CandyMaM Skrevet 3. juli 2010 Skrevet 3. juli 2010 Hei. Har et malware/virus problem. Får med jevne mellomrom popup fra avast v5.x. Name: Value: Original file name svchost.exe original folder C:\Windows\Temp\Idra.tmp Size of file 86016 Last modification time 02.07.2010 16:53:10 Time to transfer to chest 02.07.2010 18:53:11 Category Infected files Virus description Win32:Malware-gen File ID 201 Logger: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4267 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 03.07.2010 20:45:34 mbam-log-2010-07-03 (20-45-34).txt Skanntype: Hurtigsøk Objekter skannet: 132689 Tid tilbakelagt: 3 minutt(er), 23 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) ComboFix 10-07-01.02 - Anika 03.07.2010 20:58:49.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3325.2221 [GMT 2:00] Kjører fra: c:\users\Anika\Desktop\ComboFix.exe SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\3dWhO4sM.exe c:\windows\Tasks\At25.job Infisert kopi av c:\windows\system32\drivers\volmgrx.sys ble funnet og desinfisert Gjenopprettet kopi fra - Kitty had a snack . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-06-03 til 2010-07-03 ))))))))))))))))))))))))))))))))) . 2010-07-02 17:59 . 2010-07-02 17:59 -------- d-----w- c:\programdata\WindowsSearch 2010-07-02 16:52 . 2010-07-02 16:52 63488 ----a-w- c:\users\Anika\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-29 19:55 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-06-19 17:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-19 17:24 . 2010-06-19 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-19 17:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-03 19:04 . 2006-11-21 05:16 76272 ----a-w- c:\windows\system32\perfc014.dat 2010-07-03 19:04 . 2006-11-21 05:16 452096 ----a-w- c:\windows\system32\perfh014.dat 2010-07-03 18:58 . 2008-01-05 21:54 -------- d-----w- c:\programdata\NVIDIA 2010-07-03 18:57 . 2008-01-06 15:20 2140 ----a-w- c:\windows\bthservsdp.dat 2010-07-03 18:51 . 2009-06-09 16:49 -------- d-----w- c:\users\Anika\AppData\Roaming\DNA 2010-07-03 18:44 . 2008-01-09 14:27 1 ----a-w- c:\users\Anika\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-07-03 18:44 . 2008-01-09 14:26 -------- d-----w- c:\users\Anika\AppData\Roaming\OpenOffice.org2 2010-07-03 11:19 . 2009-06-09 16:49 -------- d-----w- c:\program files\DNA 2010-07-02 18:07 . 2009-02-14 14:00 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-07-02 16:52 . 2009-03-23 14:04 117760 ----a-w- c:\users\Anika\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-07-02 15:47 . 2009-06-09 16:50 -------- d-----w- c:\users\Anika\AppData\Roaming\BitTorrent 2010-07-02 15:10 . 2008-01-05 23:28 -------- d-----w- c:\program files\CCleaner 2010-07-02 05:27 . 2010-04-04 18:00 -------- d-----w- c:\program files\QuickTime 2010-07-02 05:27 . 2008-09-07 10:12 -------- d-----w- c:\program files\iTunes 2010-07-02 05:27 . 2008-01-05 23:04 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2010-07-01 10:58 . 2010-06-30 15:15 112 ----a-w- c:\programdata\gg1laUK8h.dat 2010-06-28 20:57 . 2010-01-21 16:02 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-06-28 20:37 . 2010-01-21 16:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-06-28 20:37 . 2010-01-21 16:03 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-06-28 20:33 . 2010-01-21 16:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-06-28 20:32 . 2010-01-21 16:03 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-06-28 20:32 . 2010-01-21 16:03 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-06-25 20:56 . 2009-12-28 19:53 -------- d-----w- c:\users\Anika\AppData\Roaming\Spotify 2010-06-19 14:31 . 2010-05-19 11:01 22 ----a-w- c:\users\Anika\AppData\Roaming\Alexandra Burke - All Night Long (Ft Pitbull).zip 2010-06-09 13:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-06 08:44 . 2009-07-31 20:51 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-26 17:06 . 2010-06-09 13:48 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-09 13:48 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 12:14 . 2009-10-02 18:27 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-19 11:18 . 2010-05-19 11:18 16384 ----a-w- c:\users\Anika\AppData\Roaming\Windowz.exe 2010-05-19 11:18 . 2010-05-19 11:18 16384 ----a-w- c:\users\Anika\AppData\Roaming\Windowz.exe 2010-05-11 13:37 . 2008-01-06 18:20 -------- d-----w- c:\program files\Java 2010-05-08 20:42 . 2010-05-08 20:42 655360 ----a-w- c:\users\Anika\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-05-08 20:42 . 2010-05-08 20:42 282624 ----a-w- c:\users\Anika\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-05-08 20:42 . 2010-05-08 20:42 208896 ----a-w- c:\users\Anika\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll 2010-05-04 05:59 . 2010-06-09 13:48 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-09 13:48 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 05:55 . 2010-06-09 13:48 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 04:31 . 2010-06-09 13:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-01 14:13 . 2010-06-09 13:48 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-04-23 14:13 . 2010-05-26 14:35 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-12 15:29 . 2010-05-11 13:37 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-05 17:01 . 2010-06-09 13:48 67072 ----a-w- c:\windows\system32\asycfilt.dll 2007-03-02 23:07 . 2007-03-02 23:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . <pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon .exe c:\program files\iTunes\iTunesHelper .exe c:\program files\Microsoft IntelliType Pro\itype .exe c:\program files\QuickTime\QTTask .exe c:\windows\UpdReg .exe c:\windows\System32\CTXFIHLP .exe </pre> (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Steam"="d:\spill\counter strike source\steam.exe" [2010-05-28 1238352] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-12 2403568] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-23 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-03-09 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-06 19:33 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):1c,ee,b9,ec,11,4d,ca,01 R3 btusbflt;Bluetooth USB Filter; [x] R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-24 12872] R3 yeddef;YEDDEF driver; [x] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-13 721904] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-24 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-28 67656] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256] S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896] S2 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656] S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376] S2 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232] S3 hcw85bda;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-07-20 1030784] S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2008-01-05 5632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-07-03 c:\windows\Tasks\User_Feed_Synchronization-{06E893DA-6222-43D4-9569-D59ABA1AD79F}.job - c:\windows\system32\msfeedssync.exe [2010-06-09 04:30] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://search.bearshare.com/intl/ uInternet Settings,ProxyOverride = *.local IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: skandiabanken.no\www TCP: {B4A0C6D3-4C52-46E3-8969-48779C791A06} = 192.168.1.1 FF - ProfilePath - c:\users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\wk85mb3v.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.sol.no/ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: c:\program files\Sony\Media Go\npmediago.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-03 21:04 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,6c,79,6f,36,e4,43,42,bc,48,36,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,6c,79,6f,36,e4,43,42,bc,48,36,\ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2010-07-03 21:06:43 ComboFix-quarantined-files.txt 2010-07-03 19:06 Pre-Run: 23 361 241 088 byte ledig Post-Run: 23 276 929 024 byte ledig Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - 7AB57796892AC9E90F3163B4E0C2D95F Under kjøring av combofix kom det et par varsler og rebooter bl.a om funn av rootkit eller noe i rootkit, hva nå enn det vil si. Håper på hjelp til å få maskina på rett kjøl igjen
snippsat Skrevet 7. juli 2010 Skrevet 7. juli 2010 original folder C:\Windows\Temp\Idra.tmp Slett alt du temp mappene dine,dette et greit og gjøre en gang iblant. Comofix loggen ser bra ut. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.
CandyMaM Skrevet 11. juli 2010 Forfatter Skrevet 11. juli 2010 Når jeg skal fjerne combofix i ledetekst kommer dette opp: C:\Users\xxxx>combofix /u combofix gjenkjennes ikke som en intern eller ekstern kommando, kjørbart program eller satsvis fil. Har windows vista.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå