Virus på pcen

kentove91 · 29. september 2008

hei. sitter nå med virus på pcen. Jeg kan ikke gå inn på min data maskin og heller ikke på kontroll panel osv. Hva kan jeg gjøre?

Svar fort. det blir bare værre og værre

norbat · 29. september 2008

Hvis du er koblet til nett med kabel, kan du forsøke å starte pc'n i sikker modus (tapp F8 under oppstart) og velg sikker modus m/nettverk.

Derfra laster du ned combofix, legg det på skrivebordet og kjører programmet. Post loggen den lager

kentove91 · 29. september 2008

Hvis du er koblet til nett med kabel, kan du forsøke å starte pc'n i sikker modus (tapp F8 under oppstart) og velg sikker modus m/nettverk.

Derfra laster du ned combofix, legg det på skrivebordet og kjører programmet. Post loggen den lager

Kjørte scan to ganger pga at loggen aldri blei fullført den første gangen. ventet i 30 min. Pcen ser bra ut nå. men her har du The Log

ComboFix 08-09-28.01 - 19020KEBA 2008-09-29 20:54:14.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1329 [GMT 2:00]

Running from: C:\Documents and Settings\19020KEBA\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

C:\Documents and Settings\19020KEBA\Favoritter\Error Cleaner.url

C:\Documents and Settings\19020KEBA\Favoritter\Privacy Protector.url

C:\Documents and Settings\19020KEBA\Favoritter\Spyware&Malware Protection.url

C:\Documents and Settings\19020KEBA\Skrivebord\Error Cleaner.url

C:\Documents and Settings\19020KEBA\Skrivebord\Privacy Protector.url

C:\Documents and Settings\19020KEBA\Skrivebord\Spyware&Malware Protection.url

C:\Programfiler\MicroAV

C:\Programfiler\MicroAV\MicroAV.ooo

C:\Programfiler\MicroAV\MicroAV0.dat

C:\Programfiler\MicroAV\MicroAV1.dat

C:\Programfiler\PCHealthCenter

C:\Programfiler\PCHealthCenter\1.ico

C:\Programfiler\PCHealthCenter\2.gif

C:\Programfiler\PCHealthCenter\2.ico

C:\Programfiler\PCHealthCenter\3.gif

C:\Programfiler\PCHealthCenter\sc.html

C:\WINDOWS\dfmlxbpkvkd.dll

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\ewte.exe

C:\WINDOWS\onfwbsak.dll

C:\WINDOWS\peltodgx.dll

C:\WINDOWS\rwlfsdmk.dll

C:\WINDOWS\system32\1.ico

C:\WINDOWS\system32\2.ico

C:\WINDOWS\system32\bbkxbrka.ini

C:\WINDOWS\system32\byxYrQKC.dll

C:\WINDOWS\system32\ssqNFuus.dll

C:\WINDOWS\system32\vtUmMgEW.dll

C:\WINDOWS\system32\WEgMmUtv.ini

C:\WINDOWS\system32\WEgMmUtv.ini2

.

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 )))))))))))))))))))))))))))))))

.

2008-09-29 16:07 . 2008-09-29 16:07 <DIR> dr-h----- C:\Documents and Settings\19020KEBA\Siste

2008-09-29 16:06 . 2008-09-29 16:06 <DIR> d-------- C:\Programfiler\CCleaner

2008-09-29 16:00 . 2008-09-29 16:40 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-29 15:39 . 2008-09-29 15:39 80,512 --a------ C:\WINDOWS\system32\akrbxkbb.dll

2008-09-29 15:15 . 2008-09-29 15:56 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-29 15:15 . 2008-09-29 15:15 <DIR> d-------- C:\Programfiler\AVG

2008-09-29 15:15 . 2008-09-29 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8

2008-09-29 15:15 . 2008-09-29 15:15 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-29 15:15 . 2008-09-29 15:15 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-09-29 15:15 . 2008-09-29 15:15 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys

2008-09-29 15:15 . 2008-09-29 15:15 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-29 10:09 . 2008-09-29 06:15 86,016 --a------ C:\WINDOWS\fbxrqtwn.exe

2008-09-29 10:06 . 2008-09-29 10:06 <DIR> d-------- C:\Programfiler\Your Freedom

2008-09-29 10:06 . 2008-09-29 10:06 <DIR> d-------- C:\Programfiler\SocksCapV2

2008-09-29 10:06 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe

2008-09-29 10:05 . 2008-09-29 10:05 <DIR> d-------- C:\Documents and Settings\19020KEBA\WINDOWS

2008-09-28 20:53 . 2008-09-29 20:52 <DIR> d-------- C:\Programfiler\Steam

2008-09-28 19:38 . 2008-09-28 19:38 <DIR> d-------- C:\Documents and Settings\19020KEBA\Programdata\Media Player Classic

2008-09-28 19:37 . 2008-09-28 19:37 <DIR> d-------- C:\Programfiler\K-Lite Codec Pack

2008-09-28 19:37 . 2004-01-12 00:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-09-28 19:37 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-09-28 19:37 . 2008-07-30 21:09 38 --a------ C:\WINDOWS\avisplitter.ini

2008-09-28 16:37 . 2008-09-28 16:37 <DIR> d-------- C:\Programfiler\WM Converter

2008-09-25 15:11 . 2008-09-26 14:53 <DIR> d-------- C:\Documents and Settings\19020KEBA\Contacts

2008-09-25 15:10 . 2008-09-25 15:10 268 --ah----- C:\sqmdata01.sqm

2008-09-25 15:10 . 2008-09-25 15:10 244 --ah----- C:\sqmnoopt01.sqm

2008-09-25 15:05 . 2008-09-25 15:09 <DIR> d-------- C:\Programfiler\Windows Live

2008-09-25 15:05 . 2008-09-25 15:08 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-09-25 15:05 . 2008-09-25 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-09-25 03:04 . 2008-09-25 03:04 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-09-24 19:24 . 2008-09-24 19:24 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment

2008-09-24 19:24 . 2008-09-24 19:24 <DIR> d-------- C:\Logs

2008-09-24 16:35 . 2008-09-24 16:35 <DIR> d-------- C:\Programfiler\uTorrent

2008-09-24 16:35 . 2008-09-27 10:50 <DIR> d-------- C:\Documents and Settings\19020KEBA\Programdata\uTorrent

2008-09-24 16:04 . 2008-09-24 16:04 0 --a------ C:\WINDOWS\nsreg.dat

2008-09-24 15:54 . 2008-06-14 19:36 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-24 15:41 . 2008-09-28 16:25 <DIR> d-------- C:\Programfiler\World of Warcraft

2008-09-24 15:36 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-09-24 15:36 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-09-24 15:36 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-09-24 15:36 . 2008-04-13 11:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-09-24 15:15 . 2008-05-01 16:38 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-09-24 15:15 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-09-24 15:14 . 2008-09-24 15:14 <DIR> d-------- C:\Documents and Settings\19020KEBA\Programdata\ATI

2008-09-24 15:14 . 2008-09-24 15:14 <DIR> d-------- C:\Documents and Settings\19020KEBA\Bluetooth Software

2008-09-24 15:13 . 2008-09-24 15:13 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-09-24 15:13 . 2008-09-29 14:50 <DIR> dr------- C:\Documents and Settings\19020KEBA\Start-meny

2008-09-24 15:13 . 2007-10-13 17:24 <DIR> d--h----- C:\Documents and Settings\19020KEBA\Skrivere

2008-09-24 15:13 . 2008-09-29 20:55 <DIR> d-------- C:\Documents and Settings\19020KEBA\Skrivebord

2008-09-24 15:13 . 2008-09-29 20:55 <DIR> dr-h----- C:\Documents and Settings\19020KEBA\Programdata

2008-09-24 15:13 . 2008-09-28 16:45 <DIR> dr------- C:\Documents and Settings\19020KEBA\Mine dokumenter

2008-09-24 15:13 . 2007-10-13 15:43 <DIR> d--h----- C:\Documents and Settings\19020KEBA\Maler

2008-09-24 15:13 . 2008-09-29 20:55 <DIR> d--h----- C:\Documents and Settings\19020KEBA\Lokale innstillinger

2008-09-24 15:13 . 2008-09-29 20:17 <DIR> dr------- C:\Documents and Settings\19020KEBA\Favoritter

2008-09-24 15:13 . 2007-10-13 17:24 <DIR> d--h----- C:\Documents and Settings\19020KEBA\AndrMask

2008-09-24 15:13 . 2008-09-29 16:07 <DIR> d-------- C:\Documents and Settings\19020KEBA

2008-09-24 13:54 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-09-24 13:51 . 2008-09-24 13:51 7,836 --a------ C:\WINDOWS\cfgall.ini

2008-09-24 13:49 . 2008-09-24 13:49 <DIR> d-------- C:\Programfiler\Trend Micro

2008-09-24 13:49 . 2008-09-24 13:49 21 --a------ C:\tmuninst.ini

2008-09-24 13:48 . 2008-09-24 13:48 <DIR> d-------- C:\Documents and Settings\19020admin\Bluetooth Software

2008-09-24 13:34 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll

2008-09-24 13:34 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll

2008-09-24 13:34 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-09-01 14:48 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-09-01 14:42 . 2008-09-01 14:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-09-01 14:39 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000001_.tmp

2008-09-01 13:28 . 2008-09-01 13:28 <DIR> d--hs---- C:\found.000

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-25 01:08 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-09-24 14:21 --------- d-----w C:\Programfiler\Java

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Steam"="C:\Programfiler\Steam\Steam.exe" [2008-09-28 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="C:\Programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]

"QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 124928]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"OfficeScanNT Monitor"="C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 356352]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1172760]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]

Microsoft Firewall Client Management.lnk - C:\Programfiler\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-09 117568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=Startup.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-51603\Scripts\Logon\0\0]

"Script"=PushPrinterConnections.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-29 12424]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-29 96520]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 282904]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-29 75272]

R2 FwcAgent;Firewall Client Agent;C:\Programfiler\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832]

R2 NMSAccessU;NMSAccessU;C:\Programfiler\CDBurnerXP\NMSAccessU.exe [2007-05-04 71360]

R2 SWIHPWMI;SWIHPWMI;C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608]

S3 HP24X;HP PC Card Smart Card Reader;C:\WINDOWS\system32\DRIVERS\HP24X.sys [2006-10-19 33024]

.

- - - - ORPHANS REMOVED - - - -

BHO-{602F6418-A62C-4992-93C6-A0E1AD4B670A} - C:\WINDOWS\system32\vtUmMgEW.dll

BHO-{7B091D1B-AF42-4EA3-8FF5-3ADB46FE8DAE} - C:\WINDOWS\system32\byxYrQKC.dll

BHO-{F07C2B06-FF81-4EB8-8AB9-7620A24309FD} - C:\WINDOWS\dfmlxbpkvkd.dll

Toolbar-{59B4236E-2A39-4942-8278-980630D6D26F} - C:\WINDOWS\peltodgx.dll

HKCU-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe

HKCU-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe

HKCU-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe

HKCU-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe

HKLM-Run-\YURF1.exe - C:\Windows\system32\YURF1.exe

HKLM-Run-\YURF2.exe - C:\Windows\system32\YURF2.exe

HKLM-Run-\YURF3.exe - C:\Windows\system32\YURF3.exe

HKLM-Run-\YURF4.exe - C:\Windows\system32\YURF4.exe

HKLM-Run-ANTIVIRUS - C:\Programfiler\MicroAV\MicroAV.exe

HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe

HKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe

HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe

HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe

ShellExecuteHooks-{7B091D1B-AF42-4EA3-8FF5-3ADB46FE8DAE} - C:\WINDOWS\system32\byxYrQKC.dll

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\19020KEBA\Programdata\Mozilla\Firefox\Profiles\rncgrdmz.default\

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-29 20:55:55

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-29 20:57:11

ComboFix-quarantined-files.txt 2008-09-29 18:57:07

Pre-Run: 48,156,323,840 byte ledig

Post-Run: 48,140,226,560 byte ledig

215 --- E O F --- 2008-09-25 01:08:18

norbat · 29. september 2008

Kjør gjennom resten av veiledningen i følgende tråd: https://www.diskusjon.no/index.php?showtopic=691246

Loggene poste du her i din egen tråd, så ser vi om det er noe som må fjerne manuelt etterpå.

kentove91 · 30. september 2008

Kjør gjennom resten av veiledningen i følgende tråd: https://www.diskusjon.no/index.php?showtopic=691246

Loggene poste du her i din egen tråd, så ser vi om det er noe som må fjerne manuelt etterpå.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:42, on 2008-09-30

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Programfiler\CDBurnerXP\NMSAccessU.exe

C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

C:\Programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\AccelerometerSt.exe

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Programfiler\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Windows Media Player\wmplayer.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.8.1.2:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Programfiler\Microsoft Firewall Client 2004\FwcMgmt.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://sjvgs-fs2:4343/officescan/console/C...ll/WinNTChk.cab

O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://sjvgs-fs2:4343/officescan/console/C...ll/setupini.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sjvgs-fs2:4343/officescan/console/C...stall/setup.cab

O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://sjvgs-fs2:4343/officescan/console/html/AtxEnc.cab

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sjvgs-fs2:4343/officescan/console/C.../RemoveCtrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1192283903578

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no

O17 - HKLM\Software\..\Telephony: DomainName = skole.troms.vgs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Programfiler\CDBurnerXP\NMSAccessU.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

--

End of file - 8766 bytes

kentove91 · 30. september 2008

Kjør gjennom resten av veiledningen i følgende tråd: https://www.diskusjon.no/index.php?showtopic=691246

Loggene poste du her i din egen tråd, så ser vi om det er noe som må fjerne manuelt etterpå.

Mbam Log:

Malwarebytes' Anti-Malware 1.28

Database versjon: 1225

Windows 5.1.2600 Service Pack 3

2008-09-30 21:50:38

mbam-log-2008-09-30 (21-50-38).txt

Skanntype: Rask Skann

Objekter skannet: 49250

Tid tilbakelagt: 5 minute(s), 13 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 4

Registerverdier infisert: 0

Registerfiler infisert: 2

Mapper infisert: 0

Filer infisert: 2

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\peltodgx.bxfa (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-1058016-23654) -> Quarantined and deleted successfully.

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\WINDOWS\system32\akrbxkbb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\fbxrqtwn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

norbat · 30. september 2008

Så en ny combofix-logg

kentove91 · 30. september 2008

Så en ny combofix-logg

ok. holder på

kentove91 · 30. september 2008

Så en ny combofix-logg

Hær er en ny log:

ComboFix 08-09-30.01 - 19020KEBA 2008-09-30 22:24:42.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1285 [GMT 2:00]

Running from: C:\Documents and Settings\19020KEBA\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))

.

2008-09-30 21:36 . 2008-09-30 21:36 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-09-30 21:36 . 2008-09-30 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-09-30 21:36 . 2008-09-30 21:36 <DIR> d-------- C:\Documents and Settings\19020KEBA\Programdata\Malwarebytes

2008-09-30 21:36 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-30 21:36 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-29 16:07 . 2008-09-29 21:57 <DIR> dr-h----- C:\Documents and Settings\19020KEBA\Siste

2008-09-29 16:06 . 2008-09-29 16:06 <DIR> d-------- C:\Programfiler\CCleaner

2008-09-29 16:00 . 2008-09-29 21:24 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-29 15:15 . 2008-09-30 21:45 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg