YMF Skrevet 3. desember 2008 Del Skrevet 3. desember 2008 MBAM: Malwarebytes' Anti-Malware 1.30 Database versjon: 1454 Windows 6.0.6001 Service Pack 1 03.12.2008 17:01:23 mbam-log-2008-12-03 (17-01-23).txt Skanntype: Rask Skann Objekter skannet: 48622 Tid tilbakelagt: 2 minute(s), 1 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 0 Registernøkler infisert: 3 Registerverdier infisert: 4 Registerfiler infisert: 3 Mapper infisert: 1 Filer infisert: 11 Minneprosesser infisert: C:\Windows\System32\twext.exe (Backdoor.Bot) -> Unloaded process successfully. Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\twext.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Mapper infisert: C:\Windows\System32\twain_32 (Backdoor.Bot) -> Delete on reboot. Filer infisert: C:\Windows\System32\rs32net.exe (Trojan.FakeAlert.H) -> Delete on reboot. C:\Users\klack\AppData\Local\Temp\jhw6B6E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\klack\AppData\Local\Temp\ztl4FF.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\twain_32\local.ds (Backdoor.Bot) -> Delete on reboot. C:\Windows\System32\twain_32\user.ds (Backdoor.Bot) -> Delete on reboot. C:\Windows\Temp\3F1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\twext.exe (Backdoor.Bot) -> Delete on reboot. C:\Windows\System32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\System32\fci.exe.exe (Worm.Zhelatin) -> Quarantined and deleted successfully. C:\Windows\System32\icf.exe.exe (Worm.Zhelatin) -> Quarantined and deleted successfully. C:\Users\klack\UPSInvoice_89076152.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Lenke til kommentar
snippsat Skrevet 3. desember 2008 Del Skrevet 3. desember 2008 Oppdatere ny runde med MBAM. Se at den ikke finner noe nå. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Lenke til kommentar
YMF Skrevet 3. desember 2008 Forfatter Del Skrevet 3. desember 2008 (endret) combofix ComboFix 08-12-02.02 - klack 2008-12-03 17:08:01.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1044.18.2164 [GMT 1:00] Kjører fra: d:\spill\World of Warcraft\Interface\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TCPSR ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-03 til 2008-12-03 ))))))))))))))))))))))))))))))))) . 2008-12-03 16:58 . 2008-12-03 16:58 <DIR> d-------- c:\users\klack\AppData\Roaming\Malwarebytes 2008-12-03 16:58 . 2008-12-03 16:58 <DIR> d-------- c:\programdata\Malwarebytes 2008-12-03 16:58 . 2008-12-03 16:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-03 16:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-03 16:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-30 23:59 . 2008-11-30 23:59 <DIR> d-------- c:\program files\Curse 2008-11-27 15:08 . 2008-11-27 15:08 268 --ah----- C:\sqmdata03.sqm 2008-11-27 15:08 . 2008-11-27 15:08 244 --ah----- C:\sqmnoopt03.sqm 2008-11-24 22:20 . 2008-11-24 22:20 268 --ah----- C:\sqmdata02.sqm 2008-11-24 22:20 . 2008-11-24 22:20 244 --ah----- C:\sqmnoopt02.sqm 2008-11-24 13:00 . 2008-11-24 13:00 268 --ah----- C:\sqmdata01.sqm 2008-11-24 13:00 . 2008-11-24 13:00 244 --ah----- C:\sqmnoopt01.sqm 2008-11-24 02:20 . 2008-11-24 02:20 268 --ah----- C:\sqmdata00.sqm 2008-11-24 02:20 . 2008-11-24 02:20 244 --ah----- C:\sqmnoopt00.sqm 2008-11-20 09:45 . 2008-11-20 09:45 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-11-20 09:45 . 2008-11-20 09:45 <DIR> d-------- c:\program files\Common Files\Adobe 2008-11-20 09:33 . 2008-11-20 09:33 <DIR> d-------- c:\users\klack\UPSInvoice_89076152 2008-11-20 09:33 . 2008-11-20 09:33 65,388 --a------ c:\users\klack\UPSInvoice_89076152.zip 2008-11-20 07:59 . 2008-11-20 07:59 <DIR> d-------- c:\program files\Google 2008-11-15 08:31 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-15 08:31 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-15 08:31 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-15 08:31 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-15 08:30 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-15 08:30 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-15 08:30 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-15 08:30 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-15 08:30 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-12 02:24 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-12 02:21 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-12 01:56 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-08 23:16 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\System32\d3dx9_34.dll 2008-11-08 22:38 . 2008-11-08 22:38 <DIR> d--hs---- c:\windows\ftpcache . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-03 16:10 --------- d-----w c:\users\klack\AppData\Roaming\uTorrent 2008-12-03 16:05 --------- d-----w c:\users\klack\AppData\Roaming\Hamachi 2008-12-03 16:05 --------- d-----w c:\program files\Common Files\Steam 2008-11-20 08:36 --------- d-----w c:\program files\mIRC 2008-11-13 02:00 --------- d-----w c:\programdata\Microsoft Help 2008-11-12 15:31 202,000 ----a-w c:\windows\System32\PnkBstrB.exe 2008-11-12 15:31 139,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-11-11 19:46 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-08 21:59 682,280 ----a-w c:\windows\System32\pbsvc.exe 2008-11-08 21:59 22,328 ----a-w c:\users\klack\AppData\Roaming\PnkBstrK.sys 2008-11-06 15:39 66,872 ----a-w c:\windows\System32\PnkBstrA.exe 2008-11-02 23:38 --------- d---a-w c:\programdata\TEMP 2008-10-21 18:28 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-21 18:28 --------- d-----w c:\program files\AGEIA Technologies 2008-10-21 10:06 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-20 12:18 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2008-10-15 09:08 --------- d-----w c:\program files\Windows Mail 2008-10-15 01:26 --------- d-----w c:\program files\Tortun 2008-10-08 18:13 --------- d-----w c:\programdata\NVIDIA 2008-10-07 18:59 --------- d-----w c:\programdata\TrackMania 2008-10-06 22:05 --------- d-----w c:\programdata\Blizzard 2008-10-06 06:09 --------- d-----w c:\programdata\Codemasters 2008-10-06 06:07 444,952 ----a-w c:\windows\System32\wrap_oal.dll 2008-10-06 06:07 109,080 ----a-w c:\windows\System32\OpenAL32.dll 2008-10-06 06:07 --------- d-----w c:\program files\OpenAL 2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-23 23:52 107,888 ----a-w c:\windows\System32\CmdLineExt.dll 2008-09-23 18:34 315,392 ----a-w c:\windows\HideWin.exe 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-09-10 06:37 81,920 ----a-w c:\windows\System32\frapsvid.dll 2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-09-23 219952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Steam"="d:\spill\steam\Steam.exe" [2008-11-01 1410296] "CurseClient"="c:\program files\Curse\CurseClient.exe" [2008-10-10 4789760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-07-09 551456] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-09 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-09 92704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 c:\windows\RtHDVCpl.exe] "CTHelper"="CTHELPER.EXE" [2007-10-25 c:\windows\System32\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 c:\windows\System32\CTXFIHLP.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="c:\windows\system32\READREG" [X] c:\users\klack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-09-25 625952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2326656311-3407321000-1026724571-1003] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F70E7930-7174-457C-BE7B-A123EF81C595}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{D093172C-0BCA-40A9-8485-73A5119CE98D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{A2967E2F-7730-4C11-9D14-48B4553EA0FA}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{15EC4599-D448-461B-9B2E-F3A91F8609F7}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "{264BC2B6-8AAB-4859-BFF6-F81582B3D708}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{902FE166-BB79-4055-8F8F-8A56F89BF050}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{382A297A-5C1D-4381-9FC1-E0A876F85E9D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{989DB579-971C-4EB3-9CB7-1C8705DF9556}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{B91BAA2F-8F99-4825-B14A-D63635126F9F}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{5E4DDCF5-83FC-45B9-9CA8-48520BC33723}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "{CFB33F9F-5A39-44E7-B32E-908D943E207B}"= UDP:d:\spill\Battlefield 2\BF2.exe:Battlefield 2 "{880C1B08-0F1E-40A8-8758-896C00F5C6BE}"= TCP:d:\spill\Battlefield 2\BF2.exe:Battlefield 2 "{FF9AE1AC-D87F-4BB6-B7FE-EB2BE9C1C4E0}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{ABEA37CB-BE5C-486F-8036-E19A78D35ECC}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{5CA08B72-1DFF-4AD3-A6C5-BED0A6BABA30}"= UDP:d:\spill\Race.Driver.GRID-RELOADED\GRID.exe:GRID "{9846B191-0287-470E-944E-8EA63203AD56}"= TCP:d:\spill\Race.Driver.GRID-RELOADED\GRID.exe:GRID "{E0E02CEC-86E9-4328-A270-77C3C1C5D407}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{D56B2A99-CCA2-400E-BD88-41B65399FA66}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{2F7857B7-3350-40A4-87B6-6A7620337E99}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{2D741CD8-4B0D-4274-B75E-28492F99F0CF}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{8F93D36F-33E5-426F-897C-4A15ABCE9EB8}"= UDP:d:\spill\Call Of Duty WAW\CoDWaW.exe:Call of Duty® - World at War "{41717E43-B243-4550-846B-B029F31E8D95}"= TCP:d:\spill\Call Of Duty WAW\CoDWaW.exe:Call of Duty® - World at War "{E00B93CC-20E8-4707-959B-8312E18E25AF}"= UDP:d:\spill\Call Of Duty WAW\CoDWaWmp.exe:Call of Duty® - World at War "{156C0623-45A9-4FAB-82BE-FE439ED327D5}"= TCP:d:\spill\Call Of Duty WAW\CoDWaWmp.exe:Call of Duty® - World at War "{890AAAB2-56C3-452B-9819-DAECE1B545C9}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client "{C559D4A1-1057-467D-8868-17809662D5D2}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504] S4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-09-17 143256] S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-09-17 134688] S4 UGURU;UGURU;c:\windows\system32\drivers\uguru.sys [2008-09-17 21048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \shell\AutoRun\command - L:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8010bb39-8434-11dd-b254-806e6f6e6963}] \shell\AutoRun\command - E:\Installer.exe . - - - - TOMME PEKERE FJERNET - - - - HKU-Default-Run-rs32net - c:\windows\System32\rs32net.exe Notify-pucjfi - pucjfi32.dll . ------- Tilleggsskanning ------- . FireFox -: Profile - c:\users\klack\AppData\Roaming\Mozilla\Firefox\Profiles\j1px2c7t.default\ FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-03 17:11:07 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\users\klack\AppData\Local\Temp\Cab816E.tmp 27023 bytes c:\users\klack\AppData\Local\Temp\Tar816F.tmp 69595 bytes skanning vellykket skjulte filer: 2 ************************************************************************** . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\System32\PnkBstrA.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Tidspunkt ferdig: 2008-12-03 17:13:08 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2008-12-03 16:13:01 Pre-Run: 579 262 984 192 byte ledig Post-Run: 580,639,039,488 byte ledig 211 --- E O F --- 2008-11-19 10:38:35 hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:15:14, on 03.12.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Windows\RtHDVCpl.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Curse\CurseClient.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [steam] "D:\spill\steam\Steam.exe" -silent O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 4982 bytes 17:18 edit: kjørte en ny runde med MBAM, fant 0 infiserte filer Jeg fikk en mail av Nextgentel i dag, og de informerte meg at jeg hadde Trojan, så vist jeg ikke fjerner dette selv innen 3 dager så kommer de på døra å formaterer PC'n Jeg nekter å formatere : | Gla jeg har diskusjon.no Endret 3. desember 2008 av ito Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå