Problemer med "resycled\boot.com"

[2r3]

Hei

 

Eg har nettopp formatert dataen min fordi eg hadde ein masse virus og fikk ikkje til noke som helst. Eg har 2 harddiskar, ein der eg har OS (formatert og instalet xp) og ein der eg har alt av filmar spel seriar og noen program (ikkje formatert)

 

Eg har delt ein av harddiskane i to partisjonar (ein til OS (E:\) og ein der eg har program (C:\) dei fungerar fint, men når eg skal inn på disken med alle media mine får eg ein feilmelding "resycled\boot.com er ikke et gyldig Win323-program." noken som har vert borti dette før? (søkte her på diskusjon, men fant ikkje noko tråd om det). Eg søkte og på google der fant eg noke problemløysinga bl.a gjekk eg inn i regedit i sikkerhetsmodus og sletta alt det som var lagt inn med "resycled\boot.com", merka det var lagt inn kommandoer for d:\ og j:\ (recovery disk som ikkje vart formatert)

 

Vist nokon veit kva eg må gjere for og få fiksa dette ver så snill og hjelpe meg.

 

Beklager for eventuelle skrivefeil og dialektskriving er ganske trøtt og skal til og legge meg.

 

Takk

[norbat]

Kjør gjennom veiledningen da problemet ditt er knyttet til malware.

 

Loggene det spørres etter, poster du her i din egen tråd.

[2r3]

Kjøtre veiledningen din. det vart ikkje funne noke spyware eller riknande. Når eg kjørte ComboFix fant den og sletta alle resycled\boot.com filene og sletta dei så no fungerer alt som det skal

 

Takk

 

Her er combofix loggen vist du ville ha den

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-10-31.02 - Tore 2008-11-01 11:48:40.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1503 [GMT 1:00]

Running from: E:\Documents and Settings\Tore\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\Autorun.inf

J:\Autorun.inf

J:\RECYCLER\autorun.inf

J:\RECYCLER\desktop.ini

J:\RECYCLER\Folder.htt

J:\RECYCLER\info.exe

J:\RECYCLER\protect.ed

J:\RECYCLER\warning.bmp

 

.

((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))

.

 

2008-11-01 11:39 . 2008-11-01 11:39 <DIR> d-------- E:\Documents and Settings\Tore\Programdata\Malwarebytes

2008-11-01 11:39 . 2008-11-01 11:39 <DIR> d-------- E:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-11-01 11:39 . 2008-10-22 16:10 38,496 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-11-01 11:39 . 2008-10-22 16:10 15,504 --a------ E:\WINDOWS\system32\drivers\mbam.sys

2008-11-01 11:38 . 2008-11-01 11:47 <DIR> dr-h----- E:\Documents and Settings\Tore\Siste

2008-10-31 16:09 . 2008-10-31 16:10 <DIR> d-------- E:\Documents and Settings\Tore\Programdata\Ventrilo

2008-10-31 15:38 . 2008-10-31 15:38 <DIR> d-------- E:\Programfiler\uTorrent

2008-10-31 15:38 . 2008-11-01 11:41 <DIR> d-------- E:\Documents and Settings\Tore\Programdata\uTorrent

2008-10-30 21:51 . 2006-10-26 19:56 32,592 --a------ E:\WINDOWS\system32\msonpmon.dll

2008-10-30 21:50 . 2008-10-30 21:50 <DIR> d-------- E:\Programfiler\MSBuild

2008-10-30 21:50 . 2008-10-30 21:50 <DIR> d-------- E:\Programfiler\Microsoft Works

2008-10-30 21:47 . 2008-10-30 21:49 <DIR> d-------- E:\WINDOWS\SHELLNEW

2008-10-30 21:47 . 2008-10-30 21:51 <DIR> d-------- E:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-10-30 21:46 . 2008-10-30 21:46 <DIR> dr-h----- E:\MSOCache

2008-10-30 21:43 . 2008-10-31 21:40 <DIR> d-------- E:\WINDOWS\system32\drivers\Avg

2008-10-30 21:43 . 2008-10-30 21:43 <DIR> d-------- E:\Programfiler\AVG

2008-10-30 21:43 . 2008-10-30 21:43 <DIR> d-------- E:\Documents and Settings\All Users\Programdata\avg8

2008-10-30 21:43 . 2008-10-30 21:43 97,928 --a------ E:\WINDOWS\system32\drivers\avgldx86.sys

2008-10-30 21:43 . 2008-10-30 21:43 76,040 --a------ E:\WINDOWS\system32\drivers\avgtdix.sys

2008-10-30 21:43 . 2008-10-30 21:43 10,520 --a------ E:\WINDOWS\system32\avgrsstx.dll

2008-10-30 21:40 . 2008-10-30 21:40 <DIR> d-------- E:\Programfiler\VideoLAN

2008-10-30 21:40 . 2008-10-30 21:40 <DIR> d-------- E:\Documents and Settings\Tore\Programdata\vlc

2008-10-30 21:39 . 2008-10-30 21:39 <DIR> d-------- E:\Documents and Settings\Tore\Programdata\Media Player Classic

2008-10-30 21:39 . 2008-10-30 21:39 <DIR> d-------- E:\Documents and Settings\Tore\Programdata\DivX

2008-10-30 21:38 . 2008-10-30 21:38 <DIR> d-------- E:\Programfiler\Fellesfiler\Adobe AIR

2008-10-30 21:37 . 2008-10-30 21:44 <DIR> d-------- E:\Programfiler\Fellesfiler\Adobe

2008-10-30 21:36 . 2008-10-30 23:00 <DIR> d-------- E:\Programfiler\NOS

2008-10-30 21:36 . 2008-10-30 23:00 <DIR> d-------- E:\Documents and Settings\All Users\Programdata\NOS

2008-10-30 21:32 . 2008-10-30 21:32 <DIR> d---s---- E:\Documents and Settings\Tore\UserData

2008-10-30 21:22 . 2008-10-30 21:22 <DIR> d-------- E:\Documents and Settings\All Users\Programdata\nView_Profiles

2008-10-30 21:22 . 2008-10-30 23:04 8 --a------ E:\WINDOWS\system32\nvModes.dat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-30 18:18 20,747 ----a-w E:\WINDOWS\system32\drivers\AegisP.sys

2008-10-30 18:18 --------- d--h--w E:\Programfiler\InstallShield Installation Information

2008-10-30 18:18 --------- d-----w E:\Programfiler\RALINK

2008-10-30 18:08 --------- d-----w E:\Programfiler\AGEIA Technologies

2008-10-30 18:07 --------- d-----w E:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-10-30 18:03 --------- d-----w E:\Programfiler\Creative

2008-10-30 18:01 --------- d-----w E:\Documents and Settings\Tore\Programdata\Creative

2008-10-30 17:57 --------- d--h--w E:\Programfiler\Creative Installation Information

2008-10-30 17:57 --------- d-----w E:\Programfiler\Fellesfiler\Creative

2008-10-30 17:56 86,016 ----a-w E:\WINDOWS\system32\OpenAL32.dll

2008-10-30 17:56 409,600 ----a-w E:\WINDOWS\system32\wrap_oal.dll

2008-10-30 17:54 --------- d-----w E:\Documents and Settings\All Users\Programdata\Creative

2008-10-30 17:31 --------- d-----w E:\Programfiler\Realtek

2008-10-30 17:28 --------- d-----w E:\Programfiler\NVIDIA Corporation

2008-10-30 17:27 --------- d-----w E:\Programfiler\Fellesfiler\InstallShield

2008-10-30 17:22 --------- d-----w E:\Programfiler\microsoft frontpage

2008-10-30 17:20 --------- d-----w E:\Programfiler\Fellesfiler\Tjenester

2008-10-30 17:20 --------- d-----w E:\Programfiler\Elektroniske tjenester

2008-10-02 09:07 453,152 ----a-w E:\WINDOWS\system32\NVUNINST.EXE

2008-09-16 00:14 9,464 ------w E:\WINDOWS\system32\drivers\cdralw2k.sys

2008-09-16 00:14 9,336 ------w E:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-09-16 00:14 524,288 ----a-w E:\WINDOWS\system32\DivXsm.exe

2008-09-16 00:14 43,528 ------w E:\WINDOWS\system32\drivers\PxHelp20.sys

2008-09-16 00:14 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll

2008-09-16 00:14 129,784 ------w E:\WINDOWS\system32\pxafs.dll

2008-09-16 00:14 120,056 ------w E:\WINDOWS\system32\pxcpyi64.exe

2008-09-16 00:14 118,520 ------w E:\WINDOWS\system32\pxinsi64.exe

2008-09-16 00:12 81,920 ----a-w E:\WINDOWS\system32\dpl100.dll

2008-09-16 00:12 593,920 ----a-w E:\WINDOWS\system32\dpuGUI11.dll

2008-09-16 00:12 57,344 ----a-w E:\WINDOWS\system32\dpv11.dll

2008-09-16 00:12 53,248 ----a-w E:\WINDOWS\system32\dpuGUI10.dll

2008-09-16 00:12 344,064 ----a-w E:\WINDOWS\system32\dpus11.dll

2008-09-16 00:12 294,912 ----a-w E:\WINDOWS\system32\dpu11.dll

2008-09-16 00:12 294,912 ----a-w E:\WINDOWS\system32\dpu10.dll

2008-09-16 00:12 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll

2008-09-16 00:12 196,608 ----a-w E:\WINDOWS\system32\dtu100.dll

2008-09-16 00:12 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll

2008-09-16 00:11 823,296 ----a-w E:\WINDOWS\system32\divx_xx0c.dll

2008-09-16 00:11 823,296 ----a-w E:\WINDOWS\system32\divx_xx07.dll

2008-09-16 00:11 815,104 ----a-w E:\WINDOWS\system32\divx_xx0a.dll

2008-09-16 00:11 802,816 ----a-w E:\WINDOWS\system32\divx_xx11.dll

2008-09-16 00:11 683,520 ----a-w E:\WINDOWS\system32\DivX.dll

2008-09-16 00:11 161,096 ----a-w E:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-09-16 00:11 12,288 ----a-w E:\WINDOWS\system32\DivXWMPExtType.dll

2008-09-04 08:31 288,024 ----a-w E:\WINDOWS\system32\PhysXCplUI.exe

2008-08-29 07:57 70,936 ----a-w E:\WINDOWS\system32\PhysXLoader.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2004-09-28 15360]

"Creative MediaSource Go"="E:\Programfiler\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 143360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nTrayFw"="E:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]

"JMB36X IDE Setup"="E:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 36864]

"JMB36X Configure"="E:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 1953792]

"VolPanel"="E:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]

"AudioDrvEmulator"="E:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]

"UpdReg"="E:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]

"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2008-10-07 13574144]

"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 86016]

"Adobe Reader Speed Launcher"="E:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AVG8_TRAY"="C:\Program\AVG8~1.0\avgtray.exe" [2008-10-30 1234712]

"GrooveMonitor"="E:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 E:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 E:\WINDOWS\SkyTel.exe]

"CTHelper"="CTHELPER.EXE" [2006-05-24 E:\WINDOWS\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 E:\WINDOWS\system32\CTXFIHLP.EXE]

"nwiz"="nwiz.exe" [2008-10-07 E:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2004-09-28 15360]

 

E:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Ralink Wireless Utility.lnk - E:\Programfiler\RALINK\Common\RaUI.exe [2008-10-30 606208]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"C:\\Program\\AVG 8.0\\avgemc.exe"=

"C:\\Program\\AVG 8.0\\avgupd.exe"=

"E:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"E:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"E:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"E:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Program\\Opera\\opera.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;E:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-30 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\Program\AVG8~1.0\avgemc.exe [2008-10-30 875288]

R2 avg8wd;AVG Free8 WatchDog;C:\Program\AVG8~1.0\avgwdsvc.exe [2008-10-30 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;E:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-30 76040]

R3 ha20x2k;Creative 20X HAL Driver;E:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 1110016]

 

*Newly Created Service* - PROCEXP90

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://google.no/

O8 -: E&ksporter til Microsoft Excel - E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-01 11:49:54

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-01 11:50:21

ComboFix-quarantined-files.txt 2008-11-01 10:50:19

 

Pre-Run: 14 096 592 896 byte ledig

Post-Run: 14,093,078,528 byte ledig

 

169

Endret 1. november 2008 av 2r3

[norbat]

Ser fint ut dette.

Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør)

 

Surf trygt.