Gå til innhold

» Data » IKT-drift og sikkerhet

Malware-scans; Hjelp meg gå over loggene

gunnberg

Av gunnberg
8. august 2010 i IKT-drift og sikkerhet

Anbefalte innlegg

gunnberg

gunnberg

Skrevet 8. august 2010

- Del

Skrevet 8. august 2010 (endret)

Hei. Installerte Party poker på pc'en for noen dager siden. Når alt var klart ville programmet likevel ikke starte opp. Jeg gikk derfor via hjemmesidene til Party og fulgte ut et onlineskjema der jeg rapporterte problemet. Dagen etter ble jeg kontaktet av:

Roman Pavlov (Security Stronghold) på mail. Det var selskapet jeg ble automatisk videreført til fra hjemmesiden til party, så antar at de tar for seg sikkerheten der? Eller har jeg blitt lurt. Uansett...de gav meg instruksjoner om at jeg måtte kjøre partypoker cookie removal tool:

So the first step for you now is to download PartyPoker cookie Removal Tool here:

*link fjernet av moderator*

Gjorde dette og kjørte scannen. Den sa så at jeg hadde en infisert fil og påstod at dette var:

"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

fra

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Så kom første varsellampe. De skulle ha $40 dollar eller noe for å gi meg softwaren for å fjerne msn.

Har jeg blitt infisert av noe, mens jeg har forsøkt å fjerne noe annet?

Fulgte oppskriften her og kjørte hurtigscan og fikset log (x64). Hurtigscan fant ingenting, men kjørte full scan for moroskyld etterpå. Den fant to stykk som jeg fjernet.

Her er innholdet i loggene:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversjon: 4408

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

09.08.2010 01:44:10

mbam-log-2010-08-09 (01-44-10).txt

Skanntype: Full skann (C:\|E:\|)

Objekter skannet: 518934

Tid tilbakelagt: 26 minutt(er), 56 sekund(er)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 2

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

Registernøkler infisert:

(Ingen skadelige objekter funnet)

Registerverdier infisert:

(Ingen skadelige objekter funnet)

Registerfiler infisert:

(Ingen skadelige objekter funnet)

Mapper infisert:

(Ingen skadelige objekter funnet)

Filer infisert

C:\Users\Tony\AppData\Local\myVRmfcax\htmlayout.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{80D7B177-BEB0-4B94-9EA3-AC1C8D248D09}\RP23\A0007082.exe (Malware.Packer) -> Quarantined and deleted successfully.

DDS (Ver_10-03-17.01) - NTFSX64

Run by Tony at 1:08:54,77 on 09.08.2010

Internet Explorer: 8.0.6001.18928

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1033.18.8190.4601 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RAVCpl64.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\TCB Networks\StrokeIt\strokeit.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Synergy\synergys.exe

C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\RVG Software\Holdem Manager\HoldemManager.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files (x86)\RVG Software\Holdem Manager\HMImport.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\regedit.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe

C:\Program Files (x86)\Java\jre6\bin\java.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Users\Tony\Desktop\dds.scr

C:\Windows\SysWOW64\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.no/

mLocal Page = c:\windows\syswow64\blank.htm

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [Google Update] "c:\users\tony\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [strokeIt] c:\program files (x86)\tcb networks\strokeit\StrokeIt.exe

uRun: [Mikogo] "c:\users\tony\appdata\roaming\mikogo\Mikogo-Host.exe"

uRun: [skype] "c:\program files (x86)\skype\\phone\Skype.exe" /nosplash /minimized

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "c:\program files (x86)\google\gmail notifier\gnotify.exe"

mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [VirtualCloneDrive] "c:\program files (x86)\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [VoddlerNet Manager] "c:\program files (x86)\voddler\service\VNetManager.exe"

dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1

StartupFolder: c:\users\tony\appdata\roaming\micros~1\windows\startm~1\programs\startup\h2hpok~1.lnk - c:\program files (x86)\h2hpoker\H2HTaskBarNotifier.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files (x86)\pokerstars\PokerStarsUpdate.exe

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun-x64: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

mRun-x64: [RtHDVCpl] RAVCpl64.exe

mRun-x64: [skytel] Skytel.exe

IE-X64: {00000000-0000-0000-0000-000000000000} - c:\microgaming\poker\unibetpokermpp\MPPoker.exe

============= SERVICES / DRIVERS ===============

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\postgresql\8.3\bin\pg_ctl.exe [2009-3-13 65536]

R2 Synergy Server;Synergy Server;c:\program files (x86)\synergy\synergys.exe [2006-4-2 733184]

R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-1-12 185640]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\common files\realtime soft\ultramonmirrordrv\x64\UltraMonUtility.sys [2008-11-14 20512]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-6-20 34032]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-11 136176]

S3 B-Service;B-Service;c:\users\tony\appdata\roaming\mikogo\B-Service.exe [2009-10-22 185640]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\dragon age\bin_ship\daupdatersvc.service.exe [2010-4-20 25832]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-6-20 13352]

S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]

S3 VoddlerNet;VoddlerNet;c:\program files (x86)\voddler\service\voddler.exe [2010-5-19 873680]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-08 23:03:59 0 d-----w- c:\users\tony\appdata\roaming\Malwarebytes

2010-08-08 23:03:51 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-08 23:03:51 0 d-----w- c:\programdata\Malwarebytes

2010-08-08 23:03:51 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-08-08 22:45:32 81920 ----a-w- c:\windows\eSellerateControl350.dll

2010-08-08 22:45:32 356352 ----a-w- c:\windows\eSellerateEngine.dll

2010-08-08 22:45:31 0 d-----w- c:\program files (x86)\Party Pokercookie Removal Tool

2010-08-08 13:58:32 0 d-----w- c:\program files (x86)\SopCast

2010-08-03 00:41:18 11584512 ----a-w- c:\windows\syswow64\shell32.dll

2010-08-01 03:13:26 0 d-----w- C:\Programs

==================== Find3M ====================

2010-08-07 18:38:53 239099 ----a-w- c:\programdata\nvModes.dat

2010-06-22 23:22:17 51200 ----a-w- c:\windows\inf\infpub.dat

2010-06-22 23:22:17 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-06-20 11:25:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf

2010-06-20 11:25:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf

2010-06-20 11:23:08 86016 ----a-w- c:\windows\inf\infstor.dat

2010-06-20 11:22:27 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys

2010-06-20 11:22:18 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2010-06-20 11:22:18 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2010-06-20 11:22:18 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys

2010-06-02 02:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-06-02 02:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll

2010-06-02 02:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll

2010-06-02 02:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-06-02 02:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll

2010-06-02 02:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-26 09:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll

2010-05-26 09:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll

2010-05-26 09:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll

2010-05-26 09:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2010-05-26 09:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll

2010-05-26 09:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll

2010-05-26 09:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll

2010-05-26 09:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll

2010-05-26 09:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll

2010-05-26 09:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-05-21 12:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe

2009-10-28 02:07:42 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini

2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini

2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-10-28 02:08:29 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-10-26 20:53:13 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-05-09 13:10:29 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 1:09:07,37 ===============

Endret 10. januar 2011 av Runar

Lenke til kommentar

Videoannonse

Annonse

snippsat

snippsat

Skrevet 9. august 2010

- Del

Skrevet 9. august 2010 (endret)

så antar at de tar for seg sikkerheten der? Eller har jeg blitt lurt.

Du har blitt lurt,tenk deg om tror du poker kienter skal ha egen software for malware fjerning(selvfølgelig ikke)

Så kom første varsellampe. De skulle ha $40 dollar eller noe for å gi meg softwaren for å fjerne msn.

Ja dette skjer alltid,navnet på dette er Rogue security software

Loggen ser grei ut.

Har du kjennskap til denne,viss ikke scann filen på Virustotal

c:\program files (x86)\h2hpoker\H2HTaskBarNotifier.exe

Endret 9. august 2010 av SNIPPSAT

Lenke til kommentar

gunnberg

gunnberg

Skrevet 9. august 2010

Forfatter

- Del

Skrevet 9. august 2010

Ja, akkurat den er trygg og noe jeg selv har valgt å loade inn. Takk for hjelpen!

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...