Enya Skrevet 1. juni 2009 Rapporter Del Skrevet 1. juni 2009 MBAM Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.37 Databaseversjon: 2201 Windows 5.1.2600 Service Pack 3 31.05.2009 19:21:48 mbam-log-2009-05-31 (19-21-48).txt Skanntype: Rask Skann Objekter skannet: 94957 Tid tilbakelagt: 8 minute(s), 37 second(s) Minneprosesser infisert: 2 Minnemoduler infisert: 1 Registernøkler infisert: 15 Registerverdier infisert: 5 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 16 Minneprosesser infisert: C:\Programfiler\websrvx\websrvx.exe (Trojan.Downloader) -> Unloaded process successfully. C:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Unloaded process successfully. Minnemoduler infisert: C:\Programfiler\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot. Registernøkler infisert: HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.Koobface) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Programfiler\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully. Filer infisert: C:\WINDOWS\pp10.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Programfiler\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot. c:\programfiler\websrvx\websrvx.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\freddy43.exe (Worm.KoobFace) -> Quarantined and deleted successfully. c:\WINDOWS\freddy44.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\ld08.exe (Worm.Koobface) -> Quarantined and deleted successfully. c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\f5087.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysloc\sysloc.dll (Trojan.BHO) -> Quarantined and deleted successfully. c:\WINDOWS\sonce122712.dat (Worm.KoobFace) -> Quarantined and deleted successfully. c:\WINDOWS\sonce122713.dat (Worm.KoobFace) -> Quarantined and deleted successfully. c:\WINDOWS\sonce122739.dat (Worm.KoobFace) -> Quarantined and deleted successfully. c:\WINDOWS\sonce123198.dat (Worm.KoobFace) -> Quarantined and deleted successfully. Combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 09-05-31.02 - suskol 01.06.2009 0:10.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2038.1385 [GMT 2:00] Kjører fra: c:\documents and settings\suskol\Skrivebord\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\suskol\Programdata\inst.exe c:\windows\system32\sysloc ----- BITS: Mulige infiserte sider ----- hxxp://ped-01wsus . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-28 til 2009-05-31 ))))))))))))))))))))))))))))))))) . 2009-05-31 16:58 . 2009-05-31 16:58 -------- d-----w- c:\documents and settings\suskol\Programdata\Malwarebytes 2009-05-31 16:58 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-31 16:58 . 2009-05-31 16:58 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-05-31 16:58 . 2009-05-31 16:58 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-05-31 16:58 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-29 22:52 . 2009-05-29 22:52 -------- d-----r- c:\documents and settings\LocalService\Favoritter 2009-05-13 07:39 . 2009-05-13 07:39 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-05-13 07:04 . 2001-10-06 12:02 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-05-13 07:04 . 2008-04-14 07:22 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-05-13 07:04 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-05-13 07:04 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-05-11 09:28 . 2009-05-10 08:00 259368 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\ECMSVR32.DLL 2009-05-11 09:28 . 2009-02-18 19:41 2414128 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\CCERASER.DLL 2009-05-11 09:28 . 2009-02-12 23:04 876144 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\NAVEX15.SYS 2009-05-11 09:28 . 2009-02-12 23:04 89104 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\NAVENG.SYS 2009-05-11 09:28 . 2009-02-12 23:03 1181040 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\NAVEX32A.DLL 2009-05-11 09:28 . 2009-02-12 23:03 177520 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\NAVENG32.DLL 2009-05-11 09:28 . 2009-02-06 19:26 101936 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\ERASER.SYS 2009-05-11 09:28 . 2009-02-06 19:26 371248 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\EECTRL.SYS . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-31 22:04 . 2008-04-29 08:37 -------- d-----w- c:\programfiler\Symantec AntiVirus 2009-05-31 17:23 . 2008-11-13 09:12 -------- d-----w- c:\programfiler\GamesBar 2009-05-27 21:03 . 2008-11-05 07:20 -------- d-----w- c:\documents and settings\All Users\Programdata\FLEXnet 2009-05-27 11:30 . 2008-05-06 07:19 -------- d-----w- c:\programfiler\Clue 2009-05-06 07:16 . 2009-01-23 12:05 -------- d-----w- c:\programfiler\Google 2009-04-28 11:13 . 2008-04-09 04:10 80620 ----a-w- c:\windows\system32\perfc014.dat 2009-04-28 11:13 . 2008-04-09 04:10 445362 ----a-w- c:\windows\system32\perfh014.dat 2009-04-28 11:12 . 2008-04-08 12:52 69696 ----a-w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-04-28 11:11 . 2009-04-01 11:44 69696 ----a-w- c:\documents and settings\suskol\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-04-28 11:01 . 2008-04-08 11:25 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-03-06 14:24 . 2008-04-09 04:10 284160 ----a-w- c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2008-04-09 04:10 826368 ----a-w- c:\windows\system32\wininet.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F6C23D6-854C-497f-9275-439C89CF1F68}] 2007-10-23 23:47 282112 ----a-w- c:\windows\system32\mscoree.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="c:\programfiler\MessengerPlus! 3\MsgPlus.exe" [2008-09-24 190024] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPHOTKEY"="c:\programfiler\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752] "Apoint"="c:\programfiler\Apoint2K\Apoint.exe" [2007-08-20 172032] "PSQLLauncher"="c:\programfiler\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 48904] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-10 294912] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-10 208896] "TPFNF7"="c:\programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 144728] "LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 124248] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-05-29 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368] "Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-11-22 181536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-08-14 13:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 14:37 34344 ----a-w- c:\programfiler\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2007-12-14 14:36 28672 ----a-w- c:\programfiler\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0] "Script"=pushprinterconnections.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0] "Script"=Slett-Filer.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-313889\Scripts\Logon\0\0] "Script"=Sym2Server.bat [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "53:TCP"= 53:TCP:websrvx R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [16.10.2007 18:33 103472] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 18:32 19504] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [22.04.2008 13:26 4442] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10.03.2009 21:00 55152] R2 smihlp;SMI Helper Driver (smihlp);c:\programfiler\Fellesfiler\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.08.2007 15:46 10896] R2 WinDefend;Windows Defender;c:\programfiler\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26.02.2009 13:04 101936] R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [08.04.2008 18:57 57344] S3 fsssvc;Windows Live Tryggere for familien;c:\programfiler\Windows Live\Family Safety\fsssvc.exe [06.02.2009 19:08 533360] S3 SavRoam;SAVRoam;c:\programfiler\Symantec AntiVirus\SavRoam.exe [07.10.2007 20:48 116664] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-31 c:\windows\Tasks\MP Scheduled Scan.job - c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] 2009-05-31 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-22 23:30] . - - - - TOMME PEKERE FJERNET - - - - HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET SafeBoot-procexp90.Sys . ------- Tilleggsskanning ------- . uStart Page = hxxp://fuv.hfk.no mStart Page = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-01 00:12 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1172) c:\windows\system32\vrlogon.dll c:\windows\system32\psqlpwd.dll c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll c:\programfiler\ThinkVantage Fingerprint Software\infra.dll c:\programfiler\ThinkVantage Fingerprint Software\homepass.dll c:\programfiler\ThinkVantage Fingerprint Software\bio.dll c:\programfiler\ThinkVantage Fingerprint Software\ps2css.dll c:\programfiler\ThinkVantage Fingerprint Software\remote.dll c:\programfiler\Lenovo\HOTKEY\tphklock.dll c:\programfiler\ThinkVantage Fingerprint Software\pscssint.dll c:\programfiler\ThinkVantage Fingerprint Software\crypto.dll - - - - - - - > 'lsass.exe'(1232) c:\windows\system32\psqlpwd.dll c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll c:\programfiler\ThinkVantage Fingerprint Software\infra.dll . Tidspunkt ferdig: 2009-05-31 0:14 ComboFix-quarantined-files.txt 2009-05-31 22:14 Pre-Run: 89 752 694 784 byte ledig Post-Run: 91 679 211 520 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 195 --- E O F --- 2009-05-19 10:06 Lenke til kommentar
norbat Skrevet 1. juni 2009 Rapporter Del Skrevet 1. juni 2009 Klikk: Start-Kjør Skriv: regedit Klikk deg fram til følgende oppføring: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List I høyre felt, høyreklikk på navnet 53:TCP og som har dataverdi: 53:TCP:websrvx. Slett oppføringen. Vurder også om MessengerPLus! er noe du må ha. Hvis ikke, avinstaller det. Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Register'til det ikke finner flere feil (si ja til å lage backup når du blir spurt om det). Fortell hvordan pc'n kjører. Lenke til kommentar
Enya Skrevet 1. juni 2009 Forfatter Rapporter Del Skrevet 1. juni 2009 Takker for raskt svar norbat Ser ut som det ble dedre. I utgangspunktet så var det "facebook virus" som var problemet, regner med du har hørt om dette? Er ikke min pc, men ser ut som det er bedre nå. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå