Bortbrent Skrevet 29. juli 2010 Del Skrevet 29. juli 2010 Jeg sliter da med diverse mal.exe.. På windows oppgavebehandling finner jeg prosesser som: csrss.exe winlogon.exe Ati2evxx.exe Jeg har lastet ned combofix og mbam og kjørt disse programmene, her er loggene for de siste kjørte scanene jeg har gjennomført. Combofix: ComboFix 10-07-28.04 - Eliassen 29.07.2010 17:02:52.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3066.2324 [GMT 2:00] Kjører fra: c:\users\Eliassen\Downloads\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Temp\log.txt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-06-28 til 2010-07-29 ))))))))))))))))))))))))))))))))) . 2010-07-28 10:54 . 2010-07-28 10:57 -------- d-----w- c:\users\Eliassen\AppData\Local\pkwtrcumm 2010-07-27 18:05 . 2010-07-27 19:25 -------- d-----w- c:\users\Eliassen\AppData\Local\iaaegkfid 2010-07-18 18:59 . 2010-07-18 18:59 2944904 ----a-w- c:\users\Eliassen\AppData\Roaming\Mozilla\Firefox\Profiles\042xk3em.default\extensions\[email protected]\chrome\temp\askToolbar.exe 2010-07-17 00:07 . 2010-07-17 00:07 -------- d-----w- c:\users\Eliassen\AppData\Roaming\Malwarebytes 2010-07-17 00:07 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-17 00:07 . 2010-07-17 00:07 -------- d-----w- c:\programdata\Malwarebytes 2010-07-17 00:07 . 2010-07-17 00:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-17 00:07 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-17 00:03 . 2010-07-20 22:13 -------- d-----w- c:\users\Eliassen\AppData\Local\CMO_V2_D-50 2010-07-17 00:00 . 2010-07-17 00:01 -------- d-----w- c:\program files\D-50 2010-07-17 00:00 . 2006-12-13 15:31 87040 ----a-w- c:\windows\system32\drivers\cmusbser.sys 2010-07-16 23:58 . 2007-06-28 09:00 315392 ----a-w- c:\windows\PINSTALLPROCESS.DLL 2010-07-16 17:41 . 2010-07-20 22:14 -------- d-----w- c:\program files\Ask.com 2010-07-16 15:41 . 2010-07-17 01:28 -------- d-----w- c:\users\Eliassen\AppData\Local\lkmweuaes 2010-07-13 22:38 . 2010-07-13 22:38 43520 --sh--r- c:\users\Eliassen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xcxcmxx1rx7.exe 2010-07-13 22:38 . 2010-07-13 22:38 43520 --sh--r- c:\users\Eliassen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1hhmchc.exe 2010-07-13 12:59 . 2010-07-13 12:59 -------- d-----w- c:\users\Eliassen\AppData\Roaming\PlayFirst 2010-07-13 12:59 . 2010-07-13 12:59 -------- d-----w- c:\programdata\PlayFirst 2010-07-12 19:56 . 2010-07-12 19:56 43520 --sh--r- c:\users\Eliassen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f1zufzz75.exe 2010-07-11 18:21 . 2010-07-11 18:21 43520 --sh--r- c:\users\Eliassen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qbvqqvqq3.exe 2010-07-11 18:21 . 2010-07-11 18:21 43520 --sh--r- c:\users\Eliassen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lqglvqgbgbb.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-29 15:05 . 2009-03-04 07:34 76478 ----a-w- c:\windows\system32\perfc014.dat 2010-07-29 15:05 . 2009-03-04 07:34 452326 ----a-w- c:\windows\system32\perfh014.dat 2010-07-29 13:40 . 2010-01-23 21:09 -------- d-----w- c:\program files\Steam 2010-07-29 13:37 . 2009-09-18 22:02 -------- d-----w- c:\users\Eliassen\AppData\Roaming\vlc 2010-07-27 20:49 . 2009-09-20 10:02 -------- d-----w- c:\users\Eliassen\AppData\Roaming\Skype 2010-07-27 20:43 . 2009-09-20 10:04 -------- d-----w- c:\users\Eliassen\AppData\Roaming\skypePM 2010-07-27 19:11 . 2010-01-23 21:09 -------- d-----w- c:\program files\Common Files\Steam 2010-07-27 19:02 . 2009-09-01 18:20 6836 ----a-w- c:\users\Eliassen\AppData\Local\d3d9caps.dat 2010-07-26 21:55 . 2009-03-03 23:48 -------- d-----w- c:\program files\Acer GameZone 2010-07-21 09:58 . 2010-01-02 21:34 -------- d-----w- c:\users\Eliassen\AppData\Roaming\Spotify 2010-07-17 00:00 . 2009-02-11 20:16 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-16 23:07 . 2009-10-02 20:29 -------- d-----w- c:\users\Eliassen\AppData\Roaming\dvdcss 2010-07-16 17:43 . 2010-01-23 17:42 164 ----a-w- c:\windows\install.dat 2010-07-14 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-21 15:30 . 2010-06-21 15:17 -------- d-----w- c:\programdata\Mobilt Bredbånd 2010-06-21 15:19 . 2010-06-21 15:19 -------- d-----w- c:\programdata\Local 2010-06-21 15:17 . 2010-06-21 15:17 -------- d-----w- c:\program files\Telenor 2010-06-17 01:22 . 2010-06-17 01:22 -------- d-----w- c:\program files\Windows Portable Devices 2010-06-17 01:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-06-17 01:22 . 2010-06-17 01:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-06-17 01:22 . 2010-06-17 01:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-06-11 15:27 . 2010-06-11 15:27 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-06-11 15:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-06-11 15:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-06-11 15:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-06-11 15:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-06-11 15:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-06-11 15:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-06-10 01:12 . 2009-03-03 23:59 -------- d-----w- c:\programdata\Microsoft Help 2010-05-26 17:06 . 2010-06-09 20:05 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-09 20:05 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 12:14 . 2009-12-22 11:51 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-17 10:57 . 2010-05-17 10:57 282624 ----a-w- c:\users\Eliassen\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-05-17 10:57 . 2010-05-17 10:57 655360 ----a-w- c:\users\Eliassen\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-05-17 10:57 . 2010-05-17 10:57 208896 ----a-w- c:\users\Eliassen\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll 2010-05-04 05:59 . 2010-06-09 20:27 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-09 20:27 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 05:55 . 2010-06-09 20:27 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 04:31 . 2010-06-09 20:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-01 14:13 . 2010-06-09 19:54 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-07-27 22:28 . 2010-02-11 16:11 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId] @="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}" [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}] 2009-09-18 13:02 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-01 68856] "Steam"="c:\program files\Steam\Steam.exe" [2010-05-07 1238352] "Google Update"="c:\users\Eliassen\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-27 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-01-27 61440] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-27 30192] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504] "PLFSetI"="c:\windows\PLFSetI.exe" [2009-09-01 200704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864] "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464] "mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784] c:\users\Eliassen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ 1hhmchc.exe [2010-7-14 43520] f1zufzz75.exe [2010-7-12 43520] lqglvqgbgbb.exe [2010-7-11 43520] qbvqqvqq3.exe [2010-7-11 43520] xcxcmxx1rx7.exe [2010-7-14 43520] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):23,d6,5e,1f,7a,09,cb,01 R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] R3 cmusbser;%CMUSBSER%;c:\windows\system32\DRIVERS\cmusbser.sys [2006-12-13 87040] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-27 30192] R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744] R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968] R3 GTMM Device Service;GTMM Device Service;c:\program files\Telenor\Mobilt Bredbånd\GtmmDeviceService.exe [2008-11-26 106496] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-21 691696] S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 29808] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952] S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104] S2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [2009-12-10 1643872] S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632] S2 SesamService;Sesam Control Service;c:\program files\Telenor\Mobilt Bredbånd\Sesam\BIN\SecMIPService.exe [2008-05-09 1216296] S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2010-07-16 1201640] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232] S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [2008-04-29 39720] S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys [2008-04-29 272424] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-779067651-587169611-1804830645-1000Core.job - c:\users\Eliassen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:27] 2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-779067651-587169611-1804830645-1000UA.job - c:\users\Eliassen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:27] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0909&m=aspire_7735 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0909&m=aspire_7735 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Eliassen\AppData\Roaming\Mozilla\Firefox\Profiles\042xk3em.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13997&locale=en_US&apn_uid=31BA8638-C102-43BB-88CA-F07395A0400D&apn_ptnrs=W6&apn_sauid=D5613534-9084-4F80-B132-7A1FAC250489&apn_dtid=YYYYYYYYNO&q= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Eliassen\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-iniccxn - c:\windows\system32\1si0c0x.exe HKCU-Run-mhmwb48 - c:\windows\system32\whbwwbwww.exe HKCU-Run-rmbwrh - c:\windows\system32\rrwh1wmhb.exe HKCU-Run-fpkpav - c:\windows\system32\fpuf38ap.exe HKCU-Run-oyjt72 - c:\windows\system32\dyood7ty.exe HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe SafeBoot-mcmscsvc SafeBoot-MCODS ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-29 17:13 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2010-07-29 17:16:40 ComboFix-quarantined-files.txt 2010-07-29 15:16 Pre-Run: 151 641 853 952 byte ledig Post-Run: 154 273 767 424 byte ledig - - End Of File - - 3F12BF3EE341289AFCA4F0DFEDF84130 mbam: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4366 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 29.07.2010 17:34:24 mbam-log-2010-07-29 (17-34-24).txt Skanntype: Hurtigsøk Objekter skannet: 133590 Tid tilbakelagt: 5 minutt(er), 12 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) Lenke til kommentar
Kris Skrevet 29. juli 2010 Del Skrevet 29. juli 2010 På windows oppgavebehandling finner jeg prosesser som: csrss.exe winlogon.exe Ati2evxx.exe Jeg har de samme prosessorene oppe her, og jeg har ingen problemer med virus/malware. Så tror ikke du trenger å bekymre deg for de. Hvorfor tror du at du har noe du ikke bør ha på maskinen din? Lenke til kommentar
vidarkri Skrevet 29. juli 2010 Del Skrevet 29. juli 2010 De tre prosessene du lister øverst er legitime prosesser som må gå for at maskinen skal funke så de er ikke problemet. Lenke til kommentar
vidarkri Skrevet 29. juli 2010 Del Skrevet 29. juli 2010 Du har en masse rare filnavn på exe filer der som ikke gir noen mening, men hva de er veit jeg ikke. Hva er bakgrunnen for at du mener du har virus? Oppfører maskinen seg rart? Du bør kjøre en virusscan og scans etter malware og se om du får noe matnyttig info. Lenke til kommentar
Bortbrent Skrevet 29. juli 2010 Forfatter Del Skrevet 29. juli 2010 Jeg har googlet litt på de forskjellige .exe prosessene jeg har gående, spyware, trojanere og virus kan infisere disse filene. Etter at mbam slettet 122 infiserte filer for 2 dager siden, tenkte jeg at jeg skulle være på den sikre siden Før jeg fikk fjernet disse 122 filene varhyppig plaget med pop-ups fra en viruskontroll jeg ikke har installert på pcn. Jeg ble også hindret adgang til å utføre diverse handlinger på pc'n. Lenke til kommentar
Bortbrent Skrevet 29. juli 2010 Forfatter Del Skrevet 29. juli 2010 Har foresten også MOM.exe og CCC.exe også gående. Lenke til kommentar
Kris Skrevet 29. juli 2010 Del Skrevet 29. juli 2010 http://www.processlibrary.com/directory/files/mom/ http://www.howtogeek.com/howto/8679/what-is-ccc.exe-and-why-is-it-running/ Lenke til kommentar
vidarkri Skrevet 29. juli 2010 Del Skrevet 29. juli 2010 Det er kanskje smartere å google disse standard prosessene enn å poste dem her eller? Lenke til kommentar
snippsat Skrevet 30. juli 2010 Del Skrevet 30. juli 2010 Før du gjøre dette må du flytte combofix.exe til skrivebordet. Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt Folder:: c:\users\Eliassen\AppData\Local\iaaegkfid c:\users\Eliassen\AppData\Local\lkmweuaes File:: c:\users\Eliassen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xcxcmxx1rx7.exe c:\users\Eliassen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1hhmchc.exe c:\users\Eliassen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f1zufzz75.exe c:\users\Eliassen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qbvqqvqq3.exe c:\users\Eliassen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lqglvqgbgbb.exe Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå