Kuuket Skrevet 29. desember 2008 Del Skrevet 29. desember 2008 Hei, har avg antivirus, det popper opp at det er ny trojaner funnet hele tide, og jeg scanner og scanner. og finner mange virus, men de sletter jeg, og enda så popper det opp:S tips ? Lenke til kommentar
norbat Skrevet 29. desember 2008 Del Skrevet 29. desember 2008 Kjør gjennom veiledningen. Loggene det spørres etter, poster du her i din egen tråd. Lenke til kommentar
Kuuket Skrevet 29. desember 2008 Forfatter Del Skrevet 29. desember 2008 Combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-12-28.03 - s90a 29/12/2008 14:43:28.1 - FAT32x86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.255.124 [GMT 1:00] Running from: c:\documents and settings\s90a\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\s90a\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\winnt\system32\fabireze.dll c:\winnt\system32\i c:\winnt\system32\jawegafa.dll c:\winnt\system32\psAycccf.ini c:\winnt\system32\psAycccf.ini2 c:\winnt\system32\pufuniso.dll c:\winnt\system32\tebihoti.dll c:\winnt\system32\wajarevi.dll c:\winnt\system32\wudifobu.dll c:\winnt\system32\yumamano.dll c:\winnt\system32\zasulege.dll c:\winnt\Tasks\uwxmymjo.job c:\winnt\Temp\tmp3.tmp c:\winnt\Web\default.htt ----- BITS: Possible infected sites ----- hxxp://childhe.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PASSWORD ((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 ))))))))))))))))))))))))))))))) . 2008-12-29 14:51 . 08-12-29 14:51 16,384 --a----t- c:\winnt\system32\Perflib_Perfdata_294.dat 2008-12-29 14:38 . 08-12-29 14:39 1,266,825 ---hs---- c:\winnt\system32\egelusaz.ini 2008-12-28 22:38 . 08-12-28 22:38 1,265,838 ---hs---- c:\winnt\system32\itohibet.ini 2008-12-26 21:12 . 08-12-26 22:52 75,364 --a------ C:\ub.exe 2008-12-26 03:56 . 08-12-26 03:56 1,582,201 ---hs---- c:\winnt\system32\opatidah.ini 2008-12-26 02:54 . 08-12-26 02:54 39,424 ---h----- c:\winnt\system32\weprecover.exe 2008-12-26 02:54 . 08-12-26 02:54 35,840 ---h----- c:\winnt\system32\recoverei.exe 2008-12-26 02:53 . 08-12-26 02:53 393,216 --a------ C:\ps.exe 2008-12-26 00:07 . 08-12-26 00:07 7,379 --a------ C:\da5.exe 2008-12-25 21:42 . 08-12-25 21:42 <DIR> d-------- c:\documents and settings\s90a\Application Data\Malwarebytes 2008-12-25 21:41 . 08-12-25 21:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-25 15:57 . 08-12-25 15:57 1,582,201 ---hs---- c:\winnt\system32\arojivoj.ini 2008-12-24 14:03 . 08-12-24 14:03 <DIR> d-------- c:\documents and settings\s90a\Application Data\LimeWire 2008-12-24 14:02 . 08-12-24 14:01 410,984 --a------ c:\winnt\system32\deploytk.dll 2008-12-24 14:02 . 08-12-24 14:01 73,728 --a------ c:\winnt\system32\javacpl.cpl 2008-12-24 14:01 . 08-12-24 14:01 <DIR> d-------- c:\program files\Java 2008-12-24 13:54 . 08-12-24 13:54 <DIR> d-------- c:\program files\LimeWire 2008-12-24 13:45 . 08-12-24 13:46 1,582,201 ---hs---- c:\winnt\system32\eligodif.ini 2008-12-24 00:16 . 08-12-24 00:17 1,582,201 ---hs---- c:\winnt\system32\oyiladab.ini 2008-12-23 17:21 . 08-12-23 17:21 <DIR> d-------- C:\FOUND.011 2008-12-23 16:40 . 08-12-23 16:40 <DIR> d-------- c:\program files\Trend Micro 2008-12-22 22:37 . 08-12-26 22:52 75,364 -r-hs---- c:\winnt\system\msservice.exe 2008-12-22 20:46 . 08-12-22 20:46 <DIR> d-------- C:\FOUND.010 2008-12-21 23:54 . 08-12-22 23:55 1,582,201 ---hs---- c:\winnt\system32\azuwasib.ini 2008-12-21 02:06 . 08-12-21 02:06 1,582,201 ---hs---- c:\winnt\system32\orirudut.ini 2008-12-21 01:05 . 08-12-21 01:06 1,582,201 ---hs---- c:\winnt\system32\ijohitam.ini 2008-12-20 17:07 . 08-12-20 17:07 <DIR> dr-h----- C:\$VAULT$.AVG 2008-12-19 20:46 . 08-12-19 20:46 <DIR> d-------- C:\FOUND.009 2008-12-19 20:26 . 08-12-19 20:26 1,639,241 ---hs---- c:\winnt\system32\trvlrkkw.ini 2008-12-16 22:40 . 08-12-16 22:41 1,619,178 ---hs---- c:\winnt\system32\fsyvwrkk.ini 2008-12-16 22:34 . 08-12-16 22:34 70,144 --a------ c:\winnt\system32\efcDTJcA.dll 2008-12-09 23:00 . 08-12-09 23:00 <DIR> d-------- C:\FOUND.008 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-29 20:00 --------- d-----w c:\program files\CCleaner 2007-10-25 18:07 271 ---h--w c:\program files\desktop.ini 2007-10-25 18:07 21,952 ---h--w c:\program files\folder.htt 1999-12-07 03:00 32,528 ----a-w c:\winnt\inf\wbfirdma.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08-10-12 20:18 68856] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [03-02-20 00:49 2185800] "internat.exe"="internat.exe" [99-12-07 04:00 20752 c:\winnt\system32\internat.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [08-10-23 00:29 590848] "LaunchAp"="c:\program files\FnUtil\Launch Manager\LaunchAp.exe" [00-03-14 09:24 20480] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [08-01-11 22:16 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [08-12-24 14:01 136600] "Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 c:\winnt\system32\mobsync.exe] "LTSMMSG"="LTSMMSG.exe" [00-11-21 15:29 40960 c:\winnt\LTSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [07-10-26 19:40 219136] "internat.exe"="internat.exe" [99-12-07 04:00 20752 c:\winnt\system32\internat.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640] c:\documents and settings\s90a\Start Menu\Programs\Startup\ OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-03-22 393216] LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-09-18 147456] c:\documents and settings\All Users\Start Menu\Programs\Startup\ LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-03-24 57344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= mmdrv.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 c:\winnt\system32\fcccyAsp Notification Packages REG_MULTI_SZ scecli c:\winnt\system32\fabireze.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 R1 Avg7RsNT;AVG7 Resident Driver NT;c:\winnt\system32\Drivers\avg7rsnt.sys [2007-10-26 26944] R1 dmiproxy;dmiproxy;c:\winnt\system32\drivers\dmiproxy.sys [2007-10-28 36680] R1 NbmKmd;NbmKmd;c:\winnt\system32\drivers\NbmKmd.sys [2007-10-28 4160] R2 Hotkey;Hotkey;c:\winnt\system32\drivers\Hotkey.sys [2007-10-28 6048] R2 HotkeyService;HotkeyService;c:\program files\FnUtil\Launch Manager\hotkeyex.exe [2007-10-28 173764] R3 ALiIRDA;ALi Infrared Device Driver;c:\winnt\system32\DRIVERS\alifir.sys [2007-10-25 41744] R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\winnt\system32\DRIVERS\LTSM.sys [2007-10-26 1029800] R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\DRIVERS\openhci.sys [1999-12-07 24784] S2 msddll;msddll;"c:\winnt\system\msddll.exe" [] S2 WinHost32Svr;Windows Host32 Server Service;"c:\winnt\security\svchost.exe" [] S4 netstats;netstats;"c:\winnt\system\msservice.exe" [2008-12-22 75364] . - - - - ORPHANS REMOVED - - - - BHO-{b3750801-c281-4b97-bda0-abb3e72d639d} - c:\winnt\system32\yumamano.dll HKLM-Run-Microsoft Intranet Patcher - c:\documents and settings\s90a\Application Data\intranetexplorer.exe HKLM-Run-CPMcd172b6b - c:\winnt\system32\siveraja.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.mbentusiastklubb.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie LSP: %SystemRoot%\system32\msafd.dll O16 -: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab c:\winnt\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd FF - ProfilePath - c:\documents and settings\s90a\Application Data\Mozilla\Firefox\Profiles\fighw922.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-29 14:53:11 Windows 5.0.2195 Service Pack 4 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(164) c:\winnt\system32\wzcdlg.dll c:\winnt\system32\WZCSAPI.DLL - - - - - - - > 'explorer.exe'(1320) c:\winnt\AppPatch\AcLayers.DLL . Completion time: 2008-12-29 14:58:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-29 13:58:08 Pre-Run: 4,826,791,936 bytes free Post-Run: 4,791,615,488 bytes free 162 HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:56:05, on 29/12/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\FnUtil\Launch Manager\hotkeyex.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINNT\LTSMMSG.exe C:\Program Files\FnUtil\Launch Manager\LaunchAp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINNT\system32\internat.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mbentusiastklubb.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\FnUtil\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HotkeyService - Acer - C:\Program Files\FnUtil\Launch Manager\hotkeyex.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: msddll - Unknown owner - C:\WINNT\system\msddll.exe (file missing) O23 - Service: Windows Host32 Server Service (WinHost32Svr) - Unknown owner - C:\WINNT\security\svchost.exe (file missing) -- End of file - 5297 bytes der Lenke til kommentar
norbat Skrevet 29. desember 2008 Del Skrevet 29. desember 2008 (endret) Kunne du poste Malwarebytes-loggen også? Edit: Combofix-loggen viser noe malware som burde bli fjernet med Malwarebytes, men jeg ser også at du har SuperAntispyware (SAS på pc'n. Er det lenge siden du oppdaterte og kjørte det programmet? Hvis, så oppdaterer du det og kjører en rask skann (quick scan). Når du har gjort dette, kjører du combofix på nytt og poster loggen (sammen med SAS-loggen), så ser vi om det er noe mer som må tas. Endret 29. desember 2008 av norbat Lenke til kommentar
Kuuket Skrevet 30. desember 2008 Forfatter Del Skrevet 30. desember 2008 Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 12/30/2008 at 01:21 AM Application Version : 4.23.1006 Core Rules Database Version : 3687 Trace Rules Database Version: 1663 Scan type : Quick Scan Total Scan Time : 00:23:44 Memory items scanned : 365 Memory threats detected : 0 Registry items scanned : 258 Registry threats detected : 0 File items scanned : 3064 File threats detected : 82 Adware.Tracking Cookie C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@zedo[1].txt C:\Documents and Settings\s90a\Cookies\s90a@questionmarket[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\s90a@advertising[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\s90a@mediaplex[1].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\s90a@zanox-affiliate[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@revsci[2].txt C:\Documents and Settings\s90a\Cookies\s90a@protected-clicks-system[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\s90a@specificmedia[2].txt C:\Documents and Settings\s90a\Cookies\s90a@doubleclick[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@online-securityscanner[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@cassava[1].txt C:\Documents and Settings\s90a\Cookies\s90a@adultfriendfinder[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@pcantivirusscanner[3].txt C:\Documents and Settings\s90a\Cookies\s90a@hitbox[2].txt C:\Documents and Settings\s90a\Cookies\s90a@projectm[2].txt C:\Documents and Settings\s90a\Cookies\s90a@adbrite[1].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\s90a@adrevolver[1].txt C:\Documents and Settings\s90a\Cookies\s90a@socialmedia[1].txt C:\Documents and Settings\s90a\Cookies\s90a@tradedoubler[2].txt C:\Documents and Settings\s90a\Cookies\s90a@adtech[1].txt C:\Documents and Settings\s90a\Cookies\s90a@2o7[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@antivirus-fast-scanner[2].txt C:\Documents and Settings\s90a\Cookies\s90a@directtrack[1].txt C:\Documents and Settings\s90a\Cookies\s90a@ero-advertising[1].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\s90a@partypoker[1].txt C:\Documents and Settings\s90a\Cookies\s90a@cgi-bin[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@securedprotectedclicks[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@specificclick[2].txt C:\Documents and Settings\s90a\Cookies\s90a@azjmp[2].txt C:\Documents and Settings\s90a\Cookies\s90a@onlinevirus-scanner[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@serving-sys[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@overture[1].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@fastclick[1].txt C:\Documents and Settings\s90a\Cookies\s90a@888[1].txt C:\Documents and Settings\s90a\Cookies\s90a@youporn[1].txt C:\Documents and Settings\s90a\Cookies\s90a@windowsmedia[1].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@xiti[1].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\s90a@apmebf[1].txt C:\Documents and Settings\s90a\Cookies\s90a@atdmt[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\s90a@indextools[2].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\s90a@tribalfusion[1].txt C:\Documents and Settings\s90a\Cookies\s90a@adtrafficdriver[1].txt C:\Documents and Settings\s90a\Cookies\[email protected][2].txt C:\Documents and Settings\s90a\Cookies\s90a@adrevolver[2].txt C:\Documents and Settings\s90a\Cookies\s90a@interclick[1].txt C:\Documents and Settings\s90a\Cookies\s90a@statcounter[1].txt C:\Documents and Settings\s90a\Cookies\[email protected][1].txt Lenke til kommentar
norbat Skrevet 30. desember 2008 Del Skrevet 30. desember 2008 Vi tar en runde til: Last ned Malwarebytes Anti-Malware (MBAM) til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som ble funnet. MBAM vil i en del tilfeller be om en restart av pc'n. Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster sammen med ny combofix-logg (kjør altså combofix på nytt etter mbam-skannen). Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå