Deaktivert Konto Skrevet 29. november 2010 Del Skrevet 29. november 2010 (endret) Hei! Jeg har fått tak i et lite malware som jeg gjerne skulle hatt litt hjelp til å fjerne. Det er et win32.FraudLoad.edt som åpner pop-ups i Internet Explorer. Her er loggene mine: SpyBot Search&Destroy: --- Report generated: 2010-11-29 18:21 --- Win32.FraudLoad.edt: [sBI $666C83D9] Data (File, nothing done) C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job Properties.size=298 Properties.md5=19052F0734C2C6E741F199FCC5610415 Properties.filedate=1291050436 Properties.filedatetext=2010-11-29 18:07:16 Win32.FraudLoad.edt: [sBI $1436A642] Data (File, nothing done) C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Properties.size=0 Properties.md5=D41D8CD98F00B204E9800998ECF8427E Win32.FraudLoad.edt: [sBI $354F3C2C] Data (File, nothing done) C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job Properties.size=298 Properties.md5=1DC3DCA438130B38CA6840E4F1616F69 Properties.filedate=1291051161 Properties.filedatetext=2010-11-29 18:19:20 MediaPlex: Tracking cookie (Internet Explorer: Hovedbruker) (Cookie, nothing done) DoubleClick: Tracking cookie (Internet Explorer: Hovedbruker) (Cookie, nothing done) MediaPlex: Tracking cookie (Internet Explorer: Hovedbruker) (Cookie, nothing done) Right Media: Tracking cookie (Internet Explorer: Hovedbruker) (Cookie, nothing done) AdBrite: Tracking cookie (Internet Explorer: Hovedbruker) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-01-26 TeaTimer.exe (1.6.4.26) 2010-11-29 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-01-26 advcheck.dll (1.6.2.15) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2010-06-29 Includes\Adware.sbi (*) 2010-10-12 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2010-09-22 Includes\Dialer.sbi (*) 2010-10-12 Includes\DialerC.sbi (*) 2010-01-25 Includes\HeavyDuty.sbi (*) 2010-11-16 Includes\Hijackers.sbi (*) 2010-11-16 Includes\HijackersC.sbi (*) 2010-06-02 Includes\iPhone.sbi (*) 2010-08-02 Includes\Keyloggers.sbi (*) 2010-10-12 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2010-09-13 Includes\Malware.sbi (*) 2010-11-29 Includes\MalwareC.sbi (*) 2010-05-18 Includes\PUPS.sbi (*) 2010-10-12 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2010-10-12 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2010-06-29 Includes\Spyware.sbi (*) 2010-10-26 Includes\SpywareC.sbi (*) 2010-03-08 Includes\Tracks.uti 2010-11-02 Includes\Trojans.sbi (*) 2010-10-12 Includes\TrojansC-02.sbi (*) 2010-10-12 Includes\TrojansC-03.sbi (*) 2010-10-12 Includes\TrojansC-04.sbi (*) 2010-11-29 Includes\TrojansC-05.sbi (*) 2010-11-23 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll Combofix logg: ComboFix 10-11-29.01 - Hovedbruker 29.11.2010 18:52:31.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.3582.1981 [GMT 1:00] Kjører fra: c:\users\Hovedbruker\Downloads\Chrome Downloads\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Guest\AppData\Roaming\SQLite3.dll c:\users\Hovedbruker\AppData\Roaming\chrtmp c:\users\Hovedbruker\AppData\Roaming\SQLite3.dll c:\windows\Dbicoa.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-10-28 til 2010-11-29 ))))))))))))))))))))))))))))))))) . 2010-11-29 17:59 . 2010-11-29 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-11-29 17:59 . 2010-11-29 17:59 -------- d-----w- c:\users\Guest\AppData\Local\temp 2010-11-29 16:34 . 2010-11-29 16:55 -------- d-----w- c:\users\Hovedbruker\AppData\Local\Temporary Projects 2010-11-29 16:13 . 2010-11-29 17:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-11-29 16:13 . 2010-11-29 16:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-11-28 10:39 . 2010-11-28 10:44 -------- d-----w- c:\users\Hovedbruker\AppData\Roaming\Systweak 2010-11-28 10:39 . 2010-11-28 10:44 -------- d-----w- c:\program files\RegClean Pro 2010-11-26 22:19 . 2010-11-26 22:19 -------- d-----w- c:\users\Hovedbruker\AppData\Roaming\Microsoft Corporation 2010-11-26 20:49 . 2010-11-28 21:41 -------- d-----w- C:\Projects 2010-11-26 20:29 . 2010-11-26 22:36 -------- d-----w- C:\Debug 2010-11-22 17:13 . 2010-11-22 17:14 -------- d-----w- c:\users\Hovedbruker\AppData\Roaming\U3 2010-11-21 17:27 . 2010-11-21 17:27 -------- d-----w- c:\program files\Microsoft SQL Server 2010-11-21 17:27 . 2010-11-21 17:28 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll 2010-11-21 17:05 . 2010-11-21 17:05 -------- d-----w- c:\program files\Microsoft Silverlight 2010-11-21 17:04 . 2010-11-21 17:04 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll 2010-11-21 17:03 . 2010-11-21 17:03 -------- d-----w- c:\windows\symbols 2010-11-21 17:03 . 2010-11-21 17:03 -------- d-----w- c:\program files\Microsoft SDKs 2010-11-21 17:03 . 2010-11-21 17:03 -------- d-----w- c:\program files\Microsoft Help Viewer 2010-11-21 17:03 . 2010-11-21 17:03 -------- d-----w- c:\program files\Common Files\Merge Modules 2010-11-21 17:03 . 2010-11-21 17:28 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2010-11-21 16:46 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-11-21 16:46 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-11-21 16:46 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-11-21 16:46 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-11-21 16:46 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-11-21 14:54 . 2010-11-21 14:54 388096 ----a-r- c:\users\Hovedbruker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-11-21 14:54 . 2010-11-21 14:54 -------- d-----w- c:\program files\Trend Micro 2010-11-21 14:33 . 2010-11-21 14:33 -------- d-----w- c:\users\Hovedbruker\AppData\Roaming\Malwarebytes 2010-11-21 14:33 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-21 14:33 . 2010-11-21 14:33 -------- d-----w- c:\programdata\Malwarebytes 2010-11-21 14:33 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-21 14:33 . 2010-11-21 14:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-20 12:29 . 2010-11-20 12:29 -------- d--h--w- c:\programdata\CanonBJ 2010-11-20 12:29 . 2008-10-09 04:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9D.DLL 2010-11-20 12:29 . 2008-10-09 04:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9D.DLL 2010-11-20 12:29 . 2010-11-20 12:29 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2010-11-20 12:28 . 2008-10-09 04:00 230912 ----a-w- c:\windows\system32\CNMLM9D.DLL 2010-11-20 12:28 . 2008-05-30 08:27 270336 ----a-w- c:\windows\system32\CNC620L.DLL 2010-11-20 12:28 . 2008-04-07 13:58 1339392 ----a-w- c:\windows\system32\CNC620C.DLL 2010-11-20 12:28 . 2008-04-07 13:58 98304 ----a-w- c:\windows\system32\CNC620I.DLL 2010-11-20 12:28 . 2007-03-15 13:12 188416 ----a-w- c:\windows\system32\CNC620O.DLL 2010-11-20 12:27 . 2010-11-20 12:38 -------- d-----w- c:\program files\Canon 2010-11-20 12:27 . 2010-01-18 11:35 143360 ----a-w- c:\windows\system32\CNMNPUI.DLL 2010-11-20 12:27 . 2010-01-18 11:35 363008 ----a-w- c:\windows\system32\CNMNPPM.DLL 2010-11-19 19:29 . 2010-11-19 19:29 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla 2010-11-18 17:28 . 2010-11-18 17:28 -------- d-----w- c:\programdata\CrypKey 2010-11-18 17:27 . 2010-01-20 16:28 165888 ----a-r- c:\windows\Ckconfig.exe 2010-11-18 17:27 . 2010-11-19 23:53 -------- d-----w- c:\programdata\AceReader Pro Deluxe Plus 2010-11-18 17:27 . 2010-11-18 17:28 -------- d-----w- c:\program files\AceReader Pro Deluxe Plus 2010-11-18 16:06 . 2010-11-18 16:08 -------- d-----w- c:\program files\RocketReaderV810 2010-11-18 15:34 . 2002-02-20 13:22 4141056 ----a-w- c:\windows\eyeQ Screen Saver.scr 2010-11-18 15:33 . 2010-11-18 15:33 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-11-18 15:33 . 2010-11-18 15:33 -------- d-----w- c:\program files\Infinite Mind LC 2010-11-18 15:32 . 2010-11-18 15:32 -------- d-----w- c:\program files\Common Files\InstallShield 2010-11-17 20:37 . 2010-11-17 20:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-11-17 20:36 . 2010-11-17 20:37 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-11-17 20:36 . 2010-11-18 15:31 -------- d-----w- c:\users\Hovedbruker\AppData\Roaming\DAEMON Tools Lite 2010-11-17 20:35 . 2010-11-17 20:36 -------- d-----w- c:\programdata\DAEMON Tools Lite 2010-11-06 15:39 . 2010-11-06 15:39 -------- d-----w- c:\users\Hovedbruker\AppData\Local\Mozilla 2010-11-02 21:02 . 2010-11-02 21:02 -------- d-----w- c:\users\Hovedbruker\AppData\Roaming\Avira . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-24 14:59 . 2010-09-12 10:32 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-04 21:24 . 2010-09-12 10:32 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-10-01 07:22 . 2010-10-01 07:22 409088 ----a-w- c:\windows\system32\systemcpl.dll 2010-10-01 07:22 . 2010-10-01 07:22 13824 ----a-w- c:\windows\system32\slwga.dll 2010-09-16 16:56 . 2010-09-16 16:56 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\Hovedbruker\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-12 136176] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-03 328056] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-03 96800] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744] "IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240] "IME14 JPN Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240] "IME14 KOR Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240] "IME14 CHS Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2010-10-03 867328] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-18 124256] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 1 (0x1) "ForceRunOnStartMenu"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS\0OODBS [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] IME File REG_SZ IMSC14.IME [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210804] IME File REG_SZ IMSCE14.IME [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412] Ime File REG_SZ IMKR14.IME [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411] Ime File REG_SZ IMJP14.IME [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00c0404] IME File REG_SZ IMTCP14.IME [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00d0404] IME File REG_SZ IMTCC14.IME [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Hovedbruker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] backup=c:\windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] 2010-08-24 20:56 2770760 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl] 2010-08-09 10:03 389352 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-10-20 45232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] R4 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-08-24 2281800] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-17 691696] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336] S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-01-20 59760] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-08-05 111312] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-11-29 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-09-13 09:21] 2010-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1546097111-2865757993-1591581800-1000Core.job - c:\users\Hovedbruker\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-12 09:26] 2010-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1546097111-2865757993-1591581800-1000UA.job - c:\users\Hovedbruker\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-12 09:26] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=62O4PR99&id=menu_ie_frame IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=62O4PR99&id=menu_ie_image IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=62O4PR99&id=menu_ie_link IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=62O4PR99&id=menu_ie_exclude IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=62O4PR99&id=menu_ie_report IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\Hovedbruker\AppData\Roaming\Mozilla\Firefox\Profiles\5u1ko3xy.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Hovedbruker\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Ad Muncher Browser Extensions: {3ED591BC-7CC7-495B-A526-B2431356EDC1} - c:\program files\Ad Muncher\FirefoxExtension_2.0 . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-AdobeAcrobat5 - c:\windows\system32\MSOffice\update.exe MSConfigStartUp-AdobeAcrobat6 - c:\windows\system32\MSOffice\update.exe . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG14.00.00.01PROFESSIONAL"="5BEF93C848358585545837EDC892E834EABC64416B4135DB82A0267BFD0FF9EF5EED153E5A23FE5146950C705849FD11B7F370EE46F6F20D290D0706EFB47CCB5D115B3D3D4AC935C235B576DA3E1796EAE022D6F42C3DF7889F858982DB4FBD85EEC8421F3CCC20A05286A6759CDC6F2542DB6D383D1BA32BDBB7653137FACB696F423D552232B3995BD61D751E3977E9AA079BF51D59CC7C183572978BCBAB00D1320E55B567454F9080EACB135C4321028FBEB6510A60CE0399F97933D54C25FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A9C6AECB7A5D1407A6171C11EC38DE3D8B43D2FEC15A8D5772149B2E57E378C2585DDB6DB2433E9CC242202277222357B0C1FA74083EBDACD58780DD66C6677328580E42634963802E056B1D2334F01AB072B535E75F14F4AE2E9C6EB732BFD028986D9F4A484C91B395F001C83B36F5EADA96225F67B6DB9EBD7378204F280D62228A762F0B3929E3E9ED394443EF909300A8407F40826D1EEDFABA848CF7BF337E675E6B1F20089E7C915607995172B0EF6639EC9B861B79F99B175E9A3DE24B3CFA1270562A52994C808B14D3C0069D38C258626C073ACF253593BCEDB6D4306D31F140C6B50D5F5B513184C7599D886EA28F2BEB7A0514B21A5942C0595739A6687E72CCD3A6CD3113438490E76DF329DD74A9968C188FEA8F37A40F4D91140273E0B203C96B16D742E0530D718D3604C23E532B9CF45D9CCE1F2E1B708DC19C9A6240CE1291BD5E55CFC7E0AAF8FB9E12CBB1ADBF01ED158626BCE952BA969817F26E54592F9ED733F5C6F37E92421E009C60E7BB06842C5906C444B8E9BB9B192523FD01BFE8D9B7E04FEF0C9DDCA736D412658CB139B7DC9E4A3699D12D4F43AFDAFA9E211AFE343E7045254272E8D13F8B75621476171AEE6793A30E3DE12D6C25BBFC990BE66B64CE27500D7D90644827AD20A37D29119F4C6E379B0F04E0DCA4F8184F653495C8A18B486E4C52F180D0E55E3A6152B279B923675E9CEB5D2290A9234DA58CDF0AB6ADFBBA03E5739C0A3966938A7C646A074B7E9AB1D21703358E02831E1CE7E6EE8D8DAA1787D5756987B9D2B49401829DCBF8FCEEF6F36B7029CEC5F490C4C23C6E545AD3F6FB8896760BFCEE89D6FAFA4785124B19CF6AB63F56C9A31CFBA527D6584A5876B8764FEDC2FA1DD127ABB3A68ACD0D00F8318EDA1CAB78F50BBB4E12DA5F964FD6056599FA197764A8136D191F06D1743297144AD36B935861D45F304EE0564B121B3D69840B0ABE85D2608E91F48AC4B298F49F676D6D8363E42003D7FBB13C9BC65112626534625A31DC3CE0B87BC2A6D3F5B1F4F54D38E704E8A1D1C1177398B9AD8B4BA029D23A98C49BC1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1344) c:\windows\system32\guard32.dll - - - - - - - > 'lsass.exe'(560) c:\windows\system32\guard32.dll . Tidspunkt ferdig: 2010-11-29 19:02:55 ComboFix-quarantined-files.txt 2010-11-29 18:02 Pre-Run: 73 806 352 384 bytes free Post-Run: 73 618 325 504 bytes free - - End Of File - - 037317AC0FFE6A73DAEB793DA0322B8B Malwarebytes logg Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 29.11.2010 18:48:58 mbam-log-2010-11-29 (18-48-58).txt Scan type: Quick scan Objects scanned: 128998 Time elapsed: 6 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hijackthis logg: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:59:34, on 29.11.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe C:\Windows\system32\Dwm.exe C:\Windows\explorer.exe C:\Users\Hovedbruker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Hovedbruker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Hovedbruker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Hovedbruker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [iME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log O4 - HKLM\..\Run: [iME14 JPN Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log O4 - HKLM\..\Run: [iME14 KOR Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log O4 - HKLM\..\Run: [iME14 CHS Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE O4 - HKCU\..\Run: [Google Update] "C:\Users\Hovedbruker\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=62O4PR99&id=menu_ie_frame O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=62O4PR99&id=menu_ie_image O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=62O4PR99&id=menu_ie_link O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=62O4PR99&id=menu_ie_exclude O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=62O4PR99&id=menu_ie_report O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 9425 bytes For Spybot og Malwarebytes er dette andre søk. Første søk prøvde jeg å fjerne det som var mulig, men det som er i loggene som jeg postet her er malware som programmene ikke fjernet. Takk for hjelp. Endret 29. november 2010 av DarkLightA Lenke til kommentar
norbat Skrevet 29. november 2010 Del Skrevet 29. november 2010 Oppdater MBAM og kjør en ny rask skann Lenke til kommentar
Deaktivert Konto Skrevet 29. november 2010 Forfatter Del Skrevet 29. november 2010 Oppdaterte MBAM, kjørte den én gang, fjernet det den fant, og kjørte den igjen. Loggen var ren. Er malwaret forsvunnet da? Lenke til kommentar
Deaktivert Konto Skrevet 29. november 2010 Forfatter Del Skrevet 29. november 2010 Lite problem: Spybot er på fil 200k av 1350k, og har allerede funnet Win32.FraudLoad.edt -en sin. Lenke til kommentar
norbat Skrevet 29. november 2010 Del Skrevet 29. november 2010 Hvor finner spybot fila? Lenke til kommentar
Deaktivert Konto Skrevet 29. november 2010 Forfatter Del Skrevet 29. november 2010 Ny spybot-logg: --- Report generated: 2010-11-29 21:04 --- Win32.FraudLoad.edt: [sBI $62B0666F] Autorun settings (INI Delete, nothing done) DoubleClick: Tracking cookie (Internet Explorer: Hovedbruker) (Cookie, nothing done) FastClick: Tracking cookie (Internet Explorer: Hovedbruker) (Cookie, nothing done) MediaPlex: Tracking cookie (Internet Explorer: Hovedbruker) (Cookie, nothing done) Right Media: Tracking cookie (Internet Explorer: Hovedbruker) (Cookie, nothing done) Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done) Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done) DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done) Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done) Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-01-26 TeaTimer.exe (1.6.4.26) 2010-11-29 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-01-26 advcheck.dll (1.6.2.15) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2010-06-29 Includes\Adware.sbi (*) 2010-10-12 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2010-09-22 Includes\Dialer.sbi (*) 2010-10-12 Includes\DialerC.sbi (*) 2010-01-25 Includes\HeavyDuty.sbi (*) 2010-11-16 Includes\Hijackers.sbi (*) 2010-11-16 Includes\HijackersC.sbi (*) 2010-06-02 Includes\iPhone.sbi (*) 2010-08-02 Includes\Keyloggers.sbi (*) 2010-10-12 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2010-09-13 Includes\Malware.sbi (*) 2010-11-29 Includes\MalwareC.sbi (*) 2010-05-18 Includes\PUPS.sbi (*) 2010-10-12 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2010-10-12 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2010-06-29 Includes\Spyware.sbi (*) 2010-10-26 Includes\SpywareC.sbi (*) 2010-03-08 Includes\Tracks.uti 2010-11-02 Includes\Trojans.sbi (*) 2010-10-12 Includes\TrojansC-02.sbi (*) 2010-10-12 Includes\TrojansC-03.sbi (*) 2010-10-12 Includes\TrojansC-04.sbi (*) 2010-11-29 Includes\TrojansC-05.sbi (*) 2010-11-23 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll Lenke til kommentar
norbat Skrevet 29. november 2010 Del Skrevet 29. november 2010 spybot-loggen sier meg ingenting. Combofix-loggen så grei ut. Fortsatt probl.? Avinstaller combofix ved å skrive/kopier inn c:\users\Hovedbruker\Downloads\Chrome Downloads\ComboFix.exe /uninstall i kjør/søk-feltet. Lenke til kommentar
Deaktivert Konto Skrevet 30. november 2010 Forfatter Del Skrevet 30. november 2010 Er ikke noe problemer lenger, men blir litt bekymret av at Spybot finner det malwaret.. Lenke til kommentar
norbat Skrevet 30. november 2010 Del Skrevet 30. november 2010 Det Spybot finner kan være noe som ligger i en karantenemappe eller i 'system restore'. Ved å avinstallere combofix, vil det ryddes opp i slikt. Kjør gjerne spybot etter at du har avinstaller combofix og se om det fortsatt dukker opp noe. Hvis, prøv og finn ut hvor spybot finne fila. Lenke til kommentar
Deaktivert Konto Skrevet 30. november 2010 Forfatter Del Skrevet 30. november 2010 (endret) Virker som om Combofix er borte. Trodde ikke jeg hadde avinstallert det, men så er vel så. Endret 30. november 2010 av DarkLightA Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå