Happy25 Skrevet 28. september 2008 Del Skrevet 28. september 2008 (endret) Hei. Jeg har fått virus på xp pro-maskina mi. har skannet med avg free 8 og windows defender det var to trojanere og en win etteller annet med defender og mye rart med avg. Stort problem fordi jeg får ikke tilgang til verken harddisken C:, dvd-rw-statjon eller kontrollpannel (helt borte). Står også (virus alert) nederst til høyre på skjermen alle programmer, min datamaskin, og slikt er borte fra startmenyen også Har tilgang til nettet... noen som kan hjelpe meg? Endret 6. oktober 2008 av Happy2 Lenke til kommentar
maedox Skrevet 28. september 2008 Del Skrevet 28. september 2008 Installer Windows på nytt. Det er eneste utvei når det har gått så langt. Lenke til kommentar
r2d290 Skrevet 28. september 2008 Del Skrevet 28. september 2008 Installere Windows på nytt pga. virus er sjelden nødvendig. Gjør følgende: Punkt 1 - Last ned nødvendige program Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet. Last ned Combofix (av sUBs), og legg det på Skrivebordet. Punkt 2 - Se om du får til å installere og kjøre Malwarebytes' Anti-Malware. Hvis det ikke fungerer, skal du IKKE fortsette på veiledningen, men be om informasjon om hva du skal gjøre videre HVIS det fungerer å kjøre Malwarebytes' Antimalware, fortsetter du med denne veiledningen: Kjør Malwarebytes-fila og installer programmet. Velg Norsk språkdrakt. [*]Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig. La programmet oppdatere seg og velg Utfør hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Notis: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål. Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen. Hvis du blir spurt om å restarte maskinen, gjør du det med en gang. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies Kjør combofix.exe, og følg veiledningen. Du får et spørsmål om at "Roughly 1/100 machines failed to make it through the disinfection process!! Are you sure you want to do this??" - Svar Yes Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Post loggfilen fra Combofix (c:\combofix.txt) sammen med Malwarebytes'-loggen Lenke til kommentar
Happy25 Skrevet 4. oktober 2008 Forfatter Del Skrevet 4. oktober 2008 Installere Windows på nytt pga. virus er sjelden nødvendig. Gjør følgende: Punkt 1 - Last ned nødvendige program Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet. Last ned Combofix (av sUBs), og legg det på Skrivebordet. Punkt 2 - Se om du får til å installere og kjøre Malwarebytes' Anti-Malware. Hvis det ikke fungerer, skal du IKKE fortsette på veiledningen, men be om informasjon om hva du skal gjøre videre HVIS det fungerer å kjøre Malwarebytes' Antimalware, fortsetter du med denne veiledningen: Kjør Malwarebytes-fila og installer programmet. Velg Norsk språkdrakt. [*]Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig. La programmet oppdatere seg og velg Utfør hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Notis: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål. Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen. Hvis du blir spurt om å restarte maskinen, gjør du det med en gang. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies Kjør combofix.exe, og følg veiledningen. Du får et spørsmål om at "Roughly 1/100 machines failed to make it through the disinfection process!! Are you sure you want to do this??" - Svar Yes Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Post loggfilen fra Combofix (c:\combofix.txt) sammen med Malwarebytes'-loggen Jeg formaterte og reinstalerte windows før jeg rakk og se denne mld... Lenke til kommentar
crazypc Skrevet 4. oktober 2008 Del Skrevet 4. oktober 2008 (endret) Oppfører pc'en seg normalt nå? Endret 4. oktober 2008 av crazypc Lenke til kommentar
Happy25 Skrevet 5. oktober 2008 Forfatter Del Skrevet 5. oktober 2008 Oppfører pc'en seg normalt nå? den jorde det enn stund. men nå har jeg fått mer. som både avg og windows defender oppdaget automatisk. men nå er det ikke noe tull som jeg skrev tidligere, sånn som at c: dvddrev og ting på startmenyen er borte. men skall prøve det som står ovenpå og poste loggen Lenke til kommentar
Happy25 Skrevet 5. oktober 2008 Forfatter Del Skrevet 5. oktober 2008 Oppfører pc'en seg normalt nå? den jorde det enn stund. men nå har jeg fått mer. som både avg og windows defender oppdaget automatisk. men nå er det ikke noe tull som jeg skrev tidligere, sånn som at c: dvddrev og ting på startmenyen er borte. men skall prøve det som står ovenpå og poste loggen Her er loggen fra Malwarebytes' Anti-Malware. Malwarebytes' Anti-Malware 1.28 Database versjon: 1231 Windows 5.1.2600 Service Pack 3 06.10.2008 01:51:03 mbam-log-2008-10-06 (01-51-03).txt Skanntype: Rask Skann Objekter skannet: 43518 Tid tilbakelagt: 2 minute(s), 8 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 7 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 23 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7093db8-d5fb-4ff9-851c-3e4c5c5bd4fd} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggwuofx (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c7093db8-d5fb-4ff9-851c-3e4c5c5bd4fd} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Programfiler\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully. Filer infisert: C:\WINDOWS\system32\hgGwUOFX.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\asb\Lokale innstillinger\Temp\lwpwer.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\2.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\4.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\7.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\asb\Lokale innstillinger\Temp\TDSS9145.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\asb\Lokale innstillinger\Temp\TDSS9154.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\asb\Lokale innstillinger\Temp\TDSS91c2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSSa440.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSSa450.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. Lenke til kommentar
Happy25 Skrevet 6. oktober 2008 Forfatter Del Skrevet 6. oktober 2008 (endret) Oppfører pc'en seg normalt nå? den jorde det enn stund. men nå har jeg fått mer. som både avg og windows defender oppdaget automatisk. men nå er det ikke noe tull som jeg skrev tidligere, sånn som at c: dvddrev og ting på startmenyen er borte. men skall prøve det som står ovenpå og poste loggen Her er loggen fra Malwarebytes' Anti-Malware. Malwarebytes' Anti-Malware 1.28 Database versjon: 1231 Windows 5.1.2600 Service Pack 3 06.10.2008 01:51:03 mbam-log-2008-10-06 (01-51-03).txt Skanntype: Rask Skann Objekter skannet: 43518 Tid tilbakelagt: 2 minute(s), 8 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 7 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 23 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7093db8-d5fb-4ff9-851c-3e4c5c5bd4fd} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggwuofx (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c7093db8-d5fb-4ff9-851c-3e4c5c5bd4fd} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Programfiler\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully. Filer infisert: C:\WINDOWS\system32\hgGwUOFX.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\asb\Lokale innstillinger\Temp\lwpwer.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\2.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\4.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\7.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\asb\Lokale innstillinger\Temp\TDSS9145.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\asb\Lokale innstillinger\Temp\TDSS9154.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\asb\Lokale innstillinger\Temp\TDSS91c2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSSa440.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSSa450.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. loggen fra combofix ComboFix 08-10-05.03 - asb 2008-10-06 1:55:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1487 [GMT 2:00] Running from: C:\Documents and Settings\asb\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\asb\Cookies\[email protected][1].txt C:\Documents and Settings\asb\Cookies\asb@clicktorrent[2].txt C:\Documents and Settings\asb\Cookies\[email protected][3].txt C:\WINDOWS\system32\ghibevgd.ini C:\WINDOWS\system32\rsDedccf.ini C:\WINDOWS\system32\rsDedccf.ini2 C:\WINDOWS\system32\TDSSerrors.log . ((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 ))))))))))))))))))))))))))))))) . 2008-10-06 01:45 . 2008-10-06 01:46 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-06 01:45 . 2008-10-06 01:45 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Malwarebytes 2008-10-06 01:45 . 2008-10-06 01:45 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Malwarebytes 2008-10-06 01:45 . 2008-10-06 01:45 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Malwarebytes 2008-10-06 01:45 . 2008-10-06 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-06 01:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-06 01:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-05 22:58 . 2008-04-14 18:22 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll 2008-10-05 22:58 . 2008-04-14 18:22 9,728 --a------ C:\WINDOWS\system32\rwnh.dll 2008-10-05 17:08 . 2008-10-05 17:08 <DIR> d-------- C:\Programfiler\Windows Live Safety Center 2008-10-05 13:04 . 2008-10-05 13:04 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-10-05 13:04 . 2008-10-05 13:04 <DIR> d-------- C:\Programfiler\Windows Desktop Search 2008-10-05 13:04 . 2008-10-05 13:04 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Windows Desktop Search 2008-10-05 13:04 . 2008-10-05 13:04 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Windows Desktop Search 2008-10-05 13:04 . 2008-10-05 13:04 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Windows Desktop Search 2008-10-05 13:04 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-10-05 13:04 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-10-05 13:04 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-10-05 01:28 . 2008-10-05 01:28 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Kaspersky_Key_Finder_(KKF 2008-10-05 01:28 . 2008-10-05 01:28 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Kaspersky_Key_Finder_(KKF 2008-10-05 01:28 . 2008-10-05 01:28 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Kaspersky_Key_Finder_(KKF 2008-10-05 00:52 . 2008-10-05 00:52 57 --a------ C:\WINDOWS\autoinst.ini 2008-10-04 20:34 . 2008-10-04 20:34 244 --ah----- C:\sqmnoopt00.sqm 2008-10-04 20:34 . 2008-10-04 20:34 232 --ah----- C:\sqmdata00.sqm 2008-10-04 03:20 . 2008-10-05 13:35 <DIR> d-------- C:\Documents and Settings\asb\Contacts 2008-10-04 03:20 . 2008-10-05 13:35 <DIR> d-------- C:\Documents and Settings\asb\Contacts 2008-10-04 03:19 . 2008-10-04 03:19 <DIR> d-------- C:\Programfiler\MSN Messenger 2008-10-03 14:35 . 2008-10-03 14:35 <DIR> d--h----- C:\WINDOWS\PIF 2008-10-03 14:34 . 2008-10-03 14:34 <DIR> d-------- C:\Programfiler\WinImage 2008-10-02 14:23 . 2008-10-02 14:23 <DIR> d-------- C:\Programfiler\Windows Defender 2008-10-02 14:17 . 2008-10-02 14:17 <DIR> d-------- C:\Programfiler\LimeWire 2008-10-02 14:17 . 2008-10-05 19:35 <DIR> d-------- C:\Documents and Settings\asb\Programdata\LimeWire 2008-10-02 14:17 . 2008-10-05 19:35 <DIR> d-------- C:\Documents and Settings\asb\Programdata\LimeWire 2008-10-02 14:17 . 2008-10-05 19:35 <DIR> d-------- C:\Documents and Settings\asb\Programdata\LimeWire 2008-10-02 12:24 . 2008-04-13 20:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-10-01 20:14 . 2008-10-05 19:16 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-10-01 20:09 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2008-10-01 20:09 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2008-10-01 20:09 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax 2008-10-01 16:26 . 2008-10-01 16:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-10-01 16:25 . 2008-10-01 20:11 <DIR> d-------- C:\Programfiler\NOS 2008-10-01 16:25 . 2008-10-01 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NOS 2008-09-30 17:04 . 2008-09-30 17:05 <DIR> d-------- C:\Programfiler\18 Wheels of Steel American Long Haul 2008-09-30 14:28 . 2008-09-30 14:28 <DIR> d-------- C:\WINDOWS\Sun 2008-09-30 14:28 . 2008-09-30 14:28 <DIR> d-------- C:\Programfiler\Java 2008-09-30 14:28 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-30 14:27 . 2008-09-30 14:27 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-09-30 02:44 . 2008-09-30 02:44 <DIR> d-------- C:\Documents and Settings\asb\Programdata 2008-09-30 02:44 . 2008-09-30 02:44 <DIR> d-------- C:\Documents and Settings\asb 2008-09-30 01:16 . 2008-09-30 01:16 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-09-29 20:38 . 2008-09-29 20:38 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Nero 2008-09-29 20:38 . 2008-09-29 20:38 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Nero 2008-09-29 20:38 . 2008-09-29 20:38 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Nero 2008-09-29 20:36 . 2008-09-29 20:36 <DIR> d-------- C:\Programfiler\Nero 2008-09-29 20:36 . 2008-09-29 20:37 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero 2008-09-29 20:36 . 2008-09-29 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-09-29 16:05 . 2008-09-29 16:05 <DIR> d-------- C:\Documents and Settings\asb\Programdata\CyberLink 2008-09-29 16:05 . 2008-09-29 16:05 <DIR> d-------- C:\Documents and Settings\asb\Programdata\CyberLink 2008-09-29 16:05 . 2008-09-29 16:05 <DIR> d-------- C:\Documents and Settings\asb\Programdata\CyberLink 2008-09-29 16:05 . 2008-10-06 01:30 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-09-29 16:04 . 2008-10-05 23:16 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\Temp 2008-09-29 16:03 . 2008-09-29 16:03 <DIR> d-------- C:\Programfiler\Fellesfiler\CyberLink 2008-09-29 16:03 . 2008-09-29 16:03 <DIR> d-------- C:\Programfiler\CyberLink 2008-09-29 16:03 . 2008-09-29 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\CyberLink 2008-09-29 16:02 . 2008-09-29 16:02 505,128 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-09-29 16:02 . 2008-09-29 16:02 353,576 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-09-29 16:02 . 2008-09-29 16:02 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-09-29 13:20 . 2008-09-29 13:20 <DIR> d-------- C:\WINDOWS\Logs 2008-09-29 13:17 . 2008-09-29 13:17 <DIR> d-------- C:\Programfiler\MagicISO 2008-09-29 13:14 . 2008-09-29 13:14 <DIR> d-------- C:\Programfiler\PowerISO 2008-09-29 13:13 . 2008-10-06 01:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WinZip 2008-09-29 12:08 . 2008-09-29 12:08 <DIR> d-------- C:\Programfiler\DNA 2008-09-29 12:08 . 2008-09-29 12:08 <DIR> d-------- C:\Programfiler\BitTorrent 2008-09-29 12:08 . 2008-10-06 01:56 <DIR> d-------- C:\Documents and Settings\asb\Programdata\DNA 2008-09-29 12:08 . 2008-10-06 01:56 <DIR> d-------- C:\Documents and Settings\asb\Programdata\DNA 2008-09-29 12:08 . 2008-10-06 01:56 <DIR> d-------- C:\Documents and Settings\asb\Programdata\DNA 2008-09-29 12:08 . 2008-10-06 01:18 <DIR> d-------- C:\Documents and Settings\asb\Programdata\BitTorrent 2008-09-29 12:08 . 2008-10-06 01:18 <DIR> d-------- C:\Documents and Settings\asb\Programdata\BitTorrent 2008-09-29 12:08 . 2008-10-06 01:18 <DIR> d-------- C:\Documents and Settings\asb\Programdata\BitTorrent 2008-09-29 12:04 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-09-29 11:54 . 2008-09-29 11:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-09-29 11:54 . 2008-09-29 11:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-09-29 11:54 . 2008-09-29 11:54 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-09-29 11:53 . 2008-09-29 11:53 <DIR> d-------- C:\WINDOWS\system32\URTTEMP 2008-09-29 11:38 . 2008-09-29 11:38 <DIR> d-------- C:\WINDOWS\system32\no 2008-09-29 11:38 . 2008-10-05 13:04 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-09-29 11:38 . 2008-09-29 11:38 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-29 11:38 . 2008-09-29 11:38 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-29 11:37 . 2008-09-29 11:37 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-29 11:30 . 2008-10-05 21:43 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-09-29 11:30 . 2008-09-29 11:30 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-09-29 11:30 . 2008-09-29 11:30 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-09-29 11:30 . 2008-09-29 11:30 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-09-29 11:29 . 2008-09-29 11:29 <DIR> d-------- C:\Programfiler\AVG 2008-09-29 11:24 . 2008-09-29 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avg8 2008-09-29 11:21 . 2008-09-29 11:21 2,422 --a------ C:\WINDOWS\system32\wpa.bak 2008-09-05 23:30 . 2008-09-05 23:30 950,824 -----c--- C:\WINDOWS\system32\dllcache\WgaTray.exe 2008-09-05 23:30 . 2008-09-05 23:30 267,304 -----c--- C:\WINDOWS\system32\dllcache\wgaLogon.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-01 18:02 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-09-29 00:49 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-09-29 00:49 --------- d-----w C:\Programfiler\Jensen 2008-09-29 00:49 --------- d-----w C:\Documents and Settings\asb\Programdata\InstallShield 2008-09-29 00:49 --------- d-----w C:\Documents and Settings\asb\Programdata\InstallShield 2008-09-29 00:49 --------- d-----w C:\Documents and Settings\asb\Programdata\InstallShield 2008-09-29 00:43 --------- d-----w C:\Documents and Settings\asb\Programdata\ATI 2008-09-29 00:43 --------- d-----w C:\Documents and Settings\asb\Programdata\ATI 2008-09-29 00:43 --------- d-----w C:\Documents and Settings\asb\Programdata\ATI 2008-09-29 00:41 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-09-29 00:41 --------- d-----w C:\Programfiler\Fellesfiler\ATI Technologies 2008-09-29 00:41 --------- d-----w C:\Programfiler\ATI Technologies 2008-09-29 00:34 --------- d-----w C:\Programfiler\Realtek 2008-09-29 00:25 --------- d-----w C:\Programfiler\microsoft frontpage 2008-09-29 00:24 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-09-29 00:23 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-09-29 12:08 289088] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 10:28 1234712] "RemoteControl8"="C:\Programfiler\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240] "PDVD8LanguageShortcut"="C:\Programfiler\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472] "BDRegion"="C:\Programfiler\Cyberlink\Shared Files\brs.exe" [2008-03-21 10:21 91432] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Jensen AirLink Utility.lnk - C:\Programfiler\Jensen\Common\JensenUI.exe [2008-09-29 02:49:29 679936] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-29 11:30 97928] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Programfiler\CyberLink\PowerDVD800.fcl [2008-02-01 17:24 41456] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-29 11:30 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 11:29 231704] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-29 11:30 76040] R3 RT80x86;Jensen Air:Link 83300 Driver;C:\WINDOWS\system32\DRIVERS\RT2860.sys [2007-07-29 06:48 537216] S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b70e5ec2-8dcc-11dd-8a79-806d6172696f}] \Shell\AutoRun\command - D:\Setup.exe . Contents of the 'Scheduled Tasks' folder 2008-10-05 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . - - - - ORPHANS REMOVED - - - - BHO-{613AA584-34B7-4769-A889-1EB161EC53D9} - C:\WINDOWS\system32\fccdeDsr.dll ShellExecuteHooks-{C7093DB8-D5FB-4FF9-851C-3E4C5C5BD4FD} - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/ . Endret 6. oktober 2008 av Happy2 Lenke til kommentar
Happy25 Skrevet 6. oktober 2008 Forfatter Del Skrevet 6. oktober 2008 den oppfører deg normalt nå Lenke til kommentar
Happy25 Skrevet 6. oktober 2008 Forfatter Del Skrevet 6. oktober 2008 (endret) "Threat detectied!" (avg) File mane: C:\System Volume Information\_restore{6BE371FF-E76B-452E-8C07-G586201500AB}\RP50\A0008585.dll Threat name: Trojan horse BackDoor.Agent.VCA Detected on open Men mappan System Volume Information finnes jo ikke.. ivertfall ikke i C:\ Endret 6. oktober 2008 av Happy2 Lenke til kommentar
Happy25 Skrevet 6. oktober 2008 Forfatter Del Skrevet 6. oktober 2008 Ny logg fra antimalware. Malwarebytes' Anti-Malware 1.28 Database versjon: 1231 Windows 5.1.2600 Service Pack 3 2008-10-06 14:10:33 mbam-log-2008-10-06 (14-10-33).txt Skanntype: Full Skann (C:\|E:\|) Objekter skannet: 94166 Tid tilbakelagt: 18 minute(s), 21 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 3 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\System Volume Information\_restore{6BE731FF-E76B-452E-8C07-F586201500AB}\RP53\A0008618.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6BE731FF-E76B-452E-8C07-F586201500AB}\RP53\A0008619.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6BE731FF-E76B-452E-8C07-F586201500AB}\RP54\A0008636.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Lenke til kommentar
Happy25 Skrevet 6. oktober 2008 Forfatter Del Skrevet 6. oktober 2008 ny logg fra combofix ComboFix 08-10-05.06 - asb 2008-10-06 14:14:12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1375 [GMT 2:00] Running from: C:\Documents and Settings\asb\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\asb\Cookies\[email protected][1].txt C:\Documents and Settings\asb\Cookies\asb@clicktorrent[2].txt C:\Documents and Settings\asb\Cookies\[email protected][3].txt C:\WINDOWS\system32\ghibevgd.ini C:\WINDOWS\system32\rsDedccf.ini C:\WINDOWS\system32\rsDedccf.ini2 C:\WINDOWS\system32\TDSSerrors.log . ((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 ))))))))))))))))))))))))))))))) . 2008-10-06 01:45 . 2008-10-06 01:46 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-06 01:45 . 2008-10-06 01:45 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Malwarebytes 2008-10-06 01:45 . 2008-10-06 01:45 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Malwarebytes 2008-10-06 01:45 . 2008-10-06 01:45 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Malwarebytes 2008-10-06 01:45 . 2008-10-06 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-06 01:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-06 01:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-06 01:44 . 2008-10-06 01:44 2,939,720 -ra------ C:\ComboFix.exe 2008-10-05 22:58 . 2008-04-14 18:22 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll 2008-10-05 22:58 . 2008-04-14 18:22 9,728 --a------ C:\WINDOWS\system32\rwnh.dll 2008-10-05 17:08 . 2008-10-05 17:08 <DIR> d-------- C:\Programfiler\Windows Live Safety Center 2008-10-05 13:04 . 2008-10-05 13:04 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-10-05 13:04 . 2008-10-05 13:04 <DIR> d-------- C:\Programfiler\Windows Desktop Search 2008-10-05 13:04 . 2008-10-05 13:04 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Windows Desktop Search 2008-10-05 13:04 . 2008-10-05 13:04 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Windows Desktop Search 2008-10-05 13:04 . 2008-10-05 13:04 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Windows Desktop Search 2008-10-05 13:04 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-10-05 13:04 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-10-05 13:04 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-10-05 01:28 . 2008-10-05 01:28 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Kaspersky_Key_Finder_(KKF 2008-10-05 01:28 . 2008-10-05 01:28 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Kaspersky_Key_Finder_(KKF 2008-10-05 01:28 . 2008-10-05 01:28 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Kaspersky_Key_Finder_(KKF 2008-10-05 00:52 . 2008-10-05 00:52 57 --a------ C:\WINDOWS\autoinst.ini 2008-10-04 20:34 . 2008-10-04 20:34 244 --ah----- C:\sqmnoopt00.sqm 2008-10-04 20:34 . 2008-10-04 20:34 232 --ah----- C:\sqmdata00.sqm 2008-10-04 03:20 . 2008-10-05 13:35 <DIR> d-------- C:\Documents and Settings\asb\Contacts 2008-10-04 03:20 . 2008-10-05 13:35 <DIR> d-------- C:\Documents and Settings\asb\Contacts 2008-10-04 03:19 . 2008-10-04 03:19 <DIR> d-------- C:\Programfiler\MSN Messenger 2008-10-03 14:35 . 2008-10-03 14:35 <DIR> d--h----- C:\WINDOWS\PIF 2008-10-03 14:34 . 2008-10-03 14:34 <DIR> d-------- C:\Programfiler\WinImage 2008-10-02 14:23 . 2008-10-02 14:23 <DIR> d-------- C:\Programfiler\Windows Defender 2008-10-02 14:17 . 2008-10-02 14:17 <DIR> d-------- C:\Programfiler\LimeWire 2008-10-02 14:17 . 2008-10-05 19:35 <DIR> d-------- C:\Documents and Settings\asb\Programdata\LimeWire 2008-10-02 14:17 . 2008-10-05 19:35 <DIR> d-------- C:\Documents and Settings\asb\Programdata\LimeWire 2008-10-02 14:17 . 2008-10-05 19:35 <DIR> d-------- C:\Documents and Settings\asb\Programdata\LimeWire 2008-10-02 12:24 . 2008-04-13 20:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-10-01 20:14 . 2008-10-05 19:16 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-10-01 20:09 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2008-10-01 20:09 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2008-10-01 20:09 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax 2008-10-01 16:26 . 2008-10-01 16:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-10-01 16:25 . 2008-10-01 20:11 <DIR> d-------- C:\Programfiler\NOS 2008-10-01 16:25 . 2008-10-01 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NOS 2008-09-30 17:04 . 2008-09-30 17:05 <DIR> d-------- C:\Programfiler\18 Wheels of Steel American Long Haul 2008-09-30 14:28 . 2008-09-30 14:28 <DIR> d-------- C:\WINDOWS\Sun 2008-09-30 14:28 . 2008-09-30 14:28 <DIR> d-------- C:\Programfiler\Java 2008-09-30 14:28 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-30 14:27 . 2008-09-30 14:27 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-09-30 02:44 . 2008-09-30 02:44 <DIR> d-------- C:\Documents and Settings\asb\Programdata 2008-09-30 02:44 . 2008-09-30 02:44 <DIR> d-------- C:\Documents and Settings\asb 2008-09-30 01:16 . 2008-09-30 01:16 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-09-29 20:38 . 2008-09-29 20:38 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Nero 2008-09-29 20:38 . 2008-09-29 20:38 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Nero 2008-09-29 20:38 . 2008-09-29 20:38 <DIR> d-------- C:\Documents and Settings\asb\Programdata\Nero 2008-09-29 20:36 . 2008-09-29 20:36 <DIR> d-------- C:\Programfiler\Nero 2008-09-29 20:36 . 2008-09-29 20:37 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero 2008-09-29 20:36 . 2008-09-29 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-09-29 16:05 . 2008-09-29 16:05 <DIR> d-------- C:\Documents and Settings\asb\Programdata\CyberLink 2008-09-29 16:05 . 2008-09-29 16:05 <DIR> d-------- C:\Documents and Settings\asb\Programdata\CyberLink 2008-09-29 16:05 . 2008-09-29 16:05 <DIR> d-------- C:\Documents and Settings\asb\Programdata\CyberLink 2008-09-29 16:05 . 2008-10-06 11:54 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-09-29 16:04 . 2008-10-05 23:16 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\Temp 2008-09-29 16:03 . 2008-09-29 16:03 <DIR> d-------- C:\Programfiler\Fellesfiler\CyberLink 2008-09-29 16:03 . 2008-09-29 16:03 <DIR> d-------- C:\Programfiler\CyberLink 2008-09-29 16:03 . 2008-09-29 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\CyberLink 2008-09-29 16:02 . 2008-09-29 16:02 505,128 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-09-29 16:02 . 2008-09-29 16:02 353,576 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-09-29 16:02 . 2008-09-29 16:02 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-09-29 13:20 . 2008-09-29 13:20 <DIR> d-------- C:\WINDOWS\Logs 2008-09-29 13:17 . 2008-09-29 13:17 <DIR> d-------- C:\Programfiler\MagicISO 2008-09-29 13:14 . 2008-09-29 13:14 <DIR> d-------- C:\Programfiler\PowerISO 2008-09-29 13:13 . 2008-10-06 01:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WinZip 2008-09-29 12:08 . 2008-09-29 12:08 <DIR> d-------- C:\Programfiler\DNA 2008-09-29 12:08 . 2008-09-29 12:08 <DIR> d-------- C:\Programfiler\BitTorrent 2008-09-29 12:08 . 2008-10-06 14:12 <DIR> d-------- C:\Documents and Settings\asb\Programdata\DNA 2008-09-29 12:08 . 2008-10-06 14:12 <DIR> d-------- C:\Documents and Settings\asb\Programdata\DNA 2008-09-29 12:08 . 2008-10-06 14:12 <DIR> d-------- C:\Documents and Settings\asb\Programdata\DNA 2008-09-29 12:08 . 2008-10-06 14:14 <DIR> d-------- C:\Documents and Settings\asb\Programdata\BitTorrent 2008-09-29 12:08 . 2008-10-06 14:14 <DIR> d-------- C:\Documents and Settings\asb\Programdata\BitTorrent 2008-09-29 12:08 . 2008-10-06 14:14 <DIR> d-------- C:\Documents and Settings\asb\Programdata\BitTorrent 2008-09-29 12:04 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-09-29 11:54 . 2008-09-29 11:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-09-29 11:54 . 2008-09-29 11:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-09-29 11:54 . 2008-09-29 11:54 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-09-29 11:53 . 2008-09-29 11:53 <DIR> d-------- C:\WINDOWS\system32\URTTEMP 2008-09-29 11:38 . 2008-09-29 11:38 <DIR> d-------- C:\WINDOWS\system32\no 2008-09-29 11:38 . 2008-10-05 13:04 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-09-29 11:38 . 2008-09-29 11:38 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-29 11:38 . 2008-09-29 11:38 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-29 11:37 . 2008-09-29 11:37 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-29 11:30 . 2008-10-05 21:43 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-09-29 11:30 . 2008-09-29 11:30 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-09-29 11:30 . 2008-09-29 11:30 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-09-29 11:30 . 2008-09-29 11:30 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-09-29 11:29 . 2008-09-29 11:29 <DIR> d-------- C:\Programfiler\AVG 2008-09-29 11:24 . 2008-09-29 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avg8 2008-09-29 11:21 . 2008-09-29 11:21 2,422 --a------ C:\WINDOWS\system32\wpa.bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-01 18:02 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-09-29 00:49 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-09-29 00:49 --------- d-----w C:\Programfiler\Jensen 2008-09-29 00:49 --------- d-----w C:\Documents and Settings\asb\Programdata\InstallShield 2008-09-29 00:49 --------- d-----w C:\Documents and Settings\asb\Programdata\InstallShield 2008-09-29 00:49 --------- d-----w C:\Documents and Settings\asb\Programdata\InstallShield 2008-09-29 00:43 --------- d-----w C:\Documents and Settings\asb\Programdata\ATI 2008-09-29 00:43 --------- d-----w C:\Documents and Settings\asb\Programdata\ATI 2008-09-29 00:43 --------- d-----w C:\Documents and Settings\asb\Programdata\ATI 2008-09-29 00:41 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-09-29 00:41 --------- d-----w C:\Programfiler\Fellesfiler\ATI Technologies 2008-09-29 00:41 --------- d-----w C:\Programfiler\ATI Technologies 2008-09-29 00:34 --------- d-----w C:\Programfiler\Realtek 2008-09-29 00:25 --------- d-----w C:\Programfiler\microsoft frontpage 2008-09-29 00:24 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-09-29 00:23 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613AA584-34B7-4769-A889-1EB161EC53D9}] C:\WINDOWS\system32\fccdeDsr.dll [bU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-09-29 289088] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712] "RemoteControl8"="C:\Programfiler\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="C:\Programfiler\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="C:\Programfiler\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Jensen AirLink Utility.lnk - C:\Programfiler\Jensen\Common\JensenUI.exe [2008-09-29 679936] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-29 97928] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Programfiler\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24 41456] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-29 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231704] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-29 76040] R3 RT80x86;Jensen Air:Link 83300 Driver;C:\WINDOWS\system32\DRIVERS\RT2860.sys [2007-07-29 537216] S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b70e5ec2-8dcc-11dd-8a79-806d6172696f}] \Shell\AutoRun\command - D:\Setup.exe . Contents of the 'Scheduled Tasks' folder 2008-10-06 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{C7093DB8-D5FB-4FF9-851C-3E4C5C5BD4FD} - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-06 14:15:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\C:\Programfiler\CyberLink\PowerDVD8\000.fcl" . Completion time: 2008-10-06 14:15:59 ComboFix-quarantined-files.txt 2008-10-06 12:15:49 Pre-Run: 488,215,343,104 byte ledig Post-Run: 488,413,122,560 byte ledig 226 --- E O F --- 2008-09-29 23:16:33 Lenke til kommentar
snippsat Skrevet 6. oktober 2008 Del Skrevet 6. oktober 2008 Lim tekst i codebox inn i notisblok,lagre på skrivebordet som bho.reg Dobbelklikk og legg inn i register. REGEDIT4 [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613AA584-34B7-4769-A889-1EB161EC53D9} C:\WINDOWS\system32\fccdeDsr] Men mappan System Volume Information finnes jo ikke.. ivertfall ikke i C:\ Dette er systemgjennopprettning mappen,denne resetter vi når du fjerner combofix. --- Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Restart --- Scann med avg og se om det er greit. Lenke til kommentar
Happy25 Skrevet 6. oktober 2008 Forfatter Del Skrevet 6. oktober 2008 Lim tekst i codebox inn i notisblok,lagre på skrivebordet som bho.regDobbelklikk og legg inn i register. REGEDIT4 [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613AA584-34B7-4769-A889-1EB161EC53D9} C:\WINDOWS\system32\fccdeDsr] Men mappan System Volume Information finnes jo ikke.. ivertfall ikke i C:\ Dette er systemgjennopprettning mappen,denne resetter vi når du fjerner combofix. --- Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Restart --- Scann med avg og se om det er greit. avg finner ikke noe nå men combofix/u funker ikke i kjørvinduet. Lenke til kommentar
Happy25 Skrevet 6. oktober 2008 Forfatter Del Skrevet 6. oktober 2008 Lim tekst i codebox inn i notisblok,lagre på skrivebordet som bho.regDobbelklikk og legg inn i register. REGEDIT4 [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613AA584-34B7-4769-A889-1EB161EC53D9} C:\WINDOWS\system32\fccdeDsr] Men mappan System Volume Information finnes jo ikke.. ivertfall ikke i C:\ Dette er systemgjennopprettning mappen,denne resetter vi når du fjerner combofix. --- Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Restart --- Scann med avg og se om det er greit. avg finner ikke noe nå men combofix/u funker ikke i kjørvinduet. combofix /u got it Lenke til kommentar
Happy25 Skrevet 6. oktober 2008 Forfatter Del Skrevet 6. oktober 2008 men hva gjør jeg med den txt filen? Lenke til kommentar
snippsat Skrevet 6. oktober 2008 Del Skrevet 6. oktober 2008 (endret) Det bilr en reg fil viss du følger det jeg skriver. Når du har kopiere det som er inn i codebox limt inn i nostisblokk. Da lagrer du den som bho.reg på skrivebordet. Da kan du dobbelkikke på den,du får spørsmål om og legg inn i register svar ja. Endret 6. oktober 2008 av SNIPPSAT Lenke til kommentar
Happy25 Skrevet 6. oktober 2008 Forfatter Del Skrevet 6. oktober 2008 (endret) Det bilr en reg fil viss du følger det jeg skriver. Når du har kopiere det som er inn i codebox limt inn i nostisblokk. Da lagrer du den som bho.reg på skrivebordet. Da kan du dobbelkikke på den,du får spørsmål om og legg inn i register svar ja. da var det gjort takk for hjelpa folkens Endret 6. oktober 2008 av Happy2 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå