[Løst][LØST]Hjelp! Ny pc..allrede fått en del virus. Hva gjør jeg nå?

Lillemeg87 · 16. november 2008

Er ganske grønn på pcer, så trodde at Windows defender og alt som hører med Vista var nok. Pcen er 2 dager og fikk i dag masse popups og dritt, og pcen er treg. Fikk etter hvert lastet ned AVG trial version og kjører nå en scan. Har så langt funnet 10 threats etter 10 min. Hvor lang tid tar en slik scan? Ser ut som den har funnet flest trojan virus. Er det noe mer jeg bør gjøre eller holder det å slette virusne den finner etter scanning?

Endret 17. november 2008 av Lillemeg87

Lillemeg87 · 16. november 2008

Hjelp! De har nå funnet over 1500 threats ...sikkert funnet noen hundre mens jeg skriver :O

2300 threats...

Lillemeg87 · 16. november 2008

er nå oppe i 12000

Actibus · 16. november 2008

Jeg ville kjørt en reinstall av windows også lagt inn AV program før jeg koplet maskinen på nett, da er du sikker på at all skit er vekk.

askldkalssda · 16. november 2008

Det er kanskje på tide å bruke en skikkelig nettleser når du surfer etter porno...?

Funkmasterfleksnes · 16. november 2008

kjøp et skikkelig antivirus program og firewall, gjere avg men helst fullversjonen..

det meste burde være vekk om du lar avg gjøre sakene sine

norbat · 16. november 2008

Kjør gjennom veiledningen. Loggene det spørres etter poster du her i din egen tråd.

Lillemeg87 · 16. november 2008

Har aldri surfet etter porno har nå funnet 47,000 threats. Håper den klarer å fjerne de.

raWrz · 16. november 2008

kjør Mbam først post loggen her også kjører du Combofix og poster logg så skal vi fikse det

raWrz · 16. november 2008

kjøp et skikkelig antivirus program og firewall, gjere avg men helst fullversjonen..
det meste burde være vekk om du lar avg gjøre sakene sine

ingen vits i og kjøpe da gratis er nesten like bra

Lednar · 16. november 2008

Avira og Comodo fungerer konge sammen. Begge er gratis.

Utenom det så er det bare å høre på folkene her. De vil hjelpe deg

Lillemeg87 · 16. november 2008

Kjørte nettopp malwarebytes og synes pcen er bedre, selv om det stod at den ikke kunne fjerne alle virusene. Her er loggen fra malbytes:

Malwarebytes' Anti-Malware 1.30

Database versjon: 1402

Windows 6.0.6001 Service Pack 1

16.11.2008 19:12:01

mbam-log-2008-11-16 (19-12-01).txt

Skanntype: Rask Skann

Objekter skannet: 43410

Tid tilbakelagt: 4 minute(s), 9 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 4

Registerverdier infisert: 4

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 4

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runedf9d31 (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Delete on reboot.

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\Users\Anette\AppData\Local\Temp\fgfnbxwn.dll (Trojan.Vundo) -> Delete on reboot.

C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Anette\AppData\Local\Temp\byxVnkJY.dll (Malware.Trace) -> Delete on reboot.

C:\Windows\System32\ljJawwwW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

raWrz · 16. november 2008

start dataen på nytt og kjør en ny FULL skann

Lugmeister · 16. november 2008

LAst ned spybot search and destroy også og kjør en skann etter spyware, eller bruk et annet bra antispywareprogram. Så du får fjernet all dritten i systemet.

Fsecure og trend micro har online scannere også det går an og bruke, greit for en dobbeltsjekk men de bruker en del tid for å scanne pcen

http://support.f-secure.com/enu/home/ols.shtml

http://housecall.trendmicro.com/

Endret 16. november 2008 av Lugmeister

Lillemeg87 · 16. november 2008

combofix log:

ComboFix 08-11-14.01 - Anette 2008-11-16 19:23:09.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1454 [GMT 1:00]

Running from: c:\users\Anette\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\MSINET.oca

.

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-16 18:06 --------- d-----w c:\users\Anette\AppData\Roaming\Malwarebytes

2008-11-16 18:06 --------- d-----w c:\programdata\Malwarebytes

2008-11-16 16:14 147,456 ----a-w c:\users\Anette\vbzip10.dll

2008-11-16 16:14 --------- d-----w c:\users\Anette\AppData\Roaming\LimeWire

2008-11-16 16:12 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys

2008-11-16 16:12 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys

2008-11-16 16:12 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys

2008-11-16 16:12 10,520 ----a-w c:\windows\System32\avgrsstx.dll

2008-11-16 16:10 65 ----a-w c:\users\Anette\ff.bat

2008-11-16 16:10 524 ----a-w c:\users\Anette\523.bat

2008-11-16 16:10 46,080 ----a-w c:\users\Anette\gif.exe

2008-11-16 16:07 23,832 ----a-w c:\windows\system32\drivers\avgfwd6x.sys

2008-11-16 16:07 --------- d-----w c:\programdata\avg8

2008-11-16 16:07 --------- d-----w c:\program files\AVG

2008-11-16 15:09 --------- d-----w c:\users\Anette\AppData\Roaming\Thunderbird

2008-11-16 15:09 --------- d-----w c:\program files\Mozilla Thunderbird

2008-11-16 14:44 524 ----a-w c:\users\Anette\483.bat

2008-11-16 14:35 410,976 ----a-w c:\windows\System32\deploytk.dll

2008-11-16 14:35 --------- d-----w c:\program files\Java

2008-11-15 19:05 --------- d-----w c:\programdata\VIZ_MPS

2008-11-15 19:04 --------- d-----w c:\program files\Vizky

2008-11-15 01:03 --------- d-----w c:\program files\Windows Mail

2008-11-14 20:00 --------- d-----w c:\programdata\Microsoft Help

2008-11-14 19:11 --------- d-----w c:\program files\MSXML 4.0

2008-11-14 18:50 --------- d-----w c:\program files\Windows Live

2008-11-14 18:49 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-11-14 18:48 --------- d-----w c:\programdata\WLInstaller

2008-11-14 15:50 --------- d-----w c:\programdata\HDBR31

2008-11-14 14:54 --------- d-----w c:\users\Anette\AppData\Roaming\ATI

2008-11-14 14:54 --------- d-----w c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

2008-11-14 14:54 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites

2008-11-14 14:52 --------- d-----w c:\program files\Microsoft Works

2008-11-14 14:50 --------- d-----w c:\programdata\fsc-reg

2008-11-14 14:50 --------- d-----w c:\program files\Fujitsu Siemens Computers

2008-11-14 14:50 --------- d-----w c:\program files\Common Files\InstallShield

2008-11-14 14:50 --------- d-----w c:\program files\Common Files\Fujitsu Siemens Computers

2008-11-14 14:48 --------- d-----w c:\program files\Microsoft.NET

2008-11-14 14:45 --------- d-----w c:\program files\Common Files\Nero

2008-11-14 14:44 --------- d-----w c:\programdata\Nero

2008-11-14 14:44 --------- d-----w c:\program files\Nero

2008-11-14 14:40 --------- d-----w c:\program files\Common Files\Adobe

2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll

2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll

2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll

2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-09-10 03:40 1,334,272 ----a-w c:\windows\System32\msxml6.dll

2008-09-05 05:14 1,191,936 ----a-w c:\windows\System32\msxml3.dll

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-03-26 188416]

"WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-08 208896]

"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-04 258048]

"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2007-12-25 241664]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-05-08 268096]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-16 136600]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-16 1235736]

"Malwarebytes Anti-Malware (reboot)"="d:\malware\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 470288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{DDF9076E-2765-439A-BB13-B7481D571DB9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{BB67278C-2A58-487C-84A8-E4E2EEBFEAB9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{CCA8FD00-B2F1-43E3-AB6C-32D75BDE1848}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{F2DE793E-B32D-4C14-95B7-4E2A08896C11}d:\\limewire\\limewire.exe"= UDP:d:\limewire\limewire.exe:LimeWire

"UDP Query User{07E77EC7-D009-43EA-A1D8-939AFBE7CC6E}d:\\limewire\\limewire.exe"= TCP:d:\limewire\limewire.exe:LimeWire

"{3D859E08-FB0A-4DB9-984B-A19B1B55191A}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe

"{5DA1666F-5D18-477E-A5FF-FF80C517EC79}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{084563E3-CDDA-41E9-B780-E603B563BB3E}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{AC757E85-FDEE-413B-AF18-E7C80BCB1876}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R0 ahcix86s;ahcix86s;c:\windows\system32\drivers\ahcix86s.sys [2008-06-20 170000]

R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2008-06-20 7680]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-16 12936]

R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2008-11-16 23832]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-16 98440]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-16 90632]

R1 Hotkey;Hotkey;c:\windows\system32\drivers\Hotkey.sys [2008-06-20 9867]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-16 874776]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-16 231704]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-16 1212184]

R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;"c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe" [2008-02-29 307200]

R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-06-20 3551232]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-06-20 84240]

R3 WisLMSvc;WisLMSvc;"c:\program files\Launch Manager\WisLMSvc.exe" [2008-06-20 118784]

S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-06-20 313344]

S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

*Newly Created Service* - PROCEXP90

.

- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4FD130AE-D8D2-4137-A680-C5CF233BE545} - c:\windows\system32\yaYPJbBU.dll

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-16 19:25:38

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP0000007C1300B2F5BBDEDBFB

scan completed successfully

hidden files: 1

**************************************************************************

.

Completion time: 2008-11-16 19:27:26

ComboFix-quarantined-files.txt 2008-11-16 18:27:22

Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Post-Run: 65,331,101,696 byte ledig

160 --- E O F --- 2008-11-14 20:00:19

Lillemeg87 · 16. november 2008

Kjører nå en full malbyte scan + fsecure online scan

raWrz · 16. november 2008

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

File::
c:\users\Anette\vbzip10.dll
c:\users\Anette\ff.bat
c:\users\Anette\523.bat
c:\users\Anette\gif.exe
c:\users\Anette\483.bat

Lagre det som CFScript på Skrivebordet

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.

Endret 16. november 2008 av Submit

Lillemeg87 · 16. november 2008

Her r loggen fra full mbyte scan. Fant ingen mistenkelige filer

Malwarebytes' Anti-Malware 1.30

Database versjon: 1402

Windows 6.0.6001 Service Pack 1

16.11.2008 22:32:38

mbam-log-2008-11-16 (22-32-38).txt

Skanntype: Full Skann (C:\|D:\|)

Objekter skannet: 156427

Tid tilbakelagt: 3 hour(s), 2 minute(s), 35 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

F-secure online scan fant følgende:

Viruses:

0

Hidden items:

0

Spyware:

13

Fikk slettet alle

Lillemeg87 · 16. november 2008

ComboFix 08-11-16.01 - Anette 2008-11-16 22:41:27.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1290 [GMT 1:00]

Running from: c:\users\Anette\Desktop\ComboFix.exe

Command switches used :: c:\users\Anette\Desktop\CFScript.txt

* Created a new restore point

FILE ::

c:\users\Anette\483.bat

c:\users\Anette\523.bat

c:\users\Anette\ff.bat

c:\users\Anette\gif.exe

c:\users\Anette\vbzip10.dll