Milapse Skrevet 3. januar 2010 Del Skrevet 3. januar 2010 (endret) Hei, trenger noen til å se på disse loggene da maskinen min har vært infisert av trojaner. MBAM: Malwarebytes' Anti-Malware 1.43 Databaseversjon: 3458 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 03.01.2010 17:35:35 mbam-log-2010-01-03 (17-35-35).txt Skanntype: Rask Skann Objekter skannet: 97857 Tid tilbakelagt: 9 minute(s), 29 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Users\Erik\AppData\Local\Temp\1157319.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Erik\AppData\Local\Temp\330434.exe (Trojan.Downloader) -> Quarantined and deleted successfully. ComboFix: ComboFix 10-01-02.05 - Erik 03.01.2010 18:03:49.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3070.2222 [GMT 1:00] Kjører fra: c:\users\Erik\Downloads\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk c:\users\Erik\Documents\Registry_Backup_021009.reg Infisert kopi av c:\windows\system32\DRIVERS\iaStor.sys ble funnet og desinfisert Gjenopprettet kopi fra - Kitty ate it . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-12-03 til 2010-01-03 ))))))))))))))))))))))))))))))))) . 2010-01-03 17:17 . 2010-01-03 17:20 -------- d-----w- c:\users\Erik\AppData\Local\temp 2010-01-03 17:17 . 2010-01-03 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-03 16:21 . 2010-01-03 16:21 -------- d-----w- c:\users\Erik\AppData\Roaming\Malwarebytes 2010-01-03 16:21 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-03 16:21 . 2010-01-03 16:21 -------- d-----w- c:\programdata\Malwarebytes 2010-01-03 16:21 . 2010-01-03 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-03 16:21 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 16:14 . 2010-01-03 16:40 -------- d-----w- c:\users\Erik\Tracing 2009-12-29 14:13 . 2009-12-29 19:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-12-29 14:13 . 2009-12-29 14:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-24 13:06 . 2009-12-24 13:06 -------- d-----w- c:\windows\Applian Director 2009-12-24 13:06 . 2009-12-24 13:06 -------- d-----w- c:\users\Erik\AppData\Local\FLVService 2009-12-24 13:06 . 2009-12-24 13:06 -------- d-----w- c:\windows\Replay Media Catcher 2009-12-17 18:02 . 2009-12-17 18:02 -------- d-----w- c:\program files\Wimp 2009-12-17 00:28 . 2009-12-17 00:28 -------- d-----w- c:\users\Erik\AppData\Local\stellarium 2009-12-17 00:28 . 2009-12-17 00:41 -------- d-----w- c:\users\Erik\AppData\Roaming\Stellarium 2009-12-17 00:27 . 2009-12-17 00:27 -------- d-----w- c:\program files\Stellarium 2009-12-12 11:38 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-12 11:38 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll 2009-12-12 11:38 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-09 09:34 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll 2009-12-09 09:23 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll 2009-12-09 09:23 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll 2009-12-08 15:37 . 2009-12-08 15:37 -------- d-----w- c:\program files\CCleaner 2009-12-05 00:00 . 2009-12-05 00:00 -------- d-----w- c:\program files\PosteRazor 2009-12-05 00:00 . 2009-12-05 00:00 -------- d-----w- c:\users\Erik\AppData\Roaming\CasaPortale.de . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-03 17:18 . 2009-06-28 19:11 45056 ----a-w- c:\windows\system32\acovcnt.exe 2010-01-03 17:17 . 2008-04-29 05:18 12 ----a-w- c:\windows\bthservsdp.dat 2010-01-03 17:09 . 2008-04-29 06:01 76478 ----a-w- c:\windows\system32\perfc014.dat 2010-01-03 17:09 . 2008-04-29 06:01 452326 ----a-w- c:\windows\system32\perfh014.dat 2010-01-03 13:07 . 2009-07-08 19:24 -------- d-----w- c:\users\Erik\AppData\Roaming\Spotify 2009-12-27 02:16 . 2009-08-27 19:13 -------- d-----w- c:\users\Erik\AppData\Roaming\vlc 2009-12-24 13:13 . 2009-06-29 20:24 -------- d-----w- c:\users\Erik\AppData\Roaming\uTorrent 2009-12-17 11:34 . 2009-11-02 20:51 1 ----a-w- c:\users\Erik\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-12 15:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-12-12 11:40 . 2009-02-10 23:20 -------- d-----w- c:\programdata\Microsoft Help 2009-12-09 19:09 . 2009-12-09 19:09 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2EE3.tmp.exe 2009-12-08 16:03 . 2009-07-05 20:45 31776 ----a-w- c:\programdata\nvModes.dat 2009-12-07 17:21 . 2009-10-24 12:47 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-26 02:00 . 2009-11-26 02:00 -------- d-----w- c:\program files\MSXML 4.0 2009-11-23 11:26 . 2009-11-21 12:53 -------- d-----w- c:\program files\Replay Music 3 2009-11-15 22:54 . 2009-06-28 19:13 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-14 19:10 . 2009-11-08 20:49 -------- d-----w- c:\users\Erik\AppData\Roaming\Audacity 2009-11-08 21:51 . 2009-11-08 21:51 -------- d-----w- c:\program files\Lame for Audacity 2009-11-08 20:49 . 2009-11-08 20:49 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2009-11-04 22:04 . 2009-06-28 19:11 104040 ----a-w- c:\users\Erik\AppData\Local\GDIPFONTCACHEV1.DAT 2009-11-02 19:42 . 2009-10-25 09:47 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 09:41 . 2009-11-26 02:00 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-27 13:20 . 2009-12-09 09:33 833024 ----a-w- c:\windows\system32\wininet.dll 2009-10-27 13:16 . 2009-12-09 09:33 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-27 10:55 . 2009-12-09 09:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-10-24 14:02 . 2009-06-30 19:59 411368 ----a-w- c:\windows\system32\deploytk.dll 2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll 2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w- c:\program files\Common Files\banner.jpg 2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2008-07-31 22:12 4233480 ----a-w- c:\program files\Protector Suite QL\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2008-07-31 22:12 4233480 ----a-w- c:\program files\Protector Suite QL\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304] "ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13593120] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 92704] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-07-31 49928] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-02-11 3054136] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-24 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-30 1389904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2008-07-31 22:00 96520 ----a-w- c:\windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Erik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-02-11 00:44 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-06-05 11:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-02-06 16:52 3885400 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-24 14:02 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2009-09-04 12:49 1994480 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-02-11 00:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [11.02.2009 02:50 15416] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [04.09.2009 13:50 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [04.09.2009 13:49 74480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24.10.2009 13:47 108289] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [11.02.2009 02:33 29736] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [28.08.2008 16:48 3664384] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [05.09.2008 21:20 45600] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11.02.2009 01:44 30192] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [04.09.2009 13:50 7408] S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [17.07.2009 23:55 722416] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html FF - ProfilePath - c:\users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\lhvdtntt.default\ FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\lhvdtntt.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-AdobeBridge - (no file) MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-01-03 18:20 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1144) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'lsass.exe'(676) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\infql2.dll - - - - - - - > 'Explorer.exe'(3240) c:\program files\Protector Suite QL\farchns.dll c:\program files\Protector Suite QL\infql2.dll c:\program files\Protector Suite QL\qlbase.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\Protector Suite QL\upeksvr.exe c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe c:\program files\ASUS\ATK Hotkey\HControl.exe c:\program files\Wireless Console 2\wcourier.exe c:\program files\ASUS\ASUS CopyProtect\aspg.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\program files\ASUS\ATK Hotkey\ATKOSD.exe c:\program files\ASUS\ATK Hotkey\KBFiltr.exe c:\program files\ASUS\ATK Hotkey\WDC.exe c:\windows\system32\conime.exe c:\windows\System32\wsqmcons.exe . ************************************************************************** . Tidspunkt ferdig: 2010-01-03 18:28:43 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-01-03 17:28 Pre-Run: 118 618 226 688 byte ledig Post-Run: 118 630 338 560 byte ledig - - End Of File - - Hva bør gjøres videre? På forhånd takk Endret 3. januar 2010 av Milapse Lenke til kommentar
snippsat Skrevet 4. januar 2010 Del Skrevet 4. januar 2010 c:\windows\system32\acovcnt.exe Scann denne filen virustotal Lenke til kommentar
Milapse Skrevet 5. januar 2010 Forfatter Del Skrevet 5. januar 2010 c:\windows\system32\acovcnt.exeScann denne filen virustotal Har gjort det nå og får resultatet 0/41 dvs 0% maskinen ser ut til å fungere som normalt. Lenke til kommentar
snippsat Skrevet 5. januar 2010 Del Skrevet 5. januar 2010 Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Lenke til kommentar
Milapse Skrevet 7. januar 2010 Forfatter Del Skrevet 7. januar 2010 Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia fant at noen programmer bør oppdateres, men ingen alvorlige feil. Holder på å oppdatere programmene nå. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå