CandyMaM Skrevet 3. juli 2010 Del Skrevet 3. juli 2010 Hei. Har et malware/virus problem. Får med jevne mellomrom popup fra avast v5.x. Name: Value: Original file name svchost.exe original folder C:\Windows\Temp\Idra.tmp Size of file 86016 Last modification time 02.07.2010 16:53:10 Time to transfer to chest 02.07.2010 18:53:11 Category Infected files Virus description Win32:Malware-gen File ID 201 Logger: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4267 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 03.07.2010 20:45:34 mbam-log-2010-07-03 (20-45-34).txt Skanntype: Hurtigsøk Objekter skannet: 132689 Tid tilbakelagt: 3 minutt(er), 23 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) ComboFix 10-07-01.02 - Anika 03.07.2010 20:58:49.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3325.2221 [GMT 2:00] Kjører fra: c:\users\Anika\Desktop\ComboFix.exe SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\3dWhO4sM.exe c:\windows\Tasks\At25.job Infisert kopi av c:\windows\system32\drivers\volmgrx.sys ble funnet og desinfisert Gjenopprettet kopi fra - Kitty had a snack . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-06-03 til 2010-07-03 ))))))))))))))))))))))))))))))))) . 2010-07-02 17:59 . 2010-07-02 17:59 -------- d-----w- c:\programdata\WindowsSearch 2010-07-02 16:52 . 2010-07-02 16:52 63488 ----a-w- c:\users\Anika\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-29 19:55 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-06-19 17:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-19 17:24 . 2010-06-19 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-19 17:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-03 19:04 . 2006-11-21 05:16 76272 ----a-w- c:\windows\system32\perfc014.dat 2010-07-03 19:04 . 2006-11-21 05:16 452096 ----a-w- c:\windows\system32\perfh014.dat 2010-07-03 18:58 . 2008-01-05 21:54 -------- d-----w- c:\programdata\NVIDIA 2010-07-03 18:57 . 2008-01-06 15:20 2140 ----a-w- c:\windows\bthservsdp.dat 2010-07-03 18:51 . 2009-06-09 16:49 -------- d-----w- c:\users\Anika\AppData\Roaming\DNA 2010-07-03 18:44 . 2008-01-09 14:27 1 ----a-w- c:\users\Anika\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-07-03 18:44 . 2008-01-09 14:26 -------- d-----w- c:\users\Anika\AppData\Roaming\OpenOffice.org2 2010-07-03 11:19 . 2009-06-09 16:49 -------- d-----w- c:\program files\DNA 2010-07-02 18:07 . 2009-02-14 14:00 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-07-02 16:52 . 2009-03-23 14:04 117760 ----a-w- c:\users\Anika\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-07-02 15:47 . 2009-06-09 16:50 -------- d-----w- c:\users\Anika\AppData\Roaming\BitTorrent 2010-07-02 15:10 . 2008-01-05 23:28 -------- d-----w- c:\program files\CCleaner 2010-07-02 05:27 . 2010-04-04 18:00 -------- d-----w- c:\program files\QuickTime 2010-07-02 05:27 . 2008-09-07 10:12 -------- d-----w- c:\program files\iTunes 2010-07-02 05:27 . 2008-01-05 23:04 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2010-07-01 10:58 . 2010-06-30 15:15 112 ----a-w- c:\programdata\gg1laUK8h.dat 2010-06-28 20:57 . 2010-01-21 16:02 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-06-28 20:37 . 2010-01-21 16:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-06-28 20:37 . 2010-01-21 16:03 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-06-28 20:33 . 2010-01-21 16:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-06-28 20:32 . 2010-01-21 16:03 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-06-28 20:32 . 2010-01-21 16:03 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-06-25 20:56 . 2009-12-28 19:53 -------- d-----w- c:\users\Anika\AppData\Roaming\Spotify 2010-06-19 14:31 . 2010-05-19 11:01 22 ----a-w- c:\users\Anika\AppData\Roaming\Alexandra Burke - All Night Long (Ft Pitbull).zip 2010-06-09 13:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-06 08:44 . 2009-07-31 20:51 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-26 17:06 . 2010-06-09 13:48 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-09 13:48 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 12:14 . 2009-10-02 18:27 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-19 11:18 . 2010-05-19 11:18 16384 ----a-w- c:\users\Anika\AppData\Roaming\Windowz.exe 2010-05-19 11:18 . 2010-05-19 11:18 16384 ----a-w- c:\users\Anika\AppData\Roaming\Windowz.exe 2010-05-11 13:37 . 2008-01-06 18:20 -------- d-----w- c:\program files\Java 2010-05-08 20:42 . 2010-05-08 20:42 655360 ----a-w- c:\users\Anika\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-05-08 20:42 . 2010-05-08 20:42 282624 ----a-w- c:\users\Anika\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-05-08 20:42 . 2010-05-08 20:42 208896 ----a-w- c:\users\Anika\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll 2010-05-04 05:59 . 2010-06-09 13:48 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-09 13:48 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 05:55 . 2010-06-09 13:48 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 04:31 . 2010-06-09 13:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-01 14:13 . 2010-06-09 13:48 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-04-23 14:13 . 2010-05-26 14:35 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-12 15:29 . 2010-05-11 13:37 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-05 17:01 . 2010-06-09 13:48 67072 ----a-w- c:\windows\system32\asycfilt.dll 2007-03-02 23:07 . 2007-03-02 23:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . <pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon .exe c:\program files\iTunes\iTunesHelper .exe c:\program files\Microsoft IntelliType Pro\itype .exe c:\program files\QuickTime\QTTask .exe c:\windows\UpdReg .exe c:\windows\System32\CTXFIHLP .exe </pre> (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Steam"="d:\spill\counter strike source\steam.exe" [2010-05-28 1238352] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-12 2403568] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-23 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-03-09 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-06 19:33 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):1c,ee,b9,ec,11,4d,ca,01 R3 btusbflt;Bluetooth USB Filter; [x] R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-24 12872] R3 yeddef;YEDDEF driver; [x] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-13 721904] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-24 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-28 67656] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256] S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896] S2 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656] S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376] S2 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232] S3 hcw85bda;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-07-20 1030784] S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2008-01-05 5632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-07-03 c:\windows\Tasks\User_Feed_Synchronization-{06E893DA-6222-43D4-9569-D59ABA1AD79F}.job - c:\windows\system32\msfeedssync.exe [2010-06-09 04:30] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://search.bearshare.com/intl/ uInternet Settings,ProxyOverride = *.local IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: skandiabanken.no\www TCP: {B4A0C6D3-4C52-46E3-8969-48779C791A06} = 192.168.1.1 FF - ProfilePath - c:\users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\wk85mb3v.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.sol.no/ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: c:\program files\Sony\Media Go\npmediago.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-03 21:04 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,6c,79,6f,36,e4,43,42,bc,48,36,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,6c,79,6f,36,e4,43,42,bc,48,36,\ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2010-07-03 21:06:43 ComboFix-quarantined-files.txt 2010-07-03 19:06 Pre-Run: 23 361 241 088 byte ledig Post-Run: 23 276 929 024 byte ledig Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - 7AB57796892AC9E90F3163B4E0C2D95F Under kjøring av combofix kom det et par varsler og rebooter bl.a om funn av rootkit eller noe i rootkit, hva nå enn det vil si. Håper på hjelp til å få maskina på rett kjøl igjen Lenke til kommentar
snippsat Skrevet 7. juli 2010 Del Skrevet 7. juli 2010 original folder C:\Windows\Temp\Idra.tmp Slett alt du temp mappene dine,dette et greit og gjøre en gang iblant. Comofix loggen ser bra ut. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Lenke til kommentar
CandyMaM Skrevet 11. juli 2010 Forfatter Del Skrevet 11. juli 2010 Når jeg skal fjerne combofix i ledetekst kommer dette opp: C:\Users\xxxx>combofix /u combofix gjenkjennes ikke som en intern eller ekstern kommando, kjørbart program eller satsvis fil. Har windows vista. Lenke til kommentar
CandyMaM Skrevet 12. juli 2010 Forfatter Del Skrevet 12. juli 2010 Går ikke det heller strange... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå