Martz Skrevet 6. august 2009 Del Skrevet 6. august 2009 Hei, poster dette for søstera mi som har klart å rote seg borti noe som antivirusen hennes ikke får fjerna Pc'en slår seg av hver gang man prøver å fjerne dritet, så håper at dere har anledning til å hjelpe. Her er loggene. Malwarebytes: Malwarebytes' Anti-Malware 1.40 Databaseversjon: 2551 Windows 5.1.2600 Service Pack 2 (Safe Mode) 04.08.2009 23:55:08 mbam-log-2009-08-04 (23-55-08).txt Skanntype: Rask Skann Objekter skannet: 92040 Tid tilbakelagt: 23 minute(s), 15 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 22 Registerverdier infisert: 3 Registerfiler infisert: 3 Mapper infisert: 25 Filer infisert: 182 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully. Filer infisert: C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-103426.781.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-103534.484.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-103617.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-104240.703.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-104242.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-112506.031.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-113457.125.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-113531.296.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-113535.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-145758.609.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-155927.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-163623.828.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-174702.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-195457.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-213439.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-214510.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-220526.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-222813.093.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-004037.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-052746.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-135232.125.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-144047.109.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-151334.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-205102.851.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-211257.320.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-214247.242.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-224437.305.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-232149.320.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-094446.421.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-095701.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-095741.734.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-104322.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-114408.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-120323.750.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-122412.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-125521.218.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-190302.125.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-191144.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-191647.671.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-192104.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-192509.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-200158.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-203911.484.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-211022.500.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-212303.171.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-214409.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-221726.843.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-223112.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-224809.765.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-233907.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-234128.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-000420.609.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-000851.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-000908.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-001350.000.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-001821.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-002203.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-002551.359.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-002558.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-002631.984.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-003031.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-003701.375.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-010428.234.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-101515.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-120714.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-122710.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-124858.343.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-161719.671.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-162443.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-191940.609.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-192047.359.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-203348.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-210453.093.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-211924.718.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-103411.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-103426.750.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-103534.453.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-103617.906.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-104240.703.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-104242.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-112506.031.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-113457.109.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-113531.281.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-113535.140.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-145758.593.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-155927.546.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-163623.812.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-174702.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-195457.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-213439.296.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-214510.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-220526.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-222813.078.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-004037.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-052746.296.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-135232.109.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-144047.109.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-151334.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-205102.805.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-211257.305.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-214247.226.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-224437.289.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-232149.320.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-094446.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-095701.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-095741.718.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-104322.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-114408.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-120323.734.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-122412.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-125521.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-190302.109.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-191144.734.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-191647.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-192104.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-192509.859.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-200158.140.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-203911.468.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-211022.484.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-212303.156.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-214409.187.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-221726.828.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-223112.046.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-224809.750.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-233907.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-234128.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-000851.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-002203.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-002551.343.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-002558.640.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-002631.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-003031.953.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-003701.359.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-010428.218.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-101515.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-120714.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-122710.453.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-124858.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-161719.656.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-162443.046.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-191940.578.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-192047.125.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-203348.453.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-210453.062.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Patricia\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-211924.687.log (Adware.DoubleD) -> Quarantined and deleted successfully. Combofix ComboFix 09-08-04.04 - Patricia 06.08.2009 17:07.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.1918.1498 [GMT 2:00] Kjører fra: c:\documents and settings\Patricia\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-06 til 2009-08-06 ))))))))))))))))))))))))))))))))) . 2009-08-05 21:18 . 2009-08-05 21:17 404737 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe 2009-08-05 21:18 . 2009-06-25 16:50 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll 2009-08-05 21:18 . 2009-04-09 08:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll 2009-08-05 21:18 . 2009-02-13 14:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll 2009-08-05 21:18 . 2008-12-05 09:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll 2009-08-04 19:29 . 2009-08-04 19:29 -------- d-----w- c:\documents and settings\Patricia\Application Data\Malwarebytes 2009-08-04 19:29 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-04 19:29 . 2009-08-04 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-04 19:29 . 2009-08-04 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-04 19:29 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-04 17:23 . 2009-08-04 17:22 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-04 17:22 . 2009-08-04 19:06 -------- d-----w- c:\documents and settings\Patricia\.housecall6.6 2009-08-03 19:42 . 2009-08-03 19:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-07-09 02:48 . 2009-07-09 02:48 -------- d-sh--w- C:\found.000 . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-06 15:01 . 2009-05-11 19:30 -------- d-----w- c:\documents and settings\Patricia\Application Data\WTablet 2009-08-05 21:18 . 2009-05-09 12:18 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-05 16:23 . 2009-05-08 18:44 70448 ----a-w- c:\documents and settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 08:37 . 2009-05-09 11:59 117760 ----a-w- c:\documents and settings\Patricia\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-08-02 21:02 . 2009-05-15 06:49 -------- d-----w- c:\documents and settings\Patricia\Application Data\uTorrent 2009-08-01 20:37 . 2009-05-29 10:22 -------- d-----w- c:\documents and settings\Patricia\Application Data\dvdcss 2009-07-26 17:06 . 2009-05-08 18:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-21 05:09 . 2009-08-05 15:58 192184 ----a-w- c:\windows\Fonts\dirt2 soulstalker.ttf 2009-07-15 21:46 . 2009-05-08 18:42 -------- d-----w- c:\documents and settings\Patricia\Application Data\U3 2009-07-10 07:13 . 2009-07-03 12:31 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-30 18:05 . 2009-05-08 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-29 12:17 . 2009-06-29 12:17 69648 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-29 12:16 . 2009-06-29 12:16 -------- d-----w- c:\documents and settings\Guest\Application Data\WTablet 2009-06-04 11:37 . 2009-06-04 11:37 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-06-04 11:37 . 2009-06-04 11:37 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-05-30 10:14 . 2009-05-30 10:14 10134 ----a-r- c:\documents and settings\Patricia\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-05-09 18:45 . 2009-05-08 18:31 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-09 12:02 . 2009-05-09 12:02 191040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-08 19:45 . 2009-05-08 19:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-08 19:05 . 2009-05-08 19:06 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-08 19:05 . 2009-05-08 19:05 152576 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-08 18:57 . 2009-05-08 18:57 0 ----a-w- c:\windows\nsreg.dat 2009-05-08 18:46 . 2009-05-08 18:46 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe 2009-05-08 18:27 . 2009-05-08 18:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Creative Live! Cam Manager"="d:\creative live! cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wbutton"="d:\fts\Wbutton.exe" [2006-11-09 86016] "V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-04-11 32768] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-08 148888] "LMgrVolOSD"="d:\fts\OSD.exe" [2006-12-26 180224] "LMgrOSD"="d:\fts\OSDCtrl.exe" [2006-08-29 241664] "LaunchAp"="d:\fts\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="d:\fts\HotkeyApp.exe" [2006-12-14 192512] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744] "AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- d:\program files\SASWINLO.dll HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\uTorrent.exe"= R1 SASDIFSV;SASDIFSV;d:\program files\sasdifsv.sys [28.04.2009 11:33 9968] R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [28.04.2009 11:33 72944] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [09.05.2009 14:18 108289] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11.05.2009 21:29 3032360] R3 WisLMSvc;WisLMSvc;d:\fts\WisLMSvc.exe [08.05.2009 20:47 118784] S1 mailKmd;mailKmd; [x] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08.05.2009 20:48 1684736] S3 pnicml;pnicml;\??\c:\docume~1\Patricia\LOCALS~1\Temp\pnicml.sys --> c:\docume~1\Patricia\LOCALS~1\Temp\pnicml.sys [?] S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [28.04.2009 11:33 7408] S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [11.05.2009 21:53 146368] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11.05.2009 21:29 15144] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-CtrlVol - d:\fts\CtrlVol.exe . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - d:\progra~2\Office\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Patricia\Application Data\Mozilla\Firefox\Profilesdfio3cf.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-06 17:10 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = d:\fts\CtrlVol.exe???????????J??0????J??8???x???0???\???????0??????????? ??|???|???????|????????L????????J????F?????????????h?????????????B????? ??|`??|????]??|[?A?????????z?A???Y*??B~??????F?4^@???????????????A??|?*????z?A???@??J??6u@??J????Y*??@??J????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(576) d:\program files\SASWINLO.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1432) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Tidspunkt ferdig: 2009-08-06 17:11 ComboFix-quarantined-files.txt 2009-08-06 15:11 Pre-Run: 843 579 392 bytes free Post-Run: 956 145 664 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 143 --- E O F --- 2009-06-27 22:17 På forhånd takk! Lenke til kommentar
snippsat Skrevet 6. august 2009 Del Skrevet 6. august 2009 Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: c:\docume~1\Patricia\LOCALS~1\Temp\pnicml.sys Driver:: pnicml Lenke til kommentar
Martz Skrevet 6. august 2009 Forfatter Del Skrevet 6. august 2009 Kopiere fet tekst under bildet->åpne notisblokk og lim inn.Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: c:\docume~1\Patricia\LOCALS~1\Temp\pnicml.sys Driver:: pnicml Takk for svar. Her er den nye loggen. ComboFix 09-08-04.04 - Patricia 06.08.2009 18:08.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.1918.1399 [GMT 2:00] Kjører fra: c:\documents and settings\Patricia\Desktop\ComboFix.exe Command switches brukt :: c:\documents and settings\Patricia\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\docume~1\Patricia\LOCALS~1\Temp\pnicml.sys" . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PNICML -------\Service_pnicml ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-06 til 2009-08-06 ))))))))))))))))))))))))))))))))) . 2009-08-05 21:18 . 2009-08-05 21:17 404737 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe 2009-08-05 21:18 . 2009-06-25 16:50 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll 2009-08-05 21:18 . 2009-04-09 08:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll 2009-08-05 21:18 . 2009-02-13 14:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll 2009-08-05 21:18 . 2008-12-05 09:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll 2009-08-04 19:29 . 2009-08-04 19:29 -------- d-----w- c:\documents and settings\Patricia\Application Data\Malwarebytes 2009-08-04 19:29 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-04 19:29 . 2009-08-04 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-04 19:29 . 2009-08-04 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-04 19:29 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-04 17:23 . 2009-08-04 17:22 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-04 17:22 . 2009-08-04 19:06 -------- d-----w- c:\documents and settings\Patricia\.housecall6.6 2009-08-03 19:42 . 2009-08-03 19:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-07-09 02:48 . 2009-07-09 02:48 -------- d-sh--w- C:\found.000 . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-06 16:12 . 2009-05-11 19:30 -------- d-----w- c:\documents and settings\Patricia\Application Data\WTablet 2009-08-05 21:18 . 2009-05-09 12:18 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-05 16:23 . 2009-05-08 18:44 70448 ----a-w- c:\documents and settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 08:37 . 2009-05-09 11:59 117760 ----a-w- c:\documents and settings\Patricia\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-08-02 21:02 . 2009-05-15 06:49 -------- d-----w- c:\documents and settings\Patricia\Application Data\uTorrent 2009-08-01 20:37 . 2009-05-29 10:22 -------- d-----w- c:\documents and settings\Patricia\Application Data\dvdcss 2009-07-26 17:06 . 2009-05-08 18:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-21 05:09 . 2009-08-05 15:58 192184 ----a-w- c:\windows\Fonts\dirt2 soulstalker.ttf 2009-07-15 21:46 . 2009-05-08 18:42 -------- d-----w- c:\documents and settings\Patricia\Application Data\U3 2009-07-10 07:13 . 2009-07-03 12:31 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-30 18:05 . 2009-05-08 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-29 12:17 . 2009-06-29 12:17 69648 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-29 12:16 . 2009-06-29 12:16 -------- d-----w- c:\documents and settings\Guest\Application Data\WTablet 2009-06-04 11:37 . 2009-06-04 11:37 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-06-04 11:37 . 2009-06-04 11:37 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-05-30 10:14 . 2009-05-30 10:14 10134 ----a-r- c:\documents and settings\Patricia\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-05-09 18:45 . 2009-05-08 18:31 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-09 12:02 . 2009-05-09 12:02 191040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-08 19:45 . 2009-05-08 19:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-08 19:05 . 2009-05-08 19:06 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-08 19:05 . 2009-05-08 19:05 152576 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-08 18:57 . 2009-05-08 18:57 0 ----a-w- c:\windows\nsreg.dat 2009-05-08 18:46 . 2009-05-08 18:46 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe 2009-05-08 18:27 . 2009-05-08 18:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Creative Live! Cam Manager"="d:\creative live! cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wbutton"="d:\fts\Wbutton.exe" [2006-11-09 86016] "V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-04-11 32768] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-08 148888] "LMgrVolOSD"="d:\fts\OSD.exe" [2006-12-26 180224] "LMgrOSD"="d:\fts\OSDCtrl.exe" [2006-08-29 241664] "LaunchAp"="d:\fts\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="d:\fts\HotkeyApp.exe" [2006-12-14 192512] "CtrlVol"="d:\fts\CtrlVol.exe" [bU] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744] "AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- d:\program files\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\uTorrent.exe"= R1 SASDIFSV;SASDIFSV;d:\program files\sasdifsv.sys [28.04.2009 11:33 9968] R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [28.04.2009 11:33 72944] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [09.05.2009 14:18 108289] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11.05.2009 21:29 3032360] R3 WisLMSvc;WisLMSvc;d:\fts\WisLMSvc.exe [08.05.2009 20:47 118784] S1 mailKmd;mailKmd; [x] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08.05.2009 20:48 1684736] S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [28.04.2009 11:33 7408] S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [11.05.2009 21:53 146368] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11.05.2009 21:29 15144] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - d:\progra~2\Office\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Patricia\Application Data\Mozilla\Firefox\Profilesdfio3cf.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-06 18:12 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = d:\fts\CtrlVol.exe?????????? q??0???(q??8???x???0???\???????0??????????? ??|???|???????|????????L???????8q????F?????????????h?????????????B????? ??|`??|????]??|[?A?????????z?A???f5??B~??????F?4^@???????????????A?C;65????z?A???@?(q??6u@?(q??w?f5??@?8q????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(592) d:\program files\SASWINLO.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2264) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe d:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\WTablet\Pen_TabletUser.exe . ************************************************************************** . Tidspunkt ferdig: 2009-08-06 18:15 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-08-06 16:15 ComboFix2.txt 2009-08-06 15:11 Pre-Run: 963 551 232 bytes free Post-Run: 853 471 232 bytes free 153 --- E O F --- 2009-06-27 22:17 Lenke til kommentar
snippsat Skrevet 6. august 2009 Del Skrevet 6. august 2009 (endret) Nytt CFScript.txt med fet tekst. Post den nye loggen. Oppdatere også MBAM og ta en ny scann,og se om det er greit. Driver:: mailKmd Endret 6. august 2009 av SNIPPSAT Lenke til kommentar
Martz Skrevet 6. august 2009 Forfatter Del Skrevet 6. august 2009 (endret) Ny CF-logg. ComboFix 09-08-04.04 - Patricia 06.08.2009 18:46.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.1918.1389 [GMT 2:00] Kjører fra: c:\documents and settings\Patricia\Desktop\ComboFix.exe Command switches brukt :: c:\documents and settings\Patricia\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_mailKmd ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-06 til 2009-08-06 ))))))))))))))))))))))))))))))))) . 2009-08-05 21:18 . 2009-08-05 21:17 404737 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe 2009-08-05 21:18 . 2009-06-25 16:50 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll 2009-08-05 21:18 . 2009-04-09 08:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll 2009-08-05 21:18 . 2009-02-13 14:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll 2009-08-05 21:18 . 2008-12-05 09:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll 2009-08-04 19:29 . 2009-08-04 19:29 -------- d-----w- c:\documents and settings\Patricia\Application Data\Malwarebytes 2009-08-04 19:29 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-04 19:29 . 2009-08-04 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-04 19:29 . 2009-08-04 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-04 19:29 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-04 17:23 . 2009-08-04 17:22 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-04 17:22 . 2009-08-04 19:06 -------- d-----w- c:\documents and settings\Patricia\.housecall6.6 2009-08-03 19:42 . 2009-08-03 19:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-07-09 02:48 . 2009-07-09 02:48 -------- d-sh--w- C:\found.000 . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-06 16:50 . 2009-05-11 19:30 -------- d-----w- c:\documents and settings\Patricia\Application Data\WTablet 2009-08-06 16:49 . 2009-05-15 06:49 -------- d-----w- c:\documents and settings\Patricia\Application Data\uTorrent 2009-08-05 21:18 . 2009-05-09 12:18 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-05 16:23 . 2009-05-08 18:44 70448 ----a-w- c:\documents and settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 08:37 . 2009-05-09 11:59 117760 ----a-w- c:\documents and settings\Patricia\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-08-01 20:37 . 2009-05-29 10:22 -------- d-----w- c:\documents and settings\Patricia\Application Data\dvdcss 2009-07-26 17:06 . 2009-05-08 18:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-21 05:09 . 2009-08-05 15:58 192184 ----a-w- c:\windows\Fonts\dirt2 soulstalker.ttf 2009-07-15 21:46 . 2009-05-08 18:42 -------- d-----w- c:\documents and settings\Patricia\Application Data\U3 2009-07-10 07:13 . 2009-07-03 12:31 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-30 18:05 . 2009-05-08 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-29 12:17 . 2009-06-29 12:17 69648 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-29 12:16 . 2009-06-29 12:16 -------- d-----w- c:\documents and settings\Guest\Application Data\WTablet 2009-06-04 11:37 . 2009-06-04 11:37 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-06-04 11:37 . 2009-06-04 11:37 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-05-30 10:14 . 2009-05-30 10:14 10134 ----a-r- c:\documents and settings\Patricia\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-05-09 18:45 . 2009-05-08 18:31 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-09 12:02 . 2009-05-09 12:02 191040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-08 19:45 . 2009-05-08 19:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-08 19:05 . 2009-05-08 19:06 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-08 19:05 . 2009-05-08 19:05 152576 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-08 18:57 . 2009-05-08 18:57 0 ----a-w- c:\windows\nsreg.dat 2009-05-08 18:46 . 2009-05-08 18:46 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe 2009-05-08 18:27 . 2009-05-08 18:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat . ((((((((((((((((((((((((((((( SnapShot@2009-08-06_15.10.38 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-06 16:50 . 2009-08-06 16:50 16384 c:\windows\Temp\Perflib_Perfdata_3f0.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Creative Live! Cam Manager"="d:\creative live! cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wbutton"="d:\fts\Wbutton.exe" [2006-11-09 86016] "V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-04-11 32768] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-08 148888] "LMgrVolOSD"="d:\fts\OSD.exe" [2006-12-26 180224] "LMgrOSD"="d:\fts\OSDCtrl.exe" [2006-08-29 241664] "LaunchAp"="d:\fts\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="d:\fts\HotkeyApp.exe" [2006-12-14 192512] "CtrlVol"="d:\fts\CtrlVol.exe" [bU] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744] "AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- d:\program files\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\uTorrent.exe"= R1 SASDIFSV;SASDIFSV;d:\program files\sasdifsv.sys [28.04.2009 11:33 9968] R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [28.04.2009 11:33 72944] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [09.05.2009 14:18 108289] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11.05.2009 21:29 3032360] R3 WisLMSvc;WisLMSvc;d:\fts\WisLMSvc.exe [08.05.2009 20:47 118784] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08.05.2009 20:48 1684736] S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [28.04.2009 11:33 7408] S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [11.05.2009 21:53 146368] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11.05.2009 21:29 15144] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - d:\progra~2\Office\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Patricia\Application Data\Mozilla\Firefox\Profilesdfio3cf.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-06 18:51 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = d:\fts\CtrlVol.exe?????????? q??0???(q??8???x???0???\???????0??????????? ??|???|???????|????????L???????8q????F?????????????h?????????????B????? ??|`??|????]??|[?A?????????z?A???f5??B~??????F?4^@???????????????A?C;65????z?A???@?(q??6u@?(q??w?f5??@?8q????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(584) d:\program files\SASWINLO.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3636) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe d:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\WTablet\Pen_TabletUser.exe . ************************************************************************** . Tidspunkt ferdig: 2009-08-06 18:53 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-08-06 16:53 ComboFix2.txt 2009-08-06 16:15 ComboFix3.txt 2009-08-06 15:11 Pre-Run: 868 904 960 bytes free Post-Run: 848 461 824 bytes free 153 --- E O F --- 2009-06-27 22:17 MBAM-logg: Malwarebytes' Anti-Malware 1.40 Databaseversjon: 2551 Windows 5.1.2600 Service Pack 2 06.08.2009 18:58:35 mbam-log-2009-08-06 (18-58-35).txt Skanntype: Rask Skann Objekter skannet: 90924 Tid tilbakelagt: 2 minute(s), 50 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Endret 6. august 2009 av Martz Lenke til kommentar
snippsat Skrevet 6. august 2009 Del Skrevet 6. august 2009 Da ser det bra ut. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Surf trygt. Lenke til kommentar
Martz Skrevet 6. august 2009 Forfatter Del Skrevet 6. august 2009 Nhaw, takk! ^^ du er en engel! Hilsen søstra til Martz (: Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå