milkshake1 Skrevet 7. september 2008 Del Skrevet 7. september 2008 (endret) Her er fra malware: Malwarebytes' Anti-Malware 1.26 Database versjon: 1122 Windows 5.1.2600 Service Pack 3 07.09.2008 14:10:26 mbam-log-2008-09-07 (14-10-26).txt Skanntype: Rask Skann Objekter skannet: 54114 Tid tilbakelagt: 6 minute(s), 3 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 12 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ie.ieplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{16c65d96-ef19-4439-a6ea-f73a8bec4df0} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{43d65102-a7be-4c88-9737-44d2ad81394a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f65e955e-26c0-42ff-8ee2-443a05ea286a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{6549e485-c533-4e58-ba92-9fbcd2f6e839} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{43d65102-a7be-4c88-9737-44d2ad81394a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43d65102-a7be-4c88-9737-44d2ad81394a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f65e955e-26c0-42ff-8ee2-443a05ea286a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSN (Backdoor.Bot) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Kva skal eg gjere no? Endret 7. september 2008 av milkshake1 Lenke til kommentar
norbat Skrevet 7. september 2008 Del Skrevet 7. september 2008 Du kan kjøre combofix og poste loggen den lager. Fortell også litt mer om hva problemet er. Lenke til kommentar
milkshake1 Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 Du kan kjøre combofix og poste loggen den lager.Fortell også litt mer om hva problemet er. 1. Dette skulle ikkje bli ein eigen post, skulle fortsette på denne: https://www.diskusjon.no/index.php?showtopi...1246&st=700 kan slettes. 2. Eg har ikkje hatt noko problem, ville teste malware, fant da 16 feil, så lurte litt på kva eg skulle gjere sidan eg ikkje kan med dei programma. Lenke til kommentar
norbat Skrevet 7. september 2008 Del Skrevet 7. september 2008 Men det er helt riktig at du skal opprette en egen tråd, så vi holder oss til denne Kjør combofix og post loggen, så ser vi om det er noe mer som må gjøres for å bli malwarefri. Lenke til kommentar
milkshake1 Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 Men det er helt riktig at du skal opprette en egen tråd, så vi holder oss til denne Kjør combofix og post loggen, så ser vi om det er noe mer som må gjøres for å bli malwarefri. Eg køyrde combofix isted,men dataen vart restarta av min lille sønn.. gjer det noko om eg køyrer det ein gong til? Lenke til kommentar
norbat Skrevet 7. september 2008 Del Skrevet 7. september 2008 Nei, det skulle gå greit. Lenke til kommentar
milkshake1 Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 Combofix sin logg: ComboFix 08-09-05.02 - Kent 2008-09-07 14:32:40.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.447 [GMT 2:00] Running from: D:\Ole Geir\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Kent\Cookies\[email protected][1].txt C:\Documents and Settings\Kent\Cookies\[email protected][2].txt C:\Documents and Settings\Kent\Cookies\[email protected][5].txt C:\Documents and Settings\Kent\Cookies\kent@clicktorrent[1].txt C:\Documents and Settings\Kent\Cookies\kent@clicktorrent[3].txt C:\Documents and Settings\Kent\Cookies\kent@clicktorrent[4].txt C:\Documents and Settings\Kent\Cookies\[email protected][1].txt C:\Documents and Settings\Kent\Cookies\kent@serving-sys[1].txt . ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-07 14:03 . 2008-09-07 14:03 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-09-07 14:03 . 2008-09-07 14:03 <DIR> d-------- C:\Documents and Settings\Kent\Programdata\Malwarebytes 2008-09-07 14:03 . 2008-09-07 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-09-07 14:03 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-07 14:03 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-05 14:01 . 2008-09-05 14:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-05 14:01 . 2008-09-05 14:01 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-05 08:18 . 2008-09-05 08:18 <DIR> d-------- C:\WINDOWS\LastGood 2008-08-28 22:05 . 2008-08-28 22:05 <DIR> d-------- C:\Documents and Settings\Kent\Programdata\U3 2008-08-21 22:24 . 2008-08-21 22:24 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite 2008-08-21 22:21 . 2008-08-21 22:21 <DIR> d-------- C:\Programfiler\PC Connectivity Solution 2008-08-21 22:21 . 2008-08-21 22:21 <DIR> d-------- C:\Programfiler\DIFX 2008-08-21 22:21 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-08-20 22:31 . 2008-08-20 22:31 <DIR> d-------- C:\WINDOWS\system32\no 2008-08-20 22:31 . 2008-08-20 22:31 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-20 22:31 . 2008-08-20 22:31 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-20 22:27 . 2008-08-20 22:27 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-20 22:16 . 2008-08-20 22:16 <DIR> d-------- C:\WINDOWS\EHome 2008-08-19 19:45 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-08-13 22:55 . 2008-04-11 21:06 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-21 15:39 --------- d-----w C:\Programfiler\Real 2008-07-21 15:39 --------- d-----w C:\Programfiler\Fellesfiler\xing shared 2008-07-21 14:39 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-07-21 14:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:29 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:46 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:23 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:23 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:49 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:49 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:36 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2006-11-14 21:29 5 --sha-w C:\WINDOWS\system32\acccf_g.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-17 32768] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-16 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "PCSuite.exe"="C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "PcSync2.exe"="C:\Programfiler\Nokia\Nokia PC Suite 7\PcSync2.exe" [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-05-17 151552] "ntiMUI"="C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 118784] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 421888] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 225280] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408] "LogitechCameraAssistant"="C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 331776] "LogitechVideo[inspector]"="C:\Programfiler\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 262144] "ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 40960] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2006-10-19 921600] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-06-30 2376928] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-01-19 282624] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "Telenorhjelpen"="C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-07-21 185896] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 C:\WINDOWS\AGRSMMSG.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 C:\WINDOWS\RTHDCPL.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 45056] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-03-17 438272] Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-17 450560] Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.X264"= x264vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"= "C:\\Programfiler\\Steam\\SteamApps\\crazydips\\counter-strike source\\hl2.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "C:\\Programfiler\\TVAnts\\Tvants.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\Steam\\Steam.exe"= "C:\\Programfiler\\SopCast\\SopCast.exe"= "C:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\MsnMsgr.Exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18895:TCP"= 18895:TCP:BitComet 18895 TCP "18895:UDP"= 18895:UDP:BitComet 18895 UDP R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 4096] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 78208] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-04-06 1097472] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 16768] R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-02 38528] S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [ ] S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [ ] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 84608] S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-09-13 49611] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d823f16-753c-11dd-a109-001636432acb}] \Shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - CATCHME *Newly Created Service* - MBAMSWISSARMY *Newly Created Service* - PROCEXP90 *Newly Created Service* - SERVICELAYER . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKCU-Run-PC Suite Tray - C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe HKLM-Run-ppmate - C:\Programfiler\PPMate\PPMate\ppmate.exe HKLM-Run-Telenor Online Start - C:\Programfiler\Telenor\Online Start\Telenor.exe HKLM-Run-PIOLET - C:\Programfiler\Piolet\Piolet.exe HKLM-Run-Adobe Photo Downloader - C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe HKU-Default-Run-PcSync - C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Kent\Programdata\Mozilla\Firefox\Profiles\kth5ucvy.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://nb-no.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nb-NO:official . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-07 14:36:40 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-07 14:54:11 ComboFix-quarantined-files.txt 2008-09-07 12:51:40 Pre-Run: 2,297,495,552 byte ledig Post-Run: 3,433,955,328 byte ledig 220 --- E O F --- 2008-08-21 15:48:07 Lenke til kommentar
milkshake1 Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 Ser fint ut dette Supert! takk for svar og hjelp! Lenke til kommentar
r2d290 Skrevet 7. september 2008 Del Skrevet 7. september 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå