Gå til innhold

Fått trojansk virus

shug

Av shug
i IKT-drift og sikkerhet

Anbefalte innlegg

shug

shug

Skrevet
Skrevet

Heihei

 

Har dessverre klart å fått et virus, fra en torrentside før jeg installerte antivirusprogram (dumt, i know).

 

- Etter jeg fikk trojansk hest installerte jeg F-Secure Anti virus. Den ga raskt melding om trojaneren og tilbød seg å slette den, men det virker ikke som det fungerer så bra.

 

Får melding om viruset hver time ca, og det har begynt å komme en feilmld når jeg skrur på PCen (kommet inn i windows), hvor det står sånn rød trekant blablabla (C:\windows\blabla\blabla\blabla.dll) has stopped working. ellerno :)

 

Er det et program jeg kan bruke som fjerner det, eller er jeg nødt til å formatere PCen på ny/kjøpe et dyrt antivirusprogram? :p

 

takk

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
shug

shug

Skrevet
  • Forfatter
Skrevet

ComboFix 09-05-17.04 - shamo 05/19/2009 13:44.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1514 [GMT 7:00]

Running from: c:\documents and settings\shamo\Desktop\ComboFix.exe

AV: F-Secure Anti-Virus Client Security 6.00 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Anti-Virus Client Security 6.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

* Created a new restore point

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\shamo\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\shamo\Local Settings\Temp\IadHide5.dll

 

----- BITS: Possible infected sites -----

 

hxxp://updateserver.info

.

((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))

.

 

2009-05-19 06:30 . 2009-05-19 06:30 -------- d-----w c:\documents and settings\shamo\Application Data\Malwarebytes

2009-05-19 06:30 . 2009-04-06 08:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-19 06:30 . 2009-04-06 08:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-19 06:30 . 2009-05-19 06:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-05-19 06:30 . 2009-05-19 06:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-13 11:22 . 2009-05-13 11:22 -------- d-----w c:\program files\Common Files\Adobe

2009-05-13 11:21 . 2009-05-13 11:23 -------- d-----w c:\documents and settings\shamo\Local Settings\Application Data\Adobe

2009-05-13 11:20 . 2009-05-14 04:34 -------- d-----w c:\documents and settings\All Users\Application Data\NOS

2009-05-13 11:20 . 2009-05-14 04:34 -------- d-----w c:\program files\NOS

2009-05-11 15:57 . 2009-05-11 15:57 -------- d-----w c:\documents and settings\shamo\Application Data\F-Secure

2009-05-11 15:13 . 2005-06-21 15:32 70224 ----a-w c:\windows\system32\drivers\fsdfw.sys

2009-05-11 15:13 . 2005-06-21 15:31 33744 ----a-w c:\windows\system32\drivers\fsndis5.sys

2009-05-11 15:12 . 2009-05-11 15:12 118842 ------r c:\windows\bwUnin-6.3.2.116-7681197L.exe

2009-05-11 15:12 . 2009-05-11 15:12 -------- d-----w c:\documents and settings\All Users\Application Data\F-Secure

2009-05-11 15:11 . 2009-05-11 15:12 -------- d-----w c:\program files\F-Secure

2009-05-11 15:08 . 2009-05-13 14:32 -------- d-----w c:\windows\system32\199638

2009-05-11 15:06 . 2009-05-11 15:06 -------- d-----w c:\program files\Combined Community Codec Pack

2009-05-11 14:55 . 2009-05-11 14:55 -------- d-----w c:\program files\Haali

2009-05-11 14:55 . 2009-05-11 15:10 -------- d-----w c:\program files\CoreCodec

2009-05-11 13:02 . 2009-05-11 13:02 -------- d-----w c:\documents and settings\shamo\Application Data\vlc

2009-05-09 14:08 . 2008-10-16 07:06 208744 ----a-w c:\windows\system32\muweb.dll

2009-05-09 14:08 . 2008-10-16 07:06 268648 ----a-w c:\windows\system32\mucltui.dll

2009-05-09 11:22 . 2009-05-09 12:04 -------- d-----w c:\documents and settings\shamo\Application Data\mIRC

2009-05-09 11:22 . 2009-05-09 11:22 -------- d-----w c:\program files\mIRC

2009-05-09 10:07 . 2009-05-09 10:08 -------- d-----w c:\documents and settings\shamo\Application Data\Ventrilo

2009-05-09 10:06 . 2009-05-09 10:06 -------- d-----w c:\program files\Ventrilo Mix

2009-05-09 10:00 . 2009-05-09 10:00 -------- d-----w c:\documents and settings\shamo\Local Settings\Application Data\Microsoft Help

2009-05-09 10:00 . 2009-05-09 10:04 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-05-09 09:25 . 2009-05-09 09:25 21840 ----a-w c:\windows\system32\SIntfNT.dll

2009-05-09 09:25 . 2009-05-09 09:25 17212 ----a-w c:\windows\system32\SIntf32.dll

2009-05-09 09:25 . 2009-05-09 09:25 12067 ----a-w c:\windows\system32\SIntf16.dll

2009-05-09 09:21 . 2009-05-09 09:26 35295 ----a-w c:\windows\DIIUnin.dat

2009-05-09 09:21 . 2009-05-09 09:21 2829 ----a-w c:\windows\DIIUnin.pif

2009-05-09 09:21 . 2009-05-09 09:21 94208 ----a-w c:\windows\DIIUnin.exe

2009-05-09 09:20 . 2009-05-19 06:44 -------- d-----w c:\program files\Diablo II

2009-05-09 09:17 . 2009-05-09 09:17 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2009-05-09 09:17 . 2009-05-09 09:17 -------- d-----w c:\program files\DAEMON Tools Toolbar

2009-05-09 09:17 . 2009-05-09 09:17 -------- d-----w c:\program files\DAEMON Tools Lite

2009-05-09 09:15 . 2009-05-09 09:15 721904 ----a-w c:\windows\system32\drivers\sptd.sys

2009-05-09 09:15 . 2009-05-09 09:19 -------- d-----w c:\documents and settings\shamo\Application Data\DAEMON Tools Lite

2009-05-09 07:13 . 2009-05-09 07:14 -------- d-----w c:\documents and settings\shamo\Application Data\Media Player Classic

2009-05-09 00:07 . 2009-05-09 00:07 -------- d-----w c:\program files\uTorrent

2009-05-09 00:07 . 2009-05-19 06:35 -------- d-----w c:\documents and settings\shamo\Application Data\uTorrent

2009-05-08 23:57 . 2009-05-15 05:52 -------- d-----w c:\documents and settings\shamo\Application Data\Spotify

2009-05-08 23:57 . 2009-05-08 23:57 -------- d-----w c:\documents and settings\shamo\Local Settings\Application Data\Spotify

2009-05-08 23:56 . 2009-05-08 23:56 -------- d-----w c:\program files\Spotify

2009-05-08 20:36 . 2009-05-19 06:47 -------- d-----w c:\documents and settings\shamo\Tracing

2009-05-08 20:34 . 2009-05-08 20:34 -------- d-----w c:\program files\Microsoft

2009-05-08 20:33 . 2009-05-08 20:33 -------- d-----w c:\program files\Windows Live SkyDrive

2009-05-08 20:33 . 2009-05-08 20:34 -------- d-----w c:\program files\Windows Live

2009-05-08 20:27 . 2009-05-08 20:27 0 ----a-w c:\windows\nsreg.dat

2009-05-08 20:27 . 2009-05-08 20:27 -------- d-----w c:\documents and settings\shamo\Local Settings\Application Data\Mozilla

2009-05-08 20:26 . 2009-05-08 20:26 -------- d-----w c:\program files\Common Files\Windows Live

2009-05-08 20:10 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys

2009-05-08 20:10 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys

2009-05-08 20:10 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-05-08 20:10 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe

2009-05-08 20:10 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe

2009-05-08 20:10 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe

2009-05-08 20:10 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys

2009-05-08 20:09 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll

2009-05-08 20:09 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll

2009-05-08 20:09 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-05-08 20:08 . 2008-07-09 07:38 26488 ----a-w c:\windows\system32\spupdsvc.exe

2009-05-08 20:04 . 2009-05-08 20:04 -------- d-----w c:\windows\system32\AGEIA

2009-05-08 20:04 . 2009-05-08 20:04 -------- d-----w c:\program files\AGEIA Technologies

2009-05-08 20:04 . 2009-05-08 20:04 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-05-08 20:04 . 2009-04-30 15:02 457248 ----a-w c:\windows\system32\nvudisp.exe

2009-05-08 20:03 . 2009-04-26 17:42 457248 ----a-w c:\windows\system32\NVUNINST.EXE

2009-05-08 20:03 . 2009-05-08 20:03 -------- d-----w C:\NVIDIA

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-11 14:59 . 2009-05-08 14:29 -------- d-----w c:\program files\Windows7

2009-05-09 19:01 . 2009-05-08 14:30 29728 ----a-w c:\documents and settings\shamo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-08 14:56 . 2009-05-08 14:56 -------- d--h--w c:\program files\InstallShield Installation Information

2009-05-08 14:56 . 2009-05-08 14:56 -------- d-----w c:\program files\Analog Devices

2009-05-08 14:56 . 2009-05-08 14:56 -------- d-----w c:\program files\Common Files\InstallShield

2009-05-08 14:31 . 2009-05-08 14:31 552 ----a-w c:\windows\system32\d3d8caps.dat

2009-05-08 14:29 . 2009-05-08 14:29 -------- d-----w c:\program files\RocketDock

2009-05-08 09:30 . 2009-05-08 09:30 -------- d-----w c:\program files\microsoft frontpage

2009-05-08 09:26 . 2009-05-08 09:26 21640 ----a-w c:\windows\system32\emptyregdb.dat

2009-05-08 09:26 . 2009-05-08 09:26 -------- d-----w c:\program files\Windows Media Connect 2

2009-04-30 17:31 . 2009-04-30 17:31 1657376 ----a-w c:\windows\system32\nwiz.exe

2009-04-30 17:31 . 2009-04-30 17:31 449056 ----a-w c:\windows\system32\nvappbar.exe

2009-04-30 17:31 . 2009-04-30 17:31 436768 ----a-w c:\windows\system32\keystone.exe

2009-04-30 17:31 . 2009-04-30 17:31 466944 ----a-w c:\windows\system32\nvshell.dll

2009-04-30 17:31 . 2009-04-30 17:31 1724416 ----a-w c:\windows\system32\nvwdmcpl.dll

2009-04-30 17:31 . 2009-04-30 17:31 1507328 ----a-w c:\windows\system32\nview.dll

2009-04-30 17:31 . 2009-04-30 17:31 1101824 ----a-w c:\windows\system32\nvwimg.dll

2009-04-30 15:02 . 2009-04-30 15:02 9994240 ----a-w c:\windows\system32\nvoglnt.dll

2009-04-30 15:02 . 2009-04-30 15:02 806912 ----a-w c:\windows\system32\nvapi.dll

2009-04-30 15:02 . 2009-04-30 15:02 8055584 ----a-w c:\windows\system32\drivers\nv4_mini.sys

2009-04-30 15:02 . 2009-04-30 15:02 663552 ----a-w c:\windows\system32\nvcuvid.dll

2009-04-30 15:02 . 2009-04-30 15:02 5896320 ----a-w c:\windows\system32\nv4_disp.dll

2009-04-30 15:02 . 2009-04-30 15:02 1720320 ----a-w c:\windows\system32\nvcuda.dll

2009-04-30 15:02 . 2009-04-30 15:02 1579630 ----a-w c:\windows\system32\nvdata.bin

2009-04-30 15:02 . 2009-04-30 15:02 143360 ----a-w c:\windows\system32\nvcodins.dll

2009-04-30 15:02 . 2009-04-30 15:02 143360 ----a-w c:\windows\system32\nvcod.dll

2009-04-30 15:02 . 2009-04-30 15:02 1314816 ----a-w c:\windows\system32\nvcuvenc.dll

2009-04-19 15:51 . 2009-05-09 09:28 662450208 ----a-w c:\program files\Diablo II - Expansion Disc.iso

2009-04-03 05:39 . 2009-04-03 05:39 70936 ----a-w c:\windows\system32\PhysXLoader.dll

2009-03-06 14:22 . 2008-04-13 22:42 284160 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:18 . 2008-04-28 09:25 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-20 18:09 . 2008-04-26 03:44 78336 ----a-w c:\windows\system32\ieencode.dll

.

 

------- Sigcheck -------

 

[-] 2008-03-20 18:36 578560 F92D8964B5286DE225BD2B6BF89764BE c:\windows\system32\user32.dll

 

[-] 2008-04-28 09:24 547328 A55B8899D2EA2E800061BCFD456E34DC c:\windows\system32\winlogon.exe

 

[-] 2008-08-18 18:17 1616384 4A90F51B778FA0157F60D206E8B37D2A c:\windows\explorer.exe

 

[-] 2008-04-28 09:22 25088 B5E8782D4AF1B3756F38E11E7C157BBE c:\windows\system32\ctfmon.exe

 

[-] 2008-04-26 03:58 1614848 BC298B78B311397B421D4D52B44B49EC c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"AnalogClock"="c:\program files\Windows7\Analog Clock\AnalogClock.exe" [2005-11-05 480256]

"TransBar"="c:\program files\Windows7\TransBar\TransBar.exe" [2005-06-01 65536]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-28 25088]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KRun"="c:\program files\Windows7\RunMe\RunMe.exe" [2007-04-06 518656]

"Viena Explorer"="c:\program files\Windows7\Vienna Explorer\Vienna Explorer.exe" [2006-11-18 581632]

"Visual Task Tips"="c:\program files\Windows7\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]

"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2005-06-02 122929]

"F-Secure TNB"="c:\program files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 684032]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

F-Secure Automatic Update.lnk - c:\program files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2009-5-11 32807]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=

 

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [5/11/2009 10:13 PM 70224]

R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [5/11/2009 10:13 PM 32807]

R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\FSfilter.sys [5/11/2009 10:12 PM 48720]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\win2k\fsgk.sys [5/11/2009 10:12 PM 46800]

R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\FSrec.sys [5/11/2009 10:12 PM 16848]

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-Hotfix-KB5504305 - c:\windows\system32\rundll54.exe

HKCU-Run-8luw5h2 - c:\documents and settings\shamo\Application Data\Microsoft\AddIns\8luw5h2.exe

HKCU-Run-DiskChk help - c:\documents and settings\All Users\proto.dll

HKCU-RunServices-Hotfix-KB5504305 - c:\windows\system32\rundll54.exe

HKLM-Run-Pie Dock - c:\program files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe

 

 

.

------- Supplementary Scan -------

.

IE: &Block this popup - c:\program files\F-Secure\Anti-Spyware\blockpopups.htm

LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL

FF - ProfilePath - c:\documents and settings\shamo\Application Data\Mozilla\Firefox\Profiles\wulf0rer.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.dagbladet.no

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-19 13:48

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(724)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\COMRes.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(784)

c:\windows\system32\setupapi.dll

c:\program files\F-Secure\FSPS\program\FSLSP.DLL

 

- - - - - - - > 'explorer.exe'(3032)

c:\program files\RocketDock\RocketDock.dll

c:\program files\Windows7\VisualTaskTips\VttHooks.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\windows\system32\rundll32.exe

c:\program files\F-Secure\Anti-Virus\fsgk32st.exe

c:\program files\F-Secure\Anti-Virus\fsgk32.exe

c:\program files\F-Secure\BackWeb\7681197\program\fsbwsys.exe

c:\program files\F-Secure\Anti-Virus\fssm32.exe

c:\program files\F-Secure\common\FSMA32.EXE

c:\program files\F-Secure\common\FSMB32.EXE

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\F-Secure\common\FCH32.EXE

c:\program files\F-Secure\Anti-Virus\fsqh.exe

c:\program files\F-Secure\common\FAMEH32.EXE

c:\program files\F-Secure\Anti-Virus\FSRW.exe

c:\program files\F-Secure\common\FNRB32.exe

c:\program files\F-Secure\FWES\program\fsdfwd.exe

c:\program files\F-Secure\common\FIH32.exe

c:\program files\F-Secure\Anti-Virus\FSAV32.exe

c:\program files\F-Secure\Anti-Spyware\FSAW.exe

c:\program files\F-Secure\FSGUI\fsguidll.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-05-19 13:50 - machine was rebooted

ComboFix-quarantined-files.txt 2009-05-19 06:50

 

Pre-Run: 147,663,466,496 bytes free

Post-Run: 147,719,639,040 bytes free

 

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

264 --- E O F --- 2009-05-13 14:32

Lenke til kommentar
snippsat

snippsat

Skrevet
Skrevet

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

60876047vu9.gif

 

Folder::

c:\windows\system32\199638

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

TransBar"=-

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...