manzikurt Skrevet 22. juli 2008 Skrevet 22. juli 2008 Som tittelen sier lurer jeg på om noen datakyndige personer kunne hjulpet meg med to logger, en Hijackthis logg og en combo-fix logg. Jeg tror nemlig at jeg har pådratt meg en trojaner, ihvertfall i følge Norton anti-virus, problem er at Norton ikke har greid å fjerne problemet på egen hånd. Ellers hadde det vært fint om noen kunne påpeke eventuelle overflødige prosesser i Hijackthis loggen. Combo-fix logg: ComboFix 08-07-21.2 - Joakim 2008-07-22 20:46:05.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.507 [GMT 2:00] Running from: C:\Documents and Settings\Joakim\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Joakim\Mine dokumenter\RACLE~1 C:\Documents and Settings\Joakim\Mine dokumenter\RACLE~1\?racle\ C:\Documents and Settings\Joakim\Mine dokumenter\YMANTE~1 C:\Programfiler\Fellesfiler\{0F2BB~1 C:\Programfiler\Fellesfiler\{0F2BB~2 C:\Programfiler\Fellesfiler\{3F2BB~1 C:\Programfiler\Fellesfiler\{3F2BB~1\Bar888.dll C:\Programfiler\Fellesfiler\{3F2BB~1\UnInstall.exe C:\Programfiler\Fellesfiler\uninstall information C:\WINDOWS\BM0c188028.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\AutoRun.inf C:\WINDOWS\system32\avvkinmq.ini C:\WINDOWS\system32\bdatpehe.ini C:\WINDOWS\system32\boixhvdk.ini C:\WINDOWS\system32\ceaypatb.ini C:\WINDOWS\system32\dnxerskg.ini C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\dtbbbodx.ini C:\WINDOWS\system32\fonccskf.ini C:\WINDOWS\system32\fuycnvvi.ini C:\WINDOWS\system32\imidackf.ini C:\WINDOWS\system32\jtfenypl.ini C:\WINDOWS\system32\lbcbbxyd.ini2 C:\WINDOWS\system32\lbcbbxyd.tmp C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mhfsiyda.ini C:\WINDOWS\system32\ocjaqetq.ini C:\WINDOWS\system32\ofkwtjmj.ini C:\WINDOWS\system32\owwelgbs.ini C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\pvjkeeup.ini C:\WINDOWS\system32\qrysjfwd.ini C:\WINDOWS\system32\qtyildpy.ini C:\WINDOWS\system32\rnlcfknl.ini C:\WINDOWS\system32\sixnrxaq.ini C:\WINDOWS\system32\twaiaqrg.ini C:\WINDOWS\system32\txtslgbv.ini C:\WINDOWS\system32\uebvrive.ini C:\WINDOWS\system32\vqefanyj.ini C:\WINDOWS\system32\vvudnuqk.ini C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wfyfpaat.ini C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\xnsqfwba.ini C:\WINDOWS\system32\xvxvtatw.ini C:\WINDOWS\system32\ykducqou.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))) . 2008-07-22 17:48 . 2008-07-22 17:48 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-22 17:48 . 2008-07-22 17:48 <DIR> d-------- C:\Documents and Settings\Joakim\Programdata\SUPERAntiSpyware.com 2008-07-22 17:48 . 2008-07-22 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-15 18:37 . 2008-07-15 18:37 0 --a------ C:\Documents and Settings\Joakim\jagex_runescape_preferences.dat 2008-06-27 20:38 . 2008-06-27 20:38 <DIR> d-------- C:\Documents and Settings\Joakim\Programdata\HP 2008-06-27 20:32 . 2008-06-27 20:32 522 --a------ C:\WINDOWS\eReg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-13 09:42 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2008-06-13 09:42 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll 2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll 2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll 2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll 2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll 2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll 2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll 2008-05-11 08:31 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-12-28 22:31 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gyknr"="C:\Documents and Settings\Joakim\Mine dokumenter\?ymantec\m?config.exe" [?] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360] "BitTorrent"="C:\Programfiler\BitTorrent\bittorrent.exe" [2006-11-30 04:50 43008] "Steam"="C:\Programfiler\Steam\Steam.exe" [2008-03-30 10:29 1271032] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "Veoh"="D:\VeohClient.exe" [2008-01-30 13:11 3497984] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 12:10 151552] "ntiMUI"="C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 19:22 225280] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408] "LogitechCameraAssistant"="C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 19:00 331776] "LogitechVideo[inspector]"="C:\Programfiler\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144] "ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960] "MMTray"="C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-04-20 16:50 118784] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2006-08-27 04:02 180269] "QuickTime Task"="D:\qttask.exe" [2006-09-10 17:29 282624] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-06-14 16:24 278528] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 13:01 28160 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2006-08-20 17:25:30 438272] HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~2\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] --a------ 2006-11-30 04:50 43008 C:\Programfiler\BitTorrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-12-07 15:08 21686568 C:\Programfiler\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent.exe"= "D:\\Warcraft III\\War3.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Steam\\steamapps\\manzikurt\\counter-strike\\hl.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "D:\\Programfiler\\EA GAMES\\The Battle for Middle-earth \\game.dat"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57] R2 NinjaVideo Helper.exe;NinjaVideo Helper;C:\Programfiler\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe [2008-04-10 21:01] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-04-06 03:46] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30] S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [] S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder "2008-07-18 18:00:12 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Joakim.job" - C:\PROGRA~1\NORTON~1\Navw32.exec/TASK: . - - - - ORPHANS REMOVED - - - - HKCU-Run-Htoh - C:\DOCUME~1\Joakim\MINEDO~1\RACLE~1\wuauclt.exe HKCU-Run-Vga Hole - C:\DOCUME~1\Joakim\PROGRA~1\Openmix\site junk start.exe HKLM-Run-mmtask - c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe HKLM-Run-0f2bb3b4 - C:\WINDOWS\system32\ivvncyuf.dll HKU-Default-Explorer_Run-{0F2BB31B-063F-1044-0623-06061206002f} - C:\Programfiler\Fellesfiler\{0F2BB31B-063F-1044-0623-06061206002f}\Update.exe HKU-Default-Explorer_Run-{0F2BB31B-0640-1044-0623-06061206002f} - C:\Programfiler\Fellesfiler\{0F2BB31B-0640-1044-0623-06061206002f}\Update.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/ R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://global.acer.com/ O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-22 21:00:04 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechCameraAssistant"="C:\\Programfiler\\Acer\\OrbiCam\\CameraAssistant.exe" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\SNDSRVC.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\PROGRAMFILER\FELLESFILER\LOGITECH\LVMVFM\LVPRCSRV.EXE C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAMFILER\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE C:\PROGRAMFILER\FELLESFILER\LIGHTSCRIBE\LSSRVC.EXE C:\PROGRAMFILER\FELLESFILER\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\PROGRAMFILER\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE C:\PROGRAMFILER\CYBERLINK\SHARED FILES\RICHVIDEO.EXE C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE C:\PROGRAMFILER\LAUNCH MANAGER\QTZGACER.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\Programfiler\Messenger\msmsgs.exe . ************************************************************************** . Completion time: 2008-07-22 21:04:17 - machine was rebooted [Joakim] ComboFix-quarantined-files.txt 2008-07-22 19:04:06 Pre-Run: 2,962,096,128 byte ledig Post-Run: 2,831,417,344 byte ledig 271 --- E O F --- 2008-07-10 01:01:06 Hijackthis logg: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21:35:28, on 22.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe D:\qttask.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe D:\VeohClient.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Messenger\msmsgs.exe C:\Documents and Settings\Joakim\Skrivebord\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programfiler\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programfiler\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [imageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [MMTray] C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Gyknr] "C:\Documents and Settings\Joakim\Mine dokumenter\?ymantec\m?config.exe" O4 - HKCU\..\Run: [Veoh] "D:\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: NinjaVideo Helper (NinjaVideo Helper.exe) - NinjaVideo - C:\Programfiler\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 13081 bytes SUPERAntiSpyware logg: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/22/2008 at 09:09 PM Application Version : 4.15.1000 Core Rules Database Version : 3510 Trace Rules Database Version: 1501 Scan type : Quick Scan Total Scan Time : 00:18:03 Memory items scanned : 808 Memory threats detected : 0 Registry items scanned : 478 Registry threats detected : 0 File items scanned : 9582 File threats detected : 3 Adware.Vundo Variant/Rel C:\WINDOWS\SYSTEM32\RTVWA.INI C:\WINDOWS\SYSTEM32\RTVWA.INI2 Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\WTSSVIT32.EXE Adware.Tracking Cookie .adtech.de [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .msnportal.112.2o7.net [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] statse.webtrendslive.com [ C:\Documents and Settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h9v5iu0b.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Gjest\Programdata\Mozilla\Firefox\Profiles\6w6sm03y.default\cookies.txt ] På forhånd takk for all hjelp.
norbat Skrevet 22. juli 2008 Skrevet 22. juli 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKCU\..\Run: [Gyknr] "C:\Documents and Settings\Joakim\Mine dokumenter\?ymantec\m?config.exe" Sjekk følgende fil på http://virusscan.jotti.org/, om du ikke vet hva denne fila gjøre her: D:\qttask.exe Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemskann', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste om den finner noe. Hvordan kjører pc'n?
manzikurt Skrevet 23. juli 2008 Forfatter Skrevet 23. juli 2008 Her er det eneste resultatet fra fil scannen: VBA32 Found Win32 Shadow AutoStart Install (probable variant) Og her er MbAM loggen: Malwarebytes' Anti-Malware 1.22 Database versjon: 981 Windows 5.1.2600 Service Pack 2 09:10:43 23.07.2008 mbam-log-7-23-2008 (09-10-43).txt Skanntype: Rask Skann Objekter skannet: 44748 Tid tilbakelagt: 4 minute(s), 57 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\ClickToFindandFixErrors_RON_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully. PCen går litt raskere, men den er fortsatt litt treigere enn den var før malware problemene begynte.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå