Noen som gidder å se over loggene?

Enya · 1. juni 2009

MBAM

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.37

Databaseversjon: 2201

Windows 5.1.2600 Service Pack 3

31.05.2009 19:21:48

mbam-log-2009-05-31 (19-21-48).txt

Skanntype: Rask Skann

Objekter skannet: 94957

Tid tilbakelagt: 8 minute(s), 37 second(s)

Minneprosesser infisert: 2

Minnemoduler infisert: 1

Registernøkler infisert: 15

Registerverdier infisert: 5

Registerfiler infisert: 0

Mapper infisert: 1

Filer infisert: 16

Minneprosesser infisert:

C:\Programfiler\websrvx\websrvx.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Unloaded process successfully.

Minnemoduler infisert:

C:\Programfiler\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot.

Registernøkler infisert:

HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.Koobface) -> Quarantined and deleted successfully.

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

C:\Programfiler\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.

Filer infisert:

C:\WINDOWS\pp10.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Programfiler\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot.

c:\programfiler\websrvx\websrvx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\freddy43.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\freddy44.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\ld08.exe (Worm.Koobface) -> Quarantined and deleted successfully.

c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\f5087.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysloc\sysloc.dll (Trojan.BHO) -> Quarantined and deleted successfully.

c:\WINDOWS\sonce122712.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\sonce122713.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\sonce122739.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\sonce123198.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

Combofix

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-05-31.02 - suskol 01.06.2009 0:10.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2038.1385 [GMT 2:00]

Kjører fra: c:\documents and settings\suskol\Skrivebord\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\suskol\Programdata\inst.exe

c:\windows\system32\sysloc

----- BITS: Mulige infiserte sider -----

hxxp://ped-01wsus

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-28 til 2009-05-31 )))))))))))))))))))))))))))))))))

.

2009-05-31 16:58 . 2009-05-31 16:58 -------- d-----w- c:\documents and settings\suskol\Programdata\Malwarebytes

2009-05-31 16:58 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-31 16:58 . 2009-05-31 16:58 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2009-05-31 16:58 . 2009-05-31 16:58 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-05-31 16:58 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-29 22:52 . 2009-05-29 22:52 -------- d-----r- c:\documents and settings\LocalService\Favoritter

2009-05-13 07:39 . 2009-05-13 07:39 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-05-13 07:04 . 2001-10-06 12:02 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-05-13 07:04 . 2008-04-14 07:22 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-05-13 07:04 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2009-05-13 07:04 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-05-11 09:28 . 2009-05-10 08:00 259368 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\ECMSVR32.DLL

2009-05-11 09:28 . 2009-02-18 19:41 2414128 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\CCERASER.DLL

2009-05-11 09:28 . 2009-02-12 23:04 876144 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\NAVEX15.SYS

2009-05-11 09:28 . 2009-02-12 23:04 89104 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\NAVENG.SYS

2009-05-11 09:28 . 2009-02-12 23:03 1181040 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\NAVEX32A.DLL

2009-05-11 09:28 . 2009-02-12 23:03 177520 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\NAVENG32.DLL

2009-05-11 09:28 . 2009-02-06 19:26 101936 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\ERASER.SYS

2009-05-11 09:28 . 2009-02-06 19:26 371248 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\EECTRL.SYS

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-31 22:04 . 2008-04-29 08:37 -------- d-----w- c:\programfiler\Symantec AntiVirus

2009-05-31 17:23 . 2008-11-13 09:12 -------- d-----w- c:\programfiler\GamesBar

2009-05-27 21:03 . 2008-11-05 07:20 -------- d-----w- c:\documents and settings\All Users\Programdata\FLEXnet

2009-05-27 11:30 . 2008-05-06 07:19 -------- d-----w- c:\programfiler\Clue

2009-05-06 07:16 . 2009-01-23 12:05 -------- d-----w- c:\programfiler\Google

2009-04-28 11:13 . 2008-04-09 04:10 80620 ----a-w- c:\windows\system32\perfc014.dat

2009-04-28 11:13 . 2008-04-09 04:10 445362 ----a-w- c:\windows\system32\perfh014.dat

2009-04-28 11:12 . 2008-04-08 12:52 69696 ----a-w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-04-28 11:11 . 2009-04-01 11:44 69696 ----a-w- c:\documents and settings\suskol\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-04-28 11:01 . 2008-04-08 11:25 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-03-06 14:24 . 2008-04-09 04:10 284160 ----a-w- c:\windows\system32\pdh.dll

2009-03-03 00:16 . 2008-04-09 04:10 826368 ----a-w- c:\windows\system32\wininet.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F6C23D6-854C-497f-9275-439C89CF1F68}]

2007-10-23 23:47 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MessengerPlus3"="c:\programfiler\MessengerPlus! 3\MsgPlus.exe" [2008-09-24 190024]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400]

"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TPHOTKEY"="c:\programfiler\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]

"Apoint"="c:\programfiler\Apoint2K\Apoint.exe" [2007-08-20 172032]

"PSQLLauncher"="c:\programfiler\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 48904]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-10 294912]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-10 208896]

"TPFNF7"="c:\programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 144728]

"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 124248]

"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-05-29 52840]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]

"Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-11-22 181536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-08-14 13:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 14:37 34344 ----a-w- c:\programfiler\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2007-12-14 14:36 28672 ----a-w- c:\programfiler\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]

"Script"=Slett-Filer.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-313889\Scripts\Logon\0\0]

"Script"=Sym2Server.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"53:TCP"= 53:TCP:websrvx

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [16.10.2007 18:33 103472]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 18:32 19504]

R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [22.04.2008 13:26 4442]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10.03.2009 21:00 55152]

R2 smihlp;SMI Helper Driver (smihlp);c:\programfiler\Fellesfiler\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.08.2007 15:46 10896]

R2 WinDefend;Windows Defender;c:\programfiler\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26.02.2009 13:04 101936]

R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [08.04.2008 18:57 57344]

S3 fsssvc;Windows Live Tryggere for familien;c:\programfiler\Windows Live\Family Safety\fsssvc.exe [06.02.2009 19:08 533360]

S3 SavRoam;SAVRoam;c:\programfiler\Symantec AntiVirus\SavRoam.exe [07.10.2007 20:48 116664]

--- Andre tjenester/drivere lastet i minnet ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-05-31 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-05-31 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-22 23:30]

.

- - - - TOMME PEKERE FJERNET - - - -

HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET

SafeBoot-procexp90.Sys

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://fuv.hfk.no

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-01 00:12

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(1172)

c:\windows\system32\vrlogon.dll

c:\windows\system32\psqlpwd.dll

c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll

c:\programfiler\ThinkVantage Fingerprint Software\infra.dll

c:\programfiler\ThinkVantage Fingerprint Software\homepass.dll

c:\programfiler\ThinkVantage Fingerprint Software\bio.dll

c:\programfiler\ThinkVantage Fingerprint Software\ps2css.dll

c:\programfiler\ThinkVantage Fingerprint Software\remote.dll

c:\programfiler\Lenovo\HOTKEY\tphklock.dll

c:\programfiler\ThinkVantage Fingerprint Software\pscssint.dll

c:\programfiler\ThinkVantage Fingerprint Software\crypto.dll

- - - - - - - > 'lsass.exe'(1232)

c:\windows\system32\psqlpwd.dll

c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll

c:\programfiler\ThinkVantage Fingerprint Software\infra.dll

.

Tidspunkt ferdig: 2009-05-31 0:14

ComboFix-quarantined-files.txt 2009-05-31 22:14

Pre-Run: 89 752 694 784 byte ledig

Post-Run: 91 679 211 520 byte ledig

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

195 --- E O F --- 2009-05-19 10:06

norbat · 1. juni 2009

Klikk: Start-Kjør

Skriv: regedit

Klikk deg fram til følgende oppføring:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

I høyre felt, høyreklikk på navnet 53:TCP og som har dataverdi: 53:TCP:websrvx. Slett oppføringen.

Vurder også om MessengerPLus! er noe du må ha. Hvis ikke, avinstaller det.

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Kjør også noen runder med 'Register'til det ikke finner flere feil (si ja til å lage backup når du blir spurt om det).

Fortell hvordan pc'n kjører.

Enya · 1. juni 2009

Takker for raskt svar norbat

Ser ut som det ble dedre. I utgangspunktet så var det "facebook virus" som var problemet, regner med du har hørt om dette? Er ikke min pc, men ser ut som det er bedre nå.

Logg inn

Noen som gidder å se over loggene?

Anbefalte innlegg

Enya

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

Enya

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Marius Borg Høiby og vold 1 2 3 4 61

Hvem er aktive 0 medlemmer