ja_nos Skrevet 12. juli 2010 Del Skrevet 12. juli 2010 Hadde en tid før ferien antimalware doctor på en av våre PCer. Brukte oppskrifter her på nettet til fjerning, og trodde den var fjernet for godt. Har fått beskjed fra Telenor nå etter ferie vår om at internett tilgangen midlertidig er begrenset pga massedistribusjon av epost og /eller virus. Bruker AVG (gratis versjon), Adaware, Spybot og Ccleaner jevnlig. Har Windows XP. Det som har skjedd nå etter ferien til forskjell fra tidligere er: - får ikke oppdatert AVG (tilgang fra andre PCer i huset) - får ikke brukt windows update - selektiv blokkering av nettsider AVG, Norton osv (i håp om å kjøre online scanning), men også Microsoft og annet (de fleste sider fungerer, men når noe lukter a sikkerhet og tilsvarende hjelp bli de blokkert. Dette skjer både i Windows exporerog firefox. Cleaner, adaware (avinstallert og reinstallert), spybot (virket som den skulle), AVG kjørt, men har ikke hjulpet på det som er nevnt i punktet over. Prøvde å installere Norton antivirus (følger med Telenor abb.), men installasjon ble blokkert. Fungerte på en annen PC. Så jeg har noe som lager spetakkel uten at jeg klarer å finne det. Så da er spørsmålet gode tips fra dere. Kjenner dere igjen disse symptomene, og hva bør gjøres. Dere vil vel gjerne ha log fra Malwarebytes Anti- Malware og Combofix? Har brukt endel tid på å finne ut av dette, i håp om å unngå reinstallasjon, men uten å lykkes. Lenke til kommentar
raWrz Skrevet 12. juli 2010 Del Skrevet 12. juli 2010 Hei, Ja du kan godt starte med å fikse MBAM og Combofix logger. Lenke til kommentar
ja_nos Skrevet 13. juli 2010 Forfatter Del Skrevet 13. juli 2010 Logger vedlagt. PC var ikke koblet til internett når disse to programmene ble kjørt. AVG var avinstallert (avinstallert før installasjon av Norton som ikke funket). Det er to brukere på denne maskinen. Malwarebytes logg Combofix logg Combofix "karantene filer" (gammelt og nytt) Lenke til kommentar
ja_nos Skrevet 13. juli 2010 Forfatter Del Skrevet 13. juli 2010 Vedleggene så ikke ut til å kunne åpnes.Limer inn alt. Malwarebytes www.malwarebytes.org Databaseversjon: 4302 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 13.07.2010 10:44:01 mbam-log-2010-07-13 (10-44-01).txt Skanntype: Full skann (C:\|E:\|F:\|) Objekter skannet: 265273 Tid tilbakelagt: 39 minutt(er), 52 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) Combofix ComboFix 10-07-10.02 - Jan Vidar 13.07.2010 9:49.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2047.1491 [GMT 2:00] Kjører fra: c:\documents and settings\Jan Vidar\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Mulige infiserte sider ----- hxxp://update.telenor.net . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-06-13 til 2010-07-13 ))))))))))))))))))))))))))))))))) . 2010-07-12 20:22 . 2010-07-12 20:26 -------- d-----w- c:\documents and settings\All Users\Programdata\Norton 2010-07-12 08:03 . 2010-07-12 08:03 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-07-11 14:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-11 14:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-11 14:27 . 2010-07-11 13:26 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-07-11 13:26 . 2010-07-11 13:26 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-07-11 13:26 . 2010-07-11 13:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-07-11 13:24 . 2010-07-11 13:24 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-07-11 13:24 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-07-11 12:41 . 2010-07-11 12:41 -------- d--h--r- c:\documents and settings\LocalService\Siste 2010-06-23 08:45 . 2010-06-23 08:45 501936 ----a-w- c:\documents and settings\All Users\Programdata\Google\Google Toolbar\Update\gtb4.tmp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-13 07:26 . 2009-10-26 07:47 12507 ----a-w- c:\windows\system32\tablet.dat 2010-07-12 20:10 . 2010-03-26 18:09 -------- d-----w- c:\programfiler\Mozilla Thunderbird 2010-07-12 11:44 . 2008-12-11 18:55 -------- d-----w- c:\documents and settings\Nina\Programdata\wsInspector 2010-07-12 07:56 . 2007-11-10 19:19 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2010-07-11 14:34 . 2010-06-06 19:37 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-07-11 13:24 . 2007-11-11 18:27 -------- d-----w- c:\programfiler\Lavasoft 2010-06-25 19:49 . 2008-07-07 10:02 20 ---h--w- c:\documents and settings\All Users\Programdata\PKP_DLdu.DAT 2010-06-25 19:36 . 2008-07-07 09:18 -------- d-----w- c:\documents and settings\Jan Vidar\Programdata\Nikon 2010-06-24 09:01 . 2002-09-16 12:00 79664 ----a-w- c:\windows\system32\perfc014.dat 2010-06-24 09:01 . 2002-09-16 12:00 443576 ----a-w- c:\windows\system32\perfh014.dat 2010-06-16 20:00 . 2008-02-02 19:17 -------- d-----w- c:\documents and settings\Nina\Programdata\Nikon 2010-06-16 20:00 . 2008-02-02 19:14 -------- d-----w- c:\programfiler\Fellesfiler\Nikon 2010-06-07 20:25 . 2008-01-28 19:20 -------- d-----w- c:\documents and settings\Jan Vidar\Programdata\wsInspector 2010-06-07 20:21 . 2008-07-07 10:04 20 ---h--w- c:\documents and settings\All Users\Programdata\PKP_DLdw.DAT 2010-06-07 20:08 . 2008-07-13 15:16 -------- d-----w- c:\programfiler\Conduit 2010-06-07 19:58 . 2010-06-07 16:27 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP 2010-06-07 19:33 . 2009-04-04 11:22 -------- d-----w- c:\programfiler\AVG 2010-06-07 17:09 . 2010-06-07 17:09 -------- d-----w- c:\documents and settings\Jan Vidar\Programdata\Malwarebytes 2010-06-06 19:37 . 2010-06-06 19:37 -------- d-----w- c:\documents and settings\Nina\Programdata\Malwarebytes 2010-06-06 19:37 . 2010-06-06 19:37 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2010-06-06 12:25 . 2007-11-10 19:19 -------- d-----w- c:\programfiler\Spybot - Search & Destroy 2010-06-03 16:26 . 2010-06-02 15:56 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-06 10:37 . 2002-09-16 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:11 . 2002-09-16 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-25 08:57 . 2007-12-18 18:28 23216 ----a-w- c:\documents and settings\Nina\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2010-04-24 16:26 . 2007-11-10 18:14 23216 ----a-w- c:\documents and settings\Jan Vidar\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2010-04-20 05:34 . 2002-09-16 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2009-03-21 14:09 . 2002-09-16 12:00 227286 --sha-r- c:\windows\system32\sjxqvygi.dll . ((((((((((((((((((((((((((((( SnapShot@2010-07-11_13.06.33 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-29 04:07 . 2008-07-29 04:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll + 2008-07-29 04:07 . 2008-07-29 04:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll + 2010-07-13 07:26 . 2010-07-13 07:26 16384 c:\windows\Temp\Perflib_Perfdata_6c0.dat + 2010-07-11 13:26 . 2010-07-11 13:26 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys + 2007-11-10 17:58 . 2010-07-11 13:32 32768 c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat - 2007-11-10 17:58 . 2010-06-07 16:34 32768 c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat + 2007-11-10 17:58 . 2010-07-11 13:32 32768 c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat - 2007-11-10 17:58 . 2010-06-07 16:34 32768 c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat + 2010-06-07 16:34 . 2010-07-11 13:32 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2010-06-07 16:34 . 2010-06-07 16:34 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2010-07-11 13:32 . 2010-07-11 13:32 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-07-11 13:24 . 2010-07-11 13:24 29926 c:\windows\Installer\{338F08AB-C262-42C7-B000-34DE1A475273}\_6FEFF9B68218417F98F549.exe + 2008-07-29 06:05 . 2008-07-29 06:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll + 2008-07-29 01:54 . 2008-07-29 01:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll + 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2010-07-11 13:24 . 2010-07-11 13:24 167424 c:\windows\Installer\34fd5.msi + 2010-07-11 13:24 . 2010-07-11 13:24 236032 c:\windows\Installer\34fc3.msi + 2008-07-29 06:05 . 2008-07-29 06:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll + 2008-07-29 06:05 . 2008-07-29 06:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll + 2008-07-29 06:05 . 2008-07-29 06:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll + 2010-07-11 13:24 . 2010-07-11 13:24 1859072 c:\windows\Installer\34fce.msi . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312] "Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2009-06-02 189152] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2010-03-17 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\LMabcoms.exe"= "c:\\Programfiler\\devolo\\informer\\devinf.exe"= "c:\\Programfiler\\devolo\\easyshare\\easyshare.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\DNA\\btdna.exe"= "c:\\Programfiler\\BitTorrent\\bittorrent.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "e:\\Programfiler\\Fujitsu Siemens Computers\\SCALEO wake up\\FSC_WHS_RC.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Programfiler\\Java\\jre6\\bin\\javaws.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8157:TCP"= 8157:TCP:mvoyyruz R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11.07.2010 15:26 64288] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [04.02.2010 17:52 1352832] R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\plcndis5.sys [17.05.2004 12:21 17280] R2 WHSConnector;Windows Home Server Connector Service;c:\programfiler\Windows Home Server\WHSConnector.exe [07.10.2009 14:48 376680] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [08.02.2010 23:44 135664] S2 lfhzs;Monitor Microsoft;c:\windows\system32\svchost.exe -k netsvcs [16.09.2002 14:00 14336] S3 1aac45c4-99d6-4271-9420-1d8c5d18861a;1aac45c4-99d6-4271-9420-1d8c5d18861a;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?] S3 ad3c57a7-e994-4b61-a513-7ddea1090d01;ad3c57a7-e994-4b61-a513-7ddea1090d01;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.07.2008 17:14 716272] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs lfhzs . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-07-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 13:26] 2010-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-02-08 21:44] 2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-02-08 21:44] 2010-07-13 c:\windows\Tasks\User_Feed_Synchronization-{6A14BE4D-2803-4CEE-B907-C741AF03B817}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.startsiden.no/ IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: DirectEdit - hxxps://www.itslearning.com//file/DirectEdit.CAB DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Jan Vidar\Programdata\Mozilla\Firefox\Profiles\5f8ct0zl.default\ FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-13 09:54 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lfhzs] "ServiceDll"="c:\windows\system32\sjxqvygi.dll" . Tidspunkt ferdig: 2010-07-13 09:55:35 ComboFix-quarantined-files.txt 2010-07-13 07:55 ComboFix2.txt 2010-07-11 13:08 ComboFix3.txt 2010-06-07 18:57 Pre-Run: 235 391 463 424 byte ledig Post-Run: 235 462 873 088 byte ledig - - End Of File - - 87A83D57BBA914A4175F405E7C2FE298 Combofix "karantene filer" 2010-07-11 13:07:22 . 2010-07-11 13:07:22 642 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-eplcvyausxmgcxb.reg.dat 2010-07-11 13:07:22 . 2010-07-11 13:07:22 638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-$NtUninstallWTF1012$.reg.dat 2010-07-11 13:07:22 . 2010-07-11 13:07:22 626 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-$NtUninstallMTF1011$.reg.dat 2010-07-11 13:07:04 . 2010-07-11 13:07:04 883 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{413332D0-B738-4AAF-8CEB-4A2867C42CF7}.reg.dat 2010-06-07 18:56:42 . 2010-06-07 18:56:42 120 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-skb.reg.dat 2010-06-07 18:42:13 . 2010-06-07 18:42:13 790 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SSHNAS.reg.dat 2010-06-07 18:42:06 . 2010-07-13 07:53:08 6,616 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2010-06-07 18:19:33 . 2010-07-13 07:49:15 204 ----a-w- C:\Qoobox\Quarantine\catchme.log 2010-06-01 15:54:16 . 2010-06-01 15:54:16 1,374 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Nina\Programdata\347445BDAFB6687B6E1F5844DB5E3B44\lsrslt.ini.vir 2010-06-01 14:48:31 . 2010-06-01 14:48:31 2,161 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Nina\Start-meny\Programmer\Antimalware Doctor\Uninstall.lnk.vir 2010-06-01 14:48:31 . 2010-06-01 14:48:31 1,159 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Nina\Start-meny\Programmer\Antimalware Doctor\Antimalware Doctor.lnk.vir 2010-06-01 14:48:24 . 2010-06-01 14:48:24 28,842 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Nina\Programdata\347445BDAFB6687B6E1F5844DB5E3B44\enemies-names.txt.vir 2010-06-01 14:48:24 . 2010-06-01 14:48:24 26,204 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Nina\Programdata\347445BDAFB6687B6E1F5844DB5E3B44\local.ini.vir 2007-11-10 19:48:44 . 2010-07-13 07:28:22 7,635 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat.vir 2007-11-10 19:48:44 . 2010-07-13 07:28:23 6,252 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat.vir Lenke til kommentar
Vizla Skrevet 13. juli 2010 Del Skrevet 13. juli 2010 (endret) Ser ikke ut som de fungerer. (?) Kan du legge ut Combo-loggen i klartekst ? Endret 13. juli 2010 av Vizla Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå