allemad Skrevet 31. januar 2009 Del Skrevet 31. januar 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:56:03, on 31.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\ASUS\ASUS Live Update\ALU.exe C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe C:\Programfiler\Wireless Console 2\wcourier.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\sm56hlpr.exe C:\Programfiler\ASUS WLAN Adapter\ACU.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Brother\ControlCenter3\brccMCtl.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Asus\Asus ChkMail\ChkMail.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Brother\Brmfcmon\BrMfimon.exe C:\WINDOWS\fxstaller.exe C:\Programfiler\Microsoft Office\Office12\WINWORD.EXE C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\msvs.exe D:\Diverse programmer\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Programfiler\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Power_Gear] C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [Wireless Console 2] C:\Programfiler\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [ACU] "C:\Programfiler\ASUS WLAN Adapter\ACU.exe" -nogui O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Programfiler\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ASUS ChkMail.lnk = C:\Programfiler\Asus\Asus ChkMail\ChkMail.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216739772734 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ASUS Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ANITAD~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg -- End of file - 9615 bytes Lenke til kommentar
norbat Skrevet 31. januar 2009 Del Skrevet 31. januar 2009 (endret) Denne fila er problemet ditt: C:\WINDOWS\fxstaller.exe Før du kjører gjennom veiledningen under, så vil jeg at du går til Virustotal og laster opp fila der. Hvis dette er en 'ny' variant, kan det være interessant å vite hvilke av-program som detekterer den. Du kan kopiere og lime inn resultatet i ditt neste innlegg Veiledningen vil renske ut dette. Post loggene det spørres etter her i din egen tråd. Kunne du ha oppgitt hva som står i den linken som denne infeksjonen sender ut - hvilken webadresse e.l.? Endret 31. januar 2009 av norbat Lenke til kommentar
allemad Skrevet 31. januar 2009 Forfatter Del Skrevet 31. januar 2009 husker ikke web adressa i farta.. skal poste den når jeg finner den.. hvor i veiledningen går jeg for og fixe problemet? Lenke til kommentar
norbat Skrevet 31. januar 2009 Del Skrevet 31. januar 2009 Se det som står i rød skrift i mitt innlegg over før du kjører programmet som står under her --- Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemskann', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste. Lenke til kommentar
allemad Skrevet 31. januar 2009 Forfatter Del Skrevet 31. januar 2009 File FXSTALLER.EXE-28ED83DD.pf received on 01.31.2009 11:59:44 (CET)Antivirus Version Last Update Result a-squared 4.0.0.93 2009.01.31 - AhnLab-V3 5.0.0.2 2009.01.30 - AntiVir 7.9.0.60 2009.01.30 - Authentium 5.1.0.4 2009.01.31 - Avast 4.8.1281.0 2009.01.30 - AVG 8.0.0.229 2009.01.30 - BitDefender 7.2 2009.01.31 - CAT-QuickHeal 10.00 2009.01.31 - ClamAV 0.94.1 2009.01.31 - Comodo 954 2009.01.30 - DrWeb 4.44.0.09170 2009.01.31 - eSafe 7.0.17.0 2009.01.29 - eTrust-Vet 31.6.6335 2009.01.29 - F-Prot 4.4.4.56 2009.01.30 - F-Secure 8.0.14470.0 2009.01.31 - Fortinet 3.117.0.0 2009.01.31 - GData 19 2009.01.31 - Ikarus T3.1.1.45.0 2009.01.31 - K7AntiVirus 7.10.611 2009.01.30 - Kaspersky 7.0.0.125 2009.01.31 - McAfee 5511 2009.01.30 - McAfee+Artemis 5511 2009.01.30 - Microsoft 1.4306 2009.01.31 - NOD32 3815 2009.01.31 - Norman 6.00.02 2009.01.30 - nProtect 2009.1.8.0 2009.01.30 - Panda 9.5.1.2 2009.01.30 - PCTools 4.4.2.0 2009.01.30 - Prevx1 V2 2009.01.31 - Rising 21.13.42.00 2009.01.23 - SecureWeb-Gateway 6.7.6 2009.01.30 - Sophos 4.38.0 2009.01.31 - Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.01.31 - TheHacker 6.3.1.5.241 2009.01.31 - TrendMicro 8.700.0.1004 2009.01.30 - VBA32 3.12.8.12 2009.01.30 - ViRobot 2009.1.31.1583 2009.01.31 - VirusBuster 4.5.11.0 2009.01.30 - Additional information File size: 17176 bytes MD5...: e3bfed65abe67926032acbf1d20774a8 SHA1..: 6cc82eddaff01522c991e417e8c83d8f56e7fcd5 SHA256: a91c431b8d37cd7a4515e9ee4322a3d3adf44bd135e5fc602f1a8f6b2a34ef74 SHA512: e507d18c57ac32a33c945e4af7ec798c3b11e86f836d482de1bb5029a714b66d<BR>f6eb6eef819b2980ea02e2ec842f436e230f01ad611830a99ea519f7e5a35f66<BR> ssdeep: 192:UEqTv1TEn09FgJMiGQolQOusJhczfnbo87TWi8IjYeJkSMW6aO3CTMrHaHC0<BR>aOU:UL71w3KUGhe7TWibJkSSdKH/6<BR> PEiD..: - TrID..: File type identification<BR>Microsoft Windows XP Prefetch file (98.9%)<BR>LTAC compressed audio (v1.71) (1.0%) PEInfo: - Lenke til kommentar
