gard. Skrevet 26. oktober 2010 Del Skrevet 26. oktober 2010 Hei! Vil gjerne vite om jeg fikk fjernet det jeg ville, etter å ha fulgt guiden i denne tråden. I dag dukket plutselig programmet Security Tool opp (på to pcer i huset), og jeg fulgte som sagt guiden i tråden jeg nevnte. Hadde fra tidligere noe "malware/virus" som Windows Defender har oppdaget ved hver oppstart, og enkelt "fjernet" ved et tastetrykk, til så at det skal dukke opp igjen ved neste oppstart. Etter å ha kjørt MBAM følte jeg at jeg oppdaget og fjernet mer enn Security Tool, så urer hovedsaklig på om jeg fikk fjernet dette også. Mbam log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4954 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18975 26.10.2010 22:14:26 mbam-log-2010-10-26 (22-14-26).txt Skanntype: Hurtigsøk Objekter skannet: 143352 Tid tilbakelagt: 4 minutt(er), 25 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 5 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 7 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft iexplorer1e (Heuristics.Shuriken) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft iexplorer1e (Heuristics.Shuriken) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\updater.exe (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\updater.exe (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\9350671 (Rogue.SecurityTool) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert C:\Users\Gard\AppData\Local\Temp\iexplore.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. C:\Windows\updater.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Gard\AppData\Local\9350671.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Users\Gard\AppData\Local\Temp\erase_me867355.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. C:\Users\Gard\AppData\Local\Temp\i86cfg.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Users\Gard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Users\Gard\AppData\Local\Temp\eraseme_25080.exe (Trojan.Agent) -> Quarantined and deleted successfully. DDS logg: DDS (Ver_10-10-21.02) - NTFS_AMD64 NETWORK Run by Gard at 22:16:26,09 on 26.10.2010 Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.4094.3054 [GMT 2:00] SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Users\Gard\Desktop\dds.scr C:\Windows\SysWOW64\conime.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Google Update] "C:\Users\Gard\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [0x017] 0x017 mRun: [soundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe" mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [AsioReg] REGSVR32 /S CTASIO.DLL mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent mRunOnce: [<NO NAME>] mRunOnce: [GrpConv] grpconv -o dRun: [CtxfiReg] CTXFIREG.exe /FAIL2 dRun: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\wirelesscm.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab {9030D464-4C02-4ABF-8ECC-5164760863C6} TB-X64: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun-x64: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ================= FIREFOX =================== FF - ProfilePath - C:\Users\Gard\AppData\Roaming\Mozilla\Firefox\Profiles\ajpm669x.default\ FF - prefs.js: browser.search.selectedEngine - GoogleCOM FF - prefs.js: browser.startup.homepage - hxxp://www.google.no FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll FF - plugin: C:\Program Files (x86)\Dyyno\Dyyno Player\npvlc.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll FF - plugin: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Gard\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Users\Gard\AppData\Roaming\Mozilla\Firefox\Profiles\ajpm669x.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: C:\Users\Gard\AppData\Roaming\Mozilla\Firefox\Profiles\ajpm669x.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - GoogleCOMC:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2009-4-24 68640] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-3-9 1029456] R3 AmdTools64;AMD Special Tools Driver;C:\Windows\System32\drivers\AmdTools64.sys [2010-3-20 47160] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408] R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2007-12-6 391680] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-26 203264] S2 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2007-11-6 40464] S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-8-26 7767040] S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-26 279040] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2010-7-15 113680] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-19 89920] S3 FontCache;Windows skriftbuffertjeneste;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-7 27648] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008] S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2008-5-2 23552] S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2008-5-2 18432] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-7-7 19968] S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688] ============== File Associations =============== JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* =============== Created Last 30 ================ 2010-10-26 19:59:47 -------- d-----w- C:\Users\Gard\AppData\Roaming\Malwarebytes 2010-10-26 19:58:52 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2010-10-26 19:58:52 -------- d-----w- C:\PROGRA~3\Malwarebytes 2010-10-26 19:58:51 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-10-26 19:58:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-10-26 19:41:35 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{1590D153-CF25-4CCE-A651-81AFD7FDB831}\mpengine.dll 2010-10-12 20:27:49 -------- d-sh--w- C:\PROGRA~3\DSS 2010-10-12 20:02:22 -------- d-----w- C:\Windows\SysWow64\AGEIA 2010-10-11 19:55:58 -------- d-----w- C:\Users\Gard\AppData\Roaming\Apowersoft 2010-10-11 19:55:56 -------- d-----w- C:\Program Files (x86)\Apowersoft 2010-10-10 21:47:18 393216 ----a-w- C:\Windows\SysWow64\reader_l.exe 2010-10-04 17:29:10 2601752 ----a-w- C:\Windows\SysWow64\pbsvc_moh.exe 2010-10-02 22:44:01 -------- d-----w- C:\Program Files (x86)\Strategy First 2010-10-01 20:33:40 -------- d-----w- C:\Users\Gard\AppData\Local\Windows Live 2010-09-29 15:03:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2010-09-29 15:03:44 2048 ----a-w- C:\Windows\System32\tzres.dll 2010-09-29 15:03:41 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll 2010-09-29 15:03:40 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2010-09-26 20:55:10 -------- d-----w- C:\Program Files\iPod 2010-09-26 20:55:09 -------- d-----w- C:\Program Files\iTunes 2010-09-26 20:51:53 -------- d-----w- C:\Program Files\Bonjour 2010-09-26 20:51:53 -------- d-----w- C:\Program Files (x86)\Bonjour ==================== Find3M ==================== 2010-10-19 09:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe 2010-10-05 17:50:13 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2010-10-05 17:50:13 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2010-09-22 22:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2010-09-15 02:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL 2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2010-09-08 09:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2010-09-08 09:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll 2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll 2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl 2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll 2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll 2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll 2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec 2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec 2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe 2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll 2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll 2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll 2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll 2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll 2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys 2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys 2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll 2010-08-31 15:46:37 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll 2010-08-31 15:46:37 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll 2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll 2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys 2010-08-26 17:46:52 189952 ----a-w- C:\Windows\System32\t2embed.dll 2010-08-26 16:37:45 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll 2010-08-26 03:37:26 7767040 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2010-08-26 02:14:12 20736000 ----a-w- C:\Windows\System32\atio6axx.dll 2010-08-26 02:01:14 143360 ----a-w- C:\Windows\System32\atiapfxx.exe 2010-08-26 02:01:04 528384 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2010-08-26 02:00:02 616960 ----a-w- C:\Windows\System32\aticfx64.dll 2010-08-26 01:57:58 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2010-08-26 01:57:50 462336 ----a-w- C:\Windows\System32\atieclxx.exe 2010-08-26 01:57:14 203264 ----a-w- C:\Windows\System32\atiesrxx.exe 2010-08-26 01:56:06 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2010-08-26 01:55:50 421376 ----a-w- C:\Windows\System32\atipdl64.dll 2010-08-26 01:55:48 15830016 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2010-08-26 01:55:42 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll 2010-08-26 01:55:32 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll 2010-08-26 01:55:28 12288 ----a-w- C:\Windows\System32\atimuixx.dll 2010-08-26 01:55:22 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2010-08-26 01:55:18 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2010-08-26 01:52:22 3914240 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2010-08-26 01:43:28 4602880 ----a-w- C:\Windows\System32\atidxx64.dll 2010-08-26 01:34:38 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2010-08-26 01:34:36 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2010-08-26 01:34:28 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2010-08-26 01:34:26 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2010-08-26 01:34:16 5425664 ----a-w- C:\Windows\System32\aticaldd64.dll 2010-08-26 01:33:52 4032512 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2010-08-26 01:33:08 4375552 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2010-08-26 01:33:02 3147264 ----a-w- C:\Windows\System32\atiumd6a.dll 2010-08-26 01:27:58 57344 ----a-w- C:\Windows\System32\coinst.dll 2010-08-26 01:27:54 5202944 ----a-w- C:\Windows\System32\atiumd64.dll 2010-08-26 01:25:58 3392000 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2010-08-26 01:21:24 338432 ----a-w- C:\Windows\System32\atiadlxx.dll 2010-08-26 01:21:18 241664 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2010-08-26 01:21:08 14848 ----a-w- C:\Windows\System32\atig6pxx.dll 2010-08-26 01:21:06 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2010-08-26 01:21:06 12800 ----a-w- C:\Windows\System32\atiglpxx.dll 2010-08-26 01:21:02 21504 ----a-w- C:\Windows\System32\atig6txx.dll 2010-08-26 01:21:00 19968 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2010-08-26 01:20:56 279040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2010-08-26 01:20:14 39424 ----a-w- C:\Windows\System32\atiuxp64.dll 2010-08-26 01:20:08 30208 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2010-08-26 01:20:04 37376 ----a-w- C:\Windows\System32\atiu9p64.dll 2010-08-26 01:19:56 28160 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2010-08-26 01:19:40 26112 ----a-w- C:\Windows\System32\atitmp64.dll 2010-08-26 01:19:28 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2010-08-26 01:13:22 53760 ----a-w- C:\Windows\System32\atimpc64.dll 2010-08-26 01:13:22 53760 ----a-w- C:\Windows\System32\amdpcom64.dll 2010-08-26 01:13:16 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2010-08-26 01:13:16 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2010-08-20 16:57:50 1090048 ----a-w- C:\Windows\System32\wmpmde.dll 2010-08-20 16:05:07 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll 2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe 2010-08-10 16:14:20 343040 ----a-w- C:\Windows\System32\schannel.dll 2010-08-10 15:53:15 274944 ----a-w- C:\Windows\SysWow64\schannel.dll ============= FINISH: 22:17:37,02 =============== Takk på forhånd! Lenke til kommentar
norbat Skrevet 26. oktober 2010 Del Skrevet 26. oktober 2010 Last ned Hijackthis. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
gard. Skrevet 26. oktober 2010 Forfatter Del Skrevet 26. oktober 2010 Loggen fra HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:12:44, on 26.10.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Program Files (x86)\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\wirelesscm.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Windows\SysWOW64\CTHELPER.EXE C:\Program Files (x86)\AirPort\APAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe C:\Program Files (x86)\Last.fm\LastFM.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [soundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Gard\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [0x017] 0x017 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'Default user') O4 - Global Startup: SetPointII.lnk = ? O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files (x86)\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\wirelesscm.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10498 bytes Lenke til kommentar
cocopara Skrevet 27. oktober 2010 Del Skrevet 27. oktober 2010 (endret) Rart at du i det hele tatt fikk security. Hvilket anti virus har du?. Avast, Avira og AVG har veldig problemer med falske anti virus. Endret 27. oktober 2010 av cocopara Lenke til kommentar
norbat Skrevet 27. oktober 2010 Del Skrevet 27. oktober 2010 Start HJT, velg 'Do a system scan only', sett merke framfor følgende linje og klikk 'Fix checked': O4 - HKCU\..\Run: [0x017] 0x017 Installer deretter et antivirusprog. Microsoft Security Essentialser gratis og godt. Velg riktig versjon (vista/7 64bit ) Lenke til kommentar
gard. Skrevet 27. oktober 2010 Forfatter Del Skrevet 27. oktober 2010 Har brukt Avast i det siste, cocopara. Ok, takk for hjelpen, norbat Har forresten loggene fra den andre pc'n som også Security Tool dukket opp på på samme dag. Mistenker at det er en del dritt på den ellers, da det er lillebroren min som bruker den. Mbam: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 25.10.2010 23:11:56 mbam-log-2010-10-25 (23-11-56).txt Scan type: Quick scan Objects scanned: 127874 Time elapsed: 11 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Eier\Start-meny\Programmer\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. Combofix: ComboFix 10-10-25.04 - Eier 25.10.2010 23:16:46.1.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1023.784 [GMT 1:00] Kjører fra: O:\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\hpe180.dll c:\documents and settings\Eier\Lokale innstillinger\Programdata\119539.exe c:\windows\cfcens.dll c:\windows\system32\_000125_.tmp.dll c:\windows\system32\drivers\heia.sys c:\windows\updater.exe E:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ttdkgxf ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-09-25 til 2010-10-25 ))))))))))))))))))))))))))))))))) . 2010-10-25 21:16 . 2010-10-25 21:16 -------- d-----w- c:\documents and settings\Eier\Programdata\Malwarebytes 2010-10-25 21:03 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-25 21:03 . 2010-10-25 21:03 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-10-25 21:03 . 2010-10-25 21:03 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2010-10-25 21:03 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-25 21:01 . 2010-10-25 21:02 -------- d-----w- c:\documents and settings\Administrator 2010-10-23 13:46 . 2010-10-24 15:05 -------- d-----w- c:\programfiler\DAEMON Tools Lite 2010-10-23 13:46 . 2010-10-23 13:48 -------- d-----w- c:\documents and settings\Eier\Programdata\DAEMON Tools Lite 2010-10-23 13:46 . 2010-10-23 13:46 -------- d-----w- c:\documents and settings\All Users\Programdata\DAEMON Tools Lite 2010-10-22 19:22 . 2010-10-22 19:22 83456 ----a-w- c:\windows\i8632.exe 2010-10-17 20:40 . 2010-10-21 14:02 84992 ----a-w- c:\windows\realtime86.exe 2010-10-16 21:23 . 2010-10-16 21:23 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2010-10-16 19:33 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-16 19:33 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-16 19:31 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-10-16 19:18 . 2010-10-16 19:18 417792 ----a-w- c:\windows\system32\ieextranet.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 11:23 . 2009-08-16 05:59 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2009-08-16 05:59 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2009-08-16 05:59 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2009-08-16 05:59 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:52 . 2004-01-22 00:30 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:52 . 2009-08-16 05:59 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:52 . 2009-08-16 05:59 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:52 . 2009-08-16 05:49 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:57 . 2004-01-01 23:43 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:04 . 2009-08-16 06:01 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:55 . 2009-08-16 06:01 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2004-01-01 23:43 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:13 . 2009-08-16 05:58 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2009-08-16 06:01 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2004-01-01 18:09 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-08-04 10:45 . 2010-07-25 22:55 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-08-01 16:35 . 2010-08-01 16:35 192512 ----a-w- C:\bog2.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\programfiler\Free_Lunch_Design\tbFre1.dll" [2010-07-14 2515552] [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] 2010-07-14 18:34 2515552 ----a-w- c:\programfiler\Free_Lunch_Design\tbFre1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\programfiler\Free_Lunch_Design\tbFre1.dll" [2010-07-14 2515552] [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\programfiler\Free_Lunch_Design\tbFre1.dll" [2010-07-14 2515552] [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "0x017"="0x017" [X] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-02-18 248040] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HP Component Manager"="c:\programfiler\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPHUPD05"="c:\programfiler\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152] "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "Home Theater SchSvr"="c:\programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe" [2004-06-14 155648] "WINREMOTE"="c:\programfiler\InterVideo\Common\Bin\WinRemote.exe" [2004-06-11 192512] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2003-08-21 72536] "CTHelper"="CTHELPER.EXE" [2003-11-14 24576] "ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 335872] "CTDVDDET"="c:\programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "UpdateManager"="c:\programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-09-05 417792] "StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440] "razer"="c:\programfiler\Razer\razerhid.exe" [2005-05-17 147456] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-09-21 305440] "Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-12-03 189168] "AirPort Base Station Agent"="c:\programfiler\AirPort\APAgent.exe" [2009-11-11 771360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 49152] "StartMS"="c:\programfiler\Creative\Shared Files\Media Sniffer\StartMS.EXE" [2003-03-26 57344] "CMSRegOW.exe"="c:\programfiler\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-15 57344] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Opera\\opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Steam\\SteamApps\\common\\football manager 2010\\fm.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programfiler\\Cyanide\\GameCenter\\GameCenter.exe"= "c:\\Programfiler\\Cyanide\\Pro Cycling Manager - Saison 2006\\PCM.exe"= "c:\\Programfiler\\AirPort\\APAgent.exe"= "updater.exe"= c:\windows\updater.exe "c:\\Programfiler\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"= "c:\\Programfiler\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "c:\\Programfiler\\Ubisoft\\Splinter Cell Pandora Tomorrow\\online\\System\\shadowstrike_static_retail.ex"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:UDP"= 5353:UDP:Bonjour R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.12.2009 17:16 691696] R2 OMSI download service;Sony Ericsson OMSI download service;c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [26.01.2010 19:51 90112] R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [01.01.2004 18:39 24192] R3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [01.01.2004 18:39 350282] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [16.04.2010 10:15 136176] S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [13.10.2009 20:45 13225] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [26.01.2010 19:46 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [26.01.2010 19:46 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [26.01.2010 19:46 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [26.01.2010 19:46 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [26.01.2010 19:46 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [26.01.2010 19:46 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [26.01.2010 19:46 109864] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [13.10.2009 20:50 40448] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-16 09:15] 2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-16 09:15] 2010-10-24 c:\windows\Tasks\Norton Security Scan for Eier.job - c:\programfiler\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-07 08:48] 2009-10-13 c:\windows\Tasks\Symantec NetDetect.job - c:\programfiler\Symantec\LiveUpdate\NDETECT.EXE [2004-01-01 16:57] . . ------- Tilleggsskanning ------- . uDefault_Search_URL = www.overture.com/d/search/p/hp/panel/?mkt=no&Partner=hp_no_pav_desk_panel mSearch Bar = hxxp://www.overture.com/d/search/p/hp/panel/?mkt=no&Partner=hp_no_pav_desk_panel uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\urgm8uu6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\programfiler\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\programfiler\Microsoft\Office Live\npOLW.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\programfiler\Sony\Media Go\npmediago.dll FF - plugin: c:\programfiler\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-Osuyagecagu - c:\windows\cfcens.dll HKCU-Run-updater.exe - c:\windows\updater.exe HKLM-Run-VTTimer - VTTimer.exe HKLM-Run-updater.exe - c:\windows\updater.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-25 23:27 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, http://www.gmer.net Windows 5.1.2600 device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys sfsync04.sys hal.dll atapi.sys spdw.sys >>UNKNOWN [0x86F87938]<< 1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86EEFAB8] 2 nt[0x804E13B9] -> CLASSPNP.SYS[0xF7581FD7] -> \Device\Harddisk0\DR0[0x86EEFAB8] 3 CLASSPNP[0xF7581FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP1T0L0-17[0x86F3EB00] 4 nt[0x804E13B9] -> UNKNOWN[0x86F8793B] -> \Device\Ide\IdeDeviceP1T0L0-17[0x86F3EB00] kernel: MBR read successfully detected hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7585f28 \Driver\ACPI -> ACPI.sys @ 0xf73edcb8 \Driver\atapi -> sfsync04.sys @ 0xf73c5a7c IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a SecurityProcedure -> ntoskrnl.exe @ 0x805df529 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a SecurityProcedure -> ntoskrnl.exe @ 0x805df529 NDIS: Wireless PCI 802.11b/g adapter WN4201B -> SendCompleteHandler -> NDIS.sys @ 0xf728cbb0 PacketIndicateHandler -> NDIS.sys @ 0xf7299a21 SendHandler -> NDIS.sys @ 0xf727787b user != kernel MBR !!! ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-922911779-3752571769-1668404974-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:bf,bb,ac,22,5e,49,b6,11,15,bf,8c,f1,29,6e,cc,fb,f0,2b,ff,dc,80,cf,33, 69,ab,2c,42,98,d1,0c,00,30,cb,e4,f4,92,f1,07,1d,49,2f,6a,0a,42,7b,2c,0a,bb,\ "??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95 [HKEY_USERS\S-1-5-21-922911779-3752571769-1668404974-1003\Software\SecuROM\License information*] "datasecu"=hex:8d,ba,92,e9,3b,4b,8f,e1,c1,9c,11,14,b5,be,50,ac,90,ef,c6,21,d0, b2,1f,7a,3f,08,8a,a9,a5,ad,65,e0,20,1e,ae,ae,86,bc,c6,0e,22,57,0b,f6,d1,27,\ "rkeysecu"=hex:7b,24,29,09,ce,c1,cf,e1,2d,35,08,c0,31,82,56,6f . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2068) c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe c:\windows\System32\CTSvcCDA.EXE c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\Norton AntiVirus\navapsvc.exe c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\System32\MsPMSPSv.exe c:\programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe c:\programfiler\Razer\razerofa.exe c:\windows\system32\wscntfy.exe c:\programfiler\iPod\bin\iPodService.exe c:\windows\System32\wbem\wmiapsrv.exe . ************************************************************************** . Tidspunkt ferdig: 2010-10-25 23:41:12 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-10-25 22:39 Pre-Run: 73 336 918 016 byte ledig Post-Run: 73 958 055 936 byte ledig - - End Of File - - AC6A76CC2DAB46EBBF84F804F8CD03A7 Lenke til kommentar
norbat Skrevet 27. oktober 2010 Del Skrevet 27. oktober 2010 Oppdater mbam og kjør en ny rask skann. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå