uze Skrevet 16. juni 2012 Del Skrevet 16. juni 2012 (endret) I går kveld lastet jeg ned en et spill fra bukta og har møtt store problemer i dag. Jeg skannet alt sammen før jeg begynte å installere, men security essentials sa ikke noe om noe virus, så jeg tenkte at det var safe. Jeg pleier å la PCen stå i hvilemodus når jeg legger meg, så når jeg startet den fra hvilemodus i dag så fant ikke PCen min noe ethernet nettverk koblet til (selvom lyset på ethernet porten min blinket), så jeg restarted PCen. Når den startet ville den ta den sjekk på C: disken min (vet ikke helt hva det heter, men det er en svart skjerm med hvit tekst som skanner systemet og fikser). Under denne prossesen så jeg at den fjerna mange "attributes" (tror jeg det sto) og gjorde masse rart som jeg helt ikke forsto. Når den endelig var ferdig så funket alt som det skulle, og man kunne ikke se noe galt. Men da la jeg merke til at Security Essentials ikke kjørte... Når jeg startet den fikk jeg denne error meldingen Så sa windows update at jeg hadde mange oppdateringer. Hele 15 viktige oppdateringer på en natt? Alle oppdateringene hadde blitt utgitt på samme dag (12.06.2012) Det gjorde meg skeptisk så jeg har ikke lastet ned noen av oppdateringene. Når jeg startet google chrome sa den at den brukte dårlig algoritme? Og hvis jeg fortsetter inn på Facebook, så viser den heller ikke den fulle siden (den ga meg forresten advarsel når jeg skulle til diskusjon.no også) Er ganske sikker på at det er et virus, men er også ganske usikker... EDIT: Må nesten nevne at jeg ikke kommer meg inn på google in det hele tatt... Endret 16. juni 2012 av uze Lenke til kommentar
fenele Skrevet 16. juni 2012 Del Skrevet 16. juni 2012 Har du prøvd system restore? Har du prøvd en annen nettleser å se om du får samme beskjed? Prøv å reinnstaller Chrome. Hvis du vet hvordan du sjekker hosts fila, sjekk hvordan den ser ut. Hvis ikke kan du resette den her: http://support.microsoft.com/kb/972034 I CMD skriv services.msc, der kan du restarte MSE servicen. Du kan også skanne maskinen med et par anti malware/spyware program. Malwarebytes og Superantispyware f.eks. Lenke til kommentar
uze Skrevet 16. juni 2012 Forfatter Del Skrevet 16. juni 2012 Har helst lyst til å holde meg unna system restore. Prøvde nettopp firefox og IE9, begge kom inn på google.com. Når jeg åpnet "Services" kunne jeg ikke finne MSE servicen Nettopp resetet host filene, men holder meg unna å restarte inntil videre. Laster ned en fil og venter på at den skal fullføre. Et annet problem som jeg har slitt med i en stund som er verdt å nevne her er at noen ganger, helt tilfeldig, så vil ikke internett i browsere funke...? Funker fint i Spotify, steam og andre slike tjenester. Bare browsern stopper å funke når det gjelder internett tilkobling. Lenke til kommentar
fenele Skrevet 16. juni 2012 Del Skrevet 16. juni 2012 Send meg URL til spillet du lasta fra bukta på PM btw. Når det gjelder problem med nettlesere kan det hende det er DNS serveren som har problemer. Kan du å bytte DNS IP? Hvis ikke kan du google "how to change to google dns" så får du opp en guide hvordan du kan bruke google sin dns server. Når du kan å bytte serverIP kan du også evt bruke OpenDNS eller lignende servere. Lenke til kommentar
Gjest Skrevet 16. juni 2012 Del Skrevet 16. juni 2012 (endret) Håper du nå har lært for livet! Anyway, anbefaler deg å sjekke følgende tråd: https://www.diskusjon.no/index.php?showtopic=691246 og rapportere tilbake. Endret 16. juni 2012 av Gjest Lenke til kommentar
uze Skrevet 16. juni 2012 Forfatter Del Skrevet 16. juni 2012 (endret) Da var URL'n sendt Aner ikke hvordan jeg bytter DNS IP, og google er jo nede for meg haha PCen har forresten blitt restarta nå og det funker ikke enda. Lastet ned de updatsene på windows update også forresten. EDIT: Ser på den tråden nå og skal prøve det som står der. Takk Endret 16. juni 2012 av uze Lenke til kommentar
Gjest Skrevet 16. juni 2012 Del Skrevet 16. juni 2012 Hva mener du med sendt? Meningen er at du skal ta loggene osv å legge igjen her, er det noen spørsmål er det jo bare å stille de Lenke til kommentar
uze Skrevet 16. juni 2012 Forfatter Del Skrevet 16. juni 2012 (endret) Sendte URL'n til det spillet jeg lastet ned til eleNef Holder fortsatt på med å prøve ut det som sto i den tråden du sendte meg EDIT: Malware Bytes fant 4 virus(?) * Trojan.Agent * Stolen.Data * Trojan.Dropper.BCMiner * Packer.ModifiedUPX Alle er fjernet. Kjørte combofix men forsto ikke helt hva den gjorde... Åpnet et vindu og gjorde masse rart, men lagde ikke noe log fil. Brukte HjiackThis isteden for. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:09:12, on 17.06.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\puush\puush.exe C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\Spotify\spotify.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Razer\Lachesis\razerhid.exe C:\Program Files (x86)\Razer\Lachesis\OSD.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Razer\Arctosa\razerhid.exe C:\Program Files (x86)\Razer\Lachesis\razertra.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Razer\Arctosa\razertra.exe C:\Program Files (x86)\Razer\Lachesis\razerofa.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Wondershare\MobileGo\adb.exe C:\Users\Clean\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Clean\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Clean\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Clean\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Clean\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Clean\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Clean\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Clean\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Clean\AppData\Local\Google\Chrome\Application\chrome.exe C:\32788R22FWJFW\pev.3XE C:\Users\Clean\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.woofi.info R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WIF0E7~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Arctosa] "C:\Program Files (x86)\Razer\Arctosa\razerhid.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [Google Update] "C:\Users\Clean\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe O4 - HKCU\..\Run: [RockMelt Update] "C:\Users\Clean\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Clean\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [spotify] "C:\Program Files (x86)\Spotify\spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Clean\AppData\Local\Akamai\netsession_win.exe" O4 - HKUS\S-1-5-18\..\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" (User 'Default user') O4 - Startup: Dropbox.lnk = Clean\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Facebook Messenger.lnk = Clean\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe O4 - Global Startup: MobileGo Service.lnk = C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\datamngr.dll C:\PROGRA~2\WIF0E7~1\Datamngr\IEBHO.dll O22 - SharedTaskScheduler: Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - Unknown owner - C:\Program Files (x86)\BlueStacks\HD-Service.exe (file missing) O23 - Service: Desura Install Service - Unknown owner - C:\Program Files (x86)\Common Files\Desura\Desura\desura_service.exe (file missing) O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google-oppdatering-tjenesten (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Stardock WindowBlinds (WindowBlinds) - Unknown owner - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 18527 bytes Endret 17. juni 2012 av uze Lenke til kommentar
Dr.Geek Skrevet 17. juni 2012 Del Skrevet 17. juni 2012 (endret) Hai, ja du har en del Malware på PCen. Gjør først følgende: http://support.microsoft.com/kb/923737 Post loggen til Malwarebytes Anti Malware: http://www.bleepingc...alware-tutorial Åpne Malwarebytes gå til "Logs" og velg loggen fra scan du gjennomførte. Post denne her. "Stolen Data" kan hentyde på at du har hatt en Backdoor infeksjon. Kjør følgende Scans og post loggen: 1. http://www.surfright.nl/en HitmanPro Post loggen (Import scanresult to xml file) 2. http://www.bleepingc...to-use-combofix Post loggen. Endret 17. juni 2012 av TheGenius Lenke til kommentar
uze Skrevet 17. juni 2012 Forfatter Del Skrevet 17. juni 2012 Her var det masse å prøve, takker Malwarebytes loggen (full skan i safemode) Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.16.08 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Clean :: ANDREAS-HW [administrator] Protection: Disabled 17.06.2012 17:05:57 mbam-log-2012-06-17 (17-05-57).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 882029 Time elapsed: 2 hour(s), 16 minute(s), 33 second(s) Memory Processes Detected: 1 C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir (Rootkit.0Access) -> 588 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir (Rootkit.0Access) -> Delete on reboot. C:\Qoobox\Quarantine\C\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\L\[email protected] (Trojan.BitMiner) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\U\[email protected] (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\L\00000008.@ (Trojan.BitMiner) -> Delete on reboot. C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end) HitmanPro loggen (den ble tatt uten safemode) <?xml version="1.0"?> -<Log filesProcessed="105666" timeSpentInSecs="1881" date="2012-06-17T13:27:56" version="3.6.0.156" scan="Normal" computer="ANDREAS-HW">-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.saymedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.vg.no"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserv.legitreviews.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas8.emediate.eu"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com"/></Item>-<Item status="None" score="35.0" type="Suspicious"><File path="C:\Users\Andreas\AppData\Local\Temp\~2957.tmp" hash="7B717FEA39CE416BDB5E30E6DE01053F6EA10912DD6DF3884838082711CCBA8A"/></Item>-<Item status="None" score="35.0" type="Suspicious"><File path="C:\Users\Andreas\AppData\Local\Temp\~55FF.tmp" hash="7B717FEA39CE416BDB5E30E6DE01053F6EA10912DD6DF3884838082711CCBA8A"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:ads.doweb.fr"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:bonniercorp.122.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:buycom.122.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:care2.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:dmtracker.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:eaeacom.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:getclicky.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:idgenterprise.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:in.getclicky.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:media6degrees.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:microsoftsto.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:oracle.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:paypal.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:questionmarket.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:revsci.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:serving-sys.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:sexy-nsfw.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:stat.onestat.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:static.getclicky.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:stats.complex.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:stats.paypal.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:uk.sitestat.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:us.sitestat.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:www.sexy-nsfw.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wb3ss6ff.default\cookies.sqlite:xiti.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:acpmagazines.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.verticalscope.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.vg.no"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:atlanticmedia.122.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:bwincom.122.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:counter.hitslink.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:divx.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:dustinab.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:eaeacom.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:fuckmybrain.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:int.sitestat.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsofthalo.122.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftwindows.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnportal.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:nandomedia.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:paypal.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:samsung.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexogsamfunn.no"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:spylog.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:static.getclicky.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.slashgear.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.solocpm.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:warnerbros.112.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com"/></Item>-<Item status="None" score="35.0" type="Suspicious"><File path="C:\Users\Clean\AppData\Local\Temp\~2EE9.tmp" hash="7B717FEA39CE416BDB5E30E6DE01053F6EA10912DD6DF3884838082711CCBA8A"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Microsoft\Windows\Cookies\6IDLWR35.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Microsoft\Windows\Cookies\OPN4K4DX.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Microsoft\Windows\Cookies\U1Z6B2V9.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Microsoft\Windows\Cookies\VJPKH6N7.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Microsoft\Windows\Cookies\W80WRQGI.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Mozilla\Firefox\Profiles\5oxndb1o.default\cookies.sqlite:ad.yieldmanager.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Mozilla\Firefox\Profiles\5oxndb1o.default\cookies.sqlite:adbrite.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Mozilla\Firefox\Profiles\5oxndb1o.default\cookies.sqlite:adtech.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Mozilla\Firefox\Profiles\5oxndb1o.default\cookies.sqlite:advertising.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Mozilla\Firefox\Profiles\5oxndb1o.default\cookies.sqlite:atdmt.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Mozilla\Firefox\Profiles\5oxndb1o.default\cookies.sqlite:doubleclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Mozilla\Firefox\Profiles\5oxndb1o.default\cookies.sqlite:invitemedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Mozilla\Firefox\Profiles\5oxndb1o.default\cookies.sqlite:ru4.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Mozilla\Firefox\Profiles\5oxndb1o.default\cookies.sqlite:serving-sys.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Clean\AppData\Roaming\Mozilla\Firefox\Profiles\5oxndb1o.default\cookies.sqlite:specificclick.net"/></Item>-<Item status="None" score="22.0" type="Suspicious"><File path="C:\Users\Clean\Downloads\SCP - Containment Breach v0.1.2\plugins\gmod svn updater\Få Meg På For Faen - Norsk Tekst (2011)\Arma.2.Operation.Arrowhead[2xDVD5]-SHIELD\Silent.Hill.2.Directors.Cut.PC.Game(djDEVASTATE™)\Silent.Hill.2.Directors.Cut.PC.Game(djDEVASTATE™)\binkw32.dll" hash="892A51C4056EFCB22297A3B44A3491E3F5888F28B08ED1B17030F24ACFFEDB44"/></Item>-<Item status="None" score="22.0" type="Suspicious"><File path="C:\Users\Clean\Downloads\SCP - Containment Breach v0.1.2\plugins\gmod svn updater\Få Meg På For Faen - Norsk Tekst (2011)\Arma.2.Operation.Arrowhead[2xDVD5]-SHIELD\Silent.Hill.2.Directors.Cut.PC.Game(djDEVASTATE™)\Silent.Hill.2.Directors.Cut.PC.Game(djDEVASTATE™)\msvcr70.dll" hash="2DE6E67B9390546438C7D473F21B75769D8C237DC1F04F4BA143DC7144C410FA"/></Item>-<Item status="None" score="28.0" type="Suspicious"><File path="C:\Users\Clean\Downloads\SCP - Containment Breach v0.1.2\plugins\gmod svn updater\Få Meg På For Faen - Norsk Tekst (2011)\Arma.2.Operation.Arrowhead[2xDVD5]-SHIELD\Silent.Hill.2.Directors.Cut.PC.Game(djDEVASTATE™)\Silent.Hill.2.Directors.Cut.PC.Game(djDEVASTATE™)\sh2pc.exe" hash="678C91982EE492DF04571BBFFF0A09C22AA2E154FF4A35F2874F7B6523E989A3"/></Item>-<Item status="None" score="25.0" type="Suspicious"><File path="C:\Windows\Installer\MSIAFA6.tmp" hash="B8DF818031DF4EB3946B7750FE1F22CC9C8618C3A570E2DA142E20D105E6289D"/>-<Startup><Key path="HKLM\SYSTEM\CurrentControlSet\Services\HyperDeskCustomThemeEnabler\"/></Startup></Item>-<Item status="None" score="34.0" type="Suspicious"><File path="C:\Windows\SysWOW64\GameMon.des" hash="0CE22659511C6CE825C87C647F4DF34029F632841E99C1FA36F3B8327D9FA02D"/>-<Startup><Key path="HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\"/></Startup></Item></Log> Ogsååå har vi jo ComboFix loggen (safemode) ComboFix 12-06-16.02 - Clean 17.06.2012 22:06:21.1.4 - x64 NETWORK Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1033.18.4087.3248 [GMT 2:00] Kjører fra: C:\Users\Clean\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Opprettet nytt gjenopprettingspunkt ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) C:\install.exe C:\Users\Andreas\AppData\Local\assembly\tmp C:\Windows\assembly\GAC_32\Desktop.ini C:\Windows\assembly\GAC_64\Desktop.ini C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\@ C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\L\00000004.@ C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\L\00000008.@ C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\L\1afb2d56 C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\L\201d3dde C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\U\00000004.@ C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\U\00000008.@ C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\U\000000cb.@ C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\U\80000000.@ C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\U\80000032.@ C:\Windows\Installer\{77ac474c-c97f-cb0c-c5d7-0903e597e469}\U\80000064.@ C:\Windows\security\Database\tmp.edb C:\Windows\struct~.ini C:\Windows\SysWow64\DEBUG.log C:\Windows\SysWow64\explore C:\Windows\SysWow64\explore\AuthFWSnapIn.Resources.dll C:\Windows\SysWow64\explore\AuthFWWizFwk.Resources.dll C:\Windows\SysWow64\muzapp.exe Infisert kopi av C:\Windows\system32\services.exe ble funnet og desinfisert Gjenopprettet kopi fra - C:\32788R22FWJFW\HarddiskVolumeShadowCopy2_!Windows!System32!services.exe ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-05-17 til 2012-06-17 ))))))))))))))))))))))))))))))))) 2012-06-17 20:30:32 . 2012-06-17 20:30:32 30496 ----a-w- C:\Windows\system32\drivers\hitmanpro36.sys 2012-06-17 20:22:40 . 2012-06-17 20:22:40 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-06-17 20:22:40 . 2012-06-17 20:22:40 -------- d-----w- C:\Users\Bjarne\AppData\Local\temp 2012-06-17 20:22:40 . 2012-06-17 20:22:40 -------- d-----w- C:\Users\Andreas\AppData\Local\temp 2012-06-17 11:27:53 . 2012-06-17 11:27:54 -------- d-----w- C:\Program Files\HitmanPro 2012-06-17 11:27:36 . 2012-06-17 14:48:22 -------- d-----w- C:\ProgramData\HitmanPro 2012-06-16 23:32:46 . 2012-06-16 23:32:46 -------- d-----w- C:\Users\Clean\AppData\Roaming\Malwarebytes 2012-06-16 23:32:35 . 2012-06-16 23:32:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-16 23:32:35 . 2012-06-16 23:32:35 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-16 23:32:35 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-06-16 22:59:00 . 2012-06-16 22:59:00 119808 ----a-r- C:\Users\Clean\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2012-06-16 22:59:00 . 2012-06-16 22:59:00 -------- d-----w- C:\Users\Clean\AppData\Local\Apps 2012-06-16 22:10:00 . 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\system32\mshtml.tlb 2012-06-15 23:46:45 . 2012-06-15 23:46:56 -------- d-----w- C:\Users\Clean\AppData\Local\Akamai 2012-06-15 22:28:12 . 2012-06-15 22:28:34 -------- d--h--w- C:\Windows\shd 2012-06-09 23:05:32 . 2012-06-09 23:05:32 -------- d-----w- C:\Users\Clean\AppData\Roaming\Unity 2012-06-09 23:01:31 . 2012-06-09 23:01:31 -------- d-----w- C:\Users\Clean\AppData\Local\Unity 2012-06-09 22:42:32 . 2012-06-09 22:42:32 -------- d-----w- C:\Users\Clean\AppData\Roaming\Dojotech Software 2012-06-08 21:44:46 . 2012-06-08 21:44:46 -------- d-----w- C:\UDK 2012-06-08 12:31:57 . 2008-01-04 11:34:48 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys 2012-06-08 12:31:57 . 2008-01-04 11:34:42 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys 2012-06-08 12:30:10 . 2004-02-26 22:00:00 962612 ----a-w- C:\Windows\SysWow64\mfc42d.dll 2012-06-08 12:30:10 . 2004-02-16 22:00:00 434252 ----a-w- C:\Windows\SysWow64\MSVCRTD.DLL 2012-05-28 19:39:00 . 2012-05-28 19:39:00 -------- d-----w- C:\Program Files (x86)\Dojotech Software 2012-05-23 11:30:48 . 2012-05-23 11:31:14 -------- d-----w- C:\Users\Clean\AppData\Local\ArmA 2 OA 2012-05-23 11:29:39 . 2012-05-23 11:30:16 -------- d-----w- C:\Program Files (x86)\dayz 2012-05-23 10:50:08 . 2012-06-16 23:59:31 -------- d-----w- C:\Users\Clean\AppData\Roaming\BitComet 2012-05-23 10:50:06 . 2012-05-23 10:50:21 -------- d-----w- C:\Program Files\BitComet 2012-05-23 09:57:04 . 2012-05-23 09:57:04 -------- d-----w- C:\Program Files (x86)\Bohemia Interactive 2012-05-23 00:11:11 . 2012-05-23 00:11:11 -------- d-----w- C:\Program Files (x86)\Rockstar Games 2012-05-23 00:10:52 . 2004-10-22 00:16:28 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2012-05-23 00:10:51 . 2004-10-22 00:18:12 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2012-05-23 00:10:51 . 2004-10-22 00:17:48 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2012-05-23 00:10:51 . 2004-10-22 00:17:04 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2012-05-23 00:10:51 . 2004-10-22 00:16:10 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2012-05-23 00:10:50 . 2012-05-23 00:10:50 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2012-05-23 00:10:50 . 2012-05-23 00:10:50 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2012-05-23 00:02:51 . 2012-05-23 00:02:52 283200 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys 2012-05-23 00:00:28 . 2012-05-23 00:10:05 -------- d-----w- C:\Users\Clean\AppData\Roaming\DAEMON Tools Lite 2012-05-23 00:00:26 . 2012-05-23 00:02:52 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite 2012-05-22 21:01:40 . 2012-05-22 21:02:01 -------- d-----w- C:\Users\Clean\AppData\Local\ArmA 2 OA DEMO 2012-05-21 11:02:48 . 2012-05-21 11:02:48 -------- d-----w- C:\Program Files (x86)\Atari 2012-05-21 11:01:55 . 2004-04-18 21:42:00 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll 2012-05-21 11:01:55 . 2004-04-18 21:40:42 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll 2012-05-21 11:01:55 . 2004-04-18 21:39:58 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll 2012-05-21 11:01:55 . 2004-04-18 21:39:28 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll 2012-05-21 11:01:55 . 2004-04-18 21:39:14 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe 2012-05-21 11:01:53 . 2012-05-21 11:01:53 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll 2012-05-21 11:01:52 . 2012-05-21 11:01:52 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll 2012-05-21 08:31:10 . 2003-02-27 14:12:48 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2012-05-21 08:31:10 . 2002-12-05 12:10:32 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2012-05-21 08:31:10 . 2002-12-02 13:22:44 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2012-05-21 08:31:10 . 2002-12-02 11:33:04 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2012-05-21 08:31:10 . 2002-12-02 11:33:04 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2012-05-21 08:31:06 . 2012-05-21 08:31:06 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2012-05-21 08:31:06 . 2012-05-21 08:31:06 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-06-16 21:15:36 . 2012-03-30 22:05:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-16 21:15:36 . 2011-05-16 17:43:28 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-27 09:50:43 . 2011-06-15 17:29:57 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-05-27 09:50:43 . 2011-06-15 17:20:52 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-05-27 09:50:27 . 2011-06-15 17:20:52 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-05-27 09:40:39 . 2011-06-15 17:20:51 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-05-22 22:42:39 . 2011-05-13 10:39:10 190656 ----a-w- C:\ProgramData\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll 2012-05-22 22:41:55 . 2011-10-21 17:19:34 112832 ----a-w- C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll 2012-05-22 22:41:15 . 2011-05-13 10:27:05 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2012-05-17 22:35:47 . 2012-06-16 22:09:55 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-08 17:02:23 . 2012-06-15 22:08:40 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ECF5415B-2403-45AA-96C7-6F98D1D09E82}\mpengine.dll 2012-05-08 17:02:23 . 2012-06-14 10:46:41 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-05 10:28:10 . 2012-03-30 22:28:08 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-17 05:24:40 . 2012-04-17 05:24:40 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll 2012-04-17 05:24:40 . 2012-04-17 05:24:40 28056 ----a-w- C:\Windows\system32\xfcodec64.dll 2012-04-07 17:30:35 . 2010-11-30 16:17:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-04-06 05:22:40 . 2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\system32\drivers\atikmdag.sys 2012-04-06 02:22:00 . 2012-04-06 02:22:00 159744 ----a-w- C:\Windows\system32\atiapfxx.exe 2012-04-06 02:21:52 . 2011-09-08 17:34:10 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-04-06 02:20:04 . 2010-09-29 01:54:02 1067520 ----a-w- C:\Windows\system32\aticfx64.dll 2012-04-06 02:16:52 . 2012-04-06 02:16:52 442368 ----a-w- C:\Windows\system32\ATIDEMGX.dll 2012-04-06 02:16:46 . 2012-04-06 02:16:46 503808 ----a-w- C:\Windows\system32\atieclxx.exe 2012-04-06 02:16:02 . 2012-04-06 02:16:02 236544 ----a-w- C:\Windows\system32\atiesrxx.exe 2012-04-06 02:14:44 . 2012-04-06 02:14:44 120320 ----a-w- C:\Windows\system32\atitmm64.dll 2012-04-06 02:14:30 . 2012-04-06 02:14:30 21504 ----a-w- C:\Windows\system32\atimuixx.dll 2012-04-06 02:14:26 . 2012-04-06 02:14:26 59392 ----a-w- C:\Windows\system32\atiedu64.dll 2012-04-06 02:14:20 . 2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-04-06 02:13:42 . 2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-04-06 02:10:50 . 2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\system32\atio6axx.dll 2012-04-06 02:02:31 . 2011-04-15 20:40:32 2337865 ----a-w- C:\Windows\SysWow64\pbsvc.exe 2012-04-06 02:00:10 . 2010-09-29 01:23:00 64000 ----a-w- C:\Windows\system32\coinst.dll 2012-04-06 01:54:46 . 2010-09-29 01:37:28 7479296 ----a-w- C:\Windows\system32\atidxx64.dll 2012-04-06 01:50:56 . 2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-04-06 01:35:24 . 2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\system32\atiumd6v.dll 2012-04-06 01:34:50 . 2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2012-04-06 01:34:34 . 2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\system32\atiumd6a.dll 2012-04-06 01:34:04 . 2011-10-26 01:35:38 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-04-06 01:30:16 . 2012-04-06 01:30:16 51200 ----a-w- C:\Windows\system32\aticalrt64.dll 2012-04-06 01:30:14 . 2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-04-06 01:30:08 . 2012-04-06 01:30:08 44544 ----a-w- C:\Windows\system32\aticalcl64.dll 2012-04-06 01:30:06 . 2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-04-06 01:29:54 . 2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\system32\aticaldd64.dll 2012-04-06 01:25:30 . 2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-04-06 01:23:24 . 2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\system32\atiumd64.dll 2012-04-06 01:22:54 . 2011-10-26 01:32:30 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-04-06 01:11:28 . 2010-09-29 01:15:20 514560 ----a-w- C:\Windows\system32\atiadlxx.dll 2012-04-06 01:11:20 . 2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-04-06 01:11:06 . 2012-04-06 01:11:06 17408 ----a-w- C:\Windows\system32\atig6pxx.dll 2012-04-06 01:11:04 . 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-04-06 01:11:04 . 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\system32\atiglpxx.dll 2012-04-06 01:11:00 . 2012-04-06 01:11:00 41984 ----a-w- C:\Windows\system32\atig6txx.dll 2012-04-06 01:10:52 . 2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-04-06 01:10:44 . 2012-04-06 01:10:44 343040 ----a-w- C:\Windows\system32\drivers\atikmpag.sys 2012-04-06 01:09:56 . 2010-09-29 01:14:06 54784 ----a-w- C:\Windows\system32\atiuxp64.dll 2012-04-06 01:09:48 . 2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-04-06 01:09:42 . 2012-04-06 01:09:42 44544 ----a-w- C:\Windows\system32\atiu9p64.dll 2012-04-06 01:09:34 . 2011-10-26 01:20:52 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-04-06 01:09:02 . 2012-04-06 01:09:02 53248 ----a-w- C:\Windows\system32\drivers\ati2erec.dll 2012-04-06 01:06:08 . 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\system32\atimpc64.dll 2012-04-06 01:06:08 . 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\system32\amdpcom64.dll 2012-04-06 01:06:04 . 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-04-06 01:06:04 . 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-04-05 20:34:26 . 2012-04-05 20:34:26 187392 ----a-w- C:\Windows\system32\clinfo.exe 2012-04-05 20:34:10 . 2012-04-05 20:34:10 74752 ----a-w- C:\Windows\system32\OpenVideo64.dll 2012-04-05 20:34:04 . 2012-04-05 20:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-04-05 20:33:56 . 2012-04-05 20:33:56 63488 ----a-w- C:\Windows\system32\OVDecode64.dll 2012-04-05 20:33:52 . 2012-04-05 20:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-04-05 20:33:44 . 2012-04-05 20:33:44 16457216 ----a-w- C:\Windows\system32\amdocl64.dll 2012-04-05 20:32:56 . 2012-04-05 20:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-03-30 11:35:47 . 2012-05-10 16:46:21 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-03-22 19:12:12 . 2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2012-03-20 18:44:12 . 2010-10-24 20:25:38 98688 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys 2012-03-20 18:44:12 . 2010-03-25 20:30:22 203888 ----a-w- C:\Windows\system32\drivers\MpFilter.sys 2011-06-12 21:32:39 . 2011-06-12 20:50:32 819984776 ----a-w- C:\Program Files (x86)\U_SFInstaller.exe 2009-09-04 16:01:10 . 2009-09-04 16:01:10 525656 ----a-w- C:\Program Files (x86)\DXSETUP.exe 2009-09-04 16:01:08 . 2009-09-04 16:01:08 94024 ----a-w- C:\Program Files (x86)\DSETUP.dll 2009-09-04 16:01:08 . 2009-09-04 16:01:08 1691464 ----a-w- C:\Program Files (x86)\dsetup32.dll ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. Cryptography Services Error !! Supplementary scan did not complete! Lenke til kommentar
Dr.Geek Skrevet 17. juni 2012 Del Skrevet 17. juni 2012 Hai, du har en svært alvorlig infeksjon. ZeroAccess Rootkit: http://nakedsecurity.sophos.com/zeroaccess2/ Den er veldig avansert, har Backdoor funksjonalitet og er svært vanskelig å fjerne. Jeg anbefaler deg å sette Systemet tilbake til utleveringstilstand (Sjekk om PCen har denne optionen installert) eller reinstallere Windows + skrive MBR på ny. (Viktig) Så snart som mulig endre alle dine passord fra en annen og clean PC. Skulle du ha gjort Online Banking på denne PCen burde du informere banken din. Infeksjonen fikk du gjennom å installere Cracks/Keygens og/eller kjøre gammel software på systemet - Exploits. Hvis du vil heller prøve å renske, vil dette ta en del tid og jeg kan ikke garantere at du blir kvitt all Malware eller at vi er istand til å reperare alle skadelige endringer som denne infeksjonen har gjort. Lenke til kommentar
uze Skrevet 17. juni 2012 Forfatter Del Skrevet 17. juni 2012 Takk for hjelpen Er det mulig å backe opp noen filer (som f.eks musikk, filmer, spill osv...) uten at infeksjonen blir tatt med? Og er det mulig at infeksjonen spres til nettverket jeg bruker? Og hvordan skriver jeg "MBR" på nytt? Lenke til kommentar
Dr.Geek Skrevet 18. juni 2012 Del Skrevet 18. juni 2012 Filmer, musik og word filer skal være greit. Ikke ta med noen exe filer, cracks/keygens eller piratkopierte filmer.. Og gjør dette med deaktivert Autokjør og scan alle disse filene med Malwarebytes Anti Malware og ditt AV-Programm før du overfører dem til en reinstallert Windows system. Ja, det er absolut mulig. Dagens Malware er ofte programmert til å gjøre akkurat det - spre seg til USB Medier og innenfor nettverket. MBR (Master Boot Record) hvor moderne Rootkits kan overleve selv en Formatering skrives nytt gjennom å løse opp alle Partitioner og lage dem på nytt i installasjonsprosessen. Veiledning finner u på You-Tube eller på nettet. Malware er fullstending unødvendig hvis du holder deg til noen forholdsregler: http://www.microsoft.com/security/pc-security/default.aspx#Safety-products-and-scans Lenke til kommentar
uze Skrevet 18. juni 2012 Forfatter Del Skrevet 18. juni 2012 (endret) Takk for all hjelpen Setter meg nok ned med å formatere PCen om litt. Men angående å backe opp filer, jeg har jo brukt den eksterne harddisken min hundrevis av ganger i den infiserte PCen. Hvordan renser jeg den om den skulle være infisert? Jeg tar ikke sjansen på å backe noe opp på den før jeg vet den er 100% safe. EDIT: Så denne lenken på Google http://forums.majorgeeks.com/showthread.php?t=244613 er det mulig at det som står i andre post kan fjerne rootkittet? Endret 18. juni 2012 av uze Lenke til kommentar
Dr.Geek Skrevet 19. juni 2012 Del Skrevet 19. juni 2012 (endret) Hai, hold deg borte fra sånne "do it yourself" tutorials. Med Tools som Avenger og scripts kan du sende PCen din til Nirvana. Dette skal bare gjøres av experter som vet hva de holder på med. Malware kan aldri fjernes med 100% sikkerhet og selv om man klarer det er problemet at malware foretar mange endringer i selve systemet som ingen AV-Software tilbakestiller. Når det gjelder den eksterne: Slett alt av potensiel infiserte filer, som Cracks, Keygens etc... Etterpå scanner du denne og alt annet av USB Medier med en såkalt Rescue CD. http://support.kaspe...uses/rescuedisk Denne Cden brenner du med en annen clean PC og så booter du den infiserte PCen med den. Endret 19. juni 2012 av TheGenius Lenke til kommentar
uze Skrevet 19. juni 2012 Forfatter Del Skrevet 19. juni 2012 (endret) Takk for all hjelpen TheGenius! Har formatert PCen, renset den eksterne harddisken og fikset MBR'n. Tror PCen min trengte noe slikt, kjører så mye raskere nå! Har møtt på små problemer som at jeg ikke kan aktivere aero eller ha en oppløsning høyere enn 1400x1000 et eller annet... Men tror det ligger i at Windows 7 ikke er aktivert ennå? Men vil ellers tro at problemet er løst Igjen, takk for all hjelpen! EDIT: Mistenker at problemet kanskje ikke er løst. Nettopp starta opp pcen, og svchost.exe (netsvc) bruker 6% av CPU'n min (i5 661 3.33 ghz). TrustedInstaller.exe bruker rundt 4% av den. Er det normalt? EDIT igjen: Glem det, sikkert ikke noe farlig siden jeg ikke får noe svar... Løst. Endret 22. juni 2012 av uze Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå