sheherezade Skrevet 12. desember 2008 Del Skrevet 12. desember 2008 (endret) Kan noen se over Hijack This loggen min og se om den ser ok ut? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:32:08, on 12.12.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\System32\mobsync.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- Endret 12. desember 2008 av sheherezade Lenke til kommentar
sheherezade Skrevet 12. desember 2008 Forfatter Del Skrevet 12. desember 2008 Jeg brukte MBAM til å fjerne de opprinnelige infeksjonene, og nye scans viser nå ingen mistenkelige filer. Spybot rapporterer imidlertid om noe som heter Win32.Agent.sd, og som ikke lar seg fjerne. Muligens en falsk positiv det da? Lenke til kommentar
Tosha0007 Skrevet 12. desember 2008 Del Skrevet 12. desember 2008 er ikkje umogleg.. Kor ligger den? (filplassering) Lenke til kommentar
raWrz Skrevet 12. desember 2008 Del Skrevet 12. desember 2008 post den Mbam/Spybot loggen og last ned combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe legg combofix på skriveborde og kjør det derfra Lenke til kommentar
sheherezade Skrevet 12. desember 2008 Forfatter Del Skrevet 12. desember 2008 er ikkje umogleg.. Kor ligger den? (filplassering) c:\autorun.inf post den Mbam/Spybot loggen og last ned combofix:http://download.bleepingcomputer.com/sUBs/ComboFix.exe legg combofix på skriveborde og kjør det derfra Opprinnelig MBAM logg(med spyware): Malwarebytes' Anti-Malware 1.31 Databaseversjon: 1493 Windows 6.0.6001 Service Pack 1 12.12.2008 21:12:49 mbam-log-2008-12-12 (21-12-49).txt Skanntype: Rask Skann Objekter skannet: 41731 Tid tilbakelagt: 1 minute(s), 57 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 4 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully. Filer infisert: C:\Program Files\Mozilla Firefox\Components\iamfamous.dll (Spyware.Passwords) -> Quarantined and deleted successfully. C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Windows\System32\msqpdxwqsctmei.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\drivers\msqpdxnbcbcrrx.sys (Trojan.Agent) -> Quarantined and deleted successfully. MBAM logg etter at spyware skal være borte: Malwarebytes' Anti-Malware 1.31 Databaseversjon: 1493 Windows 6.0.6001 Service Pack 1 12.12.2008 22:29:26 mbam-log-2008-12-12 (22-29-26).txt Skanntype: Rask Skann Objekter skannet: 43696 Tid tilbakelagt: 1 minute(s), 43 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix logg: ComboFix 08-12-12.02 - Elisabeth 2008-12-13 0:00:05.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3069.1754 [GMT 1:00] Kjører fra: c:\users\Elisabeth\Desktop\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf D:\Autorun.inf D:\resycled d:\resycled\boot.com . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-12 til 2008-12-12 ))))))))))))))))))))))))))))))))) . 2008-12-12 22:02 . 2008-12-12 22:02 <DIR> d-------- c:\program files\Trend Micro 2008-12-11 20:01 . 2008-12-11 20:01 <DIR> dr-h----- c:\users\Elisabeth\AppData\Roaming\SecuROM 2008-12-11 19:59 . 2008-12-11 19:59 <DIR> d-------- c:\program files\Nobilis 2008-12-11 14:04 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll 2008-12-11 14:04 . 2006-09-28 16:05 237,848 --a------ c:\windows\System32\xactengine2_4.dll 2008-12-11 14:04 . 2006-07-28 09:30 236,824 --a------ c:\windows\System32\xactengine2_3.dll 2008-12-11 14:04 . 2006-09-28 16:04 68,888 --a------ c:\windows\System32\xinput1_3.dll 2008-12-11 14:04 . 2006-07-28 09:30 62,744 --a------ c:\windows\System32\xinput1_2.dll 2008-12-11 14:04 . 2006-09-28 16:03 15,128 --a------ c:\windows\System32\x3daudio1_1.dll 2008-12-11 14:03 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll 2008-12-10 10:35 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-01 23:43 . 2008-12-01 23:43 <DIR> d-------- c:\users\Elisabeth\AppData\Roaming\DAEMON Tools 2008-12-01 23:43 . 2008-12-01 23:43 <DIR> d-------- c:\program files\DAEMON Tools Lite 2008-12-01 23:40 . 2008-12-01 23:40 715,248 --a------ c:\windows\System32\drivers\sptd.sys 2008-11-30 12:13 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-30 12:13 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-30 12:13 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-30 12:13 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-30 12:13 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-29 21:49 . 1998-01-23 12:22 304,128 --a------ c:\windows\IsUninst.exe 2008-11-17 08:23 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-17 08:23 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-17 08:23 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-17 08:23 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-17 08:23 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-17 08:23 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-17 08:23 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-17 08:22 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-17 08:22 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-16 17:29 . 2008-11-16 21:51 <DIR> d-------- c:\program files\Silent Hill Homecoming 2008-11-16 11:34 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-16 11:34 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-16 11:34 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-12 21:00 --------- d-----w c:\programdata\Spybot - Search & Destroy 2008-12-12 17:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-12-12 16:36 --------- d-----w c:\users\Elisabeth\AppData\Roaming\BitTorrent 2008-12-11 18:59 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-09 23:55 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-09 23:52 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-02 09:28 --------- d-----w c:\program files\Windows Mail 2008-11-24 19:13 --------- d-----w c:\program files\Mozilla Thunderbird 2008-11-01 10:34 --------- d-----w c:\program files\DivX 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-22 08:24 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll 2008-10-18 23:07 --------- d-----w c:\programdata\Apple Computer 2008-10-18 23:07 --------- d-----w c:\program files\QuickTime 2008-10-18 23:07 --------- d-----w c:\program files\Common Files\Apple 2008-10-18 23:06 --------- d-----w c:\programdata\Apple 2008-10-18 23:06 --------- d-----w c:\program files\Apple Software Update 2008-10-16 08:10 --------- d-----w c:\program files\Kyodai Mahjongg 2006 2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-08-10 18:26 174 --sha-w c:\program files\desktop.ini . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-08-12 144792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{08087617-C742-4B78-8CB9-CCD9FCE47B5D}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{D809ED7F-58F3-40D5-B222-6AA7A43283AB}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{5C8325E6-60D2-4739-82EF-DB8F5A822580}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{5ABFC9E6-C479-4655-BFB2-B1888E36E8C2}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{D84B9311-6F1B-46C9-831A-A46C55FCBE51}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{706F5AA2-C7C6-45C8-82C8-D7B000865499}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{42AC40F7-E97D-4765-B857-842DF4474809}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{30F4CFCF-08D5-4DD9-AF40-41CEEC81A973}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{D3A97619-DBDA-4B2B-9F95-133BD97FCCFA}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "{3D182223-E45D-469C-92B2-DD9B6D6EBABE}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent "{56FFB7FF-7A26-4DFD-A685-FA6AACDAF4BD}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent "TCP Query User{53E081B6-5AAC-4500-AF48-365EE848F1A9}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{4B4CB1C9-04D3-484A-AD88-7A0D5022F844}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-10 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-10 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-10 231704] R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-08-10 69128] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b229ca6-bff9-11dd-aeda-001d0922cd8a}] \shell\AutoRun\command - k:\autoplay\nop.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-13 00:01:52 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(724) c:\windows\system32\avgrsstx.dll - - - - - - - > 'lsass.exe'(624) c:\windows\system32\avgrsstx.dll . Tidspunkt ferdig: 2008-12-13 0:05:48 ComboFix-quarantined-files.txt 2008-12-12 23:05:46 Pre-Run: 350 567 923 712 byte ledig Post-Run: 350,539,984,896 byte ledig 163 --- E O F --- 2008-12-10 09:36:29 Lenke til kommentar
raWrz Skrevet 12. desember 2008 Del Skrevet 12. desember 2008 ser fint ut Combofix tok den c:\autorun.inf Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: ComboFix /u PS: legg merke til mellomrommet mellom X og /u Du skal nå ha noe som tilsvarer bildet nedenfor: Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Lenke til kommentar
sheherezade Skrevet 12. desember 2008 Forfatter Del Skrevet 12. desember 2008 Tusen takk folkens. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå