Goldruin Skrevet 11. august 2010 Del Skrevet 11. august 2010 (endret) Hei For noen dager siden ble jeg plutselig angrepet av en masse virus. Etter mye mas og jalla drit fikk jeg bort det meste gjennom Malwarebyte Anti Malware, Norman og Microsoft Security Essentials. Likevel dukker det opp noen virus som blir slettet nå og da, og jeg er skeptisk til csrss.exe filen som kjører. Jeg syntes det var mange andre prosesser som jobber hardt i tillegg. Her er ett bilde. Jeg er spesielt interessert i csrss.exe og har lest at den kan være et virus i fåreklær. Nå har jeg kjørt de tre ovennevte programmene og de finner ingen ting. Jeg leste et sted at combofixer var lurt, så jeg kjørte det i sted og. Etter jeg var ferdig kom jeg ikke inn på nettet så restartet pc'en. Det førte til at jeg måtte ta en system restore da noen filer var blitt tuklet med. Jeg vet ikke om det ødela alt, men her er hvertfall loggen fra før restoren. ComboFix 10-08-10.06 - Tore 11.08.2010 16:59:24.1.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1033.18.2046.1234 [GMT 2:00] Kjører fra: c:\users\Tore\Downloads\ComboFix.exe * Opprettet nytt gjenopprettingspunkt * Anti-virus er aktiv . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Tore\AppData\Roaming\ohydy.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-07-11 til 2010-08-11 ))))))))))))))))))))))))))))))))) . 2010-08-11 14:41 . 2010-08-11 14:45 -------- d-----w- C:\32788R22FWJFW 2010-08-10 21:17 . 2010-08-10 21:17 -------- d-----w- c:\users\Tore\AppData\Roaming\SharePod 2010-08-10 11:25 . 2010-08-10 11:25 -------- d-----w- c:\users\Tore\AppData\Roaming\Malwarebytes 2010-08-10 11:25 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-10 11:25 . 2010-08-10 11:25 -------- d-----w- c:\programdata\Malwarebytes 2010-08-10 11:25 . 2010-08-10 11:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-10 11:25 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-10 09:20 . 2010-08-10 11:35 -------- d-----w- c:\users\Tore\AppData\Local\wgjovshkh 2010-08-10 09:03 . 2010-08-10 11:35 -------- d-----w- c:\users\Tore\AppData\Local\gwxannwpy 2010-08-09 21:31 . 2010-08-10 11:35 -------- d-----w- c:\users\Tore\AppData\Local\gccorybmd 2010-08-09 21:25 . 2010-08-10 11:35 -------- d-----w- c:\users\Tore\AppData\Local\ihicfhwgu 2010-08-09 15:54 . 2010-08-10 11:35 -------- d-----w- c:\users\Tore\AppData\Local\kwkunplhg 2010-08-09 15:54 . 2010-08-10 11:35 -------- d-----w- c:\users\Tore\AppData\Local\tweumxkoe 2010-08-09 15:53 . 2010-08-09 15:53 -------- d-----w- c:\users\Tore\AppData\Roaming\4473B132775CF4AF8599D45A1372F8DA 2010-08-06 21:04 . 2010-08-06 21:07 -------- d-----w- c:\programdata\TmForever 2010-08-06 20:56 . 2010-08-06 20:59 -------- d-----w- c:\program files\TmNationsForever 2010-08-05 08:42 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll 2010-08-05 08:42 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll 2010-08-05 08:42 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll 2010-08-05 08:42 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2010-08-05 08:42 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2010-08-05 08:42 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2010-08-01 12:18 . 2010-08-01 12:18 -------- d-----w- c:\program files\SystemRequirementsLab 2010-08-01 12:18 . 2010-08-01 12:18 -------- d-----w- c:\users\Tore\AppData\Roaming\SystemRequirementsLab 2010-07-28 21:54 . 2010-07-28 21:54 -------- d-----w- c:\program files\Black Isle 2010-07-28 00:18 . 2010-07-28 00:18 -------- d-----w- c:\programdata\NVIDIA Corporation 2010-07-28 00:18 . 2010-07-28 00:19 -------- d-----w- c:\program files\NVIDIA Corporation 2010-07-28 00:08 . 2010-07-09 22:37 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2010-07-28 00:08 . 2010-07-09 22:37 56936 ----a-w- c:\windows\system32\OpenCL.dll 2010-07-28 00:08 . 2010-07-09 22:37 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll 2010-07-28 00:08 . 2010-07-09 22:37 314984 ----a-w- c:\windows\system32\nvdecodemft.dll 2010-07-28 00:08 . 2010-07-09 22:37 2892904 ----a-w- c:\windows\system32\nvcuvid.dll 2010-07-28 00:08 . 2010-07-09 22:37 14092904 ----a-w- c:\windows\system32\nvoglv32.dll 2010-07-28 00:08 . 2010-07-09 22:37 4553832 ----a-w- c:\windows\system32\nvcuda.dll 2010-07-28 00:08 . 2010-07-09 22:37 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-07-28 00:08 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod1922.dll 2010-07-28 00:08 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod.dll 2010-07-28 00:08 . 2010-07-09 22:37 10267240 ----a-w- c:\windows\system32\nvcompiler.dll 2010-07-28 00:07 . 2010-07-28 00:07 -------- d-----w- C:\NVIDIA 2010-07-23 22:13 . 2010-07-23 22:13 -------- d-----w- C:\Poker 2010-07-23 02:17 . 2010-07-23 08:55 -------- d-----w- c:\program files\Holdem Indicator 2010-07-22 23:28 . 2010-07-25 08:55 -------- d-----w- c:\program files\Tournament Indicator 2010-07-22 00:32 . 2010-07-22 00:32 -------- d-----w- c:\program files\Advantage Analysis 2010-07-18 00:52 . 2010-08-04 09:51 -------- d-----w- c:\users\Tore\AppData\Roaming\Microgaming 2010-07-18 00:50 . 2010-07-18 00:50 -------- d-----w- C:\MicroGaming . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Tore\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Tore\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Tore\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168] "Google Update"="c:\users\Tore\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-29 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-1-31 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" R0 PCGenFAM;PCGenFAM;c:\windows\system32\DRIVERS\PCGenFAM.sys [2010-05-30 179144] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-01-16 161064] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1343400] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-24 691696] S1 ALE_NF;Norman Network Filter ALE driver;c:\windows\system32\drivers\ale_nf.sys [2010-05-19 60960] S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2010-01-04 26744] S1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2010-05-10 72392] S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728] S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\NDISKIO.SYS [2009-10-09 22880] S2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\Nnf.exe [2010-06-24 219904] S2 NPFSvc32;Norman Personal Firewall Service;c:\program files\Norman\npf\bin\npfsvc32.exe [2010-06-02 286328] S2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\Nprosec.exe [2010-05-07 103016] S2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [2010-05-14 40384] S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2010-03-15 98776] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2010-05-30 338464] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2010-06-14 282624] S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2009-10-14 23392] S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2010-05-21 202056] S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2009-10-15 133272] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1934820326-1596110413-3487388090-1000Core.job - c:\users\Tore\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 23:08] 2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1934820326-1596110413-3487388090-1000UA.job - c:\users\Tore\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 23:08] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Tore\AppData\Roaming\Mozilla\Firefox\Profiles\a8y6zfwb.default\ FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Tore\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\users\Tore\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\users\Tore\AppData\Roaming\Mozilla\Firefox\Profiles\a8y6zfwb.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-AdobeBridge - (no file) . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tidspunkt ferdig: 2010-08-11 17:32:10 ComboFix-quarantined-files.txt 2010-08-11 15:32 Pre-Run: 49 752 244 224 bytes free Post-Run: 49 929 662 464 bytes free - - End Of File - - FF7C8A9325488DB4844A9F8494BD01E6 Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4412 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 11.08.2010 21:08:40 mbam-log-2010-08-11 (21-08-40).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 358782 Time elapsed: 2 hour(s), 39 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Poker\Centrebet Poker\_SetupCentrebet_8632ae.exe (Adware.Casino) -> Quarantined and deleted successfully. C:\Users\Tore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSUMY17Y\secureapp70700[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\Tore\AppData\Roaming\4473B132775CF4AF8599D45A1372F8DA\secureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. Nå driver forresten combofix og prøver å koble seg til nettleser, msn og en tredje ting jeg ikke husker. Jeg syntes det en smule suspekt, men jeg jeg satset på at den trengte det for å fikse noe. Disse virusene har en tendens til å være gjengangere: Håper noen av dere kan hjelpe meg med å rense pc'en uten at jeg må reinstallere alt! Tusen takk på forhånd hvis dere har noen tips! Endret 11. august 2010 av Goldruin Lenke til kommentar
norbat Skrevet 11. august 2010 Del Skrevet 11. august 2010 (endret) Last ned ny combofix, legg fila på skrivebordet. Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. Folder:: c:\users\Tore\AppData\Local\wgjovshkh c:\users\Tore\AppData\Local\gwxannwpy c:\users\Tore\AppData\Local\gccorybmd c:\users\Tore\AppData\Local\ihicfhwgu c:\users\Tore\AppData\Local\kwkunplhg c:\users\Tore\AppData\Local\tweumxkoe c:\users\Tore\AppData\Roaming\4473B132775CF4AF8599D45A1372F8DA dds:: uInternet Settings,ProxyServer = http=127.0.0.1:6522 Oppdater mbam og kjør en ny rask skann. Post loggen hvis den finner noe. Endret 11. august 2010 av norbat Lenke til kommentar
Goldruin Skrevet 11. august 2010 Forfatter Del Skrevet 11. august 2010 ComboFix 10-08-11.02 - Tore 11.08.2010 22:24:25.1.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1033.18.2046.1080 [GMT 2:00] Kjører fra: c:\users\Tore\Desktop\ComboFix.exe Command switches brukt :: c:\users\Tore\Desktop\CFScript.txt * Anti-virus er aktiv . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-07-11 til 2010-08-11 ))))))))))))))))))))))))))))))))) . 2010-08-11 20:50 . 2010-08-11 20:50 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-08-11 20:50 . 2010-08-11 20:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-11 20:12 . 2010-08-11 20:13 -------- d-----w- C:\32788R22FWJFW 2010-08-11 18:40 . 2010-08-11 18:41 -------- d-----w- c:\program files\CCleaner 2010-08-10 21:17 . 2010-08-10 21:17 -------- d-----w- c:\users\Tore\AppData\Roaming\SharePod 2010-08-10 11:25 . 2010-08-10 11:25 -------- d-----w- c:\users\Tore\AppData\Roaming\Malwarebytes 2010-08-10 11:25 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-10 11:25 . 2010-08-10 11:25 -------- d-----w- c:\programdata\Malwarebytes 2010-08-10 11:25 . 2010-08-10 11:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-10 11:25 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-10 09:20 . 2010-08-10 11:35 -------- d-----w- c:\users\Tore\AppData\Local\wgjovshkh 2010-08-10 09:03 . 2010-08-10 11:35 -------- d-----w- c:\users\Tore\AppData\Local\gwxannwpy 2010-08-09 21:31 . 2010-08-10 11:35 -------- d-----w- c:\users\Tore\AppData\Local\gccorybmd 2010-08-09 21:25 . 2010-08-10 11:35 -------- d-----w- c:\users\Tore\AppData\Local\ihicfhwgu 2010-08-09 15:54 . 2010-08-10 11:35 -------- d-----w- c:\users\Tore\AppData\Local\kwkunplhg 2010-08-09 15:54 . 2010-08-10 11:35 -------- d-----w- c:\users\Tore\AppData\Local\tweumxkoe 2010-08-09 15:53 . 2010-08-11 19:08 -------- d-----w- c:\users\Tore\AppData\Roaming\4473B132775CF4AF8599D45A1372F8DA 2010-08-06 21:04 . 2010-08-06 21:07 -------- d-----w- c:\programdata\TmForever 2010-08-06 20:56 . 2010-08-06 20:59 -------- d-----w- c:\program files\TmNationsForever 2010-08-05 08:42 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll 2010-08-05 08:42 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll 2010-08-05 08:42 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll 2010-08-05 08:42 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2010-08-05 08:42 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2010-08-05 08:42 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2010-08-01 12:18 . 2010-08-01 12:18 -------- d-----w- c:\program files\SystemRequirementsLab 2010-08-01 12:18 . 2010-08-01 12:18 -------- d-----w- c:\users\Tore\AppData\Roaming\SystemRequirementsLab 2010-07-28 21:54 . 2010-07-28 21:54 -------- d-----w- c:\program files\Black Isle 2010-07-28 00:18 . 2010-07-28 00:18 -------- d-----w- c:\programdata\NVIDIA Corporation 2010-07-28 00:18 . 2010-07-28 00:19 -------- d-----w- c:\program files\NVIDIA Corporation 2010-07-28 00:08 . 2010-07-09 22:37 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2010-07-28 00:08 . 2010-07-09 22:37 56936 ----a-w- c:\windows\system32\OpenCL.dll 2010-07-28 00:08 . 2010-07-09 22:37 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll 2010-07-28 00:08 . 2010-07-09 22:37 314984 ----a-w- c:\windows\system32\nvdecodemft.dll 2010-07-28 00:08 . 2010-07-09 22:37 2892904 ----a-w- c:\windows\system32\nvcuvid.dll 2010-07-28 00:08 . 2010-07-09 22:37 14092904 ----a-w- c:\windows\system32\nvoglv32.dll 2010-07-28 00:08 . 2010-07-09 22:37 4553832 ----a-w- c:\windows\system32\nvcuda.dll 2010-07-28 00:08 . 2010-07-09 22:37 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-07-28 00:08 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod1922.dll 2010-07-28 00:08 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod.dll 2010-07-28 00:08 . 2010-07-09 22:37 10267240 ----a-w- c:\windows\system32\nvcompiler.dll 2010-07-28 00:07 . 2010-07-28 00:07 -------- d-----w- C:\NVIDIA 2010-07-23 22:13 . 2010-07-23 22:13 -------- d-----w- C:\Poker 2010-07-23 02:17 . 2010-07-23 08:55 -------- d-----w- c:\program files\Holdem Indicator 2010-07-22 23:28 . 2010-07-25 08:55 -------- d-----w- c:\program files\Tournament Indicator 2010-07-22 00:32 . 2010-07-22 00:32 -------- d-----w- c:\program files\Advantage Analysis 2010-07-18 00:52 . 2010-08-04 09:51 -------- d-----w- c:\users\Tore\AppData\Roaming\Microgaming 2010-07-18 00:50 . 2010-07-18 00:50 -------- d-----w- C:\MicroGaming . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-11 18:41 . 2009-09-10 01:51 -------- d-----w- c:\users\Tore\AppData\Roaming\Spotify 2010-08-10 21:47 . 2010-01-31 19:44 -------- d-----w- c:\program files\Steam 2010-08-10 21:26 . 2009-09-09 23:38 -------- d-----w- c:\users\Tore\AppData\Roaming\vlc 2010-08-10 09:26 . 2009-09-10 01:41 -------- d-----w- c:\users\Tore\AppData\Roaming\uTorrent 2010-08-10 03:10 . 2010-03-13 18:53 -------- d-----w- c:\users\Tore\AppData\Roaming\Skype 2010-08-09 22:06 . 2009-09-10 21:53 -------- d-----w- c:\users\Tore\AppData\Roaming\skypePM 2010-08-03 09:00 . 2010-01-06 08:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-28 00:28 . 2010-02-05 18:29 -------- d-----w- c:\programdata\NVIDIA 2010-07-27 23:10 . 2010-02-05 18:28 27744 ----a-w- c:\programdata\nvModes.dat 2010-07-14 01:02 . 2009-09-10 10:06 -------- d-----w- c:\programdata\Microsoft Help 2010-07-09 22:37 . 2010-07-28 00:08 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2010-07-09 22:37 . 2010-02-05 18:23 1625192 ----a-w- c:\windows\system32\nvapi.dll 2010-07-09 22:37 . 2010-02-05 18:23 604776 ----a-w- c:\windows\system32\nvudisp.exe 2010-07-09 22:37 . 2010-02-05 18:23 9818728 ----a-w- c:\windows\system32\nvd3dum.dll 2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-07-09 14:20 . 2010-07-09 14:20 66664 ----a-w- c:\windows\system32\nvshext.dll 2010-07-09 14:20 . 2010-07-09 14:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll 2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll 2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll 2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll 2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe 2010-07-07 12:03 . 2010-02-05 18:24 604776 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-06-30 01:02 . 2009-10-04 11:50 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-06-27 01:38 . 2009-09-10 10:09 -------- d-----w- c:\program files\Microsoft.NET 2010-06-24 22:54 . 2010-06-24 22:54 -------- d-----w- c:\programdata\Sports Interactive 2010-06-24 22:53 . 2010-06-24 22:53 -------- d-----w- c:\users\Tore\AppData\Roaming\Sports Interactive 2010-06-24 22:49 . 2010-06-24 22:40 -------- d--h--w- c:\program files\Zero G Registry 2010-06-24 22:40 . 2010-06-24 22:40 -------- d-----w- c:\program files\Sports Interactive 2010-06-24 22:32 . 2010-06-24 22:31 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-06-24 22:32 . 2009-09-10 05:47 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-06-24 22:30 . 2009-09-10 10:03 -------- d-----w- c:\programdata\DAEMON Tools Lite 2010-06-21 12:54 . 2010-06-29 19:19 48272 ----a-w- c:\windows\system32\drivers\nnetsec.sys 2010-06-15 01:57 . 2010-06-15 01:56 -------- d-----w- c:\program files\iTunes 2010-06-15 01:57 . 2010-06-15 01:56 -------- d-----w- c:\program files\iPod 2010-06-15 01:56 . 2009-09-20 16:42 -------- d-----w- c:\program files\Common Files\Apple 2010-06-15 01:51 . 2010-06-15 01:51 -------- d-----w- c:\program files\Bonjour 2010-06-14 16:25 . 2009-09-10 05:16 109592 ----a-w- c:\users\Tore\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-14 16:23 . 2010-06-14 16:22 -------- d-----w- c:\program files\VirtualDJ 2010-06-01 17:37 . 2009-10-03 12:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-30 13:21 . 2010-05-31 01:12 179144 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys 2010-05-28 10:40 . 2010-06-17 15:49 30584 ----a-w- c:\windows\system32\drivers\nnetsecl.sys 2010-05-27 07:24 . 2010-06-10 00:04 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49 . 2010-06-10 00:04 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-25 12:28 . 2010-06-17 15:49 34192 ----a-w- c:\windows\system32\drivers\nnetsecl64.sys 2010-05-21 05:18 . 2010-06-10 00:04 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-19 07:37 . 2010-06-02 22:31 67664 ----a-w- c:\windows\system32\drivers\ale_nf64.sys 2010-05-19 07:36 . 2010-06-02 22:31 60960 ----a-w- c:\windows\system32\drivers\ale_nf.sys 2010-05-18 13:28 . 2010-02-19 04:53 20 ---h--w- c:\programdata\PKP_DLbx.DAT 2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Tore\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Tore\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Tore\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeBridge"="" [bU] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168] "Google Update"="c:\users\Tore\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-29 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-1-31 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" R0 PCGenFAM;PCGenFAM;c:\windows\system32\DRIVERS\PCGenFAM.sys [2010-05-30 179144] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-01-16 161064] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1343400] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-24 691696] S1 ALE_NF;Norman Network Filter ALE driver;c:\windows\system32\drivers\ale_nf.sys [2010-05-19 60960] S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2010-01-04 26744] S1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2010-05-10 72392] S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728] S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\NDISKIO.SYS [2009-10-09 22880] S2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\Nnf.exe [2010-06-24 219904] S2 NPFSvc32;Norman Personal Firewall Service;c:\program files\Norman\npf\bin\npfsvc32.exe [2010-06-02 286328] S2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\Nprosec.exe [2010-05-07 103016] S2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [2010-05-14 40384] S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2010-03-15 98776] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2010-05-30 338464] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2010-06-14 282624] S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2009-10-14 23392] S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2010-05-21 202056] S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2009-10-15 133272] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - mchInjDrv . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1934820326-1596110413-3487388090-1000Core.job - c:\users\Tore\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 23:08] 2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1934820326-1596110413-3487388090-1000UA.job - c:\users\Tore\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 23:08] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Tore\AppData\Roaming\Mozilla\Firefox\Profiles\a8y6zfwb.default\ FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - TOMME PEKERE FJERNET - - - - AddRemove-Centrebet Poker - c:\poker\Centrebet Poker\_SetupCentrebet_8632ae.exe . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(4784) c:\program files\Norman\nvc\bin\Niphk.dll c:\users\Tore\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . Tidspunkt ferdig: 2010-08-11 23:05:49 ComboFix-quarantined-files.txt 2010-08-11 21:05 ComboFix2.txt 2010-08-11 15:32 Pre-Run: 50 026 504 192 bytes free Post-Run: 49 568 518 144 bytes free - - End Of File - - 5C8A251F1740415D18BA74BCA5D56F77 Quick scan ga ingen virus Er alt flott og fint nå? Tror liksom ikke på det... haha Lenke til kommentar
norbat Skrevet 11. august 2010 Del Skrevet 11. august 2010 Se om du får slettet følgende mapper: c:\users\Tore\AppData\Local\wgjovshkh c:\users\Tore\AppData\Local\gwxannwpy c:\users\Tore\AppData\Local\gccorybmd c:\users\Tore\AppData\Local\ihicfhwgu c:\users\Tore\AppData\Local\kwkunplhg c:\users\Tore\AppData\Local\tweumxkoe c:\users\Tore\AppData\Roaming\4473B132775CF4AF8599D45A1372F8DA Fungerer ting og tang normalt? Lenke til kommentar
Goldruin Skrevet 11. august 2010 Forfatter Del Skrevet 11. august 2010 Yes, de var tomme og fikk slettet dem Tror det eneste problemet jeg har opplevd det siste døgnet er at antivirusprogrammene finner virus nå og da. Kanskje for tidlig å si om alt er vel ennå. Pc'en er ganske treig. Vet ikke om det er pga virusene men men. Uansett, tusen tusen takk mann! Snakker om service!! Lenke til kommentar
norbat Skrevet 11. august 2010 Del Skrevet 11. august 2010 Bruk CCleaner til å fjerne temporære filer etc. Hvis du kjører to antivirusprogrammer (Norman og MSE), avinstaller det ene. Lenke til kommentar
Goldruin Skrevet 11. august 2010 Forfatter Del Skrevet 11. august 2010 (endret) CC er kjørt. Ikke for å mase sånn altfor mye, men hvilke av de to anbefaler du? Edit: Er csrss.exe legit? Den surrer i bakgrunnen konstant. Leste et sted at den kunne bety noe kjipt. Endret 11. august 2010 av Goldruin Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå