Takkforden Skrevet 26. april 2009 Del Skrevet 26. april 2009 Supert om noen vil sjekke log'ene fra min mors PC... MBAM: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2043 Windows 5.1.2600 Service Pack 3 26.04.09 17:35:29 mbam-log-2009-04-26 (17-35-29).txt Skanntype: Rask Skann Objekter skannet: 80365 Tid tilbakelagt: 10 minute(s), 13 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 10 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 09-04-25.A3 - Eier 26.04.09 17:51.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.510.184 [GMT 2:00] Kjører fra: c:\documents and settings\Eier\Skrivebord\ComboFix.exe AV: Norman Security Suite ver. 7.00 *On-access scanning disabled* (Updated) * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-05-26 til 2009-4-26 ))))))))))))))))))))))))))))))))) . 2009-04-26 15:22 . 2009-04-26 15:22 -------- d-----w c:\documents and settings\Eier\Programdata\Malwarebytes 2009-04-26 15:22 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-26 15:22 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-26 15:22 . 2009-04-26 15:22 -------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2009-04-26 15:22 . 2009-04-26 15:22 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-04-15 09:30 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-15 09:30 . 2008-04-21 21:16 217088 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-15 09:29 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 09:29 . 2009-03-06 14:24 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-15 09:29 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-15 09:29 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 09:29 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 09:29 . 2009-02-09 10:56 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 09:29 . 2009-02-09 10:56 680448 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 09:29 . 2009-02-09 10:56 710656 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 09:29 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-08 15:35 . 2009-04-08 15:35 -------- d-----w c:\programfiler\Safari 2009-04-08 15:05 . 2009-04-08 15:06 -------- d-----w c:\programfiler\Apple Software Update 2009-04-08 15:03 . 2009-04-08 15:03 -------- d-----w c:\programfiler\iPod 2009-04-08 15:03 . 2009-04-08 15:04 -------- d-----w c:\programfiler\iTunes 2009-04-08 15:03 . 2009-04-08 15:04 -------- d-----w c:\documents and settings\All Users\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-08 15:00 . 2009-04-08 15:01 -------- d-----w c:\programfiler\QuickTime 2009-04-08 14:52 . 2009-04-08 14:52 -------- d-----w c:\programfiler\Bonjour . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-26 08:42 . 2006-01-28 15:29 -------- d-----w c:\documents and settings\Eier\Programdata\OpenOffice.org2 2009-04-26 08:33 . 2007-09-02 18:58 -------- d-----w c:\programfiler\Norman 2009-04-25 11:20 . 2007-07-21 19:15 232 ---ha-w C:\sqmdata17.sqm 2009-04-25 11:20 . 2007-07-21 19:15 244 ---ha-w C:\sqmnoopt17.sqm 2009-04-23 12:31 . 2007-07-21 12:35 244 ---ha-w C:\sqmnoopt16.sqm 2009-04-23 12:31 . 2007-07-21 12:35 232 ---ha-w C:\sqmdata16.sqm 2009-04-23 06:59 . 2004-08-04 12:00 73476 ----a-w c:\windows\system32\perfc014.dat 2009-04-23 06:59 . 2004-08-04 12:00 413334 ----a-w c:\windows\system32\perfh014.dat 2009-04-22 07:46 . 2007-07-06 12:53 232 ---ha-w C:\sqmdata15.sqm 2009-04-22 07:46 . 2007-07-06 12:53 244 ---ha-w C:\sqmnoopt15.sqm 2009-04-20 08:44 . 2007-07-06 01:54 244 ---ha-w C:\sqmnoopt14.sqm 2009-04-20 08:44 . 2007-07-06 01:54 232 ---ha-w C:\sqmdata14.sqm 2009-04-20 08:41 . 2007-07-05 12:43 244 ---ha-w C:\sqmnoopt13.sqm 2009-04-20 08:41 . 2007-07-05 12:43 232 ---ha-w C:\sqmdata13.sqm 2009-04-18 11:06 . 2007-07-04 08:11 232 ---ha-w C:\sqmdata12.sqm 2009-04-18 11:06 . 2007-07-04 08:11 244 ---ha-w C:\sqmnoopt12.sqm 2009-04-16 17:24 . 2007-07-04 01:04 244 ---ha-w C:\sqmnoopt11.sqm 2009-04-16 17:24 . 2007-07-04 01:04 232 ---ha-w C:\sqmdata11.sqm 2009-04-16 17:22 . 2007-07-02 03:57 244 ---ha-w C:\sqmnoopt10.sqm 2009-04-16 17:22 . 2007-07-02 03:57 232 ---ha-w C:\sqmdata10.sqm 2009-04-15 14:26 . 2007-06-02 14:57 244 ---ha-w C:\sqmnoopt09.sqm 2009-04-15 14:26 . 2007-06-02 14:57 232 ---ha-w C:\sqmdata09.sqm 2009-04-15 14:25 . 2007-05-18 03:28 244 ---ha-w C:\sqmnoopt08.sqm 2009-04-15 14:25 . 2007-05-18 03:28 232 ---ha-w C:\sqmdata08.sqm 2009-04-15 07:44 . 2005-08-26 13:23 -------- d-----w c:\programfiler\Java 2009-04-13 15:46 . 2007-05-03 02:46 244 ---ha-w C:\sqmnoopt07.sqm 2009-04-13 15:46 . 2007-05-03 02:46 232 ---ha-w C:\sqmdata07.sqm 2009-04-13 15:46 . 2007-04-18 06:44 244 ---ha-w C:\sqmnoopt06.sqm 2009-04-13 15:46 . 2007-04-18 06:44 232 ---ha-w C:\sqmdata06.sqm 2009-04-13 15:42 . 2007-04-18 03:12 244 ---ha-w C:\sqmnoopt05.sqm 2009-04-13 15:42 . 2007-04-18 03:12 232 ---ha-w C:\sqmdata05.sqm 2009-04-13 15:32 . 2007-04-17 16:38 232 ---ha-w C:\sqmdata04.sqm 2009-04-13 15:32 . 2007-04-17 16:38 244 ---ha-w C:\sqmnoopt04.sqm 2009-04-11 16:25 . 2007-04-17 06:27 244 ---ha-w C:\sqmnoopt03.sqm 2009-04-11 16:25 . 2007-04-17 06:27 232 ---ha-w C:\sqmdata03.sqm 2009-04-11 16:20 . 2007-03-18 04:34 244 ---ha-w C:\sqmnoopt02.sqm 2009-04-11 16:20 . 2007-03-18 04:34 232 ---ha-w C:\sqmdata02.sqm 2009-04-09 19:24 . 2007-03-17 10:50 244 ---ha-w C:\sqmnoopt01.sqm 2009-04-09 19:24 . 2007-03-17 10:50 232 ---ha-w C:\sqmdata01.sqm 2009-04-09 19:15 . 2007-03-16 16:28 232 ---ha-w C:\sqmdata00.sqm 2009-04-09 19:15 . 2007-03-16 16:28 244 ---ha-w C:\sqmnoopt00.sqm 2009-04-09 09:32 . 2007-07-23 11:27 244 ---ha-w C:\sqmnoopt19.sqm 2009-04-09 09:32 . 2007-07-23 11:27 232 ---ha-w C:\sqmdata19.sqm 2009-04-09 09:29 . 2007-07-22 16:21 244 ---ha-w C:\sqmnoopt18.sqm 2009-04-09 09:29 . 2007-07-22 16:21 232 ---ha-w C:\sqmdata18.sqm 2009-04-08 15:37 . 2005-08-26 13:15 -------- d-----w c:\documents and settings\Eier\Programdata\Apple Computer 2009-04-08 15:03 . 2008-01-15 18:13 -------- d-----w c:\programfiler\Fellesfiler\Apple 2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-09 03:19 . 2008-11-23 18:10 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 14:24 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-26 17:06 . 2005-08-26 13:02 -------- d--h--w c:\programfiler\InstallShield Installation Information 2009-02-26 17:03 . 2009-02-26 17:01 -------- d-----w c:\documents and settings\All Users\Programdata\UDL 2009-02-26 17:02 . 2009-02-26 16:51 -------- d-----w c:\programfiler\EPSON 2009-02-25 21:20 . 2009-02-25 21:20 -------- d-----w c:\documents and settings\All Users\Programdata\Office Genuine Advantage 2009-02-22 10:30 . 2009-02-22 10:30 127034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2009-02-20 17:17 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-10 17:11 . 2004-08-04 00:58 2067840 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:08 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:27 . 2004-08-04 12:00 2190848 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:27 . 2004-08-04 12:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:56 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:56 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:56 . 2004-08-04 12:00 710656 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:56 . 2004-08-04 12:00 680448 ----a-w c:\windows\system32\advapi32.dll 2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2008-10-05 11:32 . 2005-09-04 13:23 93664 ----a-w c:\documents and settings\Eier\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2006-08-22 11:46 . 2006-08-22 11:46 10752512 ----a-w c:\programfiler\vpnclient-win-msi-4.8.01.0300-k9.exe 2005-08-26 13:09 . 2005-08-26 13:09 128 ----a-w c:\documents and settings\Eier\Lokale innstillinger\Programdata\fusioncache.dat 2008-10-05 12:56 . 2008-10-05 12:56 32768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008100520081006\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-07 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968] "Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534] "SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "eabconfg.cpl"="c:\programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "CloneCDElbyCDFL"="c:\programfiler\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 45056] "CloneCDTray"="c:\programfiler\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 57344] "Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2009-02-11 187504] "HP Software Update"="c:\programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-04-02 342312] "AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] c:\documents and settings\Eier\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.0.lnk - c:\programfiler\OpenOffice.org 2.0\program\quickstart.exe [2005-10-15 61440] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ D-link AirPlus G DWL-G120 Wireless USB.lnk - c:\programfiler\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe [2005-8-29 241664] Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Logitech Desktop Messenger.lnk - c:\documents and settings\Eier\Mine dokumenter\Ny mappe\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-2-22 67128] Logitech SetPoint.lnk - c:\documents and settings\Eier\Mine dokumenter\Ny mappe\SetPoint\SetPoint.exe [2009-2-22 692224] VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2006-8-22 6144] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents and Settings\\Eier\\Mine dokumenter\\Ny mappe\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1700:TCP"= 1700:TCP:MioNet Remote Drive Access "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification R1 NGS;Norman General Security Driver;c:\programfiler\norman\ngs\bin\ngs.sys [2009-02-11 22712] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2009-01-22 19512] R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\Nvc\bin\nvcoas.exe [2009-02-05 195640] R3 phc700;USB PC Camera (SPC700NC); [x] R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-01-15 30464] S2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448] S2 NVOY;Norman Resource Provider;c:\programfiler\Norman\npm\bin\nvoy.exe [2009-01-20 126008] S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192] S3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\nse\bin\NSESVC.EXE [2008-11-27 183352] S3 NVCScheduler;Norman Virus Control Scheduler;c:\programfiler\Norman\Npm\bin\NVCSCHED.EXE [2007-09-18 154680] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - mchInjDrv . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-04-26 c:\windows\Tasks\RegCure Program Check.job - c:\programfiler\RegCure\RegCure.exe [2008-11-27 18:55] 2009-04-16 c:\windows\Tasks\RegCure.job - c:\programfiler\RegCure\RegCure.exe [2008-11-27 18:55] . - - - - TOMME PEKERE FJERNET - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-RegistryMechanic - (no file) . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.sol.no/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://home.sweetim.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send til &Bluetooth - c:\programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\documents and settings\Eier\Mine dokumenter\Ny mappe\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-26 17:54 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe?????????7?0?6?7??p???? ???B?????????????hLC???????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1040) c:\windows\system32\Ati2evxx.dll . Tidspunkt ferdig: 2009-04-26 17:57 ComboFix-quarantined-files.txt 2009-04-26 15:56 Pre-Run: 35 805 954 048 byte ledig Post-Run: 40 590 028 800 byte ledig 222 --- E O F --- 2009-04-16 01:24 -takker på forhånd:) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå