . 2008-05-24 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco 2008-05-24 21:04 . 2008-05-24 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Protexis 2008-05-24 03:16 . 2008-05-24 03:16 <DIR> d-------- C:\Program Files\GoldWave 2008-05-23 13:57 . 2008-05-23 13:57 <DIR> d-------- C:\Program Files\Apple Software Update 2008-05-22 15:40 . 2008-05-22 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania 2008-05-22 09:48 . 2008-05-22 09:48 <DIR> d-------- C:\Program Files\Rockstar Games 2008-05-21 19:05 . 2008-06-01 20:25 <DIR> d-------- C:\Filmer 2008-05-20 23:32 . 2008-05-20 23:32 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-05-20 23:32 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-05-20 23:32 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-05-20 23:19 . 2008-05-20 23:19 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Media Player Classic 2008-05-19 23:21 . 2008-05-19 23:21 <DIR> d-------- C:\Program Files\ZX-Playback-Pack 2008-05-19 23:20 . 2008-05-19 23:21 <DIR> d-------- C:\Program Files\ffdshow 2008-05-19 20:00 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-05-19 14:10 . 2008-05-19 14:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-05-18 23:48 . 2008-06-02 23:11 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\NoNameScript 2008-05-18 20:23 . 2008-05-18 20:23 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\BODYGRAMLOUD 2008-05-18 16:03 . 2008-05-21 19:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\BODYGRAMLOUD 2008-05-18 16:00 . 2008-05-18 16:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-05-18 03:45 . 2008-05-20 14:01 <DIR> d-------- C:\Serier 2008-05-18 02:40 . 2008-05-18 02:40 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2008-05-18 02:40 . 2007-09-07 14:55 27,672 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2008-05-18 02:40 . 2007-09-07 14:55 12,744 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-05-18 02:40 . 2007-09-07 14:55 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-05-18 02:40 . 2001-11-19 20:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2008-05-18 02:38 . 2008-05-18 02:38 <DIR> d-------- C:\Program Files\Futuremark 2008-05-17 23:30 . 2008-05-17 23:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire 2008-05-17 23:30 . 2007-10-12 03:56 490,776 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS 2008-05-17 23:29 . 2008-05-17 23:30 <DIR> d-------- C:\Program Files\Common Files\LogiShrd 2008-05-17 23:29 . 2008-05-17 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-05-17 23:29 . 2008-05-17 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd 2008-05-17 19:27 . 2008-05-31 03:15 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-05-17 18:27 . 2008-05-17 18:28 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Bioshock 2008-05-17 18:27 . 2008-05-17 18:27 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-05-17 16:29 . 2008-05-17 16:59 <DIR> d-------- C:\Program Files\Electronic Arts 2008-05-17 16:25 . 2008-05-26 00:19 <DIR> d-------- C:\Spill 2008-05-17 14:09 . 2008-05-17 14:11 <DIR> d-------- C:\Program Files\WhatPulse 2008-05-17 13:53 . 2008-05-16 11:39 211 --ahs---- C:\BOOT.BKK 2008-05-17 13:49 . 2008-05-17 13:49 <DIR> d-------- C:\Program Files\TGTSoft 2008-05-17 13:06 . 2008-05-17 13:06 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire 2008-05-17 13:05 . 2008-05-29 08:09 <DIR> d-------- C:\Program Files\Xfire 2008-05-17 13:05 . 2008-05-20 21:48 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Xfire 2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Program Files\QuickTime 2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Program Files\iTunes 2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Program Files\iPod 2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Program Files\Bonjour 2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-05-17 12:34 . 2008-05-25 14:59 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Apple Computer 2008-05-17 12:34 . 2008-06-01 06:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-17 12:34 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-05-17 12:34 . 2008-05-17 12:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-17 12:02 . 2008-06-02 22:17 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-05-17 11:25 . 2008-05-17 23:29 <DIR> d-------- C:\Program Files\Logitech 2008-05-17 11:25 . 2008-05-17 11:25 <DIR> d-------- C:\Program Files\Common Files\Logitech 2008-05-17 11:22 . 2008-05-17 11:22 <DIR> d-------- C:\1db783fa3f8a2c54ba9e2e838f0f 2008-05-17 11:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-17 11:01 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-05-17 11:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-17 03:01 . 2008-05-30 20:20 <DIR> d-------- C:\Anime 2008-05-17 03:00 . 2008-05-17 03:00 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-17 02:59 . 2008-05-17 02:59 <DIR> d-------- C:\Program Files\Skype 2008-05-17 02:59 . 2008-05-17 02:59 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-05-17 02:59 . 2008-05-17 02:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-05-17 02:59 . 2008-06-02 16:06 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\skypePM 2008-05-17 02:59 . 2008-06-02 23:28 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Skype 2008-05-17 02:35 . 2008-05-17 02:35 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-05-17 02:25 . 2008-05-17 02:25 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\DAEMON Tools 2008-05-17 02:25 . 2008-05-17 02:25 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-05-17 01:52 . 2008-05-17 01:52 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Ubisoft 2008-05-17 01:48 . 2008-05-17 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-05-17 01:47 . 2008-05-17 01:47 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-05-17 01:47 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-05-17 01:46 . 2008-06-02 22:10 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-05-17 01:39 . 2008-05-17 01:39 <DIR> d-------- C:\Program Files\Ubisoft 2008-05-17 01:39 . 2008-05-17 01:43 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-17 01:38 . 2008-06-02 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-17 01:25 . 2008-05-17 01:25 <DIR> d-------- C:\Program Files\nbs-irc 2008-05-16 14:17 . 2008-06-01 06:55 <DIR> d-------- C:\Program Files\mIRC 2008-05-16 14:17 . 2008-05-18 23:48 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\mIRC 2008-05-16 14:07 . 2008-05-16 14:07 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\vlc 2008-05-16 14:06 . 2008-05-16 14:06 <DIR> d-------- C:\Program Files\VideoLAN 2008-05-16 14:03 . 2008-06-02 19:54 <DIR> d-------- C:\Program Files\SpeedFan 2008-05-16 14:03 . 2008-05-16 14:03 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-05-16 14:00 . 2008-06-02 13:54 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-05-16 14:00 . 2008-05-16 14:00 <DIR> d-------- C:\Program Files\AVG 2008-05-16 14:00 . 2008-05-16 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-05-16 14:00 . 2008-05-16 14:00 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-05-16 14:00 . 2008-05-16 14:00 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-05-16 14:00 . 2008-05-16 14:00 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-05-16 13:58 . 2008-05-16 13:58 <DIR> d-------- C:\Program Files\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-30 12:37 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-05-30 12:37 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-05-16 09:51 --------- d-----w C:\Program Files\Intel 2008-05-16 09:43 --------- d-----w C:\Program Files\microsoft frontpage 2008-04-16 11:00 230,664 ----a-w C:\WINDOWS\system32\PDBoot.exe 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-16 13:12 267592] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-16 13:12 267592] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 09:36 143360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-16 13:14 1271032] "grimplatform"="C:\DOCUME~1\ADMIN\APPLIC~1\BODYGR~1\OptionBike.exe" [2008-05-26 23:23 440320] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432] "CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 11:35 626176] "Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 10:32 880640] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-28 07:34 13516800] "nwiz"="nwiz.exe" [2008-02-28 07:34 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-02-28 07:34 86016] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 04:43 53340] "Lachesis"="C:\Program Files\Razer\Lachesis\razerhid.exe" [2007-09-12 11:52 172032] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-16 14:00 1177368] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832] "Long Internet Team Stupid"="C:\Documents and Settings\All Users\Application Data\comp two long internet\bold glue.exe" [2008-06-02 20:18 781824] "CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe] "Windows UDP Control Center"="ehSched.exe" [2008-06-02 21:30 53252 C:\WINDOWS\ehSched.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\ADMIN\Start Menu\Programs\Startup\ Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-14 03:29:28 3007824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\FrostWire\\FrostWire.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Program Files\\Steam\\steamapps\\moal_1993\\counter-strike\\hl.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"= "C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-16 14:00] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-16 14:00] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44] R3 LachesisFltr;Lachesis Mouse Driver;C:\WINDOWS\system32\drivers\Lachesis.sys [2007-08-08 11:04] S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys [2005-12-21 11:23] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16] *Newly Created Service* - APPMGMT *Newly Created Service* - CATCHME *Newly Created Service* - DEFRAGFS *Newly Created Service* - TMCOMM . Contents of the 'Scheduled Tasks' folder "2008-05-29 08:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-02 21:00:07 C:\WINDOWS\Tasks\E0E420248353F150.job" - c:\docume~1\admin\applic~1\bodygr~1\debugupsite.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-02 23:27:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-02 23:39:03 ComboFix-quarantined-files.txt 2008-06-02 21:38:27 Pre-Run: 569,818,845,184 bytes free Post-Run: 570,175,045,632 bytes free 255 --- E O F --- 2008-06-01 12:30:32 Det får jeg opp, kan noen hjelpe meg med å få bort youtube viruset?
slippern Skrevet 3. juni 2008 Forfatter Skrevet 3. juni 2008 Kommer opp et konsoll vindu. med blå bakgrunn, først scanner den noe eller tar backup elns. går veldig fort Den går igjennom ca 40steg. Så blir den ferdig å tar og lager loggen.
slippern Skrevet 3. juni 2008 Forfatter Skrevet 3. juni 2008 Loggen etter siste kjøring. ComboFix 08-06-01.6 - tord.kristensen 2008-06-03 14:55:32.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1249 [GMT 2:00] Running from: C:\Documents and Settings\tord.kristensen\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\tord.kristensen\Skrivebord\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\a.bat C:\WINDOWS\system32\sysregi.exe . ((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))) . 2008-06-03 14:23 . 2008-06-03 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-06-03 13:49 . 2008-06-03 13:49 214 --a------ C:\home.reg 2008-06-03 12:07 . 2008-06-03 12:07 <DIR> d-------- C:\Documents and Settings\Administrator.FK15-12 2008-06-02 15:49 . 2008-06-02 15:49 <DIR> d-------- C:\Programfiler\Trend Micro 2008-06-02 15:48 . 2008-06-02 15:48 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny 2008-06-02 15:48 . 2008-02-11 14:56 19,512 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys 2008-06-02 15:44 . 2008-06-02 15:44 <DIR> d-------- C:\WINDOWS\PushWiz 2008-06-02 15:44 . 2008-06-03 14:29 <DIR> d-------- C:\NORMAN 2008-06-02 15:39 . 2008-06-02 15:39 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-02 15:39 . 2008-06-02 15:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab 2008-06-02 15:38 . 2008-06-02 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-02 15:37 . 2008-06-02 15:37 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-02 15:37 . 2008-06-02 15:37 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\SUPERAntiSpyware.com 2008-06-02 14:24 . 2008-06-02 14:55 <DIR> d-------- C:\Programfiler\BDD 2007 2008-06-02 11:32 . 2008-06-02 11:32 <DIR> d-------- C:\Programfiler\MSXML 6.0 2008-05-29 16:29 . 2008-05-29 16:31 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\VMware 2008-05-29 16:29 . 2008-05-29 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\VMware 2008-05-27 11:53 . 2008-05-27 11:53 73 --a------ C:\WINDOWS\EurekaLog.ini 2008-05-27 09:39 . 2008-05-27 09:39 <DIR> d-------- C:\Programfiler\Runtime Software 2008-05-26 08:58 . 2008-05-26 08:58 <DIR> d-------- C:\Programfiler\QuickTime 2008-05-26 08:09 . 2008-05-29 12:48 <DIR> d-------- C:\WINDOWS\AutoLogin 2008-05-26 08:08 . 2008-05-26 08:08 <DIR> d-------- C:\WINDOWS\FPSoftware 2008-05-23 12:14 . 2008-05-23 12:14 <DIR> d-------- C:\Programfiler\JGsoft 2008-05-23 12:14 . 2008-05-23 12:14 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\JGsoft 2008-05-23 12:14 . 2008-01-17 03:00 67,208 --a------ C:\WINDOWS\UnDeploy.exe 2008-05-21 11:13 . 2008-05-21 11:13 <DIR> d-------- C:\WINDOWS\Sun 2008-05-21 08:39 . 2008-05-21 08:39 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-05-21 08:39 . 2008-04-14 18:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-21 08:38 . 2008-05-21 08:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-05-21 08:38 . 2008-05-21 08:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-05-21 08:13 . 2008-04-25 19:41 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll 2008-05-20 13:52 . 1995-03-03 06:00 92,576 --a------ C:\WINDOWS\system\ODBCINST.DLL 2008-05-20 13:52 . 1995-03-03 06:00 56,240 --a------ C:\WINDOWS\system\ODBC.DLL 2008-05-20 13:52 . 2008-05-20 13:54 105 --a------ C:\WINDOWS\odbc.ini 2008-05-20 13:06 . 2008-06-02 12:21 9,906 --a------ C:\WINDOWS\IST.INI 2008-05-16 10:35 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-16 10:34 . 2008-05-16 10:35 <DIR> d-------- C:\Programfiler\Java 2008-05-16 10:34 . 2008-05-16 10:34 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-05-16 10:25 . 2008-05-16 10:25 62 --a------ C:\WINDOWS\ericsson.ini 2008-05-08 14:06 . 2008-05-08 14:06 51,300 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-05-08 10:11 . 2008-05-08 10:11 <DIR> d-------- C:\WINDOWS\system32\no 2008-05-08 10:11 . 2008-05-08 10:11 <DIR> d-------- C:\WINDOWS\system32\bits 2008-05-08 10:11 . 2008-05-08 10:11 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-08 10:10 . 2008-05-08 10:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-05-08 10:02 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-05-07 16:30 . 2008-05-22 15:14 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-05-07 12:31 . 2008-05-22 14:32 <DIR> d-------- C:\temp 2008-05-07 12:31 . 2008-05-22 14:32 652 --a------ C:\WINDOWS\concept.ini 2008-05-07 12:31 . 2008-05-07 12:33 351 --a------ C:\WINDOWS\UqAnsatt.ini 2008-05-06 03:00 . 2008-05-06 03:00 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-05-05 12:57 . 2008-05-05 12:57 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared 2008-05-05 12:57 . 2008-05-05 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Adobe Systems 2008-05-05 11:32 . 2008-05-05 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-05-05 11:25 . 2008-05-16 09:06 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\Ahead 2008-05-05 11:25 . 2008-05-05 11:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Ahead 2008-05-05 11:23 . 2008-05-05 11:24 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead 2008-05-05 11:23 . 2008-05-05 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-05-05 11:23 . 1998-03-10 01:00 42,496 --a------ C:\WINDOWS\ttuninst.exe 2008-05-05 11:01 . 2008-05-05 11:01 <DIR> d-------- C:\Programfiler\Bonjour 2008-05-05 10:58 . 2008-05-05 10:58 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2008-05-05 10:55 . 2008-06-02 09:33 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-05-05 10:39 . 2008-05-05 10:39 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\DAEMON Tools 2008-05-05 10:39 . 2008-05-05 10:39 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-03 10:04 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\mIRC 2008-06-03 06:25 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\uTorrent 2008-06-02 13:37 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-27 07:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-05-21 06:27 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-05-20 10:03 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\DameWare Development 2008-05-16 15:34 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\MySQL 2008-05-08 08:18 --------- d-----w C:\Programfiler\MSN Messenger 2008-04-30 13:10 --------- d-----w C:\Programfiler\Intel 2008-04-30 13:10 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\InstallShield 2008-04-25 17:41 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-04-25 10:00 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\Alt-N 2008-04-25 09:59 --------- d-----w C:\Programfiler\Alt-N Technologies 2008-04-25 08:22 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\Subversion 2008-04-25 08:01 --------- d--h--w C:\Programfiler\Zero G Registry 2008-04-25 07:15 --------- d-----w C:\Programfiler\uTorrent 2008-04-25 07:08 454,656 ----a-w C:\WINDOWS\system32\putty.exe 2008-04-23 14:51 --------- d-----w C:\Programfiler\MSBuild 2008-04-23 14:51 --------- d-----w C:\Programfiler\Microsoft Works 2008-04-23 14:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\TechSmith 2008-04-23 14:28 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\ComAgent 2008-04-23 13:33 --------- d-----w C:\Documents and Settings\administrator\Programdata\ComAgent 2008-04-23 11:30 --------- d-----w C:\Programfiler\Realtek 2008-04-23 11:30 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-04-23 11:21 --------- d-----w C:\Programfiler\ATI Technologies 2008-04-23 11:21 --------- d-----w C:\Programfiler\ATI 2008-04-23 10:20 --------- d-----w C:\Programfiler\microsoft frontpage 2008-04-23 10:19 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-04-23 10:18 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 16:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll 2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 16:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll 2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 16:19 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 15:50 14,592 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys 2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 15:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-14 07:23 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 07:22 987,136 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 07:22 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-03_ 8.15.01,31 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-26 07:04:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-03 11:42:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-01-15 20:12:38 312,680 ----a-w C:\WINDOWS\Downloaded Program Files\avsniff.dll + 2008-01-15 20:12:40 255,336 ----a-w C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll + 2008-05-27 23:00:00 2,504 ----a-w C:\WINDOWS\Downloaded Program Files\catalog.dat + 2008-01-15 20:02:44 42,112 ----a-w C:\WINDOWS\Downloaded Program Files\ecmldr32.dll + 2008-05-27 23:00:00 284,016 ----a-w C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll + 2008-01-15 20:02:58 201,896 ----a-w C:\WINDOWS\Downloaded Program Files\navapi32.dll + 2008-05-27 23:00:00 128,368 ----a-w C:\WINDOWS\Downloaded Program Files\naveng32.dll + 2008-05-27 23:00:00 943,472 ----a-w C:\WINDOWS\Downloaded Program Files\navex32a.dll + 2008-01-15 20:12:48 296,336 ----a-w C:\WINDOWS\Downloaded Program Files\rufsi.dll + 2008-05-27 23:00:00 97,776 ----a-w C:\WINDOWS\Downloaded Program Files\scrauth.dat + 2008-05-27 23:00:00 411,555 ----a-w C:\WINDOWS\Downloaded Program Files\tcdefs.dat + 2008-05-27 23:00:00 3,772,330 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan7.dat + 2008-05-27 23:00:00 482,537 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan8.dat + 2008-05-27 23:00:00 1,161,183 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan9.dat + 2008-05-27 23:00:00 1,957 ----a-w C:\WINDOWS\Downloaded Program Files\tinfl.dat + 2008-05-27 23:00:00 71,435 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1.dat + 2008-05-27 23:00:00 3,760 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1hd.dat + 2008-05-27 23:00:00 1,007,646 ----a-w C:\WINDOWS\Downloaded Program Files\virscan1.dat + 2008-05-27 23:00:00 571,362 ----a-w C:\WINDOWS\Downloaded Program Files\virscan2.dat + 2008-05-27 23:00:00 151,832 ----a-w C:\WINDOWS\Downloaded Program Files\virscan3.dat + 2008-05-27 23:00:00 320,253 ----a-w C:\WINDOWS\Downloaded Program Files\virscan4.dat + 2008-05-27 23:00:00 7,708,633 ----a-w C:\WINDOWS\Downloaded Program Files\virscan5.dat + 2008-05-27 23:00:00 393,782 ----a-w C:\WINDOWS\Downloaded Program Files\virscan6.dat + 2008-05-27 23:00:00 27,357,239 ----a-w C:\WINDOWS\Downloaded Program Files\virscan7.dat + 2008-05-27 23:00:00 2,040,460 ----a-w C:\WINDOWS\Downloaded Program Files\virscan8.dat + 2008-05-27 23:00:00 6,266,048 ----a-w C:\WINDOWS\Downloaded Program Files\virscan9.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "DAEMON Tools Lite"="D:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640] "SpybotSD TeaTimer"="D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 14:27 16207872 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 12:46 135168] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 12:46 159744] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 12:46 131072] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "Norman ZANDA"="C:\NORMAN\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352] "DameWare MRC Agent"="C:\WINDOWS\system32\DWRCST.exe" [2008-02-19 15:40 78848] "Nod32 Runtime"="sysregi.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] C:\Documents and Settings\tord.kristensen\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ ComAgent.lnk - D:\Programfiler\ComAgent\ComAgent.exe [2008-04-23 15:33:10 1236992] SnagIt 8.lnk - D:\Programfiler\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-16 18:40:52 6379080] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "ForceStartMenuLogOff"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1177238915-630328440-1801674531-3369\Scripts\Logon\0\0] "Script"=\\fauske.lokalt\SysVol\fauske.lokalt\scripts\logon.cmd [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "D:\\Programfiler\\mIRC\\mirc.exe"= "D:\\Programfiler\\Zend Studio\\ZendStudio.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~”ü"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;C:\WINDOWS\system32\DRIVERS\dwvkbd.sys [2007-02-15 20:00] R2 Ndiskio;Ndiskio;C:\NORMAN\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R3 DwMirror;DwMirror;C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [2007-02-07 20:00] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56] R3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\bin\nvcoas.exe [2007-12-12 11:45] R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-03 14:56:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-03 14:57:12 ComboFix-quarantined-files.txt 2008-06-03 12:56:59 ComboFix2.txt 2008-06-03 12:52:33 ComboFix3.txt 2008-06-03 12:16:03 ComboFix4.txt 2008-06-03 06:15:14 Pre-Run: 5,710,680,064 byte ledig Post-Run: 5,698,998,272 byte ledig 291 --- E O F --- 2008-05-22 01:00:40
r2d290 Skrevet 3. juni 2008 Skrevet 3. juni 2008 a.bat ble slettet. Har du fortsatt problemer med pc-en?
slippern Skrevet 3. juni 2008 Forfatter Skrevet 3. juni 2008 trojan advarselen har ikke poppet opp enda.. så kansje.. få se etterhvert. skal ta en restart nå
norbat Skrevet 3. juni 2008 Skrevet 3. juni 2008 fre4k: Kan du kopiere og lime inn combofix-loggen din i en egen tråd (klikk Nytt Emne). MSN-viruset skal vi få bort, skal du se
norbat Skrevet 3. juni 2008 Skrevet 3. juni 2008 slippern: Post en hjt-logg, så tar vi siste rest derfra.
slippern Skrevet 3. juni 2008 Forfatter Skrevet 3. juni 2008 Her er hjt-loggen. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:24, on 2008-06-03 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\NORMAN\Npm\bin\ELOGSVC.EXE C:\NORMAN\Npm\bin\ZANDA.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe C:\NORMAN\Npm\bin\NJEEVES.EXE C:\NORMAN\Nvc\bin\nvcoas.exe C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\SYSTEM32\DWRCST.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\NORMAN\Npm\bin\ZLH.EXE C:\WINDOWS\system32\ctfmon.exe C:\NORMAN\Nvc\BIN\NIP.EXE C:\NORMAN\Nvc\bin\cclaw.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe D:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe D:\Programfiler\ComAgent\ComAgent.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe D:\Programfiler\TechSmith\SnagIt 8\SnagIt32.exe D:\Programfiler\TechSmith\SnagIt 8\TSCHelp.exe D:\Programfiler\TechSmith\SnagIt 8\SnagPriv.exe C:\Programfiler\MSN Messenger\usnsvc.exe D:\Programfiler\Opera\opera.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fk003:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = e-torg.no.ihost.com;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Programfiler\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Programfiler\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ComAgent.lnk = D:\Programfiler\ComAgent\ComAgent.exe O4 - Global Startup: SnagIt 8.lnk = D:\Programfiler\TechSmith\SnagIt 8\SnagIt32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: Helpdesk - {71F62ED1-59FC-471A-84B0-F6E754C172D1} - http://fk008/MRcgi/MRentrancePage.pl (file missing) (HKCU) O15 - Trusted Zone: http://security.symantec.com O16 - DPF: iLO 2 Remote Console Applet - https://82.148.144.132/dvc.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fauske.lokalt O17 - HKLM\Software\..\Telephony: DomainName = fauske.lokalt O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fauske.lokalt O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fauske.lokalt O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fauske.lokalt O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\NORMAN\Npm\bin\ELOGSVC.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NBService - Nero AG - D:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\NORMAN\Npm\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE -- End of file - 9428 bytes
norbat Skrevet 3. juni 2008 Skrevet 3. juni 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe Ut over dette ser det fint ut. Kjører alt som normalt?
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå