robbery Skrevet 7. august 2010 Del Skrevet 7. august 2010 Heisann. Har fått noen ufrivillige filer på datamaskinen, som jeg ikke får fjernet. I mappen C:\Documents\Users\Username\AppData\Temp har jeg to filer som reproduserer seg selv hele tiden; xxx.xxx og uuu.uuu. Her lest litt på nettet, og fått et inntrykk av at dette er en slags form for keylogger. Har ESET-NOD32 oppe og kjører, som ikke finner disse, og har kjørt MalwareBytes, som oppdager disse som malware, fjerner de, men de reproduserer seg selv hele tiden. Jeg blir ikke kvitt disse. Noen forslag? Lenke til kommentar
Deaktivert Konto Skrevet 7. august 2010 Del Skrevet 7. august 2010 Prøvd spybot search & destroy? Her er en diskusjon rundt det: http://forums.malwarebytes.org/index.php?showtopic=41215 Lenke til kommentar
robbery Skrevet 8. august 2010 Forfatter Del Skrevet 8. august 2010 (endret) Har prøvd Spybot S&D - Fjernet mye annet, men ikke dette problemet. Får fjernet det i en periode, men når jeg restarter maskinen etter det tilsynelatende er fjernet, så kommer det tilbake. Endret 8. august 2010 av robbery Lenke til kommentar
robbery Skrevet 8. august 2010 Forfatter Del Skrevet 8. august 2010 DDS.scr LOG DDS (Ver_10-03-17.01) - NTFSX64 Run by rune at 17:31:26,92 on 08.08.2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.3071.1686 [GMT 2:00] SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\mIRC\mirc.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\explorer.exe C:\Users\rune\AppData\Roaming\WindowsUpdate\winupdate.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\rune\Downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.garena.com/ mLocal Page = c:\windows\syswow64\blank.htm BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe" uRun: [spybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe uRun: [HKCU] c:\users\rune\appdata\roaming\windowsupdate\winupdate.exe mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab uASetup: {FB9DEFDB-EDBB-BAE8-DEF1-72AEEBBD4B7D} - c:\users\rune\appdata\roaming\bot.exe mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun-x64: [TNOD UP] "c:\program files (x86)\tnod user & password finder\TNODUP.exe" /i Hosts: 127.0.0.1 www.spywareinfo.com Hosts: 255.255.255.255 easyanticheat.se # misleading site Hosts: 255.255.255.255 www.easyanticheat.se # misleading site ================= FIREFOX =================== FF - ProfilePath - c:\users\rune\appdata\roaming\mozilla\firefox\profiles\9bue4gqq.default\ FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-3-24 163888] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2010-3-24 810120] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-3-24 124760] R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-8-7 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-29 1255736] =============== Created Last 30 ================ 2010-08-07 03:05:31 0 d-----w- c:\programdata\Spybot - Search & Destroy 2010-08-07 03:05:31 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy 2010-08-03 00:52:34 4485987 ----a-w- c:\users\rune\Alt for Norge.mp3 2010-08-03 00:48:28 3764590 ----a-w- c:\users\rune\Har en drøm Jørn Hoel.mp3 2010-08-02 20:53:21 0 d-----w- c:\users\rune\appdata\roaming\Malwarebytes 2010-08-02 20:53:14 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-02 20:53:14 0 d-----w- c:\programdata\Malwarebytes 2010-08-02 20:53:14 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-08-02 20:50:28 0 d-----w- c:\windows\pss 2010-08-02 20:25:49 12867584 ----a-w- c:\windows\syswow64\shell32.dll 2010-08-02 20:23:43 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2010-07-19 18:27:07 0 d-----w- c:\program files (x86)\Motherboard Monitor 5 2010-07-18 20:31:27 0 d-----w- c:\programdata\Blizzard Entertainment 2010-07-17 17:45:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2010-07-17 13:29:17 0 d-----w- c:\programdata\BioWare 2010-07-17 08:33:56 0 d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP 2010-07-17 08:33:51 0 d-----w- c:\programdata\Media Center Programs 2010-07-17 08:27:04 0 d-----w- c:\program files (x86)\common files\BioWare 2010-07-16 23:06:39 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment 2010-07-16 23:06:32 0 d-----w- c:\programdata\Blizzard 2010-07-14 02:30:37 144384 ----a-w- c:\windows\system32\cdd.dll 2010-07-12 04:34:47 0 d-----w- c:\program files (x86)\3DO ==================== Find3M ==================== 2010-08-08 15:30:28 2401 ---ha-w- c:\users\rune\appdata\roaming\logs.dat 2010-07-09 14:17:18 1882216 ----a-w- c:\windows\system32\nvsvcr.dll 2010-07-09 14:17:18 159336 ----a-w- c:\windows\system32\nvvsvc.exe 2010-07-09 14:17:18 1585256 ----a-w- c:\windows\system32\nvsvc64.dll 2010-07-09 14:17:18 15314024 ----a-w- c:\windows\system32\nvcpl.dll 2010-07-09 14:17:18 116328 ----a-w- c:\windows\system32\nvmctray.dll 2010-06-29 17:28:48 419840 ----a-w- c:\windows\system32\systemcpl.dll 2010-06-29 17:28:48 14848 ----a-w- c:\windows\system32\slwga.dll 2010-06-29 17:28:48 13824 ----a-w- c:\windows\syswow64\slwga.dll 2010-06-28 23:09:34 834544 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-06-28 00:41:57 411368 ----a-w- c:\windows\syswow64\deployJava1.dll 2010-06-28 00:41:57 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-06-28 00:41:57 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-06-28 00:41:57 145184 ----a-w- c:\windows\syswow64\java.exe 2010-06-07 23:58:00 930272 ----a-w- c:\windows\system32\dpinst.exe 2010-06-07 23:58:00 3184744 ----a-w- c:\windows\system32\nvencodemft.dll 2010-06-07 23:58:00 2890856 ----a-w- c:\windows\syswow64\nvencodemft.dll 2010-06-07 23:58:00 255592 ----a-w- c:\windows\system32\nvcod1921.dll 2010-06-07 15:20:58 61032 ----a-w- c:\windows\system32\nvshext.dll 2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll 2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll 2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll 2010-05-21 12:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe 2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 17:31:56,44 =============== Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4382 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 02.08.2010 22:56:53 mbam-log-2010-08-02 (22-56-53).txt Scan type: Quick scan Objects scanned: 129033 Time elapsed: 2 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\$Recycle.Bin\S-1-5-21-2383352025-3264666960-674110318-1001\$R6899HK\Loader.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-2383352025-3264666960-674110318-1001\$RB2YI2W\Loader.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-2383352025-3264666960-674110318-1001\$REX4A5Z\Loader.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-2383352025-3264666960-674110318-1001\$RFLX8E4\Loader.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-2383352025-3264666960-674110318-1001\$RJ77X5Z\Loader.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\rune\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\rune\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully. C:\Users\rune\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\rune\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully. Lenke til kommentar
snippsat Skrevet 9. august 2010 Del Skrevet 9. august 2010 (endret) Det er denne Worm:Win32/Rebhip.A Kjør Kaspersky Online Scanner Post rapporten den lager. Slett. c:\windows\1C4551A64743409391E41477CD655043.TMP Gå igjennom og let etter filer og registeroppføringer som er i første link. Sjekk externe medier og autorun.inf filer. Endret 9. august 2010 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå