Angreb me trojaner, spyware, backdoor m.fl
Hej, Jeg blev angrebet i går med trojaner, spyware, backdoor osv.Det har rettet så stor skade nu, at jeg ikke kan tænde winXP firewall og mine skrivebords-indstillinger,hvor jeg ikke kan ændre baggrund,indsætte billeder mm.
Er der en venlig sjæl der vil tjekke mine logs med ewido og hijackthis?
På forhånd tak.
Her er logs:
Logfile of HijackThis v1.99.1
Scan saved at 00:03:45, on 16-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmer\Intel\Intel Application Accelerator\iaanotif.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\NORMAN\bin\ZLH.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Intel\Intel Application Accelerator\iaantmon.exe
C:\NORMAN\bin\ZANDA.EXE
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\bin\cclaw.exe
C:\Programmer\Outlook Express\MSIMN.EXE
C:\Programmer\ewido\security suite\SecuritySuite.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Tape\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - http://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120560670750
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {89A312AE-8D21-42B1-848B-FD8E27F9A2A9} (PrimeInk for Web Applications Signing Component) - https://webreg.dk/web.dll
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://200.217.163.1/activex/AxisCamControl.ocx
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
---------------------------------------------------------
ewido security suite - Scanningsrapport
---------------------------------------------------------
+ Oprettet den: 23:19:51, 14-12-2005
+ Rapport-Checksum: 52984ED5
+ Scanningsresultat:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\CLSID -> Spyware.PurityScan : Renset med backup
HKU\S-1-5-21-4201637075-2094326378-3341856876-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Renset med backup
HKU\S-1-5-21-4201637075-2094326378-3341856876-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Renset med backup
HKU\S-1-5-21-4201637075-2094326378-3341856876-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Renset med backup
HKU\S-1-5-21-4201637075-2094326378-3341856876-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Renset med backup
HKU\S-1-5-21-4201637075-2094326378-3341856876-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Renset med backup
HKU\S-1-5-21-4201637075-2094326378-3341856876-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Renset med backup
HKU\S-1-5-21-4201637075-2094326378-3341856876-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -> Spyware.NavExcel : Renset med backup
HKU\S-1-5-21-4201637075-2094326378-3341856876-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Renset med backup
[712] C:\WINDOWS\system32\msupdate32.dll -> Proxy.Delf.al : Fejl under renselse
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@112.2o7[2].txt -> Spyware.Cookie.2o7 : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@adtech[2].txt -> Spyware.Cookie.Adtech : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@advertising[1].txt -> Spyware.Cookie.Advertising : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@atdmt[2].txt -> Spyware.Cookie.Atdmt : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@banner.commissionpartner[1].txt -> Spyware.Cookie.Commissionpartner : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@cityclub.gamingpromo[2].txt -> Spyware.Cookie.Gamingpromo : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@commissionpartner[2].txt -> Spyware.Cookie.Commissionpartner : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@gamingpromo[1].txt -> Spyware.Cookie.Gamingpromo : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@paypopup[1].txt -> Spyware.Cookie.Paypopup : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@ppms.popularix[1].txt -> Spyware.Cookie.Popularix : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@sel.as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@spms.bpath[1].txt -> Spyware.Cookie.Bpath : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@srv1.ad.adition[1].txt -> Spyware.Cookie.Adition : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@statcounter[1].txt -> Spyware.Cookie.Statcounter : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@track.commissionpartner[1].txt -> Spyware.Cookie.Commissionpartner : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Renset med backup
C:\Documents and Settings\Anders Randolf\Cookies\anders randolf@www.res99[1].txt -> Spyware.Cookie.Res99 : Renset med backup
C:\Documents and Settings\Anders Randolf\Lokale indstillinger\Temporary Internet Files\Content.IE5\GDM3OTQJ\ll[1].exe -> Proxy.Lager.f : Renset med backup
C:\Documents and Settings\Anders Randolf\Lokale indstillinger\Temporary Internet Files\Content.IE5\O1QV0P2B\r4[1].exe -> Dropper.Agent.aax : Renset med backup
C:\Documents and Settings\Anders Randolf\Lokale indstillinger\Temporary Internet Files\Content.IE5\PPBECQUA\x[1].exe -> Backdoor.Agent.px : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP1\A0000567.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP1\A0001567.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP1\A0002568.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0003567.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0004568.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0005567.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0006567.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0008567.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0009569.dll -> Adware.SpySheriff : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0009571.dll -> Spyware.SpywareNo : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0009572.dll -> Adware.SpySheriff : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0009745.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0010745.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0011745.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0013814.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0014814.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP2\A0015814.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP3\A0016817.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP3\A0016862.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP3\A0016873.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP3\A0016881.dll -> Downloader.Agent.zi : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP3\A0016889.exe -> Adware.SpySheriff : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP3\A0016892.dll -> Adware.SpySheriff : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP3\A0016894.dll -> Spyware.SpywareNo : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP3\A0016895.dll -> Adware.SpySheriff : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP3\A0016897.exe -> Hijacker.Spywad.l : Renset med backup
C:\WINDOWS\SYSTEM\svchost.dll -> Downloader.Agent.zi : Renset med backup
C:\WINDOWS\SYSTEM\svchost.exe -> Dropper.Agent.aax : Renset med backup
C:\WINDOWS\SYSTEM\svwhost.exe -> Backdoor.Agent.px : Renset med backup
C:\WINDOWS\SYSTEM32\birdihuy32.dll -> Proxy.Small.ct : Renset med backup
C:\WINDOWS\SYSTEM32\kernels64.exe -> Downloader.Small.cax : Renset med backup
C:\WINDOWS\SYSTEM32\ll.exe -> Proxy.Lager.f : Renset med backup
C:\WINDOWS\SYSTEM32\mspostsp.exe -> Trojan.Inject.i : Renset med backup
C:\WINDOWS\SYSTEM32\sywsvcs.exe -> Proxy.Lager.f : Renset med backup
C:\WINDOWS\SYSTEM32\vxgame4.exe -> Downloader.Small.cah : Renset med backup
C:\WINDOWS\SYSTEM32\vxgamet3.exe -> Dropper.Agent.abu : Renset med backup
C:\WINDOWS\SYSTEM32\vxh8jkdq2.exe -> Hijacker.Spywad.l : Renset med backup
C:\WINDOWS\SYSTEM32\vxh8jkdq5.exe -> Downloader.Small.axn : Renset med backup
C:\WINDOWS\SYSTEM32\zolker011.dll -> Downloader.Agent.pi : Renset med backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__msupdate32.dll -> Proxy.Delf.al : Renset med backup
::Rapport slut
På forhånd tak.
