Gå til innhold

tror jeg har virus? Trojan.Zlob :s

raWrz

Av raWrz
i IKT-drift og sikkerhet

Anbefalte innlegg

raWrz

raWrz

Skrevet
  • Forfatter
Skrevet (endret)

kunne ikke slette Users mappa så fant My Documents og sletta men alle mappene kom bare tilbake igjen :hmm:

 

edit: Mbam finner flere virus nå :s skal reboote etter denne skannen og legge med ny combofix :) fordi jeg sier det er fordi de kommer tilbake selv om det står ar dde blir sletta :hmm:

Endret av Submit

Videoannonse

Videoannonse
Annonse
raWrz

raWrz

Skrevet
  • Forfatter
Skrevet

Klikk for å se/fjerne innholdet nedenfor
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:37:34, on 13.11.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

D:\comodo\Firewall\cfp.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\DAHL33~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\wbem\unsecapp.exe

D:\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

D:\firefox\firefox.exe

D:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\comodo\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [COMODO Internet Security] "D:\comodo\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DriverMax] "D:\DriverMax\devices.exe" -agent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\comodo\Firewall\cmdagent.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

 

--

End of file - 6875 bytes

raWrz

raWrz

Skrevet
  • Forfatter
Skrevet

combofix:

Klikk for å se/fjerne innholdet nedenfor
ComboFix 08-11-05.02 - Dah L33T LapTop 2008-11-13 19:40:25.5 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2061 [GMT 1:00]

Running from: c:\users\Dah L33T LapTop\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))

.

 

2008-11-13 19:39 . 2008-11-13 19:39 <DIR> d-------- C:\32788R22FWJFW

2008-11-13 19:39 . 2008-11-13 19:39 61,440 --a------ c:\windows\System32\drivers\iwrijzk.sys

2008-11-12 17:15 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-11-12 17:15 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2008-11-12 17:15 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-11 18:58 . 2008-11-11 18:58 <DIR> d-------- c:\program files\Marvell

2008-11-11 18:51 . 2008-11-11 18:51 <DIR> d-------- c:\program files\Intel Corporation

2008-11-11 13:42 . 2008-11-11 13:42 <DIR> d-------- c:\program files\Enigma Software Group

2008-11-09 16:34 . 2008-11-09 16:43 <DIR> d-------- c:\users\Dah L33T LapTop\AppData\Roaming\Hamachi

2008-11-09 16:34 . 2008-11-09 16:34 25,280 --a------ c:\windows\System32\drivers\hamachi.sys

2008-11-08 21:33 . 2008-11-08 21:33 <DIR> d-------- c:\users\Dah L33T LapTop\AppData\Roaming\dvdcss

2008-11-08 18:25 . 2008-11-08 18:29 <DIR> d-------- c:\users\Dah L33T LapTop\AppData\Roaming\Ashampoo

2008-11-08 18:25 . 2008-11-08 18:25 <DIR> d-------- c:\users\All Users\ashampoo

2008-11-08 18:25 . 2008-11-08 18:25 <DIR> d-------- c:\programdata\ashampoo

2008-11-05 16:19 . 2008-11-05 16:19 <DIR> d-------- c:\users\All Users\NOS

2008-11-05 16:19 . 2008-11-05 16:19 <DIR> d-------- c:\programdata\NOS

2008-11-05 16:19 . 2008-11-05 16:19 <DIR> d-------- c:\program files\NOS

2008-11-02 16:17 . 2008-08-06 14:26 13,576,736 --a------ c:\windows\System32\nvcpl.dll

2008-11-02 16:17 . 2008-07-15 05:27 118,784 --a------ c:\windows\System32\nvcod131.dll

2008-11-02 16:17 . 2008-07-15 05:27 8,664 --a------ c:\windows\System32\nvdisp.nvu

2008-10-29 19:40 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\System32\d3dx9_34.dll

2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d--h----- c:\program files\Temp

2008-10-28 19:37 . 2008-10-28 19:39 <DIR> d-------- c:\program files\Realtek

2008-10-28 19:37 . 2008-10-28 19:37 2,346,016 --a------ c:\windows\System32\RtkAPO.dll

2008-10-28 18:18 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll

2008-10-28 18:18 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll

2008-10-28 18:18 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

2008-10-26 08:54 . 2008-10-22 19:42 958,464 --a------ c:\windows\System32\nvsvcr.dll

2008-10-26 08:54 . 2008-10-22 19:42 122,880 --a------ c:\windows\System32\nvcod135.dll

2008-10-26 08:54 . 2008-08-06 14:26 92,704 --a------ c:\windows\System32\nvmctray.dll

2008-10-26 08:54 . 2008-10-22 19:42 4,160 --a------ c:\windows\System32\drivers\nvBridge.kmd

2008-10-25 00:24 . 2008-10-25 00:24 <DIR> d-------- c:\program files\LITEON

2008-10-25 00:23 . 2008-10-25 00:23 <DIR> d-------- c:\windows\Downloaded Installations

2008-10-25 00:16 . 2008-02-25 15:28 238,080 --a------ c:\windows\System32\ITEIO_64.dll

2008-10-25 00:16 . 2008-02-25 15:29 14,544 --a------ c:\windows\System32\drivers\TVicPort.sys

2008-10-25 00:16 . 2008-02-25 15:29 6,080 --a------ c:\windows\System32\drivers\zntport.sys

2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\windows\Sun

2008-10-23 20:39 . 2008-10-23 20:39 <DIR> d-------- C:\directx

2008-10-23 19:54 . 2008-10-23 19:54 277 --a------ c:\windows\game.ini

2008-10-21 14:52 . 2008-10-21 14:52 268 --ah----- C:\sqmdata02.sqm

2008-10-21 14:52 . 2008-10-21 14:52 244 --ah----- C:\sqmnoopt02.sqm

2008-10-20 16:59 . 2008-11-13 19:24 <DIR> dr------- c:\users\Dah L33T LapTop\Downloads

2008-10-19 18:50 . 2008-10-19 18:50 268 --ah----- C:\sqmdata01.sqm

2008-10-19 18:50 . 2008-10-19 18:50 244 --ah----- C:\sqmnoopt01.sqm

2008-10-18 00:58 . 2008-10-18 00:58 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-10-15 19:15 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys

2008-10-15 18:18 . 2008-10-15 18:18 <DIR> d-------- c:\users\Dah L33T LapTop\AppData\Roaming\Acreon

2008-10-15 10:52 . 2008-10-15 10:52 <DIR> d-------- c:\users\All Users\Blizzard

2008-10-15 10:52 . 2008-10-15 10:52 <DIR> d-------- c:\programdata\Blizzard

2008-10-13 16:14 . 2008-09-12 02:05 122,880 --a------ c:\windows\System32\nvcod134.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-12 20:42 794 ----a-w c:\program files\cwwvwplu.txt

2008-11-12 19:39 202,320 ----a-w c:\windows\System32\PnkBstrB.exe

2008-11-12 19:39 138,408 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-11-12 17:07 --------- d-----w c:\programdata\Microsoft Help

2008-11-12 07:22 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\uTorrent

2008-11-12 07:10 --------- d-----w c:\programdata\NVIDIA

2008-11-11 17:49 663,552 ----a-w c:\windows\System32\NETw5c32.dll

2008-11-11 17:49 3,664,384 ----a-w c:\windows\system32\drivers\NETw5v32.sys

2008-11-11 17:49 2,756,608 ----a-w c:\windows\System32\NETw5r32.dll

2008-11-11 12:39 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\LimeWire

2008-11-07 15:24 32,821 ----a-w c:\users\All Users\nvModes.dat

2008-11-07 15:24 32,821 ----a-w c:\programdata\nvModes.dat

2008-11-07 15:23 --------- d-----w c:\program files\Common Files\Steam

2008-11-06 19:53 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Winamp

2008-11-06 18:23 794 ----a-w c:\program files\houvggv.txt

2008-11-06 14:02 --------- d-----w c:\program files\Common Files\Adobe

2008-11-05 20:15 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2008-11-05 15:27 98,320 ----a-w c:\windows\system32\drivers\cmdguard.sys

2008-11-05 15:27 25,104 ----a-w c:\windows\system32\drivers\cmdhlp.sys

2008-11-05 15:27 143,096 ----a-w c:\windows\System32\guard32.dll

2008-10-29 18:34 682,280 ----a-w c:\windows\System32\pbsvc.exe

2008-10-29 18:34 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2008-10-29 18:34 22,328 ----a-w c:\users\Dah L33T LapTop\AppData\Roaming\PnkBstrK.sys

2008-10-29 18:34 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-24 23:01 53,248 ----a-w c:\windows\System32\CSVer.dll

2008-10-22 18:42 801,312 ----a-w c:\windows\System32\nvcplui.exe

2008-10-22 18:42 1,108,512 ----a-w c:\windows\System32\nvcpluir.dll

2008-10-22 15:55 453,152 ----a-w c:\windows\System32\nvuninst.exe

2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-21 06:20 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-15 18:57 --------- d-----w c:\program files\Windows Mail

2008-10-07 10:05 --------- d-----w c:\program files\Acer GameZone

2008-10-07 10:01 --------- d-----w c:\program files\Windows Live

2008-10-06 12:34 --------- d-----w c:\program files\Trend Micro

2008-10-06 12:17 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\PCF-VLC

2008-10-06 12:15 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\JLC's Software

2008-10-06 12:14 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Participatory Culture Foundation

2008-10-05 18:34 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\vlc

2008-10-05 11:20 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\AusLogics

2008-10-04 17:01 --------- d-----w c:\programdata\CyberLink

2008-10-04 16:52 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\CyberLink

2008-10-04 15:33 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\InstallShield Installation Information

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-30 04:47 --------- d-----w c:\program files\Xvid

2008-09-27 19:36 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Ventrilo

2008-09-27 13:46 --------- d-----w c:\program files\Common Files\InstallShield

2008-09-27 10:50 --------- d-----w c:\program files\ElcomSoft

2008-09-26 13:39 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\IObit

2008-09-23 17:51 --------- d-----w c:\programdata\Avira

2008-09-22 13:00 --------- d-----w c:\program files\Java

2008-09-22 12:59 --------- d-----w c:\program files\Common Files\Java

2008-09-22 12:57 --------- d-----w c:\program files\UltraMon

2008-09-21 18:37 28,728 ----a-w c:\windows\system32\drivers\msahci.sys

2008-09-21 18:37 21,560 ----a-w c:\windows\system32\drivers\atapi.sys

2008-09-21 18:01 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Realtime Soft

2008-09-21 18:01 --------- d-----w c:\programdata\Realtime Soft

2008-09-21 12:40 --------- d-----w c:\program files\Cyberlink

2008-09-21 12:27 --------- d-----w c:\program files\eSobi

2008-09-21 12:03 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-09-21 12:03 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Malwarebytes

2008-09-21 12:03 --------- d-----w c:\programdata\Malwarebytes

2008-09-21 12:02 --------- d-----w c:\programdata\WLInstaller

2008-09-21 11:35 92,704 ----a-w c:\windows\System32\nvhotkey.dll

2008-09-21 11:35 313,888 ----a-w c:\windows\System32\nvexpbar.dll

2008-09-21 11:35 217,088 ----a-w c:\windows\System32\oemdspif.dll

2008-09-21 10:44 --------- d-----w c:\programdata\SiteAdvisor

2008-09-21 10:23 --------- d-----w c:\program files\MSXML 4.0

2008-09-21 10:18 --------- d-----w c:\programdata\Comodo

2008-09-21 10:17 --------- d-----w c:\program files\Acer

2008-09-21 09:50 --------- d-----w c:\program files\Acer Inc

2008-09-21 09:50 --------- d-----w c:\program files\Acer Arcade Deluxe

2008-09-21 09:40 --------- d-----w c:\programdata\eSobi

2008-09-21 09:31 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Yahoo!

2008-09-21 09:30 --------- d-----w c:\program files\Launch Manager

2008-09-21 09:29 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Acer

2008-09-21 09:27 --------- d-----w c:\program files\SuYin

2008-09-21 09:26 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\InstallShield

2008-09-21 09:24 --------- d-----w c:\program files\WIDCOMM

2008-09-21 09:22 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Comodo

2008-09-21 09:07 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-09-21 08:56 --------- d-sh--w c:\programdata\Start-meny

2008-09-21 08:56 --------- d-sh--w c:\programdata\Skrivebord

2008-09-21 08:56 --------- d-sh--w c:\programdata\Programdata

2008-09-21 08:56 --------- d-sh--w c:\programdata\Maler

2008-09-21 08:56 --------- d-sh--w c:\programdata\Favoritter

2008-09-21 08:56 --------- d-sh--w c:\programdata\Dokumenter

2008-09-21 08:56 --------- d-sh--w c:\program files\Fellesfiler

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll

2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe

2008-08-18 09:04 270,336 ----a-w c:\windows\System32\ykx32mpcoinst.dll

2008-08-15 09:10 638,976 ----a-w c:\windows\System32\ykx32ncu.dll

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((( snapshot_2008-11-06_20.23.32,83 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-05 14:26:05 51,200 ----a-w c:\windows\inf\infpub.dat

+ 2008-11-11 18:03:09 51,200 ----a-w c:\windows\inf\infpub.dat

- 2008-11-05 14:26:05 86,016 ----a-w c:\windows\inf\infstor.dat

+ 2008-11-11 18:03:08 86,016 ----a-w c:\windows\inf\infstor.dat

- 2008-11-05 14:26:05 143,360 ----a-w c:\windows\inf\infstrng.dat

+ 2008-11-11 18:03:09 143,360 ----a-w c:\windows\inf\infstrng.dat

- 2008-10-17 23:59:12 5,120 ----a-r c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe

+ 2008-11-08 10:37:01 5,120 ----a-r c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe

+ 2008-11-12 17:06:47 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe

- 2008-10-15 18:18:18 20,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-11-12 17:07:18 20,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-10-15 18:18:18 184,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-11-12 17:07:18 184,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

- 2008-10-15 18:18:18 217,864 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

+ 2008-11-12 17:07:18 217,864 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

- 2008-10-15 18:18:18 18,704 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-11-12 17:07:18 18,704 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-10-15 18:18:18 35,088 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-11-12 17:07:19 35,088 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-10-15 18:18:18 922,384 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-11-12 17:07:18 922,384 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

- 2008-10-15 18:18:18 888,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-11-12 17:07:19 888,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-10-15 18:18:18 1,172,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-11-12 17:07:18 1,172,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-11-06 18:17:34 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-11-13 18:33:57 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-11-13 18:33:57 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-11-06 18:17:39 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-11-13 18:33:52 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-11-13 18:33:52 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-11-06 14:32:37 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-11-13 14:32:40 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-11-06 14:32:37 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-11-13 14:32:40 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-11-06 14:32:37 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-11-13 14:32:40 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-11-06 19:18:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2008-11-13 18:40:19 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2008-11-13 18:40:19 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-06-27 13:03:55 75,072 ----a-w c:\windows\System32\drivers\avipbb.sys

+ 2008-11-11 14:34:51 75,072 ----a-w c:\windows\System32\drivers\avipbb.sys

- 2008-07-15 04:27:00 7,273,984 ----a-w c:\windows\System32\drivers\nvlddmkm.sys

+ 2008-08-06 13:26:00 7,317,536 ----a-w c:\windows\System32\drivers\nvlddmkm.sys

+ 2008-07-16 09:11:00 58,880 ----a-w c:\windows\System32\drivers\yk60x32l.sys

+ 2008-07-10 09:11:00 20,480 ----a-w c:\windows\System32\drivers\yk60x32v.sys

- 2008-02-21 09:55:00 299,008 ----a-w c:\windows\System32\drivers\yk60x86.sys

+ 2008-08-18 09:04:00 304,640 ----a-w c:\windows\System32\drivers\yk60x86.sys

+ 2008-11-11 17:49:40 663,552 ----a-w c:\windows\System32\DriverStore\FileRepository\netw5v32.inf_3c71595c\NETw5c32.dll

+ 2008-11-11 17:49:40 2,756,608 ----a-w c:\windows\System32\DriverStore\FileRepository\netw5v32.inf_3c71595c\NETw5r32.dll

+ 2008-11-11 17:49:41 3,664,384 ----a-w c:\windows\System32\DriverStore\FileRepository\netw5v32.inf_3c71595c\NETw5v32.sys

+ 2008-08-06 13:26:00 795,104 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\dpinst.exe

+ 2008-08-06 13:26:00 483,328 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvapi.dll

+ 2008-08-06 13:26:00 122,880 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvcod.dll

+ 2008-08-06 13:26:00 143,360 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvcolor.exe

+ 2008-08-06 13:26:00 13,576,736 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvcpl.dll

+ 2008-08-06 13:26:00 797,216 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvcplui.exe

+ 2008-08-06 13:26:00 1,108,512 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvcpluir.dll

+ 2008-08-06 13:26:00 1,482,752 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvcuda.dll

+ 2008-08-06 13:26:00 5,959,680 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvd3dum.dll

+ 2008-08-06 13:26:00 3,996,192 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvdisps.dll

+ 2008-08-06 13:26:00 5,806,624 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvdispsr.dll

+ 2008-08-06 13:26:00 3,447,328 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvgames.dll

+ 2008-08-06 13:26:00 3,463,712 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvgamesr.dll

+ 2008-08-06 13:26:00 7,317,536 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvlddmkm.sys

+ 2008-08-06 13:26:00 236,064 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvmccs.dll

+ 2008-08-06 13:26:00 45,056 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvmccsrs.dll

+ 2008-08-06 13:26:00 195,104 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvmccss.dll

+ 2008-08-06 13:26:00 465,440 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvmccssr.dll

+ 2008-08-06 13:26:00 92,704 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvmctray.dll

+ 2008-08-06 13:26:00 1,264,160 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvmobls.dll

+ 2008-08-06 13:26:00 2,861,600 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvmoblsr.dll

+ 2008-08-06 13:26:00 9,011,200 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvoglv32.dll

+ 2008-08-06 13:26:00 612,896 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvsvc.dll

+ 2008-08-06 13:26:00 1,272,352 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvsvs.dll

+ 2008-08-06 13:26:00 711,200 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvsvsr.dll

+ 2008-08-06 13:26:00 453,152 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvudisp.exe

+ 2008-08-06 13:26:00 3,770,912 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvvitvs.dll

+ 2008-08-06 13:26:00 4,155,936 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvvitvsr.dll

+ 2008-08-06 13:26:00 196,608 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvvsvc.exe

+ 2008-08-06 13:26:00 2,501,632 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvwgf2um.dll

+ 2008-08-06 13:26:00 2,693,664 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvwss.dll

+ 2008-08-06 13:26:00 2,988,576 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_5f864a64\nvwssr.dll

+ 2008-07-16 09:11:00 58,880 ----a-w c:\windows\System32\DriverStore\FileRepository\yk60x32lm.inf_501c3f2e\yk60x32l.sys

+ 2008-07-10 09:11:00 11,264 ----a-w c:\windows\System32\DriverStore\FileRepository\yk60x32lm.inf_501c3f2e\ykx32coinst.dll

+ 2008-07-16 09:11:00 44,032 ----a-w c:\windows\System32\DriverStore\FileRepository\yk60x32lp.inf_c9697931\yk60x32l.dll

+ 2008-07-16 09:11:00 58,880 ----a-w c:\windows\System32\DriverStore\FileRepository\yk60x32lp.inf_c9697931\yk60x32l.sys

+ 2008-07-10 09:11:00 20,480 ----a-w c:\windows\System32\DriverStore\FileRepository\yk60x32vm.inf_9e8cbf72\yk60x32v.sys

+ 2008-07-10 09:11:00 11,264 ----a-w c:\windows\System32\DriverStore\FileRepository\yk60x32vm.inf_9e8cbf72\ykx32coinst.dll

+ 2008-07-10 09:11:00 60,416 ----a-w c:\windows\System32\DriverStore\FileRepository\yk60x32vp.inf_17d9f975\yk60x32v.dll

+ 2008-07-10 09:11:00 20,480 ----a-w c:\windows\System32\DriverStore\FileRepository\yk60x32vp.inf_17d9f975\yk60x32v.sys

+ 2008-08-18 09:04:00 304,640 ----a-w c:\windows\System32\DriverStore\FileRepository\yk60x86.inf_489efd72\yk60x86.sys

+ 2008-08-18 09:04:00 270,336 ----a-w c:\windows\System32\DriverStore\FileRepository\yk60x86.inf_489efd72\ykx32mpcoinst.dll

- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\System32\mrt.exe

+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\System32\mrt.exe

- 2008-07-15 04:27:00 483,328 ----a-w c:\windows\System32\nvapi.dll

+ 2008-08-06 13:26:00 483,328 ----a-w c:\windows\System32\nvapi.dll

- 2008-07-15 04:27:00 118,784 ----a-w c:\windows\System32\nvcod.dll

+ 2008-08-06 13:26:00 122,880 ----a-w c:\windows\System32\nvcod.dll

+ 2008-08-06 13:26:00 122,880 ----a-w c:\windows\System32\nvcod133.dll

- 2008-07-15 04:27:00 118,784 ----a-w c:\windows\System32\nvcodh.dll

+ 2008-08-06 13:26:00 122,880 ----a-w c:\windows\System32\nvcodh.dll

- 2008-07-15 04:27:00 118,784 ----a-w c:\windows\System32\nvcodhins.dll

+ 2008-08-06 13:26:00 122,880 ----a-w c:\windows\System32\nvcodhins.dll

- 2008-07-15 04:27:00 150,048 ----a-w c:\windows\System32\nvcolor.exe

+ 2008-08-06 13:26:00 143,360 ----a-w c:\windows\System32\nvcolor.exe

- 2008-07-15 04:27:00 1,482,752 ----a-w c:\windows\System32\nvcuda.dll

+ 2008-08-06 13:26:00 1,482,752 ----a-w c:\windows\System32\nvcuda.dll

- 2008-07-15 04:27:00 5,951,488 ----a-w c:\windows\System32\nvd3dum.dll

+ 2008-08-06 13:26:00 5,959,680 ----a-w c:\windows\System32\nvd3dum.dll

- 2008-07-15 04:27:00 3,996,192 ----a-w c:\windows\System32\nvdisps.dll

+ 2008-08-06 13:26:00 3,996,192 ----a-w c:\windows\System32\nvdisps.dll

- 2008-07-15 04:27:00 5,806,624 ----a-w c:\windows\System32\nvdispsr.dll

+ 2008-08-06 13:26:00 5,806,624 ----a-w c:\windows\System32\nvdispsr.dll

- 2008-07-15 04:27:00 3,447,328 ----a-w c:\windows\System32\nvgames.dll

+ 2008-08-06 13:26:00 3,447,328 ----a-w c:\windows\System32\nvgames.dll

- 2008-07-15 04:27:00 3,463,712 ----a-w c:\windows\System32\nvgamesr.dll

+ 2008-08-06 13:26:00 3,463,712 ----a-w c:\windows\System32\nvgamesr.dll

- 2008-07-15 04:27:00 236,064 ----a-w c:\windows\System32\nvmccs.dll

+ 2008-08-06 13:26:00 236,064 ----a-w c:\windows\System32\nvmccs.dll

- 2008-07-15 04:27:00 45,056 ----a-w c:\windows\System32\nvmccsrs.dll

+ 2008-08-06 13:26:00 45,056 ----a-w c:\windows\System32\nvmccsrs.dll

- 2008-07-15 04:27:00 195,104 ----a-w c:\windows\System32\nvmccss.dll

+ 2008-08-06 13:26:00 195,104 ----a-w c:\windows\System32\nvmccss.dll

- 2008-07-15 04:27:00 465,440 ----a-w c:\windows\System32\nvmccssr.dll

+ 2008-08-06 13:26:00 465,440 ----a-w c:\windows\System32\nvmccssr.dll

- 2008-07-15 04:27:00 1,264,160 ----a-w c:\windows\System32\nvmobls.dll

+ 2008-08-06 13:26:00 1,264,160 ----a-w c:\windows\System32\nvmobls.dll

- 2008-07-15 04:27:00 2,861,600 ----a-w c:\windows\System32\nvmoblsr.dll

+ 2008-08-06 13:26:00 2,861,600 ----a-w c:\windows\System32\nvmoblsr.dll

- 2008-07-15 04:27:00 9,003,008 ----a-w c:\windows\System32\nvoglv32.dll

+ 2008-08-06 13:26:00 9,011,200 ----a-w c:\windows\System32\nvoglv32.dll

- 2008-07-15 04:27:00 608,800 ----a-w c:\windows\System32\nvsvc.dll

+ 2008-08-06 13:26:00 612,896 ----a-w c:\windows\System32\nvsvc.dll

- 2008-07-15 04:27:00 1,272,352 ----a-w c:\windows\System32\nvsvs.dll

+ 2008-08-06 13:26:00 1,272,352 ----a-w c:\windows\System32\nvsvs.dll

- 2008-07-15 04:27:00 137,760 ----a-w c:\windows\System32\nvsvsr.dll

+ 2008-08-06 13:26:00 711,200 ----a-w c:\windows\System32\nvsvsr.dll

- 2008-07-15 04:27:00 446,464 ----a-w c:\windows\System32\nvudisp.exe

+ 2008-08-06 13:26:00 453,152 ----a-w c:\windows\System32\nvudisp.exe

- 2008-07-15 04:27:00 3,766,816 ----a-w c:\windows\System32\nvvitvs.dll

+ 2008-08-06 13:26:00 3,770,912 ----a-w c:\windows\System32\nvvitvs.dll

- 2008-07-15 04:27:00 4,155,936 ----a-w c:\windows\System32\nvvitvsr.dll

+ 2008-08-06 13:26:00 4,155,936 ----a-w c:\windows\System32\nvvitvsr.dll

- 2008-07-15 04:27:00 196,608 ----a-w c:\windows\System32\nvvsvc.exe

+ 2008-08-06 13:26:00 196,608 ----a-w c:\windows\System32\nvvsvc.exe

- 2008-07-15 04:27:00 2,496,512 ----a-w c:\windows\System32\nvwgf2um.dll

+ 2008-08-06 13:26:00 2,501,632 ----a-w c:\windows\System32\nvwgf2um.dll

- 2008-07-15 04:27:00 2,693,664 ----a-w c:\windows\System32\nvwss.dll

+ 2008-08-06 13:26:00 2,693,664 ----a-w c:\windows\System32\nvwss.dll

- 2008-07-15 04:27:00 2,988,576 ----a-w c:\windows\System32\nvwssr.dll

+ 2008-08-06 13:26:00 2,988,576 ----a-w c:\windows\System32\nvwssr.dll

- 2008-11-06 18:22:44 101,250 ----a-w c:\windows\System32\perfc009.dat

+ 2008-11-13 18:39:38 101,250 ----a-w c:\windows\System32\perfc009.dat

- 2008-11-06 18:22:44 76,478 ----a-w c:\windows\System32\perfc014.dat

+ 2008-11-13 18:39:38 76,478 ----a-w c:\windows\System32\perfc014.dat

- 2008-11-06 18:22:44 587,178 ----a-w c:\windows\System32\perfh009.dat

+ 2008-11-13 18:39:38 587,178 ----a-w c:\windows\System32\perfh009.dat

- 2008-11-06 18:22:44 452,326 ----a-w c:\windows\System32\perfh014.dat

+ 2008-11-13 18:39:38 452,326 ----a-w c:\windows\System32\perfh014.dat

- 2008-10-31 23:04:32 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2008-11-13 18:31:58 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2008-11-06 18:18:01 8,642 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-283551383-3393271654-1372367075-1000_UserData.bin

+ 2008-11-13 18:35:01 8,978 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-283551383-3393271654-1372367075-1000_UserData.bin

- 2008-11-06 18:18:00 83,046 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-11-13 18:35:01 83,270 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-11-06 18:18:00 51,134 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-11-13 18:35:01 52,490 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-10-24 23:40:46 97,946 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-11-10 21:35:59 122,180 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-07-16 09:11:00 44,032 ----a-w c:\windows\System32\yk60x32l.dll

+ 2008-07-10 09:11:00 60,416 ----a-w c:\windows\System32\yk60x32v.dll

+ 2008-11-12 20:42:13 1,729,859 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-09-05 04:48:28 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3.dll

+ 2008-09-05 04:45:14 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3r.dll

+ 2008-09-05 04:47:44 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3.dll

+ 2008-09-05 04:47:44 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3r.dll

+ 2008-09-05 05:14:05 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3.dll

+ 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3r.dll

+ 2008-09-05 05:08:23 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3.dll

+ 2008-09-05 05:04:53 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3r.dll

+ 2008-09-10 03:25:00 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6.dll

+ 2008-09-10 03:21:24 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6r.dll

+ 2008-09-10 03:26:42 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6.dll

+ 2008-09-10 03:26:42 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6r.dll

+ 2008-09-10 03:40:14 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6.dll

+ 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6r.dll

+ 2008-09-10 03:27:55 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6.dll

+ 2008-09-10 03:23:55 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6r.dll

+ 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16764_none_f064ff046e80cc5f\OESpamFilter.dat

+ 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20937_none_f1120e5787836182\OESpamFilter.dat

+ 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18157_none_f2590e746b9c8d64\OESpamFilter.dat

+ 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22288_none_f2c33bc584d19a58\OESpamFilter.dat

+ 2008-08-26 01:11:59 211,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16738_none_86a5e1554e593846\mrxsmb10.sys

+ 2008-08-27 00:48:36 211,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.20904_none_874beea267621c08\mrxsmb10.sys

+ 2008-08-27 01:05:41 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18130_none_88841dab4b86fe7f\mrxsmb10.sys

+ 2008-08-27 00:52:38 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22252_none_88fa1b3264b308d9\mrxsmb10.sys

+ 2008-11-12 17:06:47 1,286,152 ----a-w c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b\msxml4.dll

+ 2008-11-12 17:06:50 91,656 ----a-w c:\windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d\msxml4r.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"DriverMax"="d:\drivermax\devices.exe" [2008-11-10 5347672]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="d:\avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-28 6335008]

"COMODO Firewall Pro"="d:\comodo\Firewall\cfp.exe" [2008-11-05 1797880]

"COMODO Internet Security"="d:\comodo\Firewall\cfp.exe" [2008-11-05 1797880]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-06 13576736]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-06 92704]

"Malwarebytes Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2008-10-22 1261200]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableStatusMessages"= 1 (0x1)

"DisableStartupSound"= 1 (0x1)

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= c:\windows\system32\guard32.dll

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]

backup=c:\windows\pss\Acer VCM.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

-ra------ 2008-09-26 11:02 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]

--------- 2008-04-10 15:30 147456 c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

--a------ 2008-04-06 21:42 34040 c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

--------- 2008-04-10 15:30 167936 c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]

--------- 2008-03-07 02:36 544768 c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

--a------ 2008-03-04 22:38 526896 c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]

--a------ 2008-04-30 18:02 397312 c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

--a------ 2008-04-01 02:01 793096 c:\progra~1\LAUNCH~1\LManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]

--------- 2008-04-18 14:18 167936 c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2008-02-22 20:50 1037608 c:\program files\Synaptics\SynTP\SynTPEnh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

--a------ 2008-01-29 08:03 303104 c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-08-04 00:02 36352 d:\winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-01-21 03:23 1008184 c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-283551383-3393271654-1372367075-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C2484D3D-1116-48C4-BFB8-B91B14183680}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{360331AF-0526-4036-8C9C-082A9741303E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A60AD18A-2C14-44CC-BD60-C6C11FC66FEC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F0ED5C80-031A-42D7-AC02-276BBDB43C1E}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM

"{825E1D77-3D30-470B-A386-04056CDD27BE}"= UDP:d:\utorrent\uTorrent.exe:µTorrent (TCP-In)

"{5FC90F3E-F89B-48C6-BC14-7A076996F39C}"= TCP:d:\utorrent\uTorrent.exe:µTorrent (UDP-In)

"{E0D7E821-B200-408B-9A95-FAB595A18E8F}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{5A91D12D-2525-4F45-955A-B58B6F59F9D8}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{3C51D6BC-65D2-4F47-B1F1-DCA2CE4444F3}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{306C9E70-1147-4C33-BED8-40599F5AE5A3}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{2207945A-421A-49DD-9DEA-C6A0E1EB0F17}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-11-05 98320]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-05 25104]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 14:01 61424]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-11 3664384]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-22 43040]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2008-08-18 304640]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

S3 btwaudio;Bluetooth-lydenhet;c:\windows\system32\drivers\btwaudio.sys [2008-02-14 80424]

S3 btwavdt;Bluetooth AVDT;c:\windows\system32\drivers\btwavdt.sys [2007-07-16 80936]

S3 btwrchid;btwrchid;c:\windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]

S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\DRIVERS\yk60x32l.sys [2008-07-16 58880]

S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\DRIVERS\yk60x32v.sys [2008-07-10 20480]

S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-11-07 99576]

S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-13 c:\windows\Tasks\AWC Startup.job

- d:\advanced systemcare 3\AWC.exe [2008-11-06 11:12]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\users\Dah L33T LapTop\AppData\Roaming\Mozilla\Firefox\Profiles\mp2hby2n.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - c:\users\Dah L33T LapTop\AppData\Roaming\Mozilla\Firefox\Profiles\mp2hby2n.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll

FF -: plugin - d:\firefox\plugins\np-mswmp.dll

FF -: plugin - d:\firefox\plugins\np_gp.dll

FF -: plugin - d:\firefox\plugins\np32dsw.dll

FF -: plugin - d:\firefox\plugins\npbittorrent.dll

FF -: plugin - d:\firefox\plugins\npLegitCheckPlugin.dll

FF -: plugin - d:\firefox\plugins\npnul32.dll

FF -: plugin - d:\firefox\plugins\nppdf32.dll

FF -: plugin - d:\vlc\npvlc.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-13 19:45:26

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-13 19:47:26

ComboFix-quarantined-files.txt 2008-11-13 18:47:15

ComboFix2.txt 2008-11-06 19:24:36

ComboFix3.txt 2008-11-06 18:32:33

ComboFix4.txt 2008-11-06 17:27:13

ComboFix5.txt 2008-11-13 18:40:09

 

Pre-Run: 107 362 181 120 byte ledig

Post-Run: 107,455,705,088 byte ledig

 

511 --- E O F --- 2008-11-12 17:08:54

 

 

 

Klikk for å se/fjerne innholdet nedenfor
en ting som plager meg er hvorfor combofix er bruker så lang tid etter "completed stage 32"
raWrz

raWrz

Skrevet
  • Forfatter
Skrevet

Klikk for å se/fjerne innholdet nedenfor
Malwarebytes' Anti-Malware 1.30

Database versjon: 1395

Windows 6.0.6001 Service Pack 1

 

13.11.2008 19:39:03

mbam-log-2008-11-13 (19-39-03).txt

 

Skanntype: Rask Skann

Objekter skannet: 42471

Tid tilbakelagt: 4 minute(s), 28 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 7

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.

 

de filene jeg prata på ble borte etter reboot :s

 

men disse blir alrdi borte :hmmm:

norbat

norbat

Skrevet
Skrevet (endret)

Er det slik at mbam finner filene i sikker modus også?

 

Jeg tror at det beste nå er å opprette en tråd hos Malwarebytes. Prøv først i 'False Positives'-kategorien. Legg med en HJT-logg og en MBAM-logg (nye).

Endret av norbat
raWrz

raWrz

Skrevet
  • Forfatter
Skrevet

har nå oppdatert mbam til database verson: 1397 og definisjon: 56599 og da finner ikke Mbam de lenger? så kansje det var false positiv?

snippsat

snippsat

Skrevet
Skrevet
Mbam de lenger? så kansje det var false positiv?

Ser ut som en liten feil eller falsk posetiv fra MBAM sin side,som spillte oss et litt ut over sidelinjen.

Da skulle det vel være greit.

norbat

norbat

Skrevet
Skrevet
har nå oppdatert mbam til database verson: 1397 og definisjon: 56599 og da finner ikke Mbam de lenger? så kansje det var false positiv?

 

Ja, hvis du ikke har fjernet noe? i mellomtiden, så ser jeg ingen annen forklaring på at i dette tilfellet var det falsk alarm (eller rett og slett en bug i programmet)

raWrz

raWrz

Skrevet
  • Forfatter
Skrevet

har prøvd og sletta filene med avenger men det kommer bare error på alle de så tror ikke på false positiv fra Mbam :s skal poste avenger logg når jeg finer den :s

norbat

norbat

Skrevet
Skrevet

Hvis du har lagt inn en tråd på malwarebytes, så avventer du hva de kommer fram til. Hvis dette er malware, så blir de opprettet av noe annet som ligger på pc'n din, så det er liten vits i å slette dem (noe som tydeligvis ikke går - ennå)

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...