handerrre Skrevet 6. februar 2011 Rapporter Del Skrevet 6. februar 2011 (endret) Hei! Bestemte meg for å kjøre gjennom en scann på min brors pc. MSE fant ingenting, men MBAM fant 67(!!!!) infiserte filer, ser slikt ut: http://i.imgur.com/uchsx.png Her er MBAM loggen: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversjon: 5689 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 06.02.2011 17:01:09 mbam-log-2011-02-06 (17-01-03).txt Skanntype: Full skann (C:\|) Objekter skannet: 184680 Tid tilbakelagt: 1 timeŽ, 2 minutt(er), 59 sekund(er) Minneprosesser infisert: 2 Minnemoduler infisert: 1 Registernřkler infisert: 14 Registerverdier infisert: 9 Registerfiler infisert: 0 Mapper infisert: 10 Filer infisert 31 Minneprosesser infisert: c:\programfiler\application updater\applicationupdater.exe (PUP.Dealio) -> 1784 -> No action taken. c:\programfiler\search settings\searchsettings.exe (PUP.Dealio) -> 2400 -> No action taken. Minnemoduler infisert: c:\programfiler\search settings\searchsettingsres409.dll (PUP.Dealio) -> No action taken. Registernřkler infisert: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} (PUP.Dealio) -> No action taken. HKEY_CLASSES_ROOT\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} (PUP.Dealio) -> No action taken. HKEY_CLASSES_ROOT\SearchSettings.BHO.1 (PUP.Dealio) -> No action taken. HKEY_CLASSES_ROOT\SearchSettings.BHO (PUP.Dealio) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> No action taken. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMFILER\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMFILER\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMFILER\SEARCH SETTINGS\SEARCHSETTINGSRES409.DLL (PUP.Dealio) -> Value: SEARCHSETTINGSRES409.DLL -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMFILER\SEARCH SETTINGS\SEARCHSETTINGS.DLL (PUP.Dealio) -> Value: SEARCHSETTINGS.DLL -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> No action taken. Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: c:\documents and settings\NAVN\programdata\Baidu (Trojan.Cinmus) -> No action taken. c:\documents and settings\NAVN\programdata\Baidu\Toolbar (Trojan.Cinmus) -> No action taken. c:\documents and settings\NAVN\programdata\Baidu\Toolbar\custom buttons (Trojan.Cinmus) -> No action taken. c:\programfiler\dealio toolbar (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\IE (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\IE\4.0.2 (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res (PUP.Dealio) -> No action taken. c:\documents and settings\NAVN\programdata\Dealio (PUP.Dealio) -> No action taken. c:\documents and settings\NAVN\programdata\Dealio\res (PUP.Dealio) -> No action taken. c:\documents and settings\NAVN\programdata\Dealio\temp (PUP.Dealio) -> No action taken. Filer infisert c:\programfiler\application updater\applicationupdater.exe (PUP.Dealio) -> No action taken. c:\programfiler\search settings\searchsettings.exe (PUP.Dealio) -> No action taken. c:\programfiler\search settings\searchsettingsres409.dll (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\IE\4.0.2\dealiotoolbarie.dll (PUP.Dealio) -> No action taken. c:\programfiler\search settings\searchsettings.dll (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\widgihelper.exe (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\IE\4.0.2\config.ini (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\amazon.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\apple.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\barnes.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\bestbuy.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\dealio_logo.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\dealio_logo_hover.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\ebay.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\icon_settings.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\macys.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\newegg.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\overstock.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search-button-hover.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search-button.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search-chevron-hover.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search-chevron.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search_amazon.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search_dealio.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search_ebay.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search_yahoo.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\target.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\walmart.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\widgets.xml (PUP.Dealio) -> No action taken. c:\documents and settings\NAVN\programdata\Dealio\res\widgets.xml (PUP.Dealio) -> No action taken. c:\documents and settings\NAVN\programdata\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml (PUP.Dealio) -> No action taken. Så, skal jeg merke alle og klikke "fjern merkede" ?? Bør jeg kanskje kjøre gjennom med ComboFix i tillegg etterpå? Takker for all hjelp ps. Kan legge til at alt som er funnet er de som sees i skjermdumpen... untatt tre trojanere som heter "Trojan.Cinmus". Det rare er at det er bare disse tre som er krysset av automatisk av MBAM, derfor jeg stusser litt.. Endret 6. februar 2011 av handerrre Lenke til kommentar
norbat Skrevet 6. februar 2011 Rapporter Del Skrevet 6. februar 2011 (endret) Det som MBAM finner er adware som antakelig ble installert når man installerte ett eller annet gratisprogram. Hvis du ikke har foretatt deg noe ennå, kan du fra Legg til/Fjern programmer avinstallere Search Settings, Dealio Toolbar og Baidu Toolbar. Kjør deretter en rask skann med MBAM og fjern alt den finner. Lag en logg med Combofix og post loggen i ditt neste innlegg. Endret 6. februar 2011 av norbat Lenke til kommentar
handerrre Skrevet 6. februar 2011 Forfatter Rapporter Del Skrevet 6. februar 2011 Så jeg skal ikke merke alle og klikke "fjern merkede"? Hva med de tre trojanerne? Lenke til kommentar
norbat Skrevet 6. februar 2011 Rapporter Del Skrevet 6. februar 2011 Se om du får avinstallert først. Deretter en rask skann med MBAM og fjern alt den evt. finner. Post nevnte logger etterpå. Lenke til kommentar
handerrre Skrevet 6. februar 2011 Forfatter Rapporter Del Skrevet 6. februar 2011 ok, jeg fikk avinstallert search settings, men fant ikke de andre... Så jeg bare klikker "avslutt" på MBAM, tar en ny rask scann og deretter en combofix scann (?) Lenke til kommentar
norbat Skrevet 6. februar 2011 Rapporter Del Skrevet 6. februar 2011 (endret) Ja, gjør det. Husk og kjør en rask, ikke Full skann med MBAM. Endret 6. februar 2011 av norbat Lenke til kommentar
handerrre Skrevet 6. februar 2011 Forfatter Rapporter Del Skrevet 6. februar 2011 (endret) Sånn, jeg: Oppdaterte og kjørte gjennom en rask scann på MBAM. Fjernet det som ble funnet, restartet. Kjørte ComboFix Første logg av MBAM (før jeg merket alle som var funnet og klikket "fjern merkede"): Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversjon: 5690 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 06.02.2011 18:24:56 mbam-log-2011-02-06 (18-24-51).txt Skanntype: Hurtigsřk Objekter skannet: 138316 Tid tilbakelagt: 6 minutt(er), 21 sekund(er) Minneprosesser infisert: 1 Minnemoduler infisert: 0 Registernřkler infisert: 8 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 10 Filer infisert 28 Minneprosesser infisert: c:\programfiler\application updater\applicationupdater.exe (PUP.Dealio) -> 1784 -> No action taken. Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernřkler infisert: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> No action taken. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMFILER\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> No action taken. Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: c:\documents and settings\NAVN\programdata\Baidu (Trojan.Cinmus) -> No action taken. c:\documents and settings\NAVN\programdata\Baidu\Toolbar (Trojan.Cinmus) -> No action taken. c:\documents and settings\NAVN\programdata\Baidu\Toolbar\custom buttons (Trojan.Cinmus) -> No action taken. c:\programfiler\dealio toolbar (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\IE (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\IE\4.0.2 (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res (PUP.Dealio) -> No action taken. c:\documents and settings\NAVN\programdata\Dealio (PUP.Dealio) -> No action taken. c:\documents and settings\NAVN\programdata\Dealio\res (PUP.Dealio) -> No action taken. c:\documents and settings\NAVN\programdata\Dealio\temp (PUP.Dealio) -> No action taken. Filer infisert c:\programfiler\application updater\applicationupdater.exe (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\IE\4.0.2\dealiotoolbarie.dll (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\widgihelper.exe (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\IE\4.0.2\config.ini (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\amazon.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\apple.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\barnes.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\bestbuy.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\dealio_logo.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\dealio_logo_hover.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\ebay.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\icon_settings.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\macys.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\newegg.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\overstock.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search-button-hover.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search-button.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search-chevron-hover.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search-chevron.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search_amazon.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search_dealio.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search_ebay.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\search_yahoo.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\target.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\walmart.gif (PUP.Dealio) -> No action taken. c:\programfiler\dealio toolbar\Res\widgets.xml (PUP.Dealio) -> No action taken. c:\documents and settings\NAVN\programdata\Dealio\res\widgets.xml (PUP.Dealio) -> No action taken. c:\documents and settings\NAVN\programdata\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml (PUP.Dealio) -> No action taken. Andre logg (etter jeg hadde klikket for å fjerne det som ble funnet): Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversjon: 5690 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 06.02.2011 18:25:05 mbam-log-2011-02-06 (18-25-05).txt Skanntype: Hurtigsřk Objekter skannet: 138316 Tid tilbakelagt: 6 minutt(er), 21 sekund(er) Minneprosesser infisert: 1 Minnemoduler infisert: 0 Registernřkler infisert: 8 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 10 Filer infisert 28 Minneprosesser infisert: c:\programfiler\application updater\applicationupdater.exe (PUP.Dealio) -> 1784 -> Unloaded process successfully. Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernřkler infisert: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMFILER\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: c:\documents and settings\NAVN\programdata\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully. c:\documents and settings\NAVN\programdata\Baidu\Toolbar (Trojan.Cinmus) -> Quarantined and deleted successfully. c:\documents and settings\NAVN\programdata\Baidu\Toolbar\custom buttons (Trojan.Cinmus) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\IE (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\IE\4.0.2 (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res (PUP.Dealio) -> Quarantined and deleted successfully. c:\documents and settings\NAVN\programdata\Dealio (PUP.Dealio) -> Quarantined and deleted successfully. c:\documents and settings\NAVN\programdata\Dealio\res (PUP.Dealio) -> Quarantined and deleted successfully. c:\documents and settings\NAVN\programdata\Dealio\temp (PUP.Dealio) -> Quarantined and deleted successfully. Filer infisert c:\programfiler\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\IE\4.0.2\dealiotoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\widgihelper.exe (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\IE\4.0.2\config.ini (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\apple.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\barnes.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\bestbuy.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\dealio_logo.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\dealio_logo_hover.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\icon_settings.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\macys.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\newegg.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\overstock.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\search-button-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\search-button.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\search-chevron-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\search-chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\search_amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\search_dealio.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\search_ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\search_yahoo.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\target.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\walmart.gif (PUP.Dealio) -> Quarantined and deleted successfully. c:\programfiler\dealio toolbar\Res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully. c:\documents and settings\NAVN\programdata\Dealio\res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully. c:\documents and settings\NAVN\programdata\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml (PUP.Dealio) -> Quarantined and deleted successfully. ComboFix logg: ComboFix 11-02-05.01 - NAVN 06.02.2011 18:38:20.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1014.405 [GMT 1:00] Kjřrer fra: c:\documents and settings\NAVN\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NAVN\Programdata\PriceGong c:\documents and settings\NAVN\Programdata\PriceGong\Data\1.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\a.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\b.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\c.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\d.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\e.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\f.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\g.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\h.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\i.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\J.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\k.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\l.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\m.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\mru.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\n.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\o.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\p.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\q.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\r.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\s.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\t.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\u.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\v.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\w.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\x.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\y.xml c:\documents and settings\NAVN\Programdata\PriceGong\Data\z.xml c:\favoritevideo\InvisibleFolder c:\favoritevideo\InvisibleFolder\_db_allinonetoday2011013020110130091423.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2011020320110204020014.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2011020320110204021243.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2011020320110204022441.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2011020520110205235039.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2011020620110206200307.zip c:\favoritevideo\InvisibleFolder\_db_big20110125.zip c:\favoritevideo\InvisibleFolder\_db_big20110130.zip c:\favoritevideo\InvisibleFolder\_db_big20110204.zip c:\favoritevideo\InvisibleFolder\_db_small2011013020110203.zip . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-01-06 til 2011-02-06 ))))))))))))))))))))))))))))))))) . 2011-01-30 01:06 . 2011-01-30 01:06 -------- d-----w- c:\documents and settings\NAVN\Lokale innstillinger\Programdata\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 17:09 . 2010-10-28 17:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2010-10-28 17:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-18 18:15 . 2009-04-29 05:02 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-11 21:07 . 2010-11-11 21:07 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2010-11-09 14:52 . 2009-04-29 14:42 249856 ----a-w- c:\windows\system32\odbc32.dll . ((((((((((((((((((((((((((((( SnapShot_2010-11-13_16.17.16 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2007-11-07 00:19 . 2007-11-07 00:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll + 2007-11-07 00:19 . 2007-11-07 00:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll + 2007-11-07 00:19 . 2007-11-07 00:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll + 2007-11-07 00:19 . 2007-11-07 00:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll + 2007-11-07 00:19 . 2007-11-07 00:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll + 2007-11-07 00:19 . 2007-11-07 00:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll + 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll + 2007-11-07 00:19 . 2007-11-07 00:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll + 2007-11-07 00:19 . 2007-11-07 00:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll + 2007-11-07 00:19 . 2007-11-07 00:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll + 2007-11-06 21:51 . 2007-11-06 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll + 2007-11-06 21:51 . 2007-11-06 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll - 2009-04-29 14:42 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe + 2009-04-29 14:42 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe + 2010-12-23 16:05 . 1998-07-12 23:00 21504 c:\windows\system32\TABCTFR.DLL - 2009-04-29 14:42 . 2010-10-21 21:02 76996 c:\windows\system32\perfc014.dat + 2009-04-29 14:42 . 2010-12-22 21:33 76996 c:\windows\system32\perfc014.dat + 2009-04-29 14:42 . 2010-12-22 21:33 68496 c:\windows\system32\perfc009.dat - 2009-04-29 14:42 . 2010-10-21 21:02 68496 c:\windows\system32\perfc009.dat + 2009-04-29 14:42 . 2010-11-06 00:22 66560 c:\windows\system32\mshtmled.dll - 2009-04-29 14:42 . 2010-09-10 05:52 66560 c:\windows\system32\mshtmled.dll + 2007-08-13 16:54 . 2010-11-06 00:22 55296 c:\windows\system32\msfeedsbs.dll - 2007-08-13 16:54 . 2010-09-10 05:52 55296 c:\windows\system32\msfeedsbs.dll + 2010-12-23 16:05 . 1998-07-12 23:00 59904 c:\windows\system32\Mscc2fr.dll - 2009-04-29 14:42 . 2010-09-10 05:52 43520 c:\windows\system32\licmgr10.dll + 2009-04-29 14:42 . 2010-11-06 00:22 43520 c:\windows\system32\licmgr10.dll - 2009-04-29 14:42 . 2010-09-10 05:52 25600 c:\windows\system32\jsproxy.dll + 2009-04-29 14:42 . 2010-11-06 00:22 25600 c:\windows\system32\jsproxy.dll + 2010-12-23 16:05 . 1998-07-12 23:00 15360 c:\windows\system32\inetfr.DLL + 2009-04-29 14:42 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys + 2010-10-11 18:50 . 2010-11-06 00:22 12800 c:\windows\system32\dllcache\xpshims.dll - 2010-10-11 18:50 . 2010-09-10 05:52 12800 c:\windows\system32\dllcache\xpshims.dll + 2009-04-29 05:02 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe + 2009-04-29 14:42 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys - 2009-04-29 14:42 . 2010-09-10 05:52 66560 c:\windows\system32\dllcache\mshtmled.dll + 2009-04-29 14:42 . 2010-11-06 00:22 66560 c:\windows\system32\dllcache\mshtmled.dll + 2010-10-11 18:50 . 2010-11-06 00:22 55296 c:\windows\system32\dllcache\msfeedsbs.dll - 2010-10-11 18:50 . 2010-09-10 05:52 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-04-29 14:42 . 2010-11-06 00:22 43520 c:\windows\system32\dllcache\licmgr10.dll - 2009-04-29 14:42 . 2010-09-10 05:52 43520 c:\windows\system32\dllcache\licmgr10.dll + 2009-04-29 14:42 . 2010-11-06 00:22 25600 c:\windows\system32\dllcache\jsproxy.dll - 2009-04-29 14:42 . 2010-09-10 05:52 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-04-29 05:02 . 2010-11-18 18:15 81920 c:\windows\system32\dllcache\isign32.dll - 2009-04-29 05:02 . 2008-04-15 12:00 81920 c:\windows\system32\dllcache\isign32.dll + 2010-12-23 16:05 . 1998-07-12 19:00 32768 c:\windows\system32\CMDLGFR.DLL + 2009-04-29 06:30 . 2010-12-15 18:32 25214 c:\windows\Installer\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}\MSWorks.exe - 2009-04-29 06:30 . 2010-10-11 18:54 25214 c:\windows\Installer\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}\MSWorks.exe + 2010-12-23 16:05 . 2010-12-23 16:05 10134 c:\windows\Installer\{C878CD69-85DB-426B-81A3-E71175AAEB91}\ARPPRODUCTICON.exe + 2010-10-11 18:28 . 2010-12-21 09:16 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll - 2010-10-11 18:28 . 2010-10-11 18:28 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll + 2007-08-01 14:09 . 2007-08-01 14:09 14664 c:\windows\Installer\$PatchCache$\Managed\9214281D2EB86AF42B264C9DF937553D\9.7.621\F839_WkImgL90.dll + 2010-12-15 18:33 . 2010-09-10 05:52 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll + 2010-12-15 18:33 . 2010-09-10 05:52 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll + 2010-12-15 18:33 . 2010-09-10 05:52 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll + 2010-12-15 18:33 . 2010-09-10 05:52 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll + 2010-12-15 18:33 . 2010-09-10 05:52 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll + 2010-12-14 21:09 . 2010-12-14 21:09 73840 c:\windows\assembly\GAC_MSIL\Google.GData.YouTube\1.5.0.0__af04a32718ae8833\Google.GData.YouTube.dll + 2010-12-14 21:09 . 2010-12-14 21:09 86128 c:\windows\assembly\GAC_MSIL\Google.GData.Extensions\1.5.0.0__0b4c5df2ebf20876\Google.GData.Extensions.dll + 2010-12-15 18:32 . 2010-06-21 14:46 46080 c:\windows\$NtUninstallKB2443685$\tzchange.exe + 2010-12-15 18:32 . 2010-11-05 05:57 16896 c:\windows\$NtUninstallKB2443685$\spuninst\tzchange.dll + 2010-12-15 18:34 . 2008-04-15 12:00 81920 c:\windows\$NtUninstallKB2443105$\isign32.dll + 2010-12-15 18:33 . 2008-04-15 12:00 40576 c:\windows\$NtUninstallKB2440591$\ndproxy.sys + 2010-12-15 18:17 . 2008-04-15 12:00 46080 c:\windows\$NtUninstallKB2423089$\wab.exe + 2010-12-14 14:54 . 2008-07-08 13:08 26488 c:\windows\$hf_mig$\KB973687\update\spcustom.dll + 2010-12-14 14:54 . 2008-07-08 13:08 17784 c:\windows\$hf_mig$\KB973687\spmsg.dll + 2010-12-15 18:30 . 2010-02-22 14:29 26488 c:\windows\$hf_mig$\KB2467659\update\spcustom.dll + 2010-12-15 18:30 . 2010-02-22 14:29 17784 c:\windows\$hf_mig$\KB2467659\spmsg.dll + 2010-12-15 18:35 . 2010-02-22 14:29 26488 c:\windows\$hf_mig$\KB2443105\update\spcustom.dll + 2010-12-15 18:35 . 2010-02-22 14:29 17784 c:\windows\$hf_mig$\KB2443105\spmsg.dll + 2010-11-18 18:15 . 2010-11-18 18:15 81920 c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll + 2010-12-15 18:33 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB2440591\update\spcustom.dll + 2010-12-15 18:33 . 2009-05-26 11:41 17784 c:\windows\$hf_mig$\KB2440591\spmsg.dll + 2010-12-15 17:55 . 2010-11-03 05:55 40960 c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys + 2010-12-15 18:31 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB2436673\update\spcustom.dll + 2010-12-15 18:31 . 2009-05-26 11:41 17784 c:\windows\$hf_mig$\KB2436673\spmsg.dll + 2010-12-15 18:17 . 2010-02-22 14:29 26488 c:\windows\$hf_mig$\KB2423089\update\spcustom.dll + 2010-12-15 18:17 . 2010-02-22 14:29 17784 c:\windows\$hf_mig$\KB2423089\spmsg.dll + 2010-12-15 17:51 . 2010-10-11 14:55 45568 c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe + 2010-12-15 18:34 . 2010-02-22 14:29 26488 c:\windows\$hf_mig$\KB2416400-IE8\update\spcustom.dll + 2010-12-15 18:34 . 2010-02-22 14:29 17784 c:\windows\$hf_mig$\KB2416400-IE8\spmsg.dll + 2010-12-15 17:56 . 2010-11-06 00:26 12800 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\xpshims.dll + 2010-12-15 17:56 . 2010-11-06 00:26 66560 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtmled.dll + 2010-12-15 17:56 . 2010-11-06 00:26 55296 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeedsbs.dll + 2010-12-15 17:56 . 2010-11-06 00:26 43520 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\licmgr10.dll + 2010-12-15 17:56 . 2010-11-06 00:26 25600 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\jsproxy.dll + 2010-12-15 18:35 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB2296199\update\spcustom.dll + 2010-12-15 18:35 . 2009-05-26 11:41 17784 c:\windows\$hf_mig$\KB2296199\spmsg.dll + 2008-03-04 02:17 . 2008-03-04 02:17 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36\msvcr90.dll + 2008-03-04 02:17 . 2008-03-04 02:17 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36\msvcp90.dll + 2008-03-03 20:52 . 2008-03-03 20:52 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36\msvcm90.dll + 2007-11-07 00:19 . 2007-11-07 00:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll + 2010-12-23 16:05 . 2005-02-24 11:51 348160 c:\windows\system32\WMAFile.dll - 2009-04-29 14:42 . 2010-09-10 05:52 916480 c:\windows\system32\wininet.dll + 2009-04-29 14:42 . 2010-11-06 00:22 916480 c:\windows\system32\wininet.dll + 2010-12-23 16:05 . 1999-03-25 19:00 101888 c:\windows\system32\VB6STKIT.DLL + 2010-12-23 16:05 . 2000-10-01 19:00 119568 c:\windows\system32\VB6FR.DLL + 2009-10-12 06:30 . 2009-10-12 06:30 181736 c:\windows\system32\rmoc3260.dll + 2009-10-12 06:30 . 2009-10-12 06:30 278528 c:\windows\system32\pncrt.dll + 2009-04-29 14:42 . 2010-12-22 21:33 437508 c:\windows\system32\perfh014.dat - 2009-04-29 14:42 . 2010-10-21 21:02 437508 c:\windows\system32\perfh014.dat + 2009-04-29 14:42 . 2010-12-22 21:33 434210 c:\windows\system32\perfh009.dat - 2009-04-29 14:42 . 2010-10-21 21:02 434210 c:\windows\system32\perfh009.dat - 2009-04-29 14:42 . 2010-09-10 05:52 206848 c:\windows\system32\occache.dll + 2009-04-29 14:42 . 2010-11-06 00:22 206848 c:\windows\system32\occache.dll + 2009-04-29 14:42 . 2010-11-06 00:22 611840 c:\windows\system32\mstime.dll - 2009-04-29 14:42 . 2010-09-10 05:52 611840 c:\windows\system32\mstime.dll + 2007-08-13 16:54 . 2010-11-06 00:22 602112 c:\windows\system32\msfeeds.dll - 2007-08-13 16:54 . 2010-09-10 05:52 602112 c:\windows\system32\msfeeds.dll + 2010-12-23 16:05 . 1998-07-12 23:00 141312 c:\windows\system32\MSCMCFR.DLL + 2010-12-23 16:05 . 2008-09-24 20:33 484352 c:\windows\system32\lame_enc.dll + 2010-09-15 02:50 . 2010-09-15 02:50 153376 c:\windows\system32\javaws.exe - 2010-10-24 10:39 . 2010-09-15 02:50 153376 c:\windows\system32\javaws.exe - 2010-10-24 10:39 . 2010-09-15 02:50 145184 c:\windows\system32\javaw.exe + 2010-09-15 02:50 . 2010-09-15 02:50 145184 c:\windows\system32\javaw.exe - 2010-10-24 10:39 . 2010-09-15 02:50 145184 c:\windows\system32\java.exe + 2010-09-15 02:50 . 2010-09-15 02:50 145184 c:\windows\system32\java.exe + 2009-04-29 14:42 . 2010-11-06 00:22 184320 c:\windows\system32\iepeers.dll - 2009-04-29 14:42 . 2010-09-10 05:52 184320 c:\windows\system32\iepeers.dll - 2009-04-29 14:42 . 2010-09-10 05:52 387584 c:\windows\system32\iedkcs32.dll + 2009-04-29 14:42 . 2010-11-06 00:22 387584 c:\windows\system32\iedkcs32.dll + 2009-04-29 14:42 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe - 2009-04-29 06:55 . 2010-10-13 20:57 250288 c:\windows\system32\FNTCACHE.DAT + 2009-04-29 06:55 . 2010-12-15 19:05 250288 c:\windows\system32\FNTCACHE.DAT + 2009-04-29 14:42 . 2010-11-06 00:22 916480 c:\windows\system32\dllcache\wininet.dll - 2009-04-29 14:42 . 2010-09-10 05:52 916480 c:\windows\system32\dllcache\wininet.dll + 2009-04-29 14:42 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll - 2009-04-29 14:42 . 2008-04-15 12:00 249856 c:\windows\system32\dllcache\odbc32.dll + 2009-04-29 14:42 . 2010-11-06 00:22 206848 c:\windows\system32\dllcache\occache.dll - 2009-04-29 14:42 . 2010-09-10 05:52 206848 c:\windows\system32\dllcache\occache.dll - 2009-04-29 14:42 . 2010-09-10 05:52 611840 c:\windows\system32\dllcache\mstime.dll + 2009-04-29 14:42 . 2010-11-06 00:22 611840 c:\windows\system32\dllcache\mstime.dll + 2009-04-29 05:02 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll - 2009-04-29 05:02 . 2008-04-15 12:00 102400 c:\windows\system32\dllcache\msjro.dll + 2010-10-11 18:50 . 2010-11-06 00:22 602112 c:\windows\system32\dllcache\msfeeds.dll - 2010-10-11 18:50 . 2010-09-10 05:52 602112 c:\windows\system32\dllcache\msfeeds.dll - 2009-04-29 05:02 . 2008-04-15 12:00 200704 c:\windows\system32\dllcache\msadox.dll + 2009-04-29 05:02 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll + 2009-04-29 05:02 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll - 2009-04-29 05:02 . 2008-04-15 12:00 180224 c:\windows\system32\dllcache\msadomd.dll - 2009-04-29 05:02 . 2008-04-15 12:00 536576 c:\windows\system32\dllcache\msado15.dll + 2009-04-29 05:02 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll + 2009-04-29 05:02 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll - 2009-04-29 05:02 . 2008-04-15 12:00 143360 c:\windows\system32\dllcache\msadco.dll - 2010-10-11 18:50 . 2010-09-10 05:52 247808 c:\windows\system32\dllcache\ieproxy.dll + 2010-10-11 18:50 . 2010-11-06 00:22 247808 c:\windows\system32\dllcache\ieproxy.dll - 2009-04-29 14:42 . 2010-09-10 05:52 184320 c:\windows\system32\dllcache\iepeers.dll + 2009-04-29 14:42 . 2010-11-06 00:22 184320 c:\windows\system32\dllcache\iepeers.dll + 2010-10-11 18:50 . 2010-11-06 00:22 743424 c:\windows\system32\dllcache\iedvtool.dll - 2010-10-11 18:50 . 2010-09-10 05:52 743424 c:\windows\system32\dllcache\iedvtool.dll - 2009-04-29 14:42 . 2010-09-10 05:52 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2009-04-29 14:42 . 2010-11-06 00:22 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2009-04-29 14:42 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe + 2009-04-29 14:42 . 2010-10-28 13:09 290048 c:\windows\system32\dllcache\atmfd.dll + 2010-12-23 16:05 . 2005-02-24 15:21 458752 c:\windows\system32\AudPlayer.dll + 2010-12-23 16:05 . 2005-02-24 12:11 479232 c:\windows\system32\AudioVisu.dll + 2010-12-23 16:05 . 2005-03-10 16:00 454656 c:\windows\system32\AudioRecord.dll + 2010-12-23 16:05 . 2005-02-24 12:10 417792 c:\windows\system32\AudDisplay.dll + 2009-04-29 14:42 . 2010-10-28 13:09 290048 c:\windows\system32\atmfd.dll + 2010-12-18 14:47 . 2010-12-18 14:47 301056 c:\windows\Installer\e8468ca.msi + 2010-12-23 16:15 . 2010-12-23 16:15 228352 c:\windows\Installer\3fc9038.msi + 2010-12-23 16:05 . 2010-12-23 16:05 734720 c:\windows\Installer\3fc902d.msi + 2009-04-29 06:30 . 2010-12-15 18:32 693600 c:\windows\Installer\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}\WksWP.exe - 2009-04-29 06:30 . 2010-10-11 18:54 693600 c:\windows\Installer\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}\WksWP.exe + 2009-04-29 06:30 . 2010-12-15 18:32 947552 c:\windows\Installer\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}\wksss.exe - 2009-04-29 06:30 . 2010-10-11 18:54 947552 c:\windows\Installer\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}\wksss.exe + 2009-04-29 06:30 . 2010-12-15 18:32 709984 c:\windows\Installer\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}\WksCal.exe - 2009-04-29 06:30 . 2010-10-11 18:54 709984 c:\windows\Installer\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}\WksCal.exe + 2007-06-20 21:04 . 2007-06-20 21:04 132448 c:\windows\Installer\$PatchCache$\Managed\9214281D2EB86AF42B264C9DF937553D\9.7.621\F22623_WkImg90.dll + 2010-12-15 18:33 . 2010-09-10 05:52 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll + 2010-12-15 18:34 . 2010-07-05 13:22 385912 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll + 2010-12-15 18:34 . 2010-02-22 14:29 232824 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe + 2010-12-15 18:33 . 2010-09-10 05:52 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll + 2010-12-15 18:33 . 2010-09-10 05:52 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll + 2010-12-15 18:33 . 2010-09-10 05:52 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll + 2010-12-15 18:33 . 2010-09-10 05:52 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll + 2010-12-15 18:33 . 2010-09-10 05:52 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll + 2010-12-15 18:33 . 2010-09-10 05:52 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll + 2010-12-15 18:33 . 2010-09-10 05:52 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll + 2010-12-15 18:33 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe + 2010-12-14 21:09 . 2010-12-14 21:09 188528 c:\windows\assembly\GAC_MSIL\Google.GData.Client\1.5.0.0__04a59ca9b0273830\Google.GData.Client.dll + 2010-12-14 21:09 . 2010-12-14 21:09 725104 c:\windows\assembly\GAC_32\NMSDVDNet\1.0.1007.2002__2ff9184220f553d5\NMSDVDNet.dll + 2010-12-14 14:54 . 2009-05-26 11:41 385912 c:\windows\$NtUninstallKB973687$\spuninst\updspapi.dll + 2010-12-14 14:54 . 2008-07-08 13:08 232824 c:\windows\$NtUninstallKB973687$\spuninst\spuninst.exe + 2010-12-15 18:30 . 2010-02-22 14:30 385912 c:\windows\$NtUninstallKB2467659$\spuninst\updspapi.dll + 2010-12-15 18:30 . 2010-02-22 14:29 232824 c:\windows\$NtUninstallKB2467659$\spuninst\spuninst.exe + 2010-12-15 18:32 . 2009-05-26 11:41 385912 c:\windows\$NtUninstallKB2443685$\spuninst\updspapi.dll + 2010-12-15 18:32 . 2009-05-26 11:41 232824 c:\windows\$NtUninstallKB2443685$\spuninst\spuninst.exe + 2010-12-15 18:34 . 2010-02-22 14:30 385912 c:\windows\$NtUninstallKB2443105$\spuninst\updspapi.dll + 2010-12-15 18:35 . 2010-02-22 14:29 232824 c:\windows\$NtUninstallKB2443105$\spuninst\spuninst.exe + 2010-12-15 18:33 . 2009-05-26 11:41 385912 c:\windows\$NtUninstallKB2440591$\spuninst\updspapi.dll + 2010-12-15 18:33 . 2009-05-26 11:41 232824 c:\windows\$NtUninstallKB2440591$\spuninst\spuninst.exe + 2010-12-15 18:31 . 2009-05-26 11:41 385912 c:\windows\$NtUninstallKB2436673$\spuninst\updspapi.dll + 2010-12-15 18:31 . 2009-05-26 11:41 232824 c:\windows\$NtUninstallKB2436673$\spuninst\spuninst.exe + 2010-12-15 18:17 . 2010-02-22 14:30 385912 c:\windows\$NtUninstallKB2423089$\spuninst\updspapi.dll + 2010-12-15 18:17 . 2010-02-22 14:29 232824 c:\windows\$NtUninstallKB2423089$\spuninst\spuninst.exe + 2010-12-15 18:35 . 2009-05-26 11:41 385912 c:\windows\$NtUninstallKB2296199$\spuninst\updspapi.dll + 2010-12-15 18:35 . 2009-05-26 11:41 232824 c:\windows\$NtUninstallKB2296199$\spuninst\spuninst.exe + 2010-12-15 18:35 . 2010-09-01 11:52 285824 c:\windows\$NtUninstallKB2296199$\atmfd.dll + 2010-12-14 14:54 . 2009-05-26 11:41 385912 c:\windows\$hf_mig$\KB973687\update\updspapi.dll + 2010-12-14 14:54 . 2009-05-26 11:41 760696 c:\windows\$hf_mig$\KB973687\update\update.exe + 2010-12-14 14:54 . 2008-07-08 13:08 232824 c:\windows\$hf_mig$\KB973687\spuninst.exe + 2010-12-15 18:30 . 2010-02-22 14:30 385912 c:\windows\$hf_mig$\KB2467659\update\updspapi.dll + 2010-12-15 18:30 . 2010-02-22 14:29 760696 c:\windows\$hf_mig$\KB2467659\update\update.exe + 2010-12-15 18:30 . 2010-02-22 14:29 232824 c:\windows\$hf_mig$\KB2467659\spuninst.exe + 2010-12-15 18:35 . 2010-02-22 14:30 385912 c:\windows\$hf_mig$\KB2443105\update\updspapi.dll + 2010-12-15 18:35 . 2010-02-22 14:29 760696 c:\windows\$hf_mig$\KB2443105\update\update.exe + 2010-12-15 18:35 . 2010-02-22 14:29 232824 c:\windows\$hf_mig$\KB2443105\spuninst.exe + 2010-12-15 18:33 . 2009-05-26 11:41 385912 c:\windows\$hf_mig$\KB2440591\update\updspapi.dll + 2010-12-15 18:33 . 2009-05-26 11:41 760696 c:\windows\$hf_mig$\KB2440591\update\update.exe + 2010-12-15 18:33 . 2009-05-26 11:41 232824 c:\windows\$hf_mig$\KB2440591\spuninst.exe + 2010-12-15 18:31 . 2009-05-26 11:41 385912 c:\windows\$hf_mig$\KB2436673\update\updspapi.dll + 2010-12-15 18:31 . 2009-05-26 11:41 760696 c:\windows\$hf_mig$\KB2436673\update\update.exe + 2010-12-15 18:31 . 2009-05-26 11:41 232824 c:\windows\$hf_mig$\KB2436673\spuninst.exe + 2010-12-15 18:17 . 2010-02-22 14:30 385912 c:\windows\$hf_mig$\KB2423089\update\updspapi.dll + 2010-12-15 18:17 . 2010-02-22 14:29 760696 c:\windows\$hf_mig$\KB2423089\update\update.exe + 2010-12-15 18:17 . 2010-02-22 14:29 232824 c:\windows\$hf_mig$\KB2423089\spuninst.exe + 2010-12-15 18:34 . 2010-07-05 13:22 385912 c:\windows\$hf_mig$\KB2416400-IE8\update\updspapi.dll + 2010-12-15 18:34 . 2010-07-05 13:22 760696 c:\windows\$hf_mig$\KB2416400-IE8\update\update.exe + 2010-12-15 18:34 . 2010-02-22 14:29 232824 c:\windows\$hf_mig$\KB2416400-IE8\spuninst.exe + 2010-12-15 17:56 . 2010-11-06 00:26 919552 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll + 2010-12-15 17:56 . 2010-11-06 00:26 206848 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\occache.dll + 2010-12-15 17:56 . 2010-11-06 00:26 611840 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mstime.dll + 2010-12-15 17:56 . 2010-11-06 00:26 602112 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeeds.dll + 2010-12-15 17:56 . 2010-11-06 00:26 247808 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieproxy.dll + 2010-12-15 17:56 . 2010-11-06 00:26 184320 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iepeers.dll + 2010-12-15 17:56 . 2010-11-06 00:26 743424 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedvtool.dll + 2010-12-15 17:56 . 2010-11-06 00:26 387584 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedkcs32.dll + 2010-12-15 17:56 . 2010-11-03 12:02 173568 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ie4uinit.exe + 2010-12-15 18:35 . 2009-05-26 11:41 385912 c:\windows\$hf_mig$\KB2296199\update\updspapi.dll + 2010-12-15 18:35 . 2009-05-26 11:41 760696 c:\windows\$hf_mig$\KB2296199\update\update.exe + 2010-12-15 18:35 . 2009-05-26 11:41 232824 c:\windows\$hf_mig$\KB2296199\spuninst.exe + 2010-10-28 13:05 . 2010-10-28 13:05 290048 c:\windows\$hf_mig$\KB2296199\SP3QFE\atmfd.dll + 2007-11-07 00:19 . 2007-11-07 00:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll + 2007-11-07 00:19 . 2007-11-07 00:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll + 2005-09-28 13:46 . 2005-09-28 13:46 1184984 c:\windows\system32\wvc1dmod.dll + 2009-04-29 14:42 . 2010-10-26 14:00 1853312 c:\windows\system32\win32k.sys + 2009-04-29 14:42 . 2010-11-06 00:22 1210880 c:\windows\system32\urlmon.dll - 2009-04-29 14:42 . 2010-09-10 05:52 1210880 c:\windows\system32\urlmon.dll + 2009-04-29 14:42 . 2009-07-31 09:05 1372672 c:\windows\system32\msxml6.dll + 2009-04-29 14:42 . 2010-11-06 00:22 5959168 c:\windows\system32\mshtml.dll + 2010-12-23 16:05 . 2003-03-18 21:20 1060864 c:\windows\system32\MFC71.dll + 2007-08-13 16:34 . 2010-11-06 00:22 1991680 c:\windows\system32\iertutil.dll + 2009-04-29 14:42 . 2010-10-26 14:00 1853312 c:\windows\system32\dllcache\win32k.sys - 2009-04-29 14:42 . 2010-09-10 05:52 1210880 c:\windows\system32\dllcache\urlmon.dll + 2009-04-29 14:42 . 2010-11-06 00:22 1210880 c:\windows\system32\dllcache\urlmon.dll + 2009-04-29 14:42 . 2009-07-31 09:05 1372672 c:\windows\system32\dllcache\msxml6.dll + 2009-04-29 14:42 . 2010-11-06 00:22 5959168 c:\windows\system32\dllcache\mshtml.dll + 2010-10-11 18:50 . 2010-11-06 00:22 1991680 c:\windows\system32\dllcache\iertutil.dll + 2010-12-23 16:05 . 2005-02-24 12:11 1212416 c:\windows\system32\AudioInfos.dll + 2010-12-23 16:05 . 2005-03-11 17:37 1986560 c:\windows\system32\AudFile.dll + 2010-12-23 16:05 . 2005-02-24 12:10 2084864 c:\windows\system32\AudDesign.dll + 2010-11-24 09:53 . 2010-11-24 09:53 2190336 c:\windows\Installer\5574701.msp + 2009-04-29 06:30 . 2010-12-15 18:32 1099104 c:\windows\Installer\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}\WksSb.exe - 2009-04-29 06:30 . 2010-10-11 18:54 1099104 c:\windows\Installer\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}\WksSb.exe - 2009-04-29 06:30 . 2010-10-11 18:54 1242464 c:\windows\Installer\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}\wksdb.exe + 2009-04-29 06:30 . 2010-12-15 18:32 1242464 c:\windows\Installer\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}\wksdb.exe + 2010-12-15 18:33 . 2010-09-10 05:52 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll + 2010-12-15 18:33 . 2010-09-10 05:52 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll + 2010-12-15 18:33 . 2010-09-10 05:52 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll + 2010-12-14 14:54 . 2008-09-10 01:16 1307648 c:\windows\$NtUninstallKB973687$\msxml6.dll + 2010-12-15 18:31 . 2010-09-01 07:57 1852800 c:\windows\$NtUninstallKB2436673$\win32k.sys + 2010-12-14 14:45 . 2009-07-31 04:30 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll + 2010-12-14 14:45 . 2009-07-31 04:30 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll + 2010-10-26 14:05 . 2010-10-26 14:05 1862272 c:\windows\$hf_mig$\KB2436673\SP3QFE\win32k.sys + 2010-12-15 17:56 . 2010-11-06 00:26 1211904 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\urlmon.dll + 2010-12-15 17:56 . 2010-11-06 00:26 5960704 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll + 2010-12-15 17:56 . 2010-11-06 00:26 1992192 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iertutil.dll + 2010-10-11 18:20 . 2011-01-12 14:26 37403080 c:\windows\system32\MRT.exe + 2007-08-13 16:54 . 2010-11-06 00:22 11080704 c:\windows\system32\ieframe.dll + 2010-10-11 18:50 . 2010-11-06 00:22 11080704 c:\windows\system32\dllcache\ieframe.dll + 2010-12-21 09:11 . 2010-12-21 09:11 20304384 c:\windows\Installer\1cc71a5e.msp + 2010-12-15 18:33 . 2010-09-10 05:52 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll + 2010-11-06 04:56 . 2010-11-06 04:56 11082752 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieframe.dll . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppfřringer & gyldige standardoppfřringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programfiler\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\programfiler\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2010-10-18 10:26 3908192 ----a-w- c:\programfiler\DVDVideoSoftTB\tbDVD0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-28 20:44 1400712 ----a-w- c:\programfiler\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programfiler\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\programfiler\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\programfiler\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-09 68856] "Google Update"="c:\documents and settings\NAVN\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2010-10-10 135664] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "PPAP"="c:\programfiler\Fellesfiler\PPLiveNetwork\PPAP.exe" [2010-01-18 173512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744] "AzMixerSel"="c:\programfiler\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-01 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-01 354840] "PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-05-01 92696] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920] "LManager"="c:\programfiler\Launch Manager\LManager.exe" [2009-02-20 817672] "RemoteControl8"="c:\programfiler\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432] "PDVD8LanguageShortcut"="c:\programfiler\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2010-09-24 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] "DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Acer VCM.lnk - c:\programfiler\Acer\Acer VCM\AcerVCM.exe [2009-4-29 565248] BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488] PPTV.lnk - c:\programfiler\PPLive\PPTV\PPLive.exe [2010-12-7 173512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin] 2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programfiler\\Acer\\Acer VCM\\VC.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Documents and Settings\\NAVN\\Lokale innstillinger\\Programdata\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Programfiler\\SopCast\\adv\\SopAdver.exe"= "c:\\Programfiler\\SopCast\\SopCast.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Fellesfiler\\PPLiveNetwork\\PPAP.exe"= "c:\\Programfiler\\PPLive\\PPTV\\PPLiveU.exe"= "c:\\Programfiler\\PPLive\\PPTV\\PPLive.exe"= R2 RS_Service;Raw Socket Service;c:\programfiler\Acer\Acer VCM\RS_Service.exe [29.04.2009 08:14 237568] R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [29.04.2009 07:07 5096544] S1 MpKsl8952729f;MpKsl8952729f;\??\c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5374BD9-64AD-4C04-B2C7-C29D4DC621EA}\MpKsl8952729f.sys --> c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5374BD9-64AD-4C04-B2C7-C29D4DC621EA}\MpKsl8952729f.sys [?] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [10.10.2010 10:47 135664] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.04.2009 07:10 1684736] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?] S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [24.10.2010 16:29 41984] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] 2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-10-10 09:47] 2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-10-10 09:47] 2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3725260815-3813086739-568186159-1005Core.job - c:\documents and settings\NAVN\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2010-10-10 09:47] 2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3725260815-3813086739-568186159-1005UA.job - c:\documents and settings\NAVN\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2010-10-10 09:47] 2011-02-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programfiler\Ask.com\UpdateTask.exe [2010-09-28 20:44] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://vshare.toolbarhome.com/?hp=df uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=0&o=xph&d=1010&m=ao751h uInternet Settings,ProxyOverride = *.local IE: Free YouTube Download - c:\documents and settings\NAVN\Programdata\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to Mp3 Converter - c:\documents and settings\NAVN\Programdata\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send til Bluetooth - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-06 18:47 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppfřringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LĹSTE REGISTERNŘKLER --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Tidspunkt ferdig: 2011-02-06 18:51:29 ComboFix-quarantined-files.txt 2011-02-06 17:51 ComboFix2.txt 2010-11-13 16:21 ComboFix3.txt 2010-10-28 18:34 ComboFix4.txt 2010-10-28 18:14 Pre-Run: 105 272 385 536 byte ledig Post-Run: 105 494 753 280 byte ledig - - End Of File - - B5F0DC3B741E0549E13BE55330891A06 Ps. verdt å merke seg; mens jeg kjørte ComboFix kom det opp et varsel om at PEV.exe hadde sluttet å virke, og jeg kunne velge mellom å sende feilrapport eller ikke. Jeg klikker "ikke send". Men scanningen på ComboFix stoppet ikke, antar det ikke gjorde noe ? Fant forresten bare 50 infiserte filer denne gangen oppimot 61 forrige gang. Endret 6. februar 2011 av handerrre Lenke til kommentar
norbat Skrevet 6. februar 2011 Rapporter Del Skrevet 6. februar 2011 Oppdater MBAM og kjør en ny rask skann. Fjern det den evt. finner. Post loggen. Lenke til kommentar
handerrre Skrevet 6. februar 2011 Forfatter Rapporter Del Skrevet 6. februar 2011 Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversjon: 5693 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 06.02.2011 20:03:56 mbam-log-2011-02-06 (20-03-56).txt Skanntype: Hurtigsřk Objekter skannet: 137320 Tid tilbakelagt: 4 minutt(er), 9 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernřkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernřkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) Lenke til kommentar
norbat Skrevet 6. februar 2011 Rapporter Del Skrevet 6. februar 2011 For å rydde litt mer, kan du bruke CCleaner til å rense ut temp.filer etc. Last ned CCleaner Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Vurder om ASK toolbar og verktøylinja til DVDVideoSoft er noe å ha. Hvis ikke, avinstaller de fra legg til/fjern prog. Avinstaller Combofix ved å skrive combofix /uninstall i kjør-feltet (start->kjør) Sørg for å holde program oppdatert (java, adobe reader m.fl). Benytt gjerne Secunia.com (på nettsiden velger du Scan now oppe til høyre i vinduet. Lenke til kommentar
handerrre Skrevet 6. februar 2011 Forfatter Rapporter Del Skrevet 6. februar 2011 (endret) Så pcen er helt malware fri nå ? (hva var det den var infisert med egentlig?) CCleaner høres ut som en god ide, men jeg bare lurer på noe når det gjelder det. Jeg brukte det for en stund siden på min bærbare og stasjonære og etter jeg hadde brukt det, tar det en evighet å få opp indexen når man høyreklikker på en fil. Og hvis det er en fil som ligger i en mappe, står den bare å loader en stund før det ikke skjer noe... Er det noe jeg har gjort feil da? Jeg følgte denne guiden: http://www.howtogeek.com/forum/topic/ccleaner-tutorial?replies=26 ps. dette gikk vekk når den ene ble reinstallert men det er fortsatt slik på den stasjonære... Jepp, skal nok avinstallere de to og Lurer bare på en ting til Ser disse prosessene oppimot disse programmene installert rett ut? (Bildene er fra rett etter pcen har startet opp) Bildergalleri: http://imgur.com/Zb7bN&O6of7&LbkFv&PsuwT&avMPK Syntes nemlig det så litt suspekt ut.. Endret 6. februar 2011 av handerrre Lenke til kommentar
norbat Skrevet 7. februar 2011 Rapporter Del Skrevet 7. februar 2011 Pc'n hadde noe adware i form av verktøylinjer som antakelig kommer fra installasjon fra div. gratisprogramvare. Når man installerer programmer, kan det være en ide å lese litt på de installasjonsvinduene som kommer opp. Det er ikke sjelden at det er avmerket for at det skal installeres både den ene og andre Toolbaren (verktøylinje). Prosessene ser normale ut. Lenke til kommentar
handerrre Skrevet 11. februar 2011 Forfatter Rapporter Del Skrevet 11. februar 2011 Ok. Tusen takk for all hjelpen Norbat! Setter pris på det Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå