[Løst]Hjelp til avinnstalering av antivirus 2009

monkaponka · 26. november 2008

Hei igjen, da har jeg kjørt combifix :

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-11-26.03 - xxxxxxxx 2008-11-26 17:28:25.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.591 [GMT 1:00]

Running from: c:\documents and settings\xxxxxxx\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\xxxxxxx\Desktop\CFScript.txt

* Created a new restore point

* Resident AV is active

FILE ::

c:\windows\system32\__c003EC57.0xe

c:\windows\system32\__c006A7D0.0xe

c:\windows\system32\__c00A3DD3.dat.ren

c:\windows\system32\__c00D2F41.0xe

c:\windows\system32\__c00E14D7.0xe

c:\windows\system32\drivers\lktiafamgbj.sys

c:\windows\system32\drivers\rtfafvrq6ur.sys

c:\windows\system32\drivers\thdhv6qwgho.sys

c:\windows\system32\drivers\yg63it2uwdy.sys

c:\windows\system32\givudoze.dll.vir

c:\windows\system32\jewukiwa.dll.vir

c:\windows\system32\ponimero.dll.vir

c:\windows\system32\yototiri.dll.vir

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\__c003EC57.0xe

c:\windows\system32\__c006A7D0.0xe

c:\windows\system32\__c00A3DD3.dat.ren

c:\windows\system32\__c00D2F41.0xe

c:\windows\system32\__c00E14D7.0xe

c:\windows\system32\drivers\lktiafamgbj.sys

c:\windows\system32\drivers\rtfafvrq6ur.sys

c:\windows\system32\drivers\thdhv6qwgho.sys

c:\windows\system32\drivers\yg63it2uwdy.sys

c:\windows\system32\givudoze.dll.vir

c:\windows\system32\jewukiwa.dll.vir

c:\windows\system32\ponimero.dll.vir

c:\windows\system32\yototiri.dll.vir

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6PRRSPCFSWF.SYS

-------\Legacy_BSZZKFIW6KY.SYS

-------\Legacy_CLHTSJPGCLH.SYS

-------\Legacy_NCJYJYUCVFE.SYS

-------\Legacy_OMVBA6VRDSL.SYS

-------\Legacy_RTFAFVRQ6UR.SYS

-------\Legacy_THDHV6QWGHO.SYS

-------\Legacy_YG63IT2UWDY.SYS

-------\Service_6prrspcfswf.sys

-------\Service_bszzkfiw6ky.sys

-------\Service_clhtsjpgclh.sys

-------\Service_ncjyjyucvfe.sys

-------\Service_omvba6vrdsl.sys

-------\Service_rtfafvrq6ur.sys

-------\Service_thdhv6qwgho.sys

-------\Service_yg63it2uwdy.sys

((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))

.

2008-11-26 10:00 . 2008-11-26 10:00 <DIR> d-------- c:\program files\CCleaner

2008-11-26 09:52 . 2008-11-26 13:09 <DIR> d-------- c:\windows\system32\CatRoot_bak

2008-11-26 09:38 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

2008-11-26 09:38 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui

2008-11-26 09:38 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui

2008-11-26 09:38 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui

2008-11-25 21:52 . 2008-11-25 21:52 <DIR> d-------- c:\documents and settings\Parfymelle\Application Data\Malwarebytes

2008-11-25 21:40 . 2004-08-04 14:00 4,224 --a------ c:\windows\system32\drivers\beep.sys

2008-11-25 21:40 . 2004-08-04 14:00 4,224 --a------ c:\windows\system32\dllcache\beep.sys

2008-11-25 14:21 . 2008-11-25 14:21 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-11-25 12:42 . 2008-11-25 22:46 <DIR> d-------- c:\program files\Spyware Terminator

2008-11-25 12:42 . 2008-11-25 12:42 <DIR> d-------- c:\program files\Crawler

2008-11-24 22:41 . 2008-11-24 22:41 <DIR> d-------- c:\documents and settings\s-p

2008-11-24 22:20 . 2008-11-25 09:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-24 22:20 . 2008-11-24 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-24 22:20 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-24 22:20 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-24 15:48 . 2008-11-24 15:48 0 --a------ c:\windows\nsreg.dat

2008-11-21 10:16 . 2006-02-23 11:43 165,404 --a------ c:\windows\hplj1320.hi1

2008-11-21 10:16 . 2006-02-23 11:43 12,172 --a------ c:\windows\hplj1320.bu1

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-26 13:53 --------- d-----w c:\documents and settings\Parfymelle\Application Data\OpenOffice.org2

2008-11-17 12:00 --------- d-----w c:\documents and settings\Parfymelle\Application Data\F-Secure

.

((((((((((((((((((((((((((((( snapshot@2008-11-26_ 9.14.36.42 )))))))))))))))))))))))))))))))))))))))))

.

- 2005-05-26 03:16:24 75,544 ----a-w c:\windows\system32\cdm.dll

+ 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\cdm.dll

- 2005-05-26 03:16:24 75,544 ----a-w c:\windows\system32\dllcache\cdm.dll

+ 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

- 2005-05-26 03:16:30 465,176 ----a-w c:\windows\system32\dllcache\wuapi.dll

+ 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

- 2005-05-26 03:16:30 124,184 ----a-w c:\windows\system32\dllcache\wuauclt.exe

+ 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

- 2005-05-26 03:16:30 1,343,768 ----a-w c:\windows\system32\dllcache\wuaueng.dll

+ 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

- 2005-05-26 03:16:30 127,256 ----a-w c:\windows\system32\dllcache\wucltui.dll

+ 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

- 2005-05-26 03:16:30 41,240 ----a-w c:\windows\system32\dllcache\wups.dll

+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

- 2005-05-26 03:19:32 173,536 ----a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll

+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll

- 2005-05-26 03:16:30 465,176 ----a-w c:\windows\system32\wuapi.dll

+ 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll

- 2005-05-26 03:16:30 124,184 ----a-w c:\windows\system32\wuauclt.exe

+ 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe

- 2005-05-26 03:16:30 1,343,768 ----a-w c:\windows\system32\wuaueng.dll

+ 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

- 2005-05-26 03:16:30 127,256 ----a-w c:\windows\system32\wucltui.dll

+ 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll

- 2005-05-26 03:16:30 41,240 ----a-w c:\windows\system32\wups.dll

+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\wups.dll

- 2005-05-26 03:16:30 18,200 ----a-w c:\windows\system32\wups2.dll

+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll

- 2005-05-26 03:19:32 173,536 ----a-w c:\windows\system32\wuweb.dll

+ 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Subst_Super"="subst s:" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688]

"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2002-05-28 69632]

"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2002-08-07 485376]

"VbdPos"="c:\vbdpos\vbdpos.exe" [2008-05-07 15121408]

"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]

"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]

"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe" [2003-03-31 28672]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-02-15 182936]

"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-02-15 895584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\xxxxxxx\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

Pocket Controller-Bridge.lnk - c:\programfiler\Soft Object Technologies Inc\Pocket Controller-Bridge\PCBridge.exe [2006-12-29 307200]

VbdMgrTray.lnk - c:\vestfold butikkdata as\VBDMgrTray\bin\VbdMgrTray.exe [2008-01-15 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

2004-11-01 11:50 8704 c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\VBDPOSSERVER\\FFE.EXE"=

"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\F-Secure\\FSAUA\\program\\fsaua.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpSvc.exe"=

"c:\\Vestfold Butikkdata AS\\vbdmgrtray\\bin\\vbdmgrtray.exe"=

"c:\\Programfiler\\Soft Object Technologies Inc\\Pocket Controller-Bridge\\PCBridge.exe"=

"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-03-21 60256]

R3 elomoufiltr;ELO TouchSystems-SRV2;c:\windows\system32\DRIVERS\elofiltr.sys [2006-01-18 18944]

R3 EloUsb;ELO TouchSystems-SRV;c:\windows\system32\DRIVERS\EloUsb.sys [2006-01-18 49664]

S1 F-Secure HIPS;F-Secure HIPS;\??\c:\program files\F-Secure\HIPS\fshs.sys [2008-03-21 70752]

S2 FlashFilerService;FlashFiler Service 2,1100 Release (D7);c:\vbdposserver\ffsrvice.exe [2004-04-05 1241088]

S2 RSSUPIO;RSSUPIO;c:\windows\system32\drivers\RSSUPIO.sys [2006-01-18 9536]

S2 VBDManager;VBD Manager;c:\vestfold butikkdata as\VBDManager\bin\VBDManager.exe [2008-01-15 28672]

S3 CscNUps;CscNUps;c:\windows\system32\drivers\CscNUps.sys [2006-01-18 18216]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-03-21 62048]

S3 msloop;Microsoft Loopback Adapter Driver;c:\windows\system32\DRIVERS\loop.sys [2006-01-15 4992]

S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-03-21 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-03-21 25184]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-26 17:36:35

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-11-26 17:39:00 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-26 16:38:57

ComboFix2.txt 2008-11-26 08:15:37

Pre-Run: 29 941 497 856 bytes free

Post-Run: 29,951,746,048 byte ledig

207

Så oppdaterte jeg MBAM og kjørte den :

Klikk for å se/fjerne innholdet nedenfor

Database versjon: 1425

Windows 5.1.2600 Service Pack 2

26.11.2008 17:45:23

mbam-log-2008-11-26 (17-45-23).txt

Skanntype: Rask Skann

Objekter skannet: 53669

Tid tilbakelagt: 2 minute(s), 19 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

Er jeg friskmeldt nå ? Kaldsvetter ikke lenger ivertfall :yes:

ps har også kjørt en ccleaner

monkaponka · 26. november 2008

Kjørte en full MBAM scann :

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.30

Database versjon: 1425

Windows 5.1.2600 Service Pack 2

26.11.2008 18:18:07

mbam-log-2008-11-26 (18-18-07).txt

Skanntype: Full Skann (C:\|D:\|)

Objekter skannet: 104897

Tid tilbakelagt: 20 minute(s), 15 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 28

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\Qoobox\Quarantine\C\WINDOWS\system32\fakalize.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\fupafeyo.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\guteheso.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\guvebehu.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\jajagedu.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\jotejazo.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\lipituwo.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\mabubula.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\mohiwofe.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\muvasevo.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\niwebazi.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\nogiduzu.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\pohuyuwo.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\pozovata.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\rezafovo.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\rimuzoma.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\rivabago.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\rozaniga.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\sibakaba.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\subarako.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\tituzeki.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\voduhuta.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\vozutiso.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\vuwevoje.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\wiwijadu.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\yemulaza.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\zirayoyu.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\zisizaru.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

norbat · 26. november 2008

Loggen (combofix) ser grei ut. Vet du hva dette er: "VbdPos"="c:\vbdpos\vbdpos.exe" (ligger i oppstarten din)

Det mbam fant ved full skann var noe som lå i karantenemappa til combofix.

Du kan nå fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør).

Dette vil fjerne karantenemappa + nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt gjenoppretting senere.

Antar pc'n kjører som normalt?

monkaponka · 26. november 2008

Pc kjører som normalt (var litt treig før jeg kjørte ccleaner).VdbPos er noe som skal være der.

Takk Norbat og Grokster for all hjelp.

Logg inn

[Løst]Hjelp til avinnstalering av antivirus 2009

Anbefalte innlegg

monkaponka

Lenke til kommentar

Videoannonse

monkaponka

Lenke til kommentar

norbat

Lenke til kommentar

monkaponka

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer