Loffen^ Skrevet 30. mai 2010 Del Skrevet 30. mai 2010 (endret) Maskinen ble infected med spyware og trojanere mens jeg surfet i går. Har lastet ned diverse spyware og virus programmer "Anti-Malware, Spybot, Ad-Aware, HijackThis etc" og scannet flere ganger med alle progza... Har fått fjernet det meste av skiten. Det eneste som ikke vil vekk er enkelte trojanere (Screenshot fra AVG): Noen som har snøring på hvordan man får fjernet faenskapet? Takk. Endret 30. mai 2010 av -LoFFeN- Lenke til kommentar
snippsat Skrevet 30. mai 2010 Del Skrevet 30. mai 2010 Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt c:\windows\system32\svchost.exe Scann filen her virustotal Post resultatet. Lenke til kommentar
Loffen^ Skrevet 30. mai 2010 Forfatter Del Skrevet 30. mai 2010 (endret) Når jeg skal skanne med Combofix så popper det opp en advarsel om at AVG kjører i bakgrunnen... Jeg av-innstalerte det tidligere, men jeg får fortsatt meldingen. Er det en bug eller hva? Her er VirusTotal loggen av Svchost; http://www.virustotal.com/analisis/d3d5e2feafad36db550c2b8062de7e51e1bd052f1456736b2342564c7ac1b88e-1275257194 Endret 30. mai 2010 av -LoFFeN- Lenke til kommentar
snippsat Skrevet 30. mai 2010 Del Skrevet 30. mai 2010 Jeg av-innstalerte det tidligere, men jeg får fortsatt meldingen. Er det en bug eller hva? Nei den kommer alltid bare gå videre. Eller disable avg før du kjører combofix. Lenke til kommentar
Loffen^ Skrevet 31. mai 2010 Forfatter Del Skrevet 31. mai 2010 (endret) Kjørte nettopp Combofix... Her er loggen; ComboFix 10-05-29.05 - Administrator 31.05.2010 20:22:08.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.2047.1669 [GMT 2:00] Kjører fra: c:\documents and settings\Administrator\Skrivebord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Programdata\0200000067a56460922C.manifest c:\documents and settings\Administrator\Programdata\0200000067a56460922O.manifest c:\documents and settings\Administrator\Programdata\0200000067a56460922P.manifest c:\documents and settings\Administrator\Programdata\0200000067a56460922S.manifest c:\documents and settings\Administrator\Programdata\874FD3E427FF3CD4F3B05A781318146B c:\documents and settings\Administrator\Programdata\874FD3E427FF3CD4F3B05A781318146B\enemies-names.txt C:\Thumbs.db c:\windows\Help\verifier.hlp c:\windows\system32\msxsltsso.dll Infisert kopi av c:\windows\system32\drivers\nvgts.sys ble funnet og desinfisert Gjenopprettet kopi fra - Kitty had a snack c:\windows\system32\grpconv.exe manglet Gjenopprettet kopi fra - c:\system volume information\_restore{1F544196-4261-4292-90CC-19F6BDFC13F0}\RP693\A0084705.exe Infisert kopi av c:\windows\system32\drivers\ndis.sys ble funnet og desinfisert Gjenopprettet kopi fra - c:\system volume information\_restore{1F544196-4261-4292-90CC-19F6BDFC13F0}\RP693\A0084707.sys . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-04-28 til 2010-05-31 ))))))))))))))))))))))))))))))))) . 2010-05-31 18:27 . 2004-08-04 00:03 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-05-31 18:27 . 2004-08-04 00:03 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-05-31 18:12 . 2010-05-31 18:15 -------- d--h--r- c:\documents and settings\Administrator\Siste 2010-05-30 22:33 . 2010-05-30 22:33 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-30 21:39 . 2010-05-30 21:40 -------- d-----w- c:\windows\SxsCaPendDel 2010-05-30 21:09 . 2010-05-30 21:16 -------- d-----w- c:\programfiler\GridinSoft Trojan Killer 2010-05-30 13:55 . 2010-05-30 13:55 -------- d-----w- c:\programfiler\Trend Micro 2010-05-30 13:11 . 2010-05-30 13:11 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\G DATA 2010-05-30 13:08 . 2010-05-30 13:08 -------- d-----r- c:\documents and settings\LocalService\Favoritter 2010-05-30 13:01 . 2010-05-30 23:24 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-05-30 12:51 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-05-30 12:51 . 2010-05-30 12:51 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-30 12:46 . 2010-05-30 22:33 -------- d-----w- c:\documents and settings\All Users\Programdata\Lavasoft 2010-05-30 02:46 . 2010-05-30 02:46 -------- d-----w- C:\$AVG 2010-05-30 02:35 . 2010-05-30 02:35 -------- d-----w- c:\programfiler\AVG 2010-05-30 02:35 . 2010-05-30 20:54 -------- d-----w- c:\documents and settings\All Users\Programdata\avg9 2010-05-30 01:59 . 2010-05-30 02:32 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2010-05-30 01:59 . 2010-05-30 01:59 -------- d-----w- c:\programfiler\Spybot - Search & Destroy 2010-05-30 01:34 . 2010-05-30 01:34 -------- d-----w- c:\programfiler\SpywareBlaster 2010-05-30 00:53 . 2010-05-30 01:28 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\qqtvafchw 2010-05-30 00:53 . 2010-05-30 21:16 -------- d-----w- c:\documents and settings\Administrator\Programdata\Street-Ads 2010-05-30 00:53 . 2010-05-30 00:53 -------- d-----w- c:\documents and settings\Administrator\Programdata\Sky-Banners 2010-05-30 00:53 . 2010-05-30 00:53 50981 ----a-w- c:\windows\system32\cfdccwliwvhjztv.exe 2010-05-30 00:52 . 2010-05-30 00:52 -------- d-----w- c:\programfiler\$NtUninstallWTF1012$ 2010-05-17 22:30 . 2010-05-17 22:30 -------- d-----w- c:\programfiler\Fellesfiler\DivX Shared 2010-05-17 22:28 . 2010-05-17 22:30 -------- d-----w- c:\documents and settings\All Users\Programdata\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-31 18:27 . 2007-01-24 19:03 578048 ----a-w- c:\windows\system32\user32.dll 2010-05-31 18:12 . 2008-04-18 20:26 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP 2010-05-30 22:33 . 2008-10-01 08:43 -------- d-----w- c:\programfiler\Lavasoft 2010-05-30 20:55 . 2008-11-17 19:20 -------- d-----w- c:\programfiler\Replay Media Catcher 2010-05-30 20:38 . 2008-10-01 08:43 -------- d-----w- c:\documents and settings\Administrator\Programdata\Lavasoft 2010-05-30 13:55 . 2010-05-30 13:55 388096 ----a-r- c:\documents and settings\Administrator\Programdata\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-30 13:06 . 2009-03-11 15:50 -------- d-----w- c:\programfiler\Google 2010-05-30 01:31 . 2010-05-30 01:31 12 ----a-w- c:\documents and settings\NetworkService\Programdata\vlsfdq.dat 2010-05-30 01:01 . 2009-06-30 17:51 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-05-30 01:00 . 2010-05-30 01:00 12 ----a-w- c:\windows\system32\config\systemprofile\Programdata\vlsfdq.dat 2010-05-30 00:28 . 2010-03-05 13:30 -------- d-----w- c:\documents and settings\Administrator\Programdata\uTorrent 2010-05-29 23:36 . 2008-04-19 21:37 218808 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-05-29 20:19 . 2008-04-19 21:37 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-05-24 23:01 . 2008-11-17 19:21 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll 2010-05-24 23:01 . 2008-11-17 19:21 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe 2010-05-24 23:01 . 2008-11-17 19:21 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL 2010-05-23 19:51 . 2009-10-27 17:00 -------- d-----w- c:\documents and settings\Administrator\Programdata\vlc 2010-05-17 22:28 . 2010-05-17 22:28 144696 ----a-w- c:\documents and settings\All Users\Programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-17 22:28 . 2010-05-17 22:30 1180952 ----a-w- c:\documents and settings\All Users\Programdata\DivX\Setup\DivXSetup.exe 2010-05-10 00:22 . 2008-04-18 20:55 -------- d-----w- c:\programfiler\SopCast 2010-04-29 13:39 . 2009-06-30 17:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2009-06-30 17:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-21 16:21 . 2010-04-21 16:20 -------- d-----w- c:\documents and settings\All Users\Programdata\{784E3329-1B2A-421E-9427-596088B766F6} 2010-03-28 15:07 . 2002-09-16 12:00 93736 ----a-w- c:\windows\system32\perfc014.dat 2010-03-28 15:07 . 2002-09-16 12:00 482832 ----a-w- c:\windows\system32\perfh014.dat 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-03-07 22:04 . 2009-08-02 22:01 139152 ----a-w- c:\documents and settings\Administrator\Programdata\PnkBstrK.sys 2010-03-07 22:04 . 2009-08-02 22:01 139152 ----a-w- c:\documents and settings\Administrator\Programdata\PnkBstrK.sys 2010-03-07 22:04 . 2010-03-07 22:04 794408 ----a-w- c:\windows\system32\pbsvc.exe 2010-03-06 15:50 . 2010-01-31 06:25 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe 2010-03-06 15:50 . 2008-04-19 21:37 75064 ----a-w- c:\windows\system32\PnkBstrA.exe . Infected c:\windows\system32\user32.dll hex repaired (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-4-18 528384] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^monymi32.exe] path=c:\documents and settings\Administrator\Start-meny\Programmer\Oppstart\monymi32.exe backup=c:\windows\pss\monymi32.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^monymi32.PIF] path=c:\documents and settings\Administrator\Start-meny\Programmer\Oppstart\monymi32.PIF backup=c:\windows\pss\monymi32.PIFStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^DualCoreCenter.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\DualCoreCenter.lnk backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Orbit.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Orbit.lnk backup=c:\windows\pss\Orbit.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2008-06-19 15:20 57344 ----a-w- c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-04-19 00:15 321344 ----a-w- c:\programfiler\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 00:03 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-12-29 10:40 687560 ----a-w- c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\programfiler\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] 2005-07-22 21:25 28160 ----a-w- c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 14:44 3883856 ----a-w- c:\programfiler\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] 2007-09-04 17:25 81920 ----a-w- c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-05-27 08:50 413696 ----a-w- c:\programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2005-01-12 01:01 32768 ----a-w- c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-02-03 16:32 18085888 ----a-w- c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-02-22 02:25 144784 ----a-w- c:\programfiler\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenor Online Start] 2006-11-30 12:51 178312 ----a-w- c:\programfiler\Telenor\Online Start\Telenor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gupdate1c9a2613b991d6c"=2 (0x2) "gusvc"=2 (0x2) "avg9wd"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30.05.2010 14:51 64288] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [04.02.2010 17:52 1314704] S2 gupdate;Google Update Service (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [22.04.2010 23:43 136176] S2 wtsmpadapq;wtsmpadapq;\??\c:\windows\System32\DRIVERS\wtsmpadapq.sys --> c:\windows\System32\DRIVERS\wtsmpadapq.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [27.03.2009 23:40 1684736] S3 cpuz126;cpuz126;\??\c:\docume~1\ADMINI~1\LOKALE~1\Temp\cpuz.sys --> c:\docume~1\ADMINI~1\LOKALE~1\Temp\cpuz.sys [?] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 05:29 29178224] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys --> c:\windows\system32\DRIVERS\wtsmpadap.sys [?] S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys --> c:\windows\system32\DRIVERS\wtsmpflt.sys [?] S4 arwdugid;arwdugid; [x] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01.02.2009 17:58 717296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] vvdsvc REG_MULTI_SZ vvdsvc . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-05-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:09] 2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-22 21:43] 2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-22 21:43] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.vg.no/ uInternet Settings,ProxyOverride = local IE: Post Image to Blog - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5003 IE: Tag This Image - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5002 IE: Transload Image to ImageShack - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5004 IE: Upload All Images to ImageShack - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5000 IE: Upload Image to ImageShack - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5001 FF - ProfilePath - c:\documents and settings\Administrator\Programdata\Mozilla\Firefox\Profiles\mhdrxnos.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no/ FF - plugin: c:\programfiler\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\programfiler\Veetle\Player\npvlc.dll FF - plugin: c:\programfiler\Veetle\plugins\npVeetle.dll FF - plugin: c:\programfiler\Veetle\VLCBroadcast\npvbp.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - TOMME PEKERE FJERNET - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-nwiz - nwiz.exe SSODL-GootkitSSO-{58473E58-0932-4D66-BFBD-EAF6D5099CEA} - c:\windows\System32\msxsltsso.dll Notify-avgrsstarter - avgrsstx.dll MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe MSConfigStartUp-MChk - c:\windows\system32\iomtjtjl.exe MSConfigStartUp-nwiz - nwiz.exe MSConfigStartUp-skb - eiqzvbdr.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-31 20:29 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-796845957-1770027372-725345543-500\Software\SecuROM\License information*] "datasecu"=hex:89,17,df,30,2c,52,f6,5c,91,4c,99,ea,ed,cb,ea,e2,09,85,86,40,6a, a9,c6,05,03,07,de,13,b4,0a,e0,ab,a4,95,c8,dd,8f,36,b3,d7,87,c0,d3,c3,ec,06,\ "rkeysecu"=hex:01,30,6d,4e,15,f1,77,83,b2,9c,29,96,47,bc,71,04 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(3324) c:\programfiler\Logitech\SetPoint\GameHook.dll c:\programfiler\Logitech\SetPoint\lgscroll.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\nvsvc32.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\WgaTray.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Tidspunkt ferdig: 2010-05-31 20:35:19 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-05-31 18:35 Pre-Run: 90 469 715 968 byte ledig Post-Run: 90 450 444 288 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff - - End Of File - - C705E73DA9F542A0B4351923A0CCCB02 CF gjorde nok susen gitt. Maskinen virker raskere nå. Alle svchost untatt de "normale" er borte. Scannet også med Spybot or Anti-Malware nå nettopp. Finner ingen suspekte filer. Endret 31. mai 2010 av -LoFFeN- Lenke til kommentar
snippsat Skrevet 31. mai 2010 Del Skrevet 31. mai 2010 Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt Registry:: [-HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^monymi32.exe] [-HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^monymi32.PIF] Driver:: arwdugid Lenke til kommentar
Loffen^ Skrevet 31. mai 2010 Forfatter Del Skrevet 31. mai 2010 (endret) Done. ComboFix 10-05-30.09 - Administrator 31.05.2010 22:41:31.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.2047.1539 [GMT 2:00] Kjører fra: c:\documents and settings\Administrator\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Administrator\Skrivebord\CFScript.txt.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ARWDUGID -------\Service_arwdugid ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-04-28 til 2010-05-31 ))))))))))))))))))))))))))))))))) . 2010-05-31 20:38 . 2010-05-31 20:38 -------- d--h--r- c:\documents and settings\Administrator\Siste 2010-05-31 18:27 . 2004-08-04 00:03 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-05-31 18:27 . 2004-08-04 00:03 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-05-30 22:33 . 2010-05-30 22:33 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-30 22:33 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-05-30 21:39 . 2010-05-30 21:40 -------- d-----w- c:\windows\SxsCaPendDel 2010-05-30 21:09 . 2010-05-30 21:16 -------- d-----w- c:\programfiler\GridinSoft Trojan Killer 2010-05-30 13:55 . 2010-05-30 13:55 388096 ----a-r- c:\documents and settings\Administrator\Programdata\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-30 13:55 . 2010-05-30 13:55 -------- d-----w- c:\programfiler\Trend Micro 2010-05-30 13:11 . 2010-05-30 13:11 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\G DATA 2010-05-30 13:08 . 2010-05-30 13:08 -------- d-----r- c:\documents and settings\LocalService\Favoritter 2010-05-30 13:01 . 2010-05-30 23:24 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-05-30 12:51 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-05-30 12:51 . 2010-05-30 12:51 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-30 12:46 . 2010-05-30 22:33 -------- d-----w- c:\documents and settings\All Users\Programdata\Lavasoft 2010-05-30 02:46 . 2010-05-30 02:46 -------- d-----w- C:\$AVG 2010-05-30 02:35 . 2010-05-30 02:35 -------- d-----w- c:\programfiler\AVG 2010-05-30 02:35 . 2010-05-30 20:54 -------- d-----w- c:\documents and settings\All Users\Programdata\avg9 2010-05-30 01:59 . 2010-05-30 02:32 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2010-05-30 01:59 . 2010-05-30 01:59 -------- d-----w- c:\programfiler\Spybot - Search & Destroy 2010-05-30 01:34 . 2010-05-30 01:34 -------- d-----w- c:\programfiler\SpywareBlaster 2010-05-30 00:53 . 2010-05-30 01:28 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\qqtvafchw 2010-05-30 00:53 . 2010-05-30 21:16 -------- d-----w- c:\documents and settings\Administrator\Programdata\Street-Ads 2010-05-30 00:53 . 2010-05-30 00:53 -------- d-----w- c:\documents and settings\Administrator\Programdata\Sky-Banners 2010-05-30 00:53 . 2010-05-30 00:53 50981 ----a-w- c:\windows\system32\cfdccwliwvhjztv.exe 2010-05-30 00:52 . 2010-05-30 00:52 -------- d-----w- c:\programfiler\$NtUninstallWTF1012$ 2010-05-17 22:28 . 2010-05-17 22:28 144696 ----a-w- c:\documents and settings\All Users\Programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-17 22:28 . 2010-05-17 22:30 -------- d-----w- c:\documents and settings\All Users\Programdata\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-31 18:27 . 2007-01-24 19:03 578048 ----a-w- c:\windows\system32\user32.dll 2010-05-31 18:12 . 2008-04-18 20:26 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP 2010-05-30 22:33 . 2008-10-01 08:43 -------- d-----w- c:\programfiler\Lavasoft 2010-05-30 20:55 . 2008-11-17 19:20 -------- d-----w- c:\programfiler\Replay Media Catcher 2010-05-30 20:38 . 2008-10-01 08:43 -------- d-----w- c:\documents and settings\Administrator\Programdata\Lavasoft 2010-05-30 13:06 . 2009-03-11 15:50 -------- d-----w- c:\programfiler\Google 2010-05-30 01:31 . 2010-05-30 01:31 12 ----a-w- c:\documents and settings\NetworkService\Programdata\vlsfdq.dat 2010-05-30 01:01 . 2009-06-30 17:51 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-05-30 01:00 . 2010-05-30 01:00 12 ----a-w- c:\windows\system32\config\systemprofile\Programdata\vlsfdq.dat 2010-05-30 00:28 . 2010-03-05 13:30 -------- d-----w- c:\documents and settings\Administrator\Programdata\uTorrent 2010-05-29 23:36 . 2008-04-19 21:37 218808 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-05-29 20:19 . 2008-04-19 21:37 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-05-24 23:01 . 2008-11-17 19:21 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll 2010-05-24 23:01 . 2008-11-17 19:21 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe 2010-05-24 23:01 . 2008-11-17 19:21 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL 2010-05-23 19:51 . 2009-10-27 17:00 -------- d-----w- c:\documents and settings\Administrator\Programdata\vlc 2010-05-10 00:22 . 2008-04-18 20:55 -------- d-----w- c:\programfiler\SopCast 2010-04-29 13:39 . 2009-06-30 17:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2009-06-30 17:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-21 16:21 . 2010-04-21 16:20 -------- d-----w- c:\documents and settings\All Users\Programdata\{784E3329-1B2A-421E-9427-596088B766F6} 2010-03-28 15:07 . 2002-09-16 12:00 93736 ----a-w- c:\windows\system32\perfc014.dat 2010-03-28 15:07 . 2002-09-16 12:00 482832 ----a-w- c:\windows\system32\perfh014.dat 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-03-07 22:04 . 2009-08-02 22:01 139152 ----a-w- c:\documents and settings\Administrator\Programdata\PnkBstrK.sys 2010-03-07 22:04 . 2009-08-02 22:01 139152 ----a-w- c:\documents and settings\Administrator\Programdata\PnkBstrK.sys 2010-03-07 22:04 . 2010-03-07 22:04 794408 ----a-w- c:\windows\system32\pbsvc.exe 2010-03-06 15:50 . 2010-01-31 06:25 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe 2010-03-06 15:50 . 2008-04-19 21:37 75064 ----a-w- c:\windows\system32\PnkBstrA.exe . ((((((((((((((((((((((((((((( SnapShot@2010-05-31_18.29.20 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-31 20:33 . 2010-05-31 20:33 16384 c:\windows\Temp\Perflib_Perfdata_fc.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-4-18 528384] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^DualCoreCenter.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\DualCoreCenter.lnk backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Orbit.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Orbit.lnk backup=c:\windows\pss\Orbit.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2008-06-19 15:20 57344 ----a-w- c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-04-19 00:15 321344 ----a-w- c:\programfiler\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 00:03 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-12-29 10:40 687560 ----a-w- c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\programfiler\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] 2005-07-22 21:25 28160 ----a-w- c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 14:44 3883856 ----a-w- c:\programfiler\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] 2007-09-04 17:25 81920 ----a-w- c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-05-27 08:50 413696 ----a-w- c:\programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2005-01-12 01:01 32768 ----a-w- c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-02-03 16:32 18085888 ----a-w- c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-02-22 02:25 144784 ----a-w- c:\programfiler\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenor Online Start] 2006-11-30 12:51 178312 ----a-w- c:\programfiler\Telenor\Online Start\Telenor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gupdate1c9a2613b991d6c"=2 (0x2) "gusvc"=2 (0x2) "avg9wd"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30.05.2010 14:51 64288] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [04.02.2010 17:52 1314704] S2 gupdate;Google Update Service (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [22.04.2010 23:43 136176] S2 wtsmpadapq;wtsmpadapq;\??\c:\windows\System32\DRIVERS\wtsmpadapq.sys --> c:\windows\System32\DRIVERS\wtsmpadapq.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [27.03.2009 23:40 1684736] S3 cpuz126;cpuz126;\??\c:\docume~1\ADMINI~1\LOKALE~1\Temp\cpuz.sys --> c:\docume~1\ADMINI~1\LOKALE~1\Temp\cpuz.sys [?] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 05:29 29178224] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys --> c:\windows\system32\DRIVERS\wtsmpadap.sys [?] S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys --> c:\windows\system32\DRIVERS\wtsmpflt.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01.02.2009 17:58 717296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] vvdsvc REG_MULTI_SZ vvdsvc . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-05-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:09] 2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-22 21:43] 2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-22 21:43] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.vg.no/ uInternet Settings,ProxyOverride = local IE: Post Image to Blog - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5003 IE: Tag This Image - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5002 IE: Transload Image to ImageShack - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5004 IE: Upload All Images to ImageShack - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5000 IE: Upload Image to ImageShack - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5001 FF - ProfilePath - c:\documents and settings\Administrator\Programdata\Mozilla\Firefox\Profiles\mhdrxnos.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no/ FF - plugin: c:\programfiler\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\programfiler\Veetle\Player\npvlc.dll FF - plugin: c:\programfiler\Veetle\plugins\npVeetle.dll FF - plugin: c:\programfiler\Veetle\VLCBroadcast\npvbp.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-31 22:45 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-796845957-1770027372-725345543-500\Software\SecuROM\License information*] "datasecu"=hex:89,17,df,30,2c,52,f6,5c,91,4c,99,ea,ed,cb,ea,e2,09,85,86,40,6a, a9,c6,05,03,07,de,13,b4,0a,e0,ab,a4,95,c8,dd,8f,36,b3,d7,87,c0,d3,c3,ec,06,\ "rkeysecu"=hex:01,30,6d,4e,15,f1,77,83,b2,9c,29,96,47,bc,71,04 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(2956) c:\programfiler\Logitech\SetPoint\GameHook.dll c:\programfiler\Logitech\SetPoint\lgscroll.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL . Tidspunkt ferdig: 2010-05-31 22:46:57 ComboFix-quarantined-files.txt 2010-05-31 20:46 ComboFix2.txt 2010-05-31 18:35 Pre-Run: 90 372 321 280 byte ledig Post-Run: 90 341 097 472 byte ledig - - End Of File - - 349B1298F8CD11F85CE39F67D30EFF3C Endret 31. mai 2010 av -LoFFeN- Lenke til kommentar
snippsat Skrevet 31. mai 2010 Del Skrevet 31. mai 2010 Da ser det bra ut. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Lenke til kommentar
Loffen^ Skrevet 1. juni 2010 Forfatter Del Skrevet 1. juni 2010 (endret) Takker så meget for hjelpa. Endret 1. juni 2010 av -LoFFeN- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå