norbat Skrevet 18. april 2008 Del Skrevet 18. april 2008 (endret) Virker som om tidligere CFScript ikke fungerte ordentlig. Prøv derfor dette igjen: Åpne notisblokk, kopier og lim inn det som står i fet skrift under. Lagre fila på skrivebordet som CFScript.txt Dra fila over Combofix-iconet. Combofix vil starte igjen. Folder:: C:\ProgramData\That Face Camp Shim Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IdleCash"=- Det ligger også en mappa jeg ikke vet hva er: C:\ProgramData\One Tons Tool Hvis du heller ikke vet det, så kan du legge til linja C:\ProgramData\One Tons Tool i CFSript-fila under Folder:: før du gjennomfører prosessen over. EDIT: Ang. registeroppføringene SAS finner: Bruker du versjon 4.0.1154 av SAS og restartet du PC-en etter scannen. (Versjonnr. ser du om du holder muspekeren over 'bille'-iconet i systemfeltet.) Endret 18. april 2008 av norbat Lenke til kommentar
NaughtyLittleDoggie Skrevet 18. april 2008 Forfatter Del Skrevet 18. april 2008 (endret) Combofix starter ikke når jeg gjør det... Det popper bare opp et vindu som spør meg om jeg vil kjøre programet, da sier jeg ja og den "loade"-linja til combofix vises på skjermen, alle dokumentene på skrivebordet blinker en gang og så skjer det ikke noe mer... det blåe combifix viduet kommer ikke opp... EDIT: Den var ikke helt oppdatert den SAS så jeg oppdaterte den og kjørte den igjen... Her er den seneste loggen: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/18/2008 at 08:16 PM Application Version : 4.0.1154 Core Rules Database Version : 3441 Trace Rules Database Version: 1433 Scan type : Complete Scan Total Scan Time : 00:17:47 Memory items scanned : 555 Memory threats detected : 0 Registry items scanned : 5157 Registry threats detected : 10 File items scanned : 19385 File threats detected : 0 Unclassified.Oreans32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#Capabilities kjørte også ComboFix igjen: ComboFix 08-04-15.4 - Diggi Diggi RägSkänk 2008-04-18 20:32:45.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1263 [GMT 2:00] Running from: C:\Users\Diggi Diggi RägSkänk\Desktop\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-18 18:35 2,883,584 --sha-w C:\Users\Diggi Diggi RägSkänk\ntuser.dat 2008-04-18 18:35 2,883,584 --sha-w C:\Users\Diggi Diggi RägSkänk\ntuser.dat 2008-04-18 18:22 --------- d-----w C:\Program Files\Norman 2008-04-17 21:30 --------- d-----w C:\Users\Diggi Diggi RägSkänk\AppData\Roaming\Malwarebytes 2008-04-17 21:30 --------- d-----w C:\ProgramData\Malwarebytes 2008-04-17 21:30 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-04-17 21:29 --------- d-----w C:\Users\Diggi Diggi RägSkänk\AppData\Roaming\Download Manager 2008-04-16 09:22 --------- d-----w C:\Users\Diggi Diggi RägSkänk\AppData\Roaming\SUPERAntiSpyware.com 2008-04-16 09:22 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-04-16 09:22 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-16 09:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-16 09:13 --------- d-----w C:\Program Files\CCleaner 2008-04-16 08:35 --------- d-----w C:\Program Files\Enigma Software Group 2008-04-16 08:06 --------- d-----w C:\ProgramData\That Face Camp Shim 2008-04-16 08:06 --------- d-----w C:\ProgramData\One Tons Tool 2008-04-15 15:27 --------- d-----w C:\Users\Diggi Diggi RägSkänk\AppData\Roaming\Adobe 2008-04-10 01:42 --------- d-----w C:\Program Files\BitLord2 2008-04-10 01:32 --------- d-----w C:\Program Files\Windows Mail 2008-04-09 21:42 --------- d-----w C:\Users\Diggi Diggi RägSkänk\AppData\Roaming\dvdcss 2008-04-06 20:16 --------- d-s---w C:\Users\Diggi Diggi RägSkänk\AppData\Roaming\Microsoft 2008-04-06 20:16 --------- d-----w C:\ProgramData\avg7 2008-04-06 18:19 --------- d-----w C:\Users\Diggi Diggi RägSkänk\AppData\Roaming\AVG7 2008-04-06 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-06 18:18 --------- d-----w C:\Program Files\IK Multimedia 2008-04-05 17:21 --------- d-----w C:\ProgramData\Apple Computer 2008-04-05 17:21 --------- d-----w C:\Program Files\iTunes 2008-04-05 17:21 --------- d-----w C:\Program Files\iPod 2008-04-05 17:20 --------- d-----w C:\Program Files\QuickTime 2008-04-01 20:55 --------- d-----w C:\Program Files\Windows Live 2008-04-01 20:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-01 20:51 --------- d-----w C:\ProgramData\WLInstaller 2008-03-24 15:36 --------- d-----w C:\Users\Diggi Diggi RägSkänk\AppData\Roaming\Apple Computer 2008-03-23 21:16 --------- d-----w C:\Program Files\Safari 2008-03-23 21:06 --------- d-----w C:\Program Files\Bonjour 2008-03-23 21:04 --------- d-----w C:\Program Files\Apple Software Update 2008-03-23 21:03 --------- d-----w C:\ProgramData\Apple 2008-03-23 21:03 --------- d-----w C:\Program Files\Common Files\Apple 2008-03-20 00:19 --------- d-----w C:\Users\Diggi Diggi RägSkänk\AppData\Roaming\Real 2008-03-13 11:14 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-05 19:08 --------- d-----w C:\ProgramData\Adobe Systems 2008-03-02 20:07 --------- d-----w C:\Users\Diggi Diggi RägSkänk\AppData\Roaming\Mozilla 2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll 2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe 2008-02-14 00:15 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-14 00:11 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-14 00:11 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 00:11 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 00:11 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 00:11 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 00:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 00:10 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 00:10 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 00:10 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-14 00:10 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 00:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 00:10 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-14 00:08 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-01-29 10:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll 2007-08-29 22:39 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot_2008-04-18_18.09.44,43 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-18 16:01:34 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-04-18 18:22:27 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-04-18 13:45:37 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-04-18 18:22:34 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-04-18 13:45:37 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-04-18 18:22:34 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-04-18 16:01:40 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-04-18 18:24:02 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-04-18 13:47:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-04-18 18:31:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-04-18 18:31:44 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-04-18 16:06:54 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-04-18 18:33:01 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-04-18 13:47:02 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-04-18 18:31:39 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - 2008-04-18 13:52:05 103,726 ----a-w C:\Windows\System32\perfc009.dat + 2008-04-18 18:26:56 103,726 ----a-w C:\Windows\System32\perfc009.dat - 2008-04-18 13:52:05 79,202 ----a-w C:\Windows\System32\perfc014.dat + 2008-04-18 18:26:56 79,202 ----a-w C:\Windows\System32\perfc014.dat - 2008-04-18 13:52:05 609,944 ----a-w C:\Windows\System32\perfh009.dat + 2008-04-18 18:26:56 609,944 ----a-w C:\Windows\System32\perfh009.dat - 2008-04-18 13:52:05 476,620 ----a-w C:\Windows\System32\perfh014.dat + 2008-04-18 18:26:56 476,620 ----a-w C:\Windows\System32\perfh014.dat - 2008-04-16 12:38:38 6,096 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2031152331-2556321075-1077571338-1000_UserData.bin + 2008-04-18 18:32:39 6,128 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2031152331-2556321075-1077571338-1000_UserData.bin - 2008-04-16 23:59:30 64,062 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-04-18 18:32:37 64,574 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-04-17 22:41:35 37,848 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-04-18 18:32:35 38,280 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] "IdleCash"="C:\ProgramData\ReadmeBinBin.oz4jea" [2008-04-16 15:21 221200] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-16 08:20 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 17:10 4468736 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-26 16:17 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-26 16:17 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-26 16:17 81920] "Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-08-09 15:40 183352] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-29 02:12 185896] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{2B1FA8B6-FC0A-4E58-BC95-CCFA87FF8536}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe: "UDP Query User{2AFD3489-FB64-4009-865E-469FE0C83A43}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe: "TCP Query User{91A031F7-9235-4AA0-8069-37E4B1EE402C}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{CA411E30-A23D-4CDE-A00A-7FD507DBDE4A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{643B92B6-31AB-418A-9CEA-13C6826A88A7}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{87CD0CE5-BF97-4348-973F-A5FE5D575AC8}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord "{5F78BF4E-7277-4511-9FFA-A2A55C16AA55}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{5E808AC1-582B-463F-83D1-5D02D21CCD2E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{72829EDB-8FBC-4885-BE98-82A4D602EC10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{CC852D83-A025-4BC0-891F-3236FB2FCB31}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{D101A785-DD42-481E-8992-90C6810E1714}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{47F5F123-0AC5-4323-AD68-F5A238584107}"= UDP:C:\Program Files\CCleaner\CCleaner.exe:CCleaner "{654C56CE-FA7C-45F3-8EB5-6620A850BA92}"= TCP:C:\Program Files\CCleaner\CCleaner.exe:CCleaner "{55A49183-5E2E-45F3-AA64-2066D1548FB8}"= UDP:C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition "{D6FFD97E-2A15-4D59-AD7E-B2A7D7FAA460}"= TCP:C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition "{5587E2EE-25BE-46EA-8D95-9E2D27AB34E3}"= UDP:C:\Users\Diggi Diggi RägSkänk\Desktop\ComboFix.exe:ComboFix "{8D383E8D-68EE-4711-8D3C-7C6BD4D19EA2}"= TCP:C:\Users\Diggi Diggi RägSkänk\Desktop\ComboFix.exe:ComboFix "{63057ED9-1EB2-48A6-A5BD-C4F910EFD213}"= UDP:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{6D791050-7C2C-4650-980C-E375489F90F8}"= TCP:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{4896B931-ACB3-4B47-9081-75B2DA6D5E8E}"= UDP:C:\Program Files\Adobe\Illustrator CS\Support Files\Contents\Windows\Illustrator.exe:Adobe Illustrator CS "{229FE8CD-2722-4BD5-AE94-567B1F1AD7AF}"= TCP:C:\Program Files\Adobe\Illustrator CS\Support Files\Contents\Windows\Illustrator.exe:Adobe Illustrator CS [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 11:55] R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 14:23] S3 nvcfsr;nvcfsr;C:\Program Files\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 16:25] S3 nvcoafl4;nvcoafl4;C:\Program Files\Norman\Nvc\bin\nvcoafl4.sys [2007-01-09 16:25] S3 nvcoaft4;nvcoaft4;C:\Program Files\Norman\Nvc\bin\nvcoaft4.sys [2007-01-09 16:25] S3 nvcoarc4;nvcoarc4;C:\Program Files\Norman\Nvc\bin\nvcoarc4.sys [2007-01-09 16:25] . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-18 20:35:19 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Users\Diggi Diggi RägSkänk\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_B8F0_24ED_F024_B412\$db_clean$ 0 bytes scan completed successfully hidden files: 64 ************************************************************************** . Completion time: 2008-04-18 20:36:23 ComboFix-quarantined-files.txt 2008-04-18 18:36:19 ComboFix2.txt 2008-04-18 16:18:48 ComboFix3.txt 2008-04-18 16:10:19 ComboFix4.txt 2008-04-16 09:59:43 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. . 2008-04-17 23:17:29 --- E O F --- Endret 18. april 2008 av NaughtyLittleDoggie Lenke til kommentar
norbat Skrevet 18. april 2008 Del Skrevet 18. april 2008 (endret) 1. Ang. SAS: Når du ber sas om å fjerne det den har funnet, så restarter du PC-en etterpå? Og om du kjører scannen på nytt så dukker de fortsatt opp? 2. Hvis det er slik at combofix ikke kjører når du bruker CFScript-fila, så kan vi fjerne det manuelt: Bruk utforsker, og slett følgende mapper: C:\ProgramData\That Face Camp Shim C:\Program Files\Enigma Software Group C:\ProgramData\One Tons Tool <-Hvis dette er en mappe du ikke kjenner til Deretter fjerner du en registeroppføring på følgende måte: Åpne notisblokk og kopier inn følgende (i fet tekst): Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IdleCash"=- Lagre fila på skrivebordet som regfix.reg Dobbeltklikk på fila og si ja til å legge til innholdet. Restart PC-en. Endret 18. april 2008 av norbat Lenke til kommentar
NaughtyLittleDoggie Skrevet 18. april 2008 Forfatter Del Skrevet 18. april 2008 1. Ja, jeg starter dataen på nytt. Når jeg kjører scannen så dukker de opp på nytt... jeg oppdaterte programmet, da ble det ferre som dukket opp. 2. Jeg fant filene du sa og slettet de. Jeg gjorde også det siste du sa! Lenke til kommentar
norbat Skrevet 18. april 2008 Del Skrevet 18. april 2008 Fint, Skal gi tilbakemelding på hva SAS-supporten sier om disse registeroppføringene som ikke vil forsvinne vha. SAS. Lenke til kommentar
NaughtyLittleDoggie Skrevet 22. april 2008 Forfatter Del Skrevet 22. april 2008 funnet ut noe? Lenke til kommentar
norbat Skrevet 22. april 2008 Del Skrevet 22. april 2008 Sorry, still waiting..... Lenke til kommentar
NaughtyLittleDoggie Skrevet 28. april 2008 Forfatter Del Skrevet 28. april 2008 bump Lenke til kommentar
norbat Skrevet 28. april 2008 Del Skrevet 28. april 2008 Ups, takk for påminnelsen. Svaret jeg har fått, er at om dette er det eneste som blir funnet, så tilhører de et legalt (ok) program, så la de derfor få være i fred. Loggene dine viser heller ikke noe tegn på infeksjoner, så jeg tror du kan slå deg til ro med dette Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå