CannaBanna Skrevet 18. mai 2010 Del Skrevet 18. mai 2010 (endret) Hey! Ble sendt her av ColdIce ( ) fra denne tråden. Problemet er altså en stadig oppdukkende script error, og et vindu jeg må trykke "Bruk" på for windowslogin.exe. Meldingene forsvant etter at jeg kjørte Malware Bytes tho. DDS (sjekk helt nederst når søket var ferdig da!): DDS (Ver_10-03-17.01) - NTFSX64 Run by Erik at 18:07:19,64 on 18.05.2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.4095.2247 [GMT 2:00] AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Xobni\XobniService.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe C:\Users\Erik\Documents\Diverse\G19 Spotify\S15.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe C:\Windows\V0610Mon.exe C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\WizMouse\WizMouse.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Erik\Downloads\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files (x86)\winamp toolbar\winamptb.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn toolbar\platform\5.0.1423.0\npwinext.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files (x86)\splitcam toolbar\tbcore3.dll TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files (x86)\winamp toolbar\winamptb.dll TB: @c:\program files (x86)\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\msn toolbar\platform\5.0.1423.0\npwinext.dll TB: Splitcam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files (x86)\splitcam toolbar\tbcore3.dll uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WindowsLivePhone] "c:\program files (x86)\windows live\device manager\msgrdvmn.exe" /AutoRun uRun: [WizMouse] "c:\program files (x86)\wizmouse\WizMouse.exe" mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [VolPanel] "c:\program files (x86)\creative\volume panel\VolPanlu.exe" /r mRun: [V0610Mon.exe] c:\windows\V0610Mon.exe mRun: [Live! Central 2] "c:\program files (x86)\creative\creative live! cam\live! central 2\CTLVCentral2.exe" /mode2 mRun: [WindowsLivePhone] c:\program files (x86)\windows live\device manager\msgrdvmn.exe /AutoRun mRun: [bing Bar] "c:\program files (x86)\msn toolbar\platform\5.0.1423.0\mswinext.exe" mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe" mRun-x64: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe" mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\users\erik\appdata\roaming\mozilla\firefox\profiles\x24fsq4g.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - http:/google.no FF - component: c:\program files (x86)\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll FF - component: c:\program files (x86)\msn toolbar\platform\5.0.1423.0\firefox\components\DomBridge.dll FF - component: c:\users\erik\appdata\roaming\mozilla\firefox\profiles\x24fsq4g.default\extensions\[email protected]\components\dwmxpcom.dll FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npRLCT4Player.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files (x86)\msn toolbar\platform\5.0.1423.0\npwinext.dll FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-3-13 38408] R1 PStrip64;PStrip64;c:\windows\system32\drivers\pstrip64.sys [2010-4-14 13008] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-7 202752] R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2008-3-13 472320] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-1-6 14112] R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-3-28 1153368] R2 XobniService;XobniService;c:\program files (x86)\xobni\XobniService.exe [2009-10-12 46824] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-4-7 6659072] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-4-7 195584] R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 29184] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408] R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\drivers\LGPBTDD.sys [2009-7-1 30728] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 23040] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2009-11-5 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-11-4 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-3-26 172704] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744] S3 V0610Vid;Creative Live! Cam Socialize HD Driver;c:\windows\system32\drivers\V0610Vid.sys [2009-11-24 320672] S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2009-11-20 16384] =============== Created Last 30 ================ 2010-05-18 15:53:47 0 d-----w- c:\users\erik\appdata\roaming\Malwarebytes 2010-05-18 15:53:39 0 d-----w- c:\programdata\Malwarebytes 2010-05-18 15:53:38 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-18 15:53:37 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-05-17 22:49:04 0 d-----w- c:\program files (x86)\Splitcam Toolbar 2010-05-17 22:48:41 389120 ----a-w- c:\windows\syswow64\actskn43.ocx 2010-05-17 22:48:41 0 d-----w- c:\program files (x86)\SplitCam 2010-05-17 14:57:58 0 d-----w- c:\users\erik\appdata\roaming\Bioshock2 2010-05-17 14:56:32 0 d-sh--w- c:\programdata\SecuROM 2010-05-17 14:41:10 0 d-----w- c:\program files (x86)\2K Games 2010-05-16 18:40:09 540688 ----a-w- c:\windows\system32\d3dx10_39.dll 2010-05-16 18:40:09 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2010-05-16 18:40:07 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll 2010-05-16 18:39:33 0 d-----w- c:\programdata\Passmark 2010-05-16 18:39:30 0 d-----w- c:\program files\PerformanceTest 2010-05-15 21:22:08 0 d-----w- c:\programdata\LogiShrd 2010-05-15 16:35:21 0 d-----w- c:\program files (x86)\Unreal Tournament 3 2010-05-15 16:34:41 0 d-----w- c:\windows\syswow64\AGEIA 2010-05-15 16:34:20 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard 2010-05-15 16:25:28 0 d-----w- c:\users\erik\appdata\roaming\GlarySoft 2010-05-15 16:20:07 0 d-----w- c:\program files (x86)\Glary Utilities 2010-05-13 15:05:10 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2010-05-12 21:07:41 411368 ----a-w- c:\windows\syswow64\deployJava1.dll 2010-05-12 21:07:41 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-05-12 21:07:40 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-05-12 21:07:40 145184 ----a-w- c:\windows\syswow64\java.exe 2010-05-12 20:48:52 175104 ----a-w- c:\users\erik\appdata\roaming\SQLite3.dll 2010-05-12 19:24:58 0 d-----w- c:\programdata\Codemasters 2010-05-12 19:24:40 17686528 ----a-w- c:\windows\syswow64\mkl_blueripple.dll 2010-05-12 19:24:40 1347584 ----a-w- c:\windows\syswow64\rapture3d_oal.dll 2010-05-12 19:24:37 0 d-----w- c:\program files (x86)\BRS 2010-05-12 19:23:58 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2010-05-12 15:36:48 0 d-----w- c:\programdata\ATI 2010-05-12 15:35:45 0 d-----w- c:\program files (x86)\ATI Technologies 2010-05-12 15:34:44 0 d-----w- c:\program files (x86)\AMD 2010-05-12 15:34:20 0 d-----w- c:\program files\common files\ATI Technologies 2010-05-12 15:34:20 0 d-----w- c:\program files (x86)\common files\ATI Technologies 2010-05-12 15:33:32 0 d-----w- c:\program files\ATI Technologies 2010-05-12 15:32:55 0 d-----w- c:\program files (x86)\ATI 2010-05-12 15:17:32 976896 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-12 15:17:28 740864 ----a-w- c:\windows\syswow64\inetcomm.dll 2010-05-04 19:56:49 0 d-----w- c:\program files (x86)\WizMouse 2010-05-03 18:40:01 0 d-----w- c:\program files (x86)\MSN Toolbar 2010-05-03 18:38:41 0 d-----w- c:\program files (x86)\Unlocker 2010-05-03 18:38:36 0 d-----w- c:\program files (x86)\Bing Bar Installer 2010-05-03 18:34:14 0 d-----w- c:\users\erik\appdata\roaming\Bump Technologies, Inc 2010-05-03 18:33:44 0 d-----w- c:\program files (x86)\BumpTop 2010-05-03 16:29:49 1252788 ----a-w- c:\windows\syswow64\PerfStringBackup.INI 2010-05-03 16:28:47 0 d-----w- c:\program files (x86)\Xobni 2010-05-03 16:28:17 0 d-----w- c:\programdata\Azureus 2010-05-03 16:28:15 0 d-----w- c:\users\erik\appdata\roaming\Azureus 2010-05-03 16:27:51 0 d-----w- c:\program files (x86)\Vuze 2010-05-01 17:35:22 0 d-----w- c:\users\erik\appdata\roaming\Spotify 2010-05-01 17:35:20 0 d-----w- c:\program files (x86)\Spotify 2010-04-30 15:29:25 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-04-30 15:29:22 96768 ----a-w- c:\windows\syswow64\sspicli.dll 2010-04-30 15:29:22 22016 ----a-w- c:\windows\syswow64\secur32.dll 2010-04-30 15:29:22 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-30 15:29:22 1446912 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-30 15:29:22 12867072 ----a-w- c:\windows\syswow64\shell32.dll 2010-04-26 19:38:51 0 d-----w- c:\program files (x86)\Haali 2010-04-26 19:38:48 0 d-----w- c:\program files (x86)\CoreCodec ==================== Find3M ==================== 2010-05-17 09:10:45 75496 ----a-w- c:\windows\system32\perfc014.dat 2010-05-17 09:10:45 452206 ----a-w- c:\windows\system32\perfh014.dat 2010-05-12 19:23:46 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2010-05-12 19:23:46 445016 ----a-w- c:\windows\syswow64\wrap_oal.dll 2010-05-12 19:23:46 122968 ----a-w- c:\windows\system32\OpenAL32.dll 2010-05-12 19:23:46 109144 ----a-w- c:\windows\syswow64\OpenAL32.dll 2010-05-06 08:36:38 270208 ------w- c:\windows\system32\MpSigStub.exe 2010-04-07 02:44:06 6659072 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2010-04-07 02:40:36 18929664 ----a-w- c:\windows\system32\atio6axx.dll 2010-04-07 02:16:30 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2010-04-07 02:16:20 489472 ----a-w- c:\windows\syswow64\aticfx32.dll 2010-04-07 02:15:26 553472 ----a-w- c:\windows\system32\aticfx64.dll 2010-04-07 02:13:10 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2010-04-07 02:13:00 455168 ----a-w- c:\windows\system32\atieclxx.exe 2010-04-07 02:12:18 202752 ----a-w- c:\windows\system32\atiesrxx.exe 2010-04-07 02:12:12 14321664 ----a-w- c:\windows\syswow64\atioglxx.dll 2010-04-07 02:10:56 120320 ----a-w- c:\windows\system32\atitmm64.dll 2010-04-07 02:10:40 421376 ----a-w- c:\windows\system32\atipdl64.dll 2010-04-07 02:10:32 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll 2010-04-07 02:10:18 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll 2010-04-07 02:10:12 12288 ----a-w- c:\windows\system32\atimuixx.dll 2010-04-07 02:10:08 59392 ----a-w- c:\windows\system32\atiedu64.dll 2010-04-07 02:10:00 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll 2010-04-07 02:06:26 3164160 ----a-w- c:\windows\syswow64\atidxx32.dll 2010-04-07 01:54:40 3834880 ----a-w- c:\windows\system32\atidxx64.dll 2010-04-07 01:46:50 55296 ----a-w- c:\windows\system32\coinst.dll 2010-04-07 01:40:46 3707904 ----a-w- c:\windows\syswow64\atiumdag.dll 2010-04-07 01:40:18 53248 ----a-w- c:\windows\syswow64\aticalrt.dll 2010-04-07 01:40:18 43008 ----a-w- c:\windows\system32\aticalrt64.dll 2010-04-07 01:40:12 39936 ----a-w- c:\windows\system32\aticalcl64.dll 2010-04-07 01:40:10 53248 ----a-w- c:\windows\syswow64\aticalcl.dll 2010-04-07 01:40:04 5186048 ----a-w- c:\windows\system32\aticaldd64.dll 2010-04-07 01:38:12 4018176 ----a-w- c:\windows\syswow64\aticaldd.dll 2010-04-07 01:32:56 4806144 ----a-w- c:\windows\system32\atiumd64.dll 2010-04-07 01:27:22 2701312 ----a-w- c:\windows\system32\atiumd6a.dll 2010-04-07 01:24:02 334336 ----a-w- c:\windows\system32\atiadlxx.dll 2010-04-07 01:23:54 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll 2010-04-07 01:23:42 14848 ----a-w- c:\windows\system32\atig6pxx.dll 2010-04-07 01:23:40 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll 2010-04-07 01:23:40 12800 ----a-w- c:\windows\system32\atiglpxx.dll 2010-04-07 01:23:36 16384 ----a-w- c:\windows\system32\atig6txx.dll 2010-04-07 01:23:32 14848 ----a-w- c:\windows\syswow64\atigktxx.dll 2010-04-07 01:23:30 195584 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2010-04-07 01:22:52 36864 ----a-w- c:\windows\system32\atiuxp64.dll 2010-04-07 01:22:44 28160 ----a-w- c:\windows\syswow64\atiuxpag.dll 2010-04-07 01:22:38 28160 ----a-w- c:\windows\system32\atiu9p64.dll 2010-04-07 01:22:30 20480 ----a-w- c:\windows\syswow64\atiu9pag.dll 2010-04-07 01:22:00 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2010-04-07 01:21:08 2983936 ----a-w- c:\windows\syswow64\atiumdva.dll 2010-04-07 01:08:58 53248 ----a-w- c:\windows\system32\atimpc64.dll 2010-04-07 01:08:58 53248 ----a-w- c:\windows\system32\amdpcom64.dll 2010-04-07 01:08:52 52224 ----a-w- c:\windows\syswow64\atimpc32.dll 2010-04-07 01:08:52 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll 2010-04-02 16:09:08 2023 ----a-w- c:\windows\syswow64\atipblag.dat 2010-04-02 16:09:08 2023 ----a-w- c:\windows\system32\atipblag.dat 2010-03-28 23:50:10 165312 ----a-w- c:\windows\Video Cleaner Pro Uninstaller.exe 2010-03-28 13:22:26 86016 ----a-w- c:\windows\syswow64\frapsvid.dll 2010-03-28 13:22:24 84992 ----a-w- c:\windows\system32\frapsv64.dll 2010-03-17 15:06:30 202234 ----a-w- c:\windows\system32\atiicdxx.dat 2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll 2010-02-27 15:17:00 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-27 12:07:48 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe 2010-02-27 12:07:48 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe 2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll 2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll 2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll 2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-02-19 23:47:50 3604480 ----a-w- c:\windows\syswow64\GPhotos.scr 2009-11-04 20:38:57 36156 ----a-w- c:\windows\inf\perflib\0414\perfd.dat 2009-11-04 20:38:57 36156 ----a-w- c:\windows\inf\perflib\0414\perfc.dat 2009-11-04 20:38:57 298300 ----a-w- c:\windows\inf\perflib\0414\perfi.dat 2009-11-04 20:38:57 298300 ----a-w- c:\windows\inf\perflib\0414\perfh.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-11-12 16:01:43 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 18:08:18,18 =============== MBAM: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4112 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 18.05.2010 18:00:48 mbam-log-2010-05-18 (18-00-48).txt Skanntype: Hurtigsøk Objekter skannet: 129550 Tid tilbakelagt: 3 minutt(er), 37 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 4 Registerfiler infisert: 1 Mapper infisert: 1 Filer infisert 6 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{u05nlnd0-75cf-6wxs-801s-7bex1006w8xh} (Generic.Bot.H) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys (Trojan.Backdoor) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Backdoor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys (Trojan.Backdoor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Backdoor) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Mapper infisert: C:\Program Files (x86)\winsys32 (Trojan.Backdoor) -> Quarantined and deleted successfully. Filer infisert C:\Program Files (x86)\winsys32\windowslogin.exe (Generic.Bot.H) -> Quarantined and deleted successfully. C:\Users\Erik\downloads\Buzzkill Screensaver Installer 3.01.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. C:\Users\Erik\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Erik\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Erik\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully. C:\Users\Erik\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot. Takk for eventuell hjelp! Endret 18. mai 2010 av CannaBanna Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå