Psycho Skrevet 18. august 2010 Del Skrevet 18. august 2010 (endret) Sitter på maskinen til en kompis som har fånn infisert pcen med et slags MSN-virus. Meldingen som sendes er slik: se på dette bildet http://www.facebook.ozodo.com/facebook_gallery.php?image=DSC001**********.JPG Har kjørt Malwarebytes' Anti-Malware og Combofix. Legger ved logger: Malware: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4436 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 16.08.2010 19:06:16 mbam-log-2010-08-16 (19-06-16).txt Skanntype: Full skann (C:\|D:\|E:\|F:\|) Objekter skannet: 296195 Tid tilbakelagt: 1 time®, 31 minutt(er), 45 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 4 Registerverdier infisert: 4 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 68 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: C:\Users\Nicolai\AppData\Local\Temp\sshnas21.dll (Trojan.Agent.Gen) -> Delete on reboot. Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Agent.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ze18mw23gy (Trojan.Agent.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jrmx9x1gml (Trojan.Agent.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update services (Backdoor.IRCBot) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert C:\Users\Nicolai\AppData\Local\Temp\sshnas21.dll (Trojan.Agent.Gen) -> Delete on reboot. C:\Users\Nicolai\AppData\Local\Temp\Hj1.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hki.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Download\DSC0014084920.JPG.scr (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HDALQG2\e[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\1334728.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\1517108.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\1631650.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\2080675.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\2495839.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\3015541.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\3208534.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\3725195.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\4197340.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\4668786.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\5192718.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\5783253.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\5942951.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\6296320.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\6467957.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\6686531.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\6865580.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\7602778.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\7859772.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\8134231.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\8153272.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\8188236.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\8888541.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\9335040.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\9817349.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\BbAld6I87I.log (Backdoor.Agent) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\He167GM0kM.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj0.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj2.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj3.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj4.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj5.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj6.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj7.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj8.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj9.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hjz.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hka.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkb.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkc.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkd.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hke.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkf.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkg.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkh.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkj.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkk.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkl.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkm.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkn.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hko.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkp.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hks.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkt.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hku.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkv.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkx.exe (Trojan.Agent.Gen) -> Delete on reboot. C:\Users\Nicolai\AppData\Local\Temp\Hky.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Windows\MSetup\BASW-01278A18\FailSafeFactoryInstaller_1017.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. DDS: DDS (Ver_10-03-17.01) - NTFSX64 Run by Nicolai at 0:09:43,78 on 19.08.2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.3957.2631 [GMT 2:00] ============== Running Processes =============== C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\nvvsvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\windows\SysWOW64\Rezip.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\taskeng.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe C:\Users\Nicolai\AppData\Local\Temp\Hj2.exe C:\Users\Nicolai\AppData\Local\Temp\Hkl.exe C:\Users\Nicolai\AppData\Local\Temp\Hkg.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\Users\Public\S-2535-6853-2745\winrsvn.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Users\Public\HEX-5823-6893-6818\jusched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Spotify\spotify.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\DllHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Nicolai\AppData\Local\Temp\0089733.exe C:\Users\Nicolai\AppData\Local\Temp\9180576.exe C:\windows\System32\svchost.exe -k WerSvcGroup C:\Download\dds.scr C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn mLocal Page = c:\windows\syswow64\blank.htm uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\common files\mcafee\systemcore\ScriptSn.20100816154622.dll BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun uRun: [steam] "c:\program files (x86)\steam\Steam.exe" -silent uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background uRun: [Windows Boot Control] c:\users\public\s-2535-6853-2745\winrsvn.exe uRun: [Metropolis] rundll32.exe c:\users\nicolai\appdata\local\temp\sshnas21.dll,GetHandle uRun: [ZE18MW23GY] c:\users\nicolai\appdata\local\temp\Hj2.exe uRun: [Java Update Manager] c:\users\public\hex-5823-6893-6818\jusched.exe mRun: [updateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [CLMLServer] "c:\program files (x86)\cyberlink\power2go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [RemoteControl8] "c:\program files (x86)\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files (x86)\cyberlink\powerdvd8\language\Language.exe" mRun: [updatePPShortCut] "c:\program files (x86)\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0" mRun: [updatePSTShortCut] "c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [APLangApp] "c:\program files (x86)\anypc client\APLangApp.exe" mRun: [uCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0" mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send bilde til &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll {27B4851A-3207-45A2-B947-BE8AFE6163AB} {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} {7DB2D5A0-7241-4E79-B68D-6309F01C5231} {9030D464-4C02-4ABF-8ECC-5164760863C6} {AA58ED58-01DD-4d91-8333-CF10577473F7} {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} {B164E929-A1B6-4A06-B104-2CD0E90A88FF} {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} {2318C2B1-4965-11d4-9B18-009027A5CD4F} mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm ================= FIREFOX =================== FF - ProfilePath - c:\users\nicolai\appdata\roaming\mozilla\firefox\profiles\unmcgona.default\ FF - prefs.js: browser.startup.homepage - hxxp://vg.no FF - component: c:\program files (x86)\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-16 528616] R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-16 75288] R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-16 279752] R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-3-11 13824] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\mcafee\siteadvisor\McSACore.exe [2010-3-11 203280] R2 McMPFSvc;McAfee Personal Firewall-tjeneste;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-16 355440] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-16 355440] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-16 355440] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-16 199032] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-16 244840] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-16 148520] R2 Rezip;Rezip;c:\windows\syswow64\Rezip.exe [2010-3-11 311296] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-16 62416] R3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\drivers\CryptOSD.sys [2009-6-25 431488] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-16 189880] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-16 440688] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-3-12 83488] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-9-28 395264] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-7-5 135664] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-3-12 52264] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-5 35104] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-7-5 61280] S3 fsssvc;Windows Live Tryggere for familien-tjenesten;c:\program files (x86)\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-3-12 151936] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-16 93840] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-5 1255736] =============== Created Last 30 ================ 2010-08-16 15:33:18 0 d-----w- c:\users\nicolai\appdata\roaming\Malwarebytes 2010-08-16 15:33:05 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-16 15:33:05 0 d-----w- c:\programdata\Malwarebytes 2010-08-16 15:33:04 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-08-16 13:46:28 0 d-----w- c:\program files\McAfee.com 2010-08-16 13:46:21 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2010-08-16 13:46:13 93840 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2010-08-16 13:46:13 75288 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2010-08-16 13:46:13 62416 ----a-w- c:\windows\system32\drivers\cfwids.sys 2010-08-16 13:46:13 528616 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2010-08-16 13:46:13 440688 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2010-08-16 13:46:13 279752 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2010-08-16 13:46:13 189880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-08-16 13:46:13 121504 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2010-08-13 07:51:52 118 ----a-w- c:\windows\system32\MRT.INI 2010-08-12 12:41:11 463360 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-12 12:41:11 404992 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-12 12:41:11 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-08-12 12:41:09 340992 ----a-w- c:\windows\system32\schannel.dll 2010-08-12 12:41:09 224256 ----a-w- c:\windows\syswow64\schannel.dll 2010-08-08 22:56:44 812 ----a-w- c:\windows\system32\drivers\scdskr01.dat 2010-08-08 22:56:44 541 ----a-w- c:\windows\system32\drivers\scdhkr01.dat 2010-08-08 22:56:44 500 ----a-w- c:\windows\system32\drivers\RSTable.dat 2010-08-08 22:56:44 36 ----a-w- c:\windows\system32\drivers\scdstr01.dat 2010-08-08 16:47:45 0 d-----w- C:\Team17 2010-08-03 15:55:39 12867584 ----a-w- c:\windows\syswow64\shell32.dll ==================== Find3M ==================== 2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll 2010-07-21 23:19:21 74124 ----a-w- c:\windows\system32\perfc014.dat 2010-07-21 23:19:21 448210 ----a-w- c:\windows\system32\perfh014.dat 2010-07-10 16:29:07 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-07-10 16:29:07 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-07-10 16:29:07 145184 ----a-w- c:\windows\syswow64\java.exe 2010-07-10 16:29:06 411368 ----a-w- c:\windows\syswow64\deploytk.dll 2010-07-05 18:29:40 834544 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-07-05 16:46:39 0 ----a-w- c:\windows\system32\drivers\144D_SAMSUNG_N_R580_08JB.mrk 2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll 2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll 2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll 2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll 2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll 2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll 2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll 2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe 2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll 2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe 2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe 2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll 2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys 2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll 2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll 2010-06-03 02:41:44 3600384 ----a-w- c:\windows\syswow64\GPhotos.scr 2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll 2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll 2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll 2010-03-11 23:38:11 36156 ----a-w- c:\windows\inf\perflib\0414\perfd.dat 2010-03-11 23:38:11 36156 ----a-w- c:\windows\inf\perflib\0414\perfc.dat 2010-03-11 23:38:11 298300 ----a-w- c:\windows\inf\perflib\0414\perfi.dat 2010-03-11 23:38:11 298300 ----a-w- c:\windows\inf\perflib\0414\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 0:11:50,75 =============== Har kjørt full scan med McAffe, uten hell. Endret 18. august 2010 av Umlaut Lenke til kommentar
evenandreas Skrevet 18. august 2010 Del Skrevet 18. august 2010 (endret) Last ned msn virus remover. Endret 18. august 2010 av evenandreas Lenke til kommentar
Psycho Skrevet 18. august 2010 Forfatter Del Skrevet 18. august 2010 Har du link? Lenke til kommentar
evenandreas Skrevet 18. august 2010 Del Skrevet 18. august 2010 http://www.msnvirusremoval.com/ Lenke til kommentar
Psycho Skrevet 19. august 2010 Forfatter Del Skrevet 19. august 2010 (endret) Kjørte Malwarebytes' Anti-Malware på nytt, og det ser ut som at de samme filene kommer tilbake. Legger ved loggen fra den siste skannen. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4436 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 19.08.2010 03:26:44 mbam-log-2010-08-19 (03-26-44).txt Skanntype: Full skann (C:\|D:\|E:\|F:\|) Objekter skannet: 305114 Tid tilbakelagt: 53 minutt(er), 30 sekund(er) Minneprosesser infisert: 2 Minnemoduler infisert: 1 Registernøkler infisert: 3 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 27 Minneprosesser infisert: C:\Users\Nicolai\AppData\Local\Temp\Hj2.exe (Trojan.Agent.Gen) -> Unloaded process successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkg.exe (Trojan.Agent.Gen) -> Unloaded process successfully. Minnemoduler infisert: C:\Users\Nicolai\AppData\Local\Temp\sshnas21.dll (Trojan.Agent.Gen) -> Delete on reboot. Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ze18mw23gy (Trojan.Agent.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Agent.Gen) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert C:\Users\Nicolai\AppData\Local\Temp\Hj2.exe (Trojan.Agent.Gen) -> Delete on reboot. C:\Users\Nicolai\AppData\Local\Temp\Hkg.exe (Trojan.Agent.Gen) -> Delete on reboot. C:\Users\Nicolai\AppData\Local\Temp\sshnas21.dll (Trojan.Agent.Gen) -> Delete on reboot. C:\Users\Nicolai\AppData\Local\Mozilla\Firefox\Profiles\unmcgona.default\Cache\4BDECFBFd01 (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\4064367.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\4095401.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\7824519.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\9206278.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\He167GM0kM.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj1.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj4.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj5.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj6.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj7.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hj9.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hjz.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hka.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkc.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkd.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkf.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkh.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkj.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Hkm.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\kH71j6c88c.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. Kjørte den msnvirusremovalen før jeg kjørte Malwarebytesen. Endret 19. august 2010 av Umlaut Lenke til kommentar
snippsat Skrevet 19. august 2010 Del Skrevet 19. august 2010 Du har noe grums ja,kan du kjøre denne. Last ned RSIT (Random's System Information Tool) til skrivebordet Start programmet ved å dobbeltklikke på RSIT.exe Klikk Continue Etter få strakser vil det lages en logg (log.txt)den poster du. Lenke til kommentar
snippsat Skrevet 19. august 2010 Del Skrevet 19. august 2010 (endret) C:\Users\Nicolai\AppData\Local\Temp\ Slett alle filer i denne mappen. Malware kjører herfra og starter opp med 2 registeroppføringer. Bruk killbox viss du ikke får slettet. Ny DDS logg eller RIST som postet over. Endret 19. august 2010 av SNIPPSAT Lenke til kommentar
Psycho Skrevet 20. august 2010 Forfatter Del Skrevet 20. august 2010 Beklager at jeg ikke har fått gjort dette ennå. Må vente til kompisen er ledig og kan komme på besøk med PCen. Det vil forhåpentligvis skje over helga. Lenke til kommentar
Psycho Skrevet 24. august 2010 Forfatter Del Skrevet 24. august 2010 (endret) RSIT-logg: Logfile of random's system information tool 1.08 (written by random/random) Run by Nicolai at 2010-08-24 15:52:53 Microsoft Windows 7 Home Premium System drive C: has 186 GB (80%) free of 231 GB Total RAM: 3957 MB (74% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:52:58, on 24.08.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Users\Public\K-7695-6489-5842\csrrsn.exe C:\Users\Public\S-2535-6853-2745\winrsvn.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\AnyPC Client\APLangApp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Download\RSIT.exe C:\Program Files (x86)\trend micro\Nicolai.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100816154622.dll O2 - BHO: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [APLangApp] "C:\Program Files (x86)\AnyPC Client\APLangApp.exe" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Windows Boot Control] C:\Users\Public\S-2535-6853-2745\winrsvn.exe O4 - HKCU\..\Run: [XBV6RD5SZF] C:\Users\Nicolai\AppData\Local\Temp\Hj2.exe O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Users\Nicolai\AppData\Local\Temp\sshnas21.dll,GetHandle O4 - HKCU\..\Run: [WinSysCntrl32] C:\Users\Public\K-7695-6489-5842\csrrsn.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETTVERKSTJENESTE') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Send til Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send til &Bluetooth-enhet... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Personal Firewall-tjeneste (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Rezip - Unknown owner - C:\windows\SysWOW64\Rezip.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13388 bytes ======Scheduled tasks folder====== C:\windows\tasks\GoogleUpdateTaskMachineCore.job C:\windows\tasks\GoogleUpdateTaskMachineUA.job C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job C:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job C:\windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}] McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2010-05-03 245272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100816154622.dll [2010-05-31 73288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Påloggingshjelp for Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-12 278192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-12 814648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2009-01-29 145424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-10 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2009-01-29 145424] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-12 278192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504] "CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720] "UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504] "UpdatePDRShortCut"=C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-04 222504] "RemoteControl8"=C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [2009-04-15 91432] "PDVD8LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [2009-04-15 50472] "UpdatePPShortCut"=C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-12-03 218408] "UpdatePSTShortCut"=C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2009-07-21 210216] "APLangApp"=C:\Program Files (x86)\AnyPC Client\APLangApp.exe [2009-11-20 13312] "UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-18 421888] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-24 1484856] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "Steam"=C:\Program Files (x86)\Steam\Steam.exe [2010-07-05 1238352] "msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] "Windows Boot Control"=C:\Users\Public\S-2535-6853-2745\winrsvn.exe [2010-08-10 80896] "XBV6RD5SZF"=C:\Users\Nicolai\AppData\Local\Temp\Hj2.exe [2010-08-22 193536] "Metropolis"=C:\Users\Nicolai\AppData\Local\Temp\sshnas21.dll [2010-08-23 249344] "WinSysCntrl32"=C:\Users\Public\K-7695-6489-5842\csrrsn.exe [2010-08-24 47616] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 2 months====== 2010-08-24 15:33:19 ----D---- C:\Program Files (x86)\trend micro 2010-08-24 15:33:18 ----D---- C:\rsit 2010-08-24 15:24:57 ----D---- C:\!KillBox 2010-08-24 14:28:17 ----RA---- C:\Users\Nicolai\AppData\Roaming\lL166.txt 2010-08-24 14:18:39 ----D---- C:\Users\Nicolai\AppData\Roaming\download2 2010-08-23 15:16:47 ----RA---- C:\Users\Nicolai\AppData\Roaming\JHml0.txt 2010-08-19 03:52:51 ----D---- C:\windows\PCHEALTH 2010-08-19 03:47:56 ----SHD---- C:\Config.Msi 2010-08-19 00:06:59 ----RD---- C:\32788R22FWJFW 2010-08-18 21:25:44 ----RA---- C:\Users\Nicolai\AppData\Roaming\EDIb7.txt 2010-08-16 17:33:18 ----D---- C:\Users\Nicolai\AppData\Roaming\Malwarebytes 2010-08-16 17:33:06 ----A---- C:\windows\SysWOW64\drivers\mbamswissarmy.sys 2010-08-16 17:33:05 ----D---- C:\ProgramData\Malwarebytes 2010-08-16 17:33:04 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-08-12 14:41:09 ----A---- C:\windows\SysWOW64\schannel.dll 2010-08-12 14:40:53 ----A---- C:\windows\SysWOW64\ntoskrnl.exe 2010-08-12 14:40:53 ----A---- C:\windows\SysWOW64\ntkrnlpa.exe 2010-08-12 14:40:46 ----A---- C:\windows\SysWOW64\mshtml.dll 2010-08-12 14:40:45 ----A---- C:\windows\SysWOW64\wininet.dll 2010-08-12 14:40:45 ----A---- C:\windows\SysWOW64\urlmon.dll 2010-08-12 14:40:45 ----A---- C:\windows\SysWOW64\ieframe.dll 2010-08-12 14:40:44 ----A---- C:\windows\SysWOW64\mstime.dll 2010-08-12 14:40:44 ----A---- C:\windows\SysWOW64\msfeedsbs.dll 2010-08-12 14:40:44 ----A---- C:\windows\SysWOW64\ieui.dll 2010-08-12 14:40:44 ----A---- C:\windows\SysWOW64\iepeers.dll 2010-08-12 14:40:44 ----A---- C:\windows\SysWOW64\iedkcs32.dll 2010-08-12 14:40:43 ----A---- C:\windows\SysWOW64\msfeedssync.exe 2010-08-12 14:40:43 ----A---- C:\windows\SysWOW64\jsproxy.dll 2010-08-12 14:40:35 ----A---- C:\windows\SysWOW64\rtutils.dll 2010-08-12 14:40:33 ----A---- C:\windows\SysWOW64\iccvid.dll 2010-08-12 14:40:30 ----A---- C:\windows\SysWOW64\msxml3.dll 2010-08-10 14:12:55 ----RA---- C:\Users\Nicolai\AppData\Roaming\BjC8G.txt 2010-08-10 11:21:35 ----RA---- C:\Users\Nicolai\AppData\Roaming\Bb7M1.txt 2010-08-10 06:03:30 ----RA---- C:\Users\Nicolai\AppData\Roaming\DchAg.txt 2010-08-10 00:21:52 ----RA---- C:\Users\Nicolai\AppData\Roaming\ml0jD.txt 2010-08-09 21:56:13 ----RA---- C:\Users\Nicolai\AppData\Roaming\Bd6CH.txt 2010-08-08 20:47:15 ----RA---- C:\Users\Nicolai\AppData\Roaming\BD8gm.txt 2010-08-08 20:47:12 ----RA---- C:\Users\Nicolai\AppData\Roaming\BHml0.txt 2010-08-08 18:47:45 ----D---- C:\Team17 2010-08-03 17:55:39 ----A---- C:\windows\SysWOW64\shell32.dll 2010-08-03 17:51:43 ----D---- C:\Program Files (x86)\Adobe 2010-07-13 18:38:42 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared 2010-07-10 20:14:56 ----D---- C:\Users\Nicolai\AppData\Roaming\CyberLink 2010-07-10 18:30:00 ----D---- C:\Users\Nicolai\AppData\Roaming\LimeWire 2010-07-10 18:29:33 ----D---- C:\ProgramData\Sun 2010-07-10 18:29:32 ----D---- C:\Program Files (x86)\Common Files\Java 2010-07-10 18:29:21 ----A---- C:\windows\SysWOW64\javaws.exe 2010-07-10 18:29:21 ----A---- C:\windows\SysWOW64\javaw.exe 2010-07-10 18:29:21 ----A---- C:\windows\SysWOW64\java.exe 2010-07-10 18:29:21 ----A---- C:\windows\SysWOW64\deploytk.dll 2010-07-10 18:29:04 ----D---- C:\Program Files (x86)\Java 2010-07-10 18:27:51 ----D---- C:\Program Files (x86)\LimeWire 2010-07-06 01:04:30 ----D---- C:\ProgramData\Symantec 2010-07-06 01:04:30 ----D---- C:\ProgramData\Norton 2010-07-06 01:04:28 ----D---- C:\ProgramData\NortonInstaller 2010-07-05 23:44:03 ----D---- C:\windows\SysWOW64\Wat 2010-07-05 22:47:44 ----A---- C:\windows\SysWOW64\PresentationHostProxy.dll 2010-07-05 22:47:44 ----A---- C:\windows\SysWOW64\PresentationHost.exe 2010-07-05 22:47:44 ----A---- C:\windows\SysWOW64\netfxperf.dll 2010-07-05 22:47:44 ----A---- C:\windows\SysWOW64\mscoree.dll 2010-07-05 22:47:44 ----A---- C:\windows\SysWOW64\dfshim.dll 2010-07-05 22:12:16 ----D---- C:\ProgramData\Sports Interactive 2010-07-05 22:11:35 ----D---- C:\Users\Nicolai\AppData\Roaming\Sports Interactive 2010-07-05 22:07:40 ----A---- C:\windows\SysWOW64\d3dx10_41.dll 2010-07-05 22:07:40 ----A---- C:\windows\SysWOW64\D3DCompiler_41.dll 2010-07-05 22:07:38 ----A---- C:\windows\SysWOW64\D3DX9_41.dll 2010-07-05 22:07:37 ----A---- C:\windows\SysWOW64\XAPOFX1_3.dll 2010-07-05 22:07:36 ----A---- C:\windows\SysWOW64\XAudio2_4.dll 2010-07-05 22:07:34 ----A---- C:\windows\SysWOW64\xactengine3_4.dll 2010-07-05 22:07:33 ----A---- C:\windows\SysWOW64\X3DAudio1_6.dll 2010-07-05 22:07:31 ----A---- C:\windows\SysWOW64\d3dx10_40.dll 2010-07-05 22:07:31 ----A---- C:\windows\SysWOW64\D3DCompiler_40.dll 2010-07-05 22:07:30 ----A---- C:\windows\SysWOW64\D3DX9_40.dll 2010-07-05 22:07:29 ----A---- C:\windows\SysWOW64\XAudio2_3.dll 2010-07-05 22:07:29 ----A---- C:\windows\SysWOW64\XAPOFX1_2.dll 2010-07-05 22:07:28 ----A---- C:\windows\SysWOW64\xactengine3_3.dll 2010-07-05 22:07:27 ----A---- C:\windows\SysWOW64\X3DAudio1_5.dll 2010-07-05 22:07:26 ----A---- C:\windows\SysWOW64\XAudio2_2.dll 2010-07-05 22:07:26 ----A---- C:\windows\SysWOW64\XAPOFX1_1.dll 2010-07-05 22:07:25 ----A---- C:\windows\SysWOW64\xactengine3_2.dll 2010-07-05 22:07:24 ----A---- C:\windows\SysWOW64\d3dx10_39.dll 2010-07-05 22:07:24 ----A---- C:\windows\SysWOW64\D3DCompiler_39.dll 2010-07-05 22:07:22 ----A---- C:\windows\SysWOW64\D3DX9_39.dll 2010-07-05 22:07:21 ----A---- C:\windows\SysWOW64\XAudio2_1.dll 2010-07-05 22:07:21 ----A---- C:\windows\SysWOW64\XAPOFX1_0.dll 2010-07-05 22:07:20 ----A---- C:\windows\SysWOW64\xactengine3_1.dll 2010-07-05 22:07:20 ----A---- C:\windows\SysWOW64\X3DAudio1_4.dll 2010-07-05 22:07:18 ----A---- C:\windows\SysWOW64\d3dx10_38.dll 2010-07-05 22:07:18 ----A---- C:\windows\SysWOW64\D3DCompiler_38.dll 2010-07-05 22:07:17 ----A---- C:\windows\SysWOW64\D3DX9_38.dll 2010-07-05 22:07:16 ----A---- C:\windows\SysWOW64\XAudio2_0.dll 2010-07-05 22:07:15 ----A---- C:\windows\SysWOW64\xactengine3_0.dll 2010-07-05 22:07:15 ----A---- C:\windows\SysWOW64\X3DAudio1_3.dll 2010-07-05 22:07:14 ----A---- C:\windows\SysWOW64\d3dx10_37.dll 2010-07-05 22:07:14 ----A---- C:\windows\SysWOW64\D3DCompiler_37.dll 2010-07-05 22:07:12 ----A---- C:\windows\SysWOW64\D3DX9_37.dll 2010-07-05 22:07:11 ----A---- C:\windows\SysWOW64\xactengine2_10.dll 2010-07-05 22:07:09 ----A---- C:\windows\SysWOW64\d3dx10_36.dll 2010-07-05 22:07:09 ----A---- C:\windows\SysWOW64\D3DCompiler_36.dll 2010-07-05 22:07:08 ----A---- C:\windows\SysWOW64\d3dx9_36.dll 2010-07-05 22:07:06 ----A---- C:\windows\SysWOW64\xactengine2_9.dll 2010-07-05 22:07:06 ----A---- C:\windows\SysWOW64\d3dx10_35.dll 2010-07-05 22:07:05 ----A---- C:\windows\SysWOW64\D3DCompiler_35.dll 2010-07-05 22:07:04 ----A---- C:\windows\SysWOW64\xactengine2_8.dll 2010-07-05 22:07:04 ----A---- C:\windows\SysWOW64\d3dx9_35.dll 2010-07-05 22:07:03 ----A---- C:\windows\SysWOW64\X3DAudio1_2.dll 2010-07-05 22:07:02 ----A---- C:\windows\SysWOW64\d3dx10_34.dll 2010-07-05 22:07:02 ----A---- C:\windows\SysWOW64\D3DCompiler_34.dll 2010-07-05 22:07:01 ----A---- C:\windows\SysWOW64\d3dx9_34.dll 2010-07-05 22:07:00 ----A---- C:\windows\SysWOW64\xinput1_3.dll 2010-07-05 22:06:59 ----A---- C:\windows\SysWOW64\xactengine2_7.dll 2010-07-05 22:06:58 ----A---- C:\windows\SysWOW64\d3dx10_33.dll 2010-07-05 22:06:58 ----A---- C:\windows\SysWOW64\D3DCompiler_33.dll 2010-07-05 22:06:56 ----A---- C:\windows\SysWOW64\d3dx9_33.dll 2010-07-05 22:06:55 ----A---- C:\windows\SysWOW64\xactengine2_6.dll 2010-07-05 22:06:54 ----A---- C:\windows\SysWOW64\xactengine2_5.dll 2010-07-05 22:06:53 ----A---- C:\windows\SysWOW64\d3dx10.dll 2010-07-05 22:06:50 ----A---- C:\windows\SysWOW64\xactengine2_4.dll 2010-07-05 22:06:50 ----A---- C:\windows\SysWOW64\x3daudio1_1.dll 2010-07-05 22:06:49 ----A---- C:\windows\SysWOW64\d3dx9_31.dll 2010-07-05 22:06:48 ----A---- C:\windows\SysWOW64\xactengine2_3.dll 2010-07-05 22:06:47 ----A---- C:\windows\SysWOW64\xinput1_2.dll 2010-07-05 22:06:46 ----A---- C:\windows\SysWOW64\xinput1_1.dll 2010-07-05 22:06:46 ----A---- C:\windows\SysWOW64\xactengine2_2.dll 2010-07-05 22:06:45 ----A---- C:\windows\SysWOW64\xactengine2_1.dll 2010-07-05 22:06:30 ----A---- C:\windows\SysWOW64\d3dx9_30.dll 2010-07-05 22:06:28 ----A---- C:\windows\SysWOW64\xactengine2_0.dll 2010-07-05 22:06:28 ----A---- C:\windows\SysWOW64\x3daudio1_0.dll 2010-07-05 22:06:27 ----A---- C:\windows\SysWOW64\d3dx9_29.dll 2010-07-05 22:06:26 ----A---- C:\windows\SysWOW64\d3dx9_28.dll 2010-07-05 22:06:24 ----A---- C:\windows\SysWOW64\d3dx9_27.dll 2010-07-05 22:06:22 ----A---- C:\windows\SysWOW64\d3dx9_26.dll 2010-07-05 22:06:17 ----A---- C:\windows\SysWOW64\d3dx9_25.dll 2010-07-05 22:06:15 ----A---- C:\windows\SysWOW64\d3dx9_24.dll 2010-07-05 22:03:39 ----D---- C:\windows\SysWOW64\Adobe 2010-07-05 22:01:45 ----HD---- C:\Program Files (x86)\Zero G Registry 2010-07-05 22:01:45 ----D---- C:\Program Files (x86)\Sports Interactive 2010-07-05 21:57:46 ----D---- C:\Users\Nicolai\AppData\Roaming\Spotify 2010-07-05 21:01:43 ----D---- C:\Program Files (x86)\CCleaner 2010-07-05 20:54:27 ----D---- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2010-07-05 20:53:16 ----D---- C:\ProgramData\Apple Computer 2010-07-05 20:53:16 ----D---- C:\Program Files (x86)\QuickTime 2010-07-05 20:53:04 ----D---- C:\Program Files (x86)\Apple Software Update 2010-07-05 20:52:44 ----D---- C:\Program Files (x86)\Common Files\Apple 2010-07-05 20:52:34 ----D---- C:\ProgramData\Apple 2010-07-05 20:52:34 ----D---- C:\Program Files (x86)\Bonjour 2010-07-05 20:42:13 ----D---- C:\Users\Nicolai\AppData\Roaming\vlc 2010-07-05 20:41:48 ----D---- C:\Program Files (x86)\VideoLAN 2010-07-05 20:33:42 ----D---- C:\Program Files (x86)\Common Files\Steam 2010-07-05 20:33:40 ----D---- C:\Program Files (x86)\Steam 2010-07-05 20:29:53 ----D---- C:\Users\Nicolai\AppData\Roaming\Mozilla 2010-07-05 20:29:20 ----D---- C:\Program Files (x86)\DAEMON Tools Lite 2010-07-05 20:28:48 ----D---- C:\Users\Nicolai\AppData\Roaming\DAEMON Tools Lite 2010-07-05 20:28:45 ----D---- C:\ProgramData\DAEMON Tools Lite 2010-07-05 20:28:24 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-07-05 20:26:09 ----D---- C:\Download 2010-07-05 20:24:19 ----D---- C:\Users\Nicolai\AppData\Roaming\Macromedia 2010-07-05 20:24:19 ----D---- C:\Users\Nicolai\AppData\Roaming\Adobe 2010-07-05 20:20:34 ----D---- C:\Users\Nicolai\AppData\Roaming\Google 2010-07-05 19:13:54 ----A---- C:\windows\SysWOW64\ntdll.dll 2010-07-05 19:13:54 ----A---- C:\windows\SysWOW64\asycfilt.dll 2010-07-05 19:13:53 ----A---- C:\windows\SysWOW64\vbscript.dll 2010-07-05 19:13:53 ----A---- C:\windows\SysWOW64\secproc_isv.dll 2010-07-05 19:13:52 ----A---- C:\windows\SysWOW64\secproc.dll 2010-07-05 19:13:52 ----A---- C:\windows\SysWOW64\RMActivate_isv.exe 2010-07-05 19:13:52 ----A---- C:\windows\SysWOW64\RMActivate.exe 2010-07-05 19:13:51 ----A---- C:\windows\SysWOW64\secproc_ssp_isv.dll 2010-07-05 19:13:51 ----A---- C:\windows\SysWOW64\secproc_ssp.dll 2010-07-05 19:13:51 ----A---- C:\windows\SysWOW64\RMActivate_ssp_isv.exe 2010-07-05 19:13:51 ----A---- C:\windows\SysWOW64\RMActivate_ssp.exe 2010-07-05 19:13:50 ----A---- C:\windows\SysWOW64\inetcomm.dll 2010-07-05 19:13:49 ----A---- C:\windows\SysWOW64\t2embed.dll 2010-07-05 19:13:46 ----A---- C:\windows\SysWOW64\explorer.exe 2010-07-05 19:13:46 ----A---- C:\windows\explorer.exe 2010-07-05 19:13:43 ----A---- C:\windows\SysWOW64\wow32.dll 2010-07-05 19:13:43 ----A---- C:\windows\SysWOW64\user.exe 2010-07-05 19:13:43 ----A---- C:\windows\SysWOW64\setup16.exe 2010-07-05 19:13:43 ----A---- C:\windows\SysWOW64\ntvdm64.dll 2010-07-05 19:13:43 ----A---- C:\windows\SysWOW64\instnm.exe 2010-07-05 19:13:20 ----A---- C:\windows\SysWOW64\CPFilters.dll 2010-07-05 19:13:18 ----A---- C:\windows\SysWOW64\psisdecd.dll 2010-07-05 19:13:09 ----A---- C:\windows\SysWOW64\quartz.dll 2010-07-05 19:13:09 ----A---- C:\windows\SysWOW64\msyuv.dll 2010-07-05 19:13:09 ----A---- C:\windows\SysWOW64\msvidc32.dll 2010-07-05 19:13:09 ----A---- C:\windows\SysWOW64\msrle32.dll 2010-07-05 19:13:09 ----A---- C:\windows\SysWOW64\mciavi32.dll 2010-07-05 19:13:09 ----A---- C:\windows\SysWOW64\iyuv_32.dll 2010-07-05 19:13:09 ----A---- C:\windows\SysWOW64\avifil32.dll 2010-07-05 19:13:08 ----A---- C:\windows\SysWOW64\tsbyuv.dll 2010-07-05 19:13:06 ----A---- C:\windows\SysWOW64\jscript.dll 2010-07-05 19:13:04 ----A---- C:\windows\SysWOW64\sspicli.dll 2010-07-05 19:13:04 ----A---- C:\windows\SysWOW64\secur32.dll 2010-07-05 19:12:48 ----A---- C:\windows\SysWOW64\fontsub.dll 2010-07-05 19:12:48 ----A---- C:\windows\SysWOW64\atmlib.dll 2010-07-05 19:12:48 ----A---- C:\windows\SysWOW64\atmfd.dll 2010-07-05 19:12:44 ----A---- C:\windows\SysWOW64\tzres.dll 2010-07-05 19:07:52 ----D---- C:\Users\Nicolai\AppData\Roaming\Identities 2010-07-05 19:07:27 ----D---- C:\Program Files (x86)\Phoenix Technologies Ltd 2010-07-05 19:04:29 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2010-07-05 19:03:25 ----A---- C:\windows\SysWOW64\d3dx9_32.dll 2010-07-05 19:01:58 ----D---- C:\Program Files (x86)\Microsoft 2010-07-05 19:01:33 ----D---- C:\Program Files (x86)\Windows Live SkyDrive 2010-07-05 19:01:28 ----D---- C:\Program Files (x86)\Windows Live 2010-07-05 19:00:18 ----D---- C:\Program Files (x86)\Common Files\Windows Live 2010-07-05 18:59:45 ----D---- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant 2010-07-05 18:56:55 ----D---- C:\Program Files (x86)\Common Files\DESIGNER 2010-07-05 18:56:42 ----D---- C:\Program Files (x86)\Microsoft.NET 2010-07-05 18:55:25 ----D---- C:\ProgramData\Microsoft Help 2010-07-05 18:55:09 ----RHD---- C:\MSOCache 2010-07-05 18:54:05 ----D---- C:\Program Files (x86)\Microsoft Office 2010-07-05 18:53:18 ----D---- C:\Program Files (x86)\Microsoft Works 2010-07-05 18:53:11 ----A---- C:\windows\SysWOW64\wintrust.dll 2010-07-05 18:53:10 ----A---- C:\windows\SysWOW64\cabview.dll 2010-07-05 18:52:12 ----D---- C:\ProgramData\Adobe 2010-07-05 18:51:56 ----D---- C:\Program Files (x86)\Common Files\Adobe 2010-07-05 18:46:18 ----SD---- C:\Users\Nicolai\AppData\Roaming\Microsoft 2010-07-05 18:46:18 ----D---- C:\Users\Nicolai\AppData\Roaming\Media Center Programs 2010-07-05 18:44:24 ----SHD---- C:\Recovery ======List of files/folders modified in the last 2 months====== 2010-08-24 15:51:04 ----D---- C:\windows\Temp 2010-08-24 15:34:08 ----D---- C:\windows\Tasks 2010-08-24 15:33:19 ----RD---- C:\Program Files (x86) 2010-08-22 19:47:14 ----D---- C:\windows\System32 2010-08-22 19:47:14 ----D---- C:\windows\inf 2010-08-19 04:17:35 ----D---- C:\windows\Microsoft.NET 2010-08-19 03:53:55 ----SHD---- C:\windows\Installer 2010-08-19 03:53:21 ----D---- C:\windows\SysWOW64 2010-08-19 03:52:51 ----D---- C:\Windows 2010-08-19 03:48:31 ----RSD---- C:\windows\assembly 2010-08-19 03:46:22 ----RD---- C:\Program Files 2010-08-19 03:41:55 ----D---- C:\Program Files (x86)\Common Files\InstallShield 2010-08-19 03:41:51 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-08-19 00:58:54 ----D---- C:\windows\Prefetch 2010-08-16 20:07:46 ----HD---- C:\ProgramData 2010-08-16 19:29:23 ----D---- C:\Program Files (x86)\McAfee.com 2010-08-16 19:29:23 ----D---- C:\Program Files (x86)\Common Files\McAfee 2010-08-16 17:33:06 ----D---- C:\windows\SysWOW64\drivers 2010-08-16 17:25:04 ----D---- C:\Program Files (x86)\McAfee 2010-08-13 20:27:56 ----D---- C:\windows\winsxs 2010-08-13 20:26:18 ----D---- C:\windows\SysWOW64\migration 2010-08-13 20:26:18 ----D---- C:\Program Files (x86)\Internet Explorer 2010-08-13 09:52:19 ----SHD---- C:\System Volume Information 2010-08-03 17:48:17 ----D---- C:\ProgramData\Partner 2010-07-15 00:57:07 ----D---- C:\windows\LiveKernelReports 2010-07-14 03:01:17 ----SD---- C:\ProgramData\Microsoft 2010-07-13 18:38:42 ----D---- C:\Program Files (x86)\Common Files 2010-07-06 16:01:22 ----D---- C:\ProgramData\CyberLink 2010-07-06 15:53:52 ----D---- C:\ProgramData\McAfee 2010-07-06 06:09:32 ----D---- C:\ProgramData\WinClon 2010-07-06 01:53:35 ----D---- C:\windows\rescache 2010-07-05 23:44:08 ----D---- C:\Program Files (x86)\Windows Mail 2010-07-05 23:44:06 ----D---- C:\windows\AppPatch 2010-07-05 23:44:03 ----D---- C:\windows\ehome 2010-07-05 23:43:59 ----D---- C:\windows\SysWOW64\nb-NO 2010-07-05 22:53:59 ----D---- C:\windows\debug 2010-07-05 22:44:35 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2010-07-05 22:05:04 ----D---- C:\windows\Logs 2010-07-05 20:45:08 ----D---- C:\Program Files (x86)\Google 2010-07-05 19:51:42 ----D---- C:\Program Files (x86)\Windows Sidebar 2010-07-05 19:51:42 ----D---- C:\Program Files (x86)\Windows Photo Viewer 2010-07-05 19:51:42 ----D---- C:\Program Files (x86)\Windows Media Player 2010-07-05 19:51:42 ----D---- C:\Program Files (x86)\Windows Defender 2010-07-05 19:51:42 ----D---- C:\Program Files (x86)\Common Files\System 2010-07-05 19:51:41 ----D---- C:\windows\servicing 2010-07-05 19:51:40 ----D---- C:\windows\SysWOW64\XPSViewer 2010-07-05 19:51:40 ----D---- C:\windows\SysWOW64\winrm 2010-07-05 19:51:40 ----D---- C:\windows\SysWOW64\WCN 2010-07-05 19:51:40 ----D---- C:\windows\SysWOW64\wbem 2010-07-05 19:51:40 ----D---- C:\windows\SysWOW64\sv-SE 2010-07-05 19:51:40 ----D---- C:\windows\SysWOW64\slmgr 2010-07-05 19:51:40 ----D---- C:\windows\SysWOW64\Printing_Admin_Scripts 2010-07-05 19:51:40 ----D---- C:\windows\SysWOW64\MUI 2010-07-05 19:51:40 ----D---- C:\windows\SysWOW64\migwiz 2010-07-05 19:51:40 ----D---- C:\windows\SysWOW64\DriverStore 2010-07-05 19:51:40 ----D---- C:\windows\SysWOW64\Dism 2010-07-05 19:51:37 ----D---- C:\windows\SysWOW64\com 2010-07-05 19:51:37 ----D---- C:\windows\PolicyDefinitions 2010-07-05 19:51:37 ----D---- C:\windows\IME 2010-07-05 19:51:25 ----D---- C:\windows\SysWOW64\fi-FI 2010-07-05 19:51:11 ----D---- C:\windows\SysWOW64\en-US 2010-07-05 19:51:11 ----D---- C:\windows\SysWOW64\en 2010-07-05 19:51:11 ----D---- C:\windows\SysWOW64\drivers\en-US 2010-07-05 19:51:07 ----D---- C:\windows\en-US 2010-07-05 19:51:05 ----D---- C:\windows\Speech 2010-07-05 19:38:57 ----D---- C:\windows\SysWOW64\da-DK 2010-07-05 19:07:45 ----SHD---- C:\$Recycle.Bin 2010-07-05 19:07:18 ----D---- C:\windows\MSetup 2010-07-05 19:05:38 ----D---- C:\Program Files (x86)\CyberLink 2010-07-05 19:05:19 ----D---- C:\ProgramData\Temp 2010-07-05 18:59:02 ----RSD---- C:\windows\Fonts 2010-07-05 18:55:43 ----D---- C:\windows\ShellNew 2010-07-05 18:46:18 ----RD---- C:\Users ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [] R0 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys [] R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [] R1 mfenlfk;McAfee NDIS Light Filter; C:\windows\system32\DRIVERS\mfenlfk.sys [] R1 mfewfpk;McAfee Inc. mfewfpk; C:\windows\system32\drivers\mfewfpk.sys [] R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys [] R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [] R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [] R3 cfwids;McAfee Inc. cfwids; C:\windows\system32\drivers\cfwids.sys [] R3 CryptOSD;Phoenix CryptOSD Device Driver; C:\windows\system32\DRIVERS\CryptOSD.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [] R3 mfeapfk;McAfee Inc. mfeapfk; C:\windows\system32\drivers\mfeapfk.sys [] R3 mfeavfk;McAfee Inc. mfeavfk; C:\windows\system32\drivers\mfeavfk.sys [] R3 mfefirek;McAfee Inc. mfefirek; C:\windows\system32\drivers\mfefirek.sys [] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda64v.sys [] R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [] S3 a73wb1zv;a73wb1zv; C:\windows\SysWOW64\drivers\a73wb1zv.sys [] S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [] S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [] S3 BTHPORT;Bluetooth Port-driver; C:\windows\System32\Drivers\BTHport.sys [] S3 BTHUSB;Bluetooth Radio USB-driver; C:\windows\System32\Drivers\BTHUSB.sys [] S3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [] S3 btwaudio;Bluetooth-lydenhet; C:\windows\system32\drivers\btwaudio.sys [] S3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [] S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [] S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [] S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [] S3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [] S3 mfeavfk01;McAfee Inc.; C:\windows\SysWOW64\drivers\mfeavfk01.sys [] S3 mferkdet;McAfee Inc. mferkdet; C:\windows\system32\drivers\mferkdet.sys [] S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [] S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176] R2 Bonjour Service;Bonjour-tjeneste; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-10-02 873248] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280] R2 McMPFSvc;McAfee Personal Firewall-tjeneste; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-05-31 199032] R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 244840] R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 148520] R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [] R2 Rezip;Rezip; C:\windows\SysWOW64\Rezip.exe [2009-03-05 311296] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-07 247152] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568] S2 gupdate;Googles oppdateringstjeneste (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-05 135664] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-11 182768] S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 509416] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-08-08 407336] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [] -----------------EOF----------------- Kjører Malwarebytes' nå. KOmmer med logg når den har kjørt seg ferdig. Malwarebytes' Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4436 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 24.08.2010 17:32:09 mbam-log-2010-08-24 (17-32-09).txt Skanntype: Full skann (C:\|D:\|E:\|F:\|) Objekter skannet: 308546 Tid tilbakelagt: 1 time®, 34 minutt(er), 9 sekund(er) Minneprosesser infisert: 1 Minnemoduler infisert: 1 Registernøkler infisert: 2 Registerverdier infisert: 5 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 29 Minneprosesser infisert: C:\Users\Public\K-7695-6489-5842\csrrsn.exe (Backdoor.Bot) -> Unloaded process successfully. Minnemoduler infisert: C:\Users\Nicolai\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsyscntrl32 (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java developer script browse (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert C:\Users\Public\K-7695-6489-5842\csrrsn.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\!KillBox\Temp\5298422.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$R42AGEA.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$R7ACOKR.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$R874MMK.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RAK3EKU.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RDELY2T.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RE0IV61.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$REATC0D.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RGM8Y16.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RH7MTDE.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RH8DWBC.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RHT650X.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RMA3NS3.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RN1G9S0.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RRMQMOJ.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RS3HWUZ.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RXXKM0Y.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RZKDLOT.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3308257777-3062976545-735110923-1001\$RZQSIQF.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\0862237.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\5777403.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\Bl7jC8GleG.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Nicolai\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Users\Public\jusched.exe (Trojan.Downloader) -> Delete on reboot. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. Endret 24. august 2010 av Umlaut Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå