cnos2010 Skrevet 9. juli 2010 Del Skrevet 9. juli 2010 Hei, Jeg lånte en USB penn fra en venn, og ca 1 minutt senere fikk jeg melding fra Norton om en sikkerhetsrisiko med navn W32.sillyFDC. På Symantec sine sider står det at Norton skulle klare å fjerne dette, og etter et fullstendig systemsøk fikk jeg melding om at problemet var fikset. Det var likevel 193 filer med navn Desktop.ini, og ca 48 av disse kan ikke slettes. Det virket som om Norton ble kvitt filene som var et problem, men at alle .ini filene ble værende. Kan noen hjelpe meg med å kontrollere at alt er borte? På forhånd tusen takk for all hjelp! Malwarebytes logg (quick scan): Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4295 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09.07.2010 16:14:05 mbam-log-2010-07-09 (16-14-05).txt Scan type: Quick scan Objects scanned: 142398 Time elapsed: 20 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Combofix: ComboFix 10-07-08.02 - Christian 09.07.2010 18:37:10.2.2 - x86 Microsoft Windows 7 Starter 6.1.7600.0.1252.47.1033.18.1013.361 [GMT 2:00] Kjører fra: C:\Users\sikker nettbruker\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Forrige skanning ------- . C:\ProgramData\FullRemove.exe C:\windows\SEC C:\windows\SEC\172100logo.bmp C:\windows\SEC\banner.png C:\windows\SEC\Computer.png C:\windows\SEC\Media _S_ Logo.png C:\windows\SEC\Samsung.png C:\windows\SEC\Samsung2.png C:\windows\SEC\SamsungLogo.png C:\windows\SEC\Thumbs.db C:\windows\SEC\Wallpapers\Thumbs.db C:\windows\SEC\Wallpapers\wallpaper.jpg C:\windows\SEC\Wallpapers\wallpaper1.jpg C:\windows\SEC\Wallpapers\Wallpaper2.jpg . Norton: Søkestatistikk: Søketid: 4696 sekunder Søkealternativer: Mål for søk: C:\, D:\ Antall: Totalt antall gjennomsøkte elementer: 399 892 - Filer og kategorier: 393 249 - Registeroppføringer: 256 - Prosesser og oppstartselementer: 6 028 - Nettverks- og nettleserelementer: 354 - Andre: 5 - Klarerte filer: 3 078 - Filer som ble hoppet over: 52 729 Totalt antall sikkerhetsrisikoer oppdaget: 0 Totalt antall løste elementer: 0 Totalt antall elementer som må behandles: 0 Løste trusler: Ingen risikoer har blitt løst uLøste trusler: Ingen uløste risikoer Lenke til kommentar
snippsat Skrevet 9. juli 2010 Del Skrevet 9. juli 2010 Du har ikke fått med hele combofix loggen. Post den på nytt. Lenke til kommentar
Svenni212000 Skrevet 9. juli 2010 Del Skrevet 9. juli 2010 Desktop.ini filene skal ikke være skadelig. Datadoktoren svarer: Hvordan blir jeg kvitt desktop.ini? hva er desktop.ini filene for? - Forum - Hardware.no Lenke til kommentar
geir__hk Skrevet 9. juli 2010 Del Skrevet 9. juli 2010 Desktop.ini filene skal ikke være skadelig.Med mindre man har fått besøk av "conflicker" på maskinen. Denne lager svære desktop.ini filer -som er komplett umulig å slette i windows- på alle portable disker. Lenke til kommentar
cnos2010 Skrevet 12. juli 2010 Forfatter Del Skrevet 12. juli 2010 Hei, fikk ikke fullstendig combofix logg første gang, men kjørte det på nytt og fikk denne: ComboFix 10-07-08.02 - Christian 12.07.2010 17:58:06.3.2 - x86 Microsoft Windows 7 Starter 6.1.7600.0.1252.47.1033.18.1013.263 [GMT 2:00] Kjører fra: c:\users\Christian\Desktop\ComboFix.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-06-12 til 2010-07-12 ))))))))))))))))))))))))))))))))) . 2010-07-12 16:15 . 2010-07-12 16:15 -------- d-----w- c:\users\sikker nettbruker\AppData\Local\temp 2010-07-12 16:15 . 2010-07-12 16:15 -------- d-----w- c:\users\FB bruker\AppData\Local\temp 2010-07-12 16:15 . 2010-07-12 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-07-12 15:54 . 2010-07-12 15:55 -------- d-----w- C:\32788R22FWJFW 2010-07-12 15:30 . 2010-07-12 15:30 -------- d-----w- c:\users\Christian\AppData\Roaming\Tific 2010-07-12 15:29 . 2010-07-12 15:29 -------- d-----w- c:\users\Christian\AppData\Local\Symantec 2010-07-12 07:20 . 2010-07-12 07:20 -------- d-----w- c:\users\sikker nettbruker\AppData\Local\Symantec 2010-07-09 13:53 . 2010-07-09 13:53 -------- d-----w- c:\users\sikker nettbruker\AppData\Roaming\Malwarebytes 2010-07-09 13:52 . 2010-07-09 13:52 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes 2010-07-09 13:51 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-09 13:51 . 2010-07-09 13:51 -------- d-----w- c:\programdata\Malwarebytes 2010-07-09 13:51 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-09 13:51 . 2010-07-09 13:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-09 11:56 . 2010-07-09 11:56 -------- d--h--w- c:\windows\PIF 2010-07-08 15:57 . 2010-07-08 15:57 -------- d-----w- c:\users\FB bruker\AppData\Local\Broadcom 2010-07-05 09:01 . 2010-07-12 07:21 1 ----a-w- c:\users\sikker nettbruker\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-07-05 09:01 . 2010-07-05 09:01 -------- d-----w- c:\users\sikker nettbruker\AppData\Roaming\OpenOffice.org 2010-07-04 19:44 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-07-04 19:44 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-07-04 19:44 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-07-04 19:44 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-07-04 19:44 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-07-04 19:35 . 2010-07-04 19:36 -------- d-----w- c:\users\sikker nettbruker\AppData\Roaming\ICAClient 2010-07-04 19:31 . 2010-07-04 19:31 73728 ----a-r- c:\users\sikker nettbruker\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe 2010-07-04 19:31 . 2010-07-04 19:31 73728 ----a-r- c:\users\sikker nettbruker\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe 2010-07-04 19:31 . 2010-07-04 19:31 -------- d-----w- c:\users\sikker nettbruker\AppData\Local\Citrix 2010-07-04 19:25 . 2010-07-04 19:27 -------- d-----w- c:\users\sikker nettbruker\AppData\Roaming\Skype 2010-07-04 19:23 . 2010-07-04 19:38 -------- d-----w- c:\programdata\Skype 2010-07-04 19:20 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll 2010-07-04 19:20 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-07-04 19:20 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll 2010-07-04 19:16 . 2010-07-04 19:16 84528 ----a-w- c:\users\sikker nettbruker\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-04 19:15 . 2010-07-12 07:19 -------- d-----w- c:\users\sikker nettbruker\Tracing 2010-07-03 19:16 . 2010-07-05 16:38 -------- d-----w- c:\users\sikker nettbruker\AppData\Local\Adobe 2010-06-28 19:13 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll 2010-06-28 19:05 . 2010-06-28 19:05 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2010-06-28 19:03 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-06-28 17:12 . 2010-06-28 17:12 -------- d-----w- c:\users\sikker nettbruker\AppData\Local\Broadcom 2010-06-26 09:53 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-06-26 09:48 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll 2010-06-26 09:48 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2010-06-26 09:48 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-06-26 09:48 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-06-26 09:47 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 09:47 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll 2010-06-26 09:47 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-26 09:47 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-26 09:47 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe 2010-06-26 09:47 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe 2010-06-26 09:46 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll 2010-06-26 09:45 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-06-26 09:45 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-06-26 09:45 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll 2010-06-26 09:43 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll 2010-06-26 09:43 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys 2010-06-26 09:42 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll 2010-06-26 09:41 . 2010-06-26 10:05 -------- d-----w- c:\users\Christian\AppData\Roaming\ICAClient 2010-06-26 09:39 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll 2010-06-26 09:39 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll 2010-06-26 09:39 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll 2010-06-26 09:39 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2010-06-26 09:39 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll 2010-06-26 09:39 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll 2010-06-26 09:39 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2010-06-26 09:39 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll 2010-06-26 09:39 . 2009-12-08 08:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-26 09:39 . 2009-12-08 08:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-06-26 09:36 . 2010-06-26 09:36 73728 ----a-r- c:\users\Christian\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe 2010-06-26 09:36 . 2010-06-26 09:36 73728 ----a-r- c:\users\Christian\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe 2010-06-26 09:36 . 2010-06-26 09:36 -------- d-----w- c:\users\Christian\AppData\Local\Citrix 2010-06-26 09:33 . 2010-07-12 15:40 1 ----a-w- c:\users\Christian\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-06-26 09:33 . 2010-06-26 09:33 -------- d-----w- c:\users\Christian\AppData\Roaming\OpenOffice.org 2010-06-25 21:29 . 2010-07-12 15:29 14 ----a-w- c:\windows\system32\setenv.bat 2010-06-25 21:26 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-06-25 21:26 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll 2010-06-25 21:26 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll 2010-06-25 21:26 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-06-25 21:26 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe 2010-06-25 21:26 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-06-25 21:26 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-06-25 21:26 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-06-25 21:26 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-06-25 21:26 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-06-25 21:26 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-06-25 21:26 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-06-25 21:15 . 2010-06-25 21:28 -------- d-----w- c:\program files\HyperSpace 2010-06-25 21:15 . 2010-06-25 21:15 512 ---h--r- C:\hsloader.bin 2010-06-20 01:34 . 2009-07-14 01:20 485440 ----a-w- c:\programdata\WinClon\OSBoot\Win7\BOOT\memtest.exe 2010-06-19 17:47 . 2010-06-19 17:47 -------- d-----w- c:\program files\JRE 2010-06-19 17:47 . 2010-06-19 17:47 -------- d-----w- c:\program files\OpenOffice.org 3 2010-06-19 17:46 . 2010-06-19 17:46 -------- d-----w- c:\program files\Common Files\Java 2010-06-19 17:45 . 2010-06-19 17:45 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-19 17:45 . 2010-06-19 17:45 -------- d-----w- c:\program files\Java 2010-06-19 17:23 . 2010-06-19 17:31 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-06-19 17:23 . 2010-06-19 17:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-06-19 17:23 . 2010-06-19 17:23 -------- d-----w- c:\program files\Symantec 2010-06-19 17:22 . 2010-06-25 21:29 -------- d-----w- c:\windows\system32\drivers\NIS 2010-06-19 17:22 . 2010-06-19 17:22 -------- d-----w- c:\program files\Norton Internet Security 2010-06-19 17:11 . 2010-06-19 17:11 -------- d-----w- c:\programdata\NortonInstaller 2010-06-19 17:11 . 2010-06-19 17:11 -------- d-----w- c:\program files\NortonInstaller 2010-06-19 17:07 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-06-19 17:07 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll 2010-06-19 17:06 . 2010-06-19 17:43 -------- d-----w- c:\programdata\Norton 2010-06-19 17:03 . 2010-06-19 17:03 -------- d-----w- c:\users\Christian\AppData\Local\Diagnostics 2010-06-19 17:01 . 2010-06-19 17:02 -------- d-----w- c:\users\Christian\AppData\Local\Google 2010-06-19 15:28 . 2010-06-19 15:29 -------- d-----w- c:\program files\CyberLink 2010-06-19 15:27 . 2010-06-19 15:25 36864 ----a-w- c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe 2010-06-19 15:25 . 2010-07-10 18:40 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-19 15:24 . 2009-08-05 20:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2010-06-19 15:24 . 2010-06-19 15:24 -------- dc----w- c:\windows\system32\DRVSTORE 2010-06-19 15:22 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-06-19 15:21 . 2010-06-19 15:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-06-19 15:20 . 2010-06-19 15:24 -------- d-----w- c:\program files\Microsoft 2010-06-19 15:20 . 2010-06-19 15:20 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-06-19 15:20 . 2010-06-19 15:24 -------- d-----w- c:\program files\Windows Live 2010-06-19 15:18 . 2010-06-19 15:18 -------- d-----w- c:\program files\Common Files\Windows Live 2010-06-19 15:17 . 2010-06-25 20:59 84528 ----a-w- c:\users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-19 15:16 . 2010-06-19 15:16 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant 2010-06-19 15:11 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2010-06-19 15:11 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll 2010-06-19 15:09 . 2010-06-19 15:09 -------- d-----w- c:\windows\PCHEALTH 2010-06-19 15:09 . 2010-06-19 15:09 -------- d-----w- c:\program files\Microsoft.NET 2010-06-19 15:07 . 2010-06-19 15:07 -------- d-----w- c:\windows\SHELLNEW 2010-06-19 15:07 . 2010-06-19 15:07 -------- d-----w- c:\users\Christian\AppData\Local\Microsoft Help 2010-06-19 15:07 . 2010-07-04 19:44 -------- d-----w- c:\programdata\Microsoft Help . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-09 11:58 . 2009-12-22 20:26 609266 ----a-w- c:\windows\system32\perfh01D.dat 2010-07-09 11:58 . 2009-12-22 20:26 120648 ----a-w- c:\windows\system32\perfc01D.dat 2010-07-09 11:58 . 2009-12-22 20:17 74136 ----a-w- c:\windows\system32\perfc014.dat 2010-07-09 11:58 . 2009-12-22 20:17 448222 ----a-w- c:\windows\system32\perfh014.dat 2010-07-09 11:58 . 2009-12-22 20:09 78590 ----a-w- c:\windows\system32\perfc00B.dat 2010-07-09 11:58 . 2009-12-22 20:09 424900 ----a-w- c:\windows\system32\perfh00B.dat 2010-07-09 11:58 . 2009-12-22 20:01 76620 ----a-w- c:\windows\system32\perfc006.dat 2010-07-09 11:58 . 2009-12-22 20:01 453124 ----a-w- c:\windows\system32\perfh006.dat 2010-07-03 13:57 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-06-20 01:53 . 2009-12-22 02:53 -------- d-----w- c:\programdata\WinClon 2010-06-19 17:23 . 2010-06-19 17:23 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-06-19 17:23 . 2010-06-19 17:23 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-06-19 17:18 . 2009-12-22 02:55 -------- d-----w- c:\programdata\McAfee 2010-06-19 17:17 . 2009-12-22 03:15 -------- d-----w- c:\programdata\Partner 2010-06-19 15:29 . 2009-12-22 02:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-19 14:52 . 2010-06-19 14:52 0 ----a-w- c:\windows\system32\drivers\144D_SAMSUNG_N_N150_08JI.mrk 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-23 150552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-18 8092192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280] "APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312] "fsi"="c:\program files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe" [2009-09-09 9728] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "hscontrolcenter"="c:\program files\HyperSpace\HSControlCenter.exe" [2009-12-07 184320] c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\users\sikker nettbruker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv R2 HS Service Launcher;HS Service Launcher;c:\program files\HyperSpace\HSServiceLauncher.exe [2009-12-07 13824] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-19 102448] R3 PhnxBuilder;PhnxBuilder;c:\users\CHRIST~1\AppData\Local\Temp\phoenix\PhnxBldr.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS [2009-08-30 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS [2010-04-22 173104] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [2010-05-22 691248] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888] S1 DRToggleSleep;DRToggleSleep;c:\program files\HyperSpace\DRToggleSleep.sys [2009-12-07 16384] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100708.004\IDSvix86.sys [2010-07-06 344112] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS [2010-05-06 339504] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392] S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312] S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 PhnxBldr;PhnxBldr;c:\program files\HyperSpace\PhnxBldr.sys [2009-12-07 54784] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . - - - - TOMME PEKERE FJERNET - - - - Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(3164) c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll . Tidspunkt ferdig: 2010-07-12 18:22:47 ComboFix-quarantined-files.txt 2010-07-12 16:22 Pre-Run: 94 730 977 280 bytes free Post-Run: 94 650 712 064 bytes free - - End Of File - - 33DB1B61E51A8C1C48FAA1E1A09BE5D7 Nå har også antivirusprogrammet blitt deaktivert, og hver gang jeg aktiverer det så deaktiveres det automatisk ett sekund etterpå. Alle desktop.ini filene er mellom 65 bytes og 3 kb Lenke til kommentar
Svenni212000 Skrevet 13. juli 2010 Del Skrevet 13. juli 2010 Kan gjøre et forsøk på følgende: Last ned McAfee Labs Stinger og Norman Malware Cleaner Les Følgende informasjon Start din PC i Sikkermodus Kjør Stinger med følgende innstillinger og utfør et søk Restart maskinen og start opp på vanlig måte Kjør Norman Malware Cleaner med følgende innstillinger og utfør et søk Post loggene fra Stinger og Malware Cleaner i denne tråden Reaktiver Systemgjenoppretting NB: For å lagre raportfil på Stinger klikker du etter fullført søk, File -> Save report to file Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå