Avatar billede mamloo Nybegynder
27. september 2010 - 20:33 Der er 11 kommentarer og
1 løsning

Trojaner + diverse.

Hej.

Jeg har haft besøg af en trojaner + diverse vira, jeg prøver stadig at komme af med det, men der kommer konstant nogle pops samtidig med at F-Secure meddeler fejl samtidig med at windows bloker nogle startprogrammer, og responstiden er mega langsom(eks. skriver den handlingen returnerede fordi timeout-perioden udløb)... Den opfører sig meget underligt..

Her er logfilerne fra Combo,Hijackthis og Malwarebytes.

ComboFix 10-09-25.07 - Fam. Tanggaard Bille 26-09-2010  19:30:14.7.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.45.1030.18.766.301 [GMT 2:00]
Kører fra: c:\users\Fam. Tanggaard Bille\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Fam. Tanggaard Bille\Desktop\CFScript.txt
AV: F-Secure Client Security 7.10 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 7.10 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
SP: F-Secure Client Security 7.10 *disabled* (Updated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Fam. Tanggaard Bille\AppData\Local\TempDIR
c:\users\Fam. Tanggaard Bille\AUTORUN.INF
c:\users\Fam. Tanggaard Bille\Cookies.lnk
c:\users\Fam. Tanggaard Bille\fwtum.exe
c:\users\Fam. Tanggaard Bille\geakas.exe
c:\users\Fam. Tanggaard Bille\impro.exe
c:\users\Fam. Tanggaard Bille\lvpoy.exe
c:\users\Fam. Tanggaard Bille\raitip.exe
c:\users\Fam. Tanggaard Bille\sbpro.exe
c:\users\Fam. Tanggaard Bille\vapro.exe
c:\users\Fam. Tanggaard Bille\yeuemex.0xe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-08-26 til 2010-09-26  )))))))))))))))))))))))))))))))))))
.

Ingen nye filer dannet i denne periode

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 10:14 . 2010-04-09 20:07    --------    d-----w-    c:\program files\Common Files\Apple
2010-09-26 10:11 . 2008-07-14 17:48    --------    d-----w-    c:\programdata\Apple Computer
2010-09-25 17:01 . 2007-09-14 04:32    13730    ----a-w-    c:\users\Fam. Tanggaard Bille\AppData\Roaming\nvModes.dat
2010-09-25 14:17 . 2008-08-28 05:14    --------    d-----w-    c:\program files\CCleaner
2010-09-19 07:00 . 2007-09-18 20:28    680    ----a-w-    c:\users\Fam. Tanggaard Bille\AppData\Local\d3d9caps.dat
2010-09-16 17:51 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-09-16 13:05 . 2008-07-14 17:55    --------    d-----w-    c:\users\Fam. Tanggaard Bille\AppData\Roaming\Apple Computer
2010-09-15 13:06 . 2007-06-12 22:31    84790    ----a-w-    c:\windows\system32\perfc006.dat
2010-09-15 13:06 . 2007-06-12 22:31    483230    ----a-w-    c:\windows\system32\perfh006.dat
2010-09-12 08:19 . 2006-12-09 13:29    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-09-12 07:06 . 2009-05-05 20:23    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-08-26 11:12 . 2008-08-27 18:27    548    ----a-w-    c:\users\Fam. Tanggaard Bille\AppData\Roaming\wklnhst.dat
2010-08-08 07:30 . 2007-10-15 18:53    --------    d-----w-    c:\program files\Common Files\Java
2010-08-08 07:29 . 2007-10-15 18:59    --------    d-----w-    c:\program files\Java
2010-07-27 16:44 . 2010-07-27 16:44    91424    ----a-w-    c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44    107808    ----a-w-    c:\windows\system32\dns-sd.exe
2010-07-17 03:00 . 2010-05-11 19:42    423656    ----a-w-    c:\windows\system32\deployJava1.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 39792]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 25200]
S1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure\HIPS\fshs.sys [2007-08-27 70768]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2007-08-27 34736]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-08-27 69136]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 12912]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\users\Fam. Tanggaard Bille\Forefront UAG Remote Access Agent\rhsnetrhsdk\rhsdk1\uagqecsvc.exe [2010-08-10 149896]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 62064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
Indhold af mappen 'Planlagte Opgaver'

2010-09-26 c:\windows\Tasks\User_Feed_Synchronization-{42C083EB-7F72-4279-B191-150D09048E0B}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
- - - - TOMME GENVEJE FJERNET - - - -

HKCU-Run-fwtum - c:\users\Fam. Tanggaard Bille\fwtum.exe
HKCU-Run-lvpoy - c:\users\Fam. Tanggaard Bille\lvpoy.exe
SafeBoot-WinDefend



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 19:50
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Common\FSMB32.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\F-Secure\Common\FCH32.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\F-Secure\Common\FNRB32.EXE
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\Common\FIH32.EXE
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Acer\Acer Arcade\PCMService.exe
c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\F-Secure\common\FSM32.EXE
c:\windows\System32\LVCOMSX.EXE
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\rundll32.exe
c:\users\FAM~1.TAN\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\F-Secure\FSGUI\fsguidll.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-26  20:09:55 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-09-26 18:09
ComboFix2.txt  2010-01-03 20:21
ComboFix3.txt  2009-12-24 13:50
ComboFix4.txt  2009-10-31 11:40
ComboFix5.txt  2010-09-26 17:23

Pre-Kørsel: 19.378.343.936 byte ledig
Post-Kørsel: 19.307.610.112 byte ledig

- - End Of File - - EE16F2CD4DE1CC7B0A5B79E331C24ED5

Malwarebytes' Anti-Malware 1.44
Database version: 3825
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

26-09-2010 18:21:09
mbam-log-2010-09-26 (18-21-09).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 246430
Tid tilbagelagt: 2 hour(s), 48 minute(s), 19 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 2
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Avatar billede mamloo Nybegynder
27. september 2010 - 20:37 #1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:32, on 27-09-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\LVCOMSX.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\FAM~1.TAN\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Fam. Tanggaard Bille\Downloads\HiJackThis.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4549 bytes
Avatar billede 220661 Ekspert
27. september 2010 - 21:23 #2
Nu er jeg ikke så meget til de her logs, men kan se du har brugt en gammel version (1,44) af Malwarebytes (Ny 1,46 ver 4703), Så opdater den og kør en ny scanning og fjern hvad den finder.
Avatar billede f-arn Guru
27. september 2010 - 22:25 #3
Jeg kan se du har kørt ComboFix flere gange. Fik du hjælp til det?
Avatar billede mamloo Nybegynder
28. september 2010 - 21:34 #4
220661 jeg har installeret og kørt den nyeste udgave af Malwarebytes. Se nedenstående log.

F-arn, nej, jeg fik ikke hjælp, men har før fået hjalp af andre med kendskab til Combofix. Hvorfor??

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4712

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

28-09-2010 21:20:34
mbam-log-2010-09-28 (21-20-34).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 256256
Tid gået: 2 time(e), 29 minut(ter), 0 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 2
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 3

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CURRENT_USER\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\geakas.exe.vir (P2P.Worm) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\raitip.exe.vir (P2P.Worm) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\sbpro.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
Avatar billede 220661 Ekspert
28. september 2010 - 21:44 #5
Kører pc bedre nu?
Avatar billede mamloo Nybegynder
01. oktober 2010 - 10:11 #6
Nej, langt fra, den reagerer stadig mystisk
Avatar billede f-arn Guru
01. oktober 2010 - 10:37 #7
F-arn, nej, jeg fik ikke hjælp, men har før fået hjalp af andre med kendskab til Combofix. Hvorfor??

Jeg ved ikke om du er bedst til Engelsk eller Svensk, men prøv at læse dette:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
eller dette:
http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

Det er altså ikke noget man "bare" leger med!

Læg lige ComboFix-quarantined-files.txt herind. Den ligger i c:\Qoobox
Avatar billede mamloo Nybegynder
02. oktober 2010 - 16:52 #8
010-09-26 18:08:29 . 2010-09-26 18:08:29              550 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WinDefend.reg.dat
2010-09-26 18:08:15 . 2010-09-26 18:08:15              136 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-lvpoy.reg.dat
2010-09-26 18:08:15 . 2010-09-26 18:08:15              136 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-fwtum.reg.dat
2010-09-26 16:27:18 . 2010-09-26 17:05:20              346 ----a-w-  C:\Qoobox\Quarantine\C\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job.vir
2010-09-26 06:03:26 . 2010-09-26 06:03:26          208,896 ----a-w-  C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\lvpoy.exe.vir
2010-09-26 06:03:21 . 2010-09-26 06:03:21          380,973 ----a-w-  C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\raitip.exe.vir
2010-09-25 17:04:21 . 2010-09-25 17:04:21          208,896 ----a-w-  C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\fwtum.exe.vir
2010-09-25 17:04:12 . 2010-09-23 07:40:30          118,784 ----a-w-  C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\impro.exe.vir
2010-09-25 17:04:12 . 2010-09-25 11:44:23          82,944 ----a-w-  C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\sbpro.exe.vir
2010-09-25 17:04:12 . 2010-09-24 12:22:28          131,072 ----a-w-  C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\vapro.exe.vir
2010-09-25 17:04:09 . 2010-09-25 17:04:09          380,973 ----a-w-  C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\geakas.exe.vir
2010-09-25 14:15:40 . 2010-09-25 14:15:40              258 ----a-w-  C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\Cookies.lnk.vir
2010-09-25 11:44:40 . 2010-09-25 11:42:52          245,760 ----a-w-  C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\yeuemex.0xe.vir
2010-09-25 11:44:39 . 2010-09-25 11:44:39              126 ----a-w-  C:\Qoobox\Quarantine\C\Users\Fam. Tanggaard Bille\autorun.inf.vir
2009-10-20 17:49:13 . 2009-10-31 11:40:48          33,879 ----a-w-  C:\Qoobox\Quarantine\C\log.txt.vir
2009-05-12 13:54:01 . 2010-09-26 17:39:36            5,821 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-05-12 13:49:18 . 2010-09-26 17:29:30                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt
2009-05-12 13:40:51 . 2010-09-26 17:29:30              689 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2009-04-22 13:12:46 . 2009-04-22 13:12:46        4,868,608 ----a-w-  C:\Qoobox\Quarantine\C\Windows\Installer\2adc7e.msp.vir
Avatar billede mamloo Nybegynder
03. oktober 2010 - 11:35 #9
Puha, håber ikke jeg har lavet for meget ift. brugen ag combofix
Avatar billede mamloo Nybegynder
26. november 2010 - 09:08 #10
Send et svar og du kan modtage dine point!
Avatar billede mamloo Nybegynder
08. februar 2011 - 23:07 #11
Send et svar ellers tager jeg selv point`ne.
Avatar billede f-arn Guru
09. februar 2011 - 11:48 #12
:)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester



IT-JOB