norbat Skrevet 31. januar 2009 Del Skrevet 31. januar 2009 (endret) Takk. Kjør nå en rask skann med Malwarebytes og post loggen. -og så hadde det vært veldig nyttig om du klarte å memorere hva som sto i linken som satte dette i gang Endret 31. januar 2009 av norbat Lenke til kommentar
allemad Skrevet 31. januar 2009 Forfatter Del Skrevet 31. januar 2009 (endret) hxxp://www.hi5-image.net/image.php?=min_hotmail dette er linken til elendigheten Endret 31. januar 2009 av allemad Lenke til kommentar
norbat Skrevet 31. januar 2009 Del Skrevet 31. januar 2009 (endret) Rediger innlegget ditt og endre linken din til dette: hxxp://www.hi5-image.net/image.php?=min_hotmail Sto det noe annet i tilknytning til denne linken (en melding av ett eller annet slag) eller var det kun linken? Endret 31. januar 2009 av norbat Lenke til kommentar
allemad Skrevet 31. januar 2009 Forfatter Del Skrevet 31. januar 2009 det var noe spørsmålstegn og utropstegn, og en også stod det foto tror jeg.. Lenke til kommentar
allemad Skrevet 31. januar 2009 Forfatter Del Skrevet 31. januar 2009 (endret) Malwarebytes' Anti-Malware 1.33 Databaseversjon: 1712 Windows 5.1.2600 Service Pack 3 31.01.2009 12:25:10 mbam-log-2009-01-31 (12-25-10).txt Skanntype: Rask Skann Objekter skannet: 53663 Tid tilbakelagt: 5 minute(s), 45 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 2 Minneprosesser infisert: C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Failed to unload process. Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Anita Dahle Svendsen\Lokale innstillinger\Temp\IXP000.TMP\YOUGOT~1.EXE (Backdoor.Bot) -> Quarantined and deleted successfully. Endret 31. januar 2009 av allemad Lenke til kommentar
norbat Skrevet 31. januar 2009 Del Skrevet 31. januar 2009 Post deretter en ny HJT-logg Lenke til kommentar
allemad Skrevet 31. januar 2009 Forfatter Del Skrevet 31. januar 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:31:47, on 31.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\ASUS\ASUS Live Update\ALU.exe C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe C:\Programfiler\Wireless Console 2\wcourier.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\sm56hlpr.exe C:\Programfiler\ASUS WLAN Adapter\ACU.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\Brother\ControlCenter3\brccMCtl.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Asus\Asus ChkMail\ChkMail.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\Brother\Brmfcmon\BrMfimon.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\Diverse programmer\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Programfiler\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Power_Gear] C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [Wireless Console 2] C:\Programfiler\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [ACU] "C:\Programfiler\ASUS WLAN Adapter\ACU.exe" -nogui O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Programfiler\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ASUS ChkMail.lnk = C:\Programfiler\Asus\Asus ChkMail\ChkMail.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216739772734 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ASUS Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ANITAD~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg -- End of file - 9727 bytes Lenke til kommentar
norbat Skrevet 31. januar 2009 Del Skrevet 31. januar 2009 Loggen ser grei ut. Hvordan går det med problemet? Lenke til kommentar
allemad Skrevet 31. januar 2009 Forfatter Del Skrevet 31. januar 2009 tror ikke den har sendt ut flere såne meldinger. Tusen takk for hjelpen! sier ifra om det skjer noe mer. Lenke til kommentar
norbat Skrevet 31. januar 2009 Del Skrevet 31. januar 2009 Et lite spm: Kjørte du 'infeksjons'-fila direkte, eller valgte du å lagre den og deretter kjøre? Kunne du helt til slutt gjøre følgende: Last ned DDS.scr til skrivebordet. Kjør programmet og post dds.txt loggen (ikke Attach.txt loggen). Når du er ferdig med dette, bør du gjøre følgende: Nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Etterpå lager du deg et gjenopprettingspunkt manuelt Tilbehør->systemverktøy->systemgjenoppretting . Velg å opprette et nytt. Navgi det og klikk opprett. Lenke til kommentar
allemad Skrevet 31. januar 2009 Forfatter Del Skrevet 31. januar 2009 her er DDS loggen.. vet egentlig ikke hva som ble gjort, da det var samboeren min som gjorde det.. DDS (Ver_09-01-19.01) - FAT32x86 Run by Anita Dahle Svendsen at 19:18:01,32 on 31.01.2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.495.119 [GMT 1:00] AV: avast! antivirus 4.8.1227 [VPS 090130-0] *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE SVCHOST.EXE C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\ASUS\ASUS Live Update\ALU.exe C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe C:\Programfiler\Wireless Console 2\wcourier.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\sm56hlpr.exe C:\Programfiler\ASUS WLAN Adapter\ACU.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\Brother\ControlCenter3\brccMCtl.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Asus\Asus ChkMail\ChkMail.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe c:\Programfiler\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Brother\Brmfcmon\BrMfimon.exe C:\Documents and Settings\Anita Dahle Svendsen\Skrivebord\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.msn.no/ uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/ uInternet Settings,ProxyOverride = *.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programfiler\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\programfiler\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programfiler\java\jre6\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [MsnMsgr] "c:\programfiler\windows live\messenger\MsnMsgr.Exe" /background mRun: [HControl] c:\windows\atk0100\HControl.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [ASUS Live Update] c:\programfiler\asus\asus live update\ALU.exe mRun: [Power_Gear] c:\programfiler\asus\power4 gear\BatteryLife.exe 1 mRun: [Wireless Console 2] c:\programfiler\wireless console 2\wcourier.exe mRun: [synTPEnh] c:\programfiler\synaptics\syntp\SynTPEnh.exe mRun: [sMSERIAL] c:\windows\sm56hlpr.exe mRun: [ABLKSR] c:\windows\ablksr\ABLKSR.exe mRun: [ACU] "c:\programfiler\asus wlan adapter\ACU.exe" -nogui mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [AppleSyncNotifier] c:\programfiler\fellesfiler\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\programfiler\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\programfiler\itunes\iTunesHelper.exe" mRun: [sSBkgdUpdate] "c:\programfiler\fellesfiler\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] c:\programfiler\scansoft\paperport\pptd40nt.exe mRun: [indexSearch] c:\programfiler\scansoft\paperport\IndexSearch.exe mRun: [brMfcWnd] c:\programfiler\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\programfiler\brother\controlcenter3\brctrcen.exe /autorun mRun: [sunJavaUpdateSched] "c:\programfiler\java\jre6\bin\jusched.exe" mRun: [GrooveMonitor] "c:\programfiler\microsoft office\office12\GrooveMonitor.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\asusch~1.lnk - c:\programfiler\asus\asus chkmail\ChkMail.exe StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\adober~1.lnk - c:\programfiler\adobe\acrobat 7.0\reader\reader_sl.exe IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216739772734 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programfiler\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\programfiler\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-7-22 78416] R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\atk0100\ASNDIS5.sys [2008-7-22 16269] R3 avast! Mail Scanner;avast! Mail Scanner;c:\programfiler\alwil software\avast4\ashMaiSv.exe [2008-7-22 250040] R3 avast! Web Scanner;avast! Web Scanner;c:\programfiler\alwil software\avast4\ashWebSv.exe [2008-7-22 348344] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-7-22 20560] R4 avast! Antivirus;avast! Antivirus;c:\programfiler\alwil software\avast4\ashServ.exe [2008-7-22 147640] S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2008-7-22 34944] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-7-22 32000] =============== Created Last 30 ================ 2009-01-31 12:04 <DIR> --d----- c:\docume~1\anitad~1\progra~1\Malwarebytes 2009-01-31 12:04 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-01-31 12:04 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-31 12:04 <DIR> --d----- c:\docume~1\alluse~1\progra~1\Malwarebytes 2009-01-31 11:06 <DIR> --d----- c:\programfiler\EsetOnlineScanner 2009-01-31 10:46 244 a---h--- C:\sqmnoopt00.sqm 2009-01-31 10:46 232 a---h--- C:\sqmdata00.sqm 2009-01-06 20:17 <DIR> --dsh--- C:\FOUND.000 ==================== Find3M ==================== 2009-01-15 17:41 321,828 a------- c:\windows\system32\perfh014.dat 2009-01-15 17:41 47,506 a------- c:\windows\system32\perfc014.dat 2008-12-21 21:22 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-12-21 20:56 410,976 a------- c:\windows\system32\deploytk.dll 2008-12-13 07:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll 2008-12-11 11:57 333,952 a------- c:\windows\system32\drivers\srv.sys 2008-12-11 11:57 333,952 -------- c:\windows\system32\dllcache\srv.sys ============= FINISH: 19:18:29,42 =============== Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå