kijons Skrevet 29. januar 2009 Del Skrevet 29. januar 2009 Hei, og takk for et fint forum. Fikk beskjed om å legge ut loggen av Malware AntiSpam og CombiFix. takknemmelig hvis dere ser hva som kan slettes eller ikke slettes. Loggen av Malware AntiSpam er her: Malwarebytes' Anti-Malware 1.33 Databaseversjon: 1703 Windows 5.1.2600 Service Pack 2 1/29/2009 11:52:41 PM mbam-log-2009-01-29 (23-52-41).txt Skanntype: Rask Skann Objekter skannet: 43005 Tid tilbakelagt: 3 minute(s), 8 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Startup Manager (Backdoor.Bot) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Program Files\Advanced System Optimizer\startUp manager.exe (Backdoor.Bot) -> Quarantined and deleted successfully. Loggen av CombiFix er her: ComboFix 09-01-21.04 - Mia 2009-01-30 16:02:06.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.243 [GMT 1:00] Running from: c:\documents and settings\Mia\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 ))))))))))))))))))))))))))))))) . 2009-01-30 00:24 . 2009-01-30 00:24 443 --a------ c:\windows\wininit.ini 2009-01-29 23:45 . 2009-01-29 23:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-29 23:45 . 2009-01-29 23:45 <DIR> d-------- c:\documents and settings\Mia\Application Data\Malwarebytes 2009-01-29 23:45 . 2009-01-29 23:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-29 23:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-29 23:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-29 23:43 . 2009-01-29 23:43 <DIR> d-------- c:\program files\Opera 2009-01-29 23:37 . 2009-01-29 23:54 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-29 23:37 . 2009-01-29 23:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-29 23:16 . 2004-10-29 18:48 3,222,784 --a------ c:\windows\system32\drivers\w29n51.sys 2009-01-29 23:16 . 2004-10-15 10:20 458,752 --a------ c:\windows\system32\w29NCPA.dll 2009-01-29 23:16 . 2005-03-04 11:10 74,496 --a------ c:\windows\system32\drivers\Rtlnicxp.sys 2009-01-29 23:14 . 2005-04-05 05:25 160,768 --a------ c:\windows\system32\drivers\tifm21.sys 2009-01-29 23:12 . 2005-04-25 15:09 135,168 --a------ c:\windows\system32\drivers\ADIHdAud.sys 2009-01-29 23:10 . 2009-01-29 23:16 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-01-29 22:34 . 2009-01-29 22:34 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-01-29 22:34 . 2009-01-29 22:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-29 22:34 . 2009-01-29 22:34 <DIR> d-------- c:\documents and settings\Mia\Application Data\SUPERAntiSpyware.com 2009-01-29 22:34 . 2009-01-29 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-29 22:18 . 2009-01-29 22:18 <DIR> d-------- c:\documents and settings\Mia\log 2009-01-29 22:18 . 2009-01-29 22:18 142,096 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-01-29 22:00 . 2009-01-29 22:00 <DIR> d-------- c:\program files\Sophos 2009-01-29 21:39 . 2009-01-30 00:09 <DIR> d-------- c:\program files\RegistryFix7 2009-01-29 21:14 . 2009-01-29 21:14 <DIR> d-------- c:\documents and settings\Mia\Application Data\Systweak 2009-01-29 20:50 . 2009-01-30 00:24 <DIR> d-------- c:\program files\NoAdware5.0 2009-01-29 20:47 . 2005-08-25 18:19 1,066,176 --a------ c:\windows\system32\MSCOMCTL.OCX 2009-01-29 20:47 . 2005-08-25 18:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL 2009-01-29 20:47 . 2005-08-25 18:19 115,920 --a------ c:\windows\system32\MSINET.OCX 2009-01-29 19:36 . 2009-01-29 19:41 <DIR> d-------- c:\program files\Safer Networking 2009-01-29 19:36 . 2009-01-29 19:36 <DIR> d-------- c:\documents and settings\Mia\Application Data\Safer Networking . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-29 22:51 --------- d-----w c:\program files\Advanced System Optimizer 2009-01-29 17:47 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-29 17:47 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-29 17:47 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-29 17:46 --------- d-----w c:\program files\AVG 2009-01-29 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-29 17:40 9,388 ----a-w c:\windows\system32\drivers\iaStor.PNF 2009-01-29 17:40 7,280 ----a-w c:\windows\system32\drivers\viamraid.PNF 2009-01-29 17:40 63,240 ----a-w c:\windows\system32\drivers\Si3112r.PNF 2009-01-29 17:40 6,984 ----a-w c:\windows\system32\drivers\SiSRaid.PNF 2009-01-29 17:40 20,152 ----a-w c:\windows\system32\drivers\INFCACHE.1 2009-01-29 17:40 12,432 ----a-w c:\windows\system32\drivers\adpu320.PNF 2009-01-29 17:40 12,204 ----a-w c:\windows\system32\drivers\nvraid.PNF 2009-01-29 17:40 10,828 ----a-w c:\windows\system32\drivers\iaAHCI.PNF 2009-01-29 17:20 --------- d-----w c:\program files\Yamicsoft 2009-01-29 17:12 --------- d-----w c:\program files\Trend Micro 2009-01-29 16:51 --------- d-----w c:\program files\microsoft frontpage 2009-01-29 16:50 --------- d-----w c:\program files\Java 2009-01-29 16:50 --------- d-----w c:\program files\Common Files\Java . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-29 18:47 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-29 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-29 107272] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-01-29 15504] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-29 903960] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-29 298264] R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-29 170640] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\152.tmp --> c:\windows\system32\152.tmp [?] . . ------- Supplementary Scan ------- . uLocal Page = \blank.htm . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-30 16:02:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\152.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(504) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll . Completion time: 2009-01-30 16:03:28 ComboFix-quarantined-files.txt 2009-01-30 15:03:26 ComboFix2.txt 2009-01-29 17:10:41 Pre-Run: 77,054,738,432 bytes free Post-Run: 77,057,396,736 bytes free 125 Lenke til kommentar
norbat Skrevet 29. januar 2009 Del Skrevet 29. januar 2009 Du har litt mye dill-dall, så avinstaller om mulig, følgende prog fra legg til/fjern programmer: Advanced System Optimizer Spybot - Search & Destroy inkl. Teatimer RegistryFix7 NoAdware5.0 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: c:\windows\system32\152.tmp Driver:: MEMSWEEP2 Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] Post ny combofix-logg. Lenke til kommentar
kijons Skrevet 29. januar 2009 Forfatter Del Skrevet 29. januar 2009 Hei hei her har vi den oppdaterte loggen ComboFix 09-01-21.04 - Mia 2009-01-30 16:58:19.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.203 [GMT 1:00] Running from: c:\documents and settings\Mia\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Mia\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Created a new restore point . - REDUCED FUNCTIONALITY MODE - FILE :: c:\windows\system32\152.tmp . ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 ))))))))))))))))))))))))))))))) . 2009-01-30 16:40 . 2009-01-30 16:40 <DIR> d-------- c:\windows\system32\CatRoot_bak 2009-01-30 16:23 . 2009-01-30 16:30 <DIR> d-------- c:\windows\LastGood 2009-01-30 00:24 . 2009-01-30 00:24 443 --a------ c:\windows\wininit.ini 2009-01-29 23:45 . 2009-01-29 23:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-29 23:45 . 2009-01-29 23:45 <DIR> d-------- c:\documents and settings\Mia\Application Data\Malwarebytes 2009-01-29 23:45 . 2009-01-29 23:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-29 23:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-29 23:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-29 23:43 . 2009-01-29 23:43 <DIR> d-------- c:\program files\Opera 2009-01-29 23:37 . 2009-01-30 16:44 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-29 23:37 . 2009-01-30 16:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-29 23:16 . 2004-10-29 18:48 3,222,784 --a------ c:\windows\system32\drivers\w29n51.sys 2009-01-29 23:16 . 2004-10-15 10:20 458,752 --a------ c:\windows\system32\w29NCPA.dll 2009-01-29 23:16 . 2005-03-04 11:10 74,496 --a------ c:\windows\system32\drivers\Rtlnicxp.sys 2009-01-29 23:14 . 2005-04-05 05:25 160,768 --a------ c:\windows\system32\drivers\tifm21.sys 2009-01-29 23:12 . 2005-04-25 15:09 135,168 --a------ c:\windows\system32\drivers\ADIHdAud.sys 2009-01-29 23:10 . 2009-01-29 23:16 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-01-29 22:34 . 2009-01-29 22:34 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-01-29 22:34 . 2009-01-29 22:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-29 22:34 . 2009-01-29 22:34 <DIR> d-------- c:\documents and settings\Mia\Application Data\SUPERAntiSpyware.com 2009-01-29 22:34 . 2009-01-29 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-29 22:18 . 2009-01-29 22:18 <DIR> d-------- c:\documents and settings\Mia\log 2009-01-29 22:18 . 2009-01-29 22:18 142,096 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-01-29 22:00 . 2009-01-29 22:00 <DIR> d-------- c:\program files\Sophos 2009-01-29 21:39 . 2009-01-30 00:09 <DIR> d-------- c:\program files\RegistryFix7 2009-01-29 21:14 . 2009-01-29 21:14 <DIR> d-------- c:\documents and settings\Mia\Application Data\Systweak 2009-01-29 20:50 . 2009-01-30 00:24 <DIR> d-------- c:\program files\NoAdware5.0 2009-01-29 20:47 . 2005-08-25 18:19 1,066,176 --a------ c:\windows\system32\MSCOMCTL.OCX 2009-01-29 20:47 . 2005-08-25 18:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL 2009-01-29 20:47 . 2005-08-25 18:19 115,920 --a------ c:\windows\system32\MSINET.OCX 2009-01-29 19:36 . 2009-01-29 19:41 <DIR> d-------- c:\program files\Safer Networking 2009-01-29 19:36 . 2009-01-29 19:36 <DIR> d-------- c:\documents and settings\Mia\Application Data\Safer Networking . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-29 22:51 --------- d-----w c:\program files\Advanced System Optimizer 2009-01-29 17:47 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-29 17:47 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-29 17:47 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-29 17:46 --------- d-----w c:\program files\AVG 2009-01-29 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-29 17:40 9,388 ----a-w c:\windows\system32\drivers\iaStor.PNF 2009-01-29 17:40 7,280 ----a-w c:\windows\system32\drivers\viamraid.PNF 2009-01-29 17:40 63,240 ----a-w c:\windows\system32\drivers\Si3112r.PNF 2009-01-29 17:40 6,984 ----a-w c:\windows\system32\drivers\SiSRaid.PNF 2009-01-29 17:40 20,152 ----a-w c:\windows\system32\drivers\INFCACHE.1 2009-01-29 17:40 12,432 ----a-w c:\windows\system32\drivers\adpu320.PNF 2009-01-29 17:40 12,204 ----a-w c:\windows\system32\drivers\nvraid.PNF 2009-01-29 17:40 10,828 ----a-w c:\windows\system32\drivers\iaAHCI.PNF 2009-01-29 17:20 --------- d-----w c:\program files\Yamicsoft 2009-01-29 17:12 --------- d-----w c:\program files\Trend Micro 2009-01-29 16:51 --------- d-----w c:\program files\microsoft frontpage 2009-01-29 16:50 --------- d-----w c:\program files\Java 2009-01-29 16:50 --------- d-----w c:\program files\Common Files\Java 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-30_16.02.42.12 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-04 12:00:00 66,560 ----a-w c:\windows\LastGood\system32\cdm.dll + 2004-08-04 12:00:00 430,592 ----a-w c:\windows\LastGood\system32\wuapi.dll + 2004-08-04 12:00:00 111,104 ----a-w c:\windows\LastGood\system32\wuauclt.exe + 2004-08-04 12:00:00 1,134,592 ----a-w c:\windows\LastGood\system32\wuaueng.dll + 2004-08-04 12:00:00 112,640 ----a-w c:\windows\LastGood\system32\wucltui.dll + 2004-08-04 12:00:00 36,864 ----a-w c:\windows\LastGood\system32\wups.dll + 2004-08-04 12:00:00 120,320 ----a-w c:\windows\LastGood\system32\wuweb.dll - 2004-08-04 12:00:00 66,560 -c--a-w c:\windows\system32\dllcache\cdm.dll + 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll - 2004-08-04 12:00:00 430,592 -c--a-w c:\windows\system32\dllcache\wuapi.dll + 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll - 2004-08-04 12:00:00 111,104 -c--a-w c:\windows\system32\dllcache\wuauclt.exe + 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe - 2004-08-04 12:00:00 1,134,592 -c--a-w c:\windows\system32\dllcache\wuaueng.dll + 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll - 2004-08-04 12:00:00 112,640 -c--a-w c:\windows\system32\dllcache\wucltui.dll + 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll - 2004-08-04 12:00:00 120,320 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-29 18:47 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-29 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-29 107272] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-01-29 15504] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-29 903960] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-29 298264] R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-29 170640] . Contents of the 'Scheduled Tasks' folder 2009-01-30 c:\windows\Tasks\Malwarebytes' Scheduled Update for Mia.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-01-14 16:11] . . ------- Supplementary Scan ------- . uLocal Page = \blank.htm . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-30 16:58:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(504) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll . Completion time: 2009-01-30 17:00:30 ComboFix-quarantined-files.txt 2009-01-30 16:00:23 ComboFix2.txt 2009-01-29 17:10:41 Pre-Run: 76,724,936,704 bytes free Post-Run: 76,689,182,720 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 167 --- E O F --- 2009-01-30 15:30:45 Lenke til kommentar
norbat Skrevet 29. januar 2009 Del Skrevet 29. januar 2009 (endret) Kan du fortelle hvilke sikkerhetsporgram og registryfix-program du ønsker å bruke? Hvis du HAR fjerne de som er nevnt, så ligger det fortsatt noen mapper etter dem. De kan du finne via utforsker og slette. Loggene dine ser forøvrig greie ut. Endret 29. januar 2009 av norbat Lenke til kommentar
kijons Skrevet 29. januar 2009 Forfatter Del Skrevet 29. januar 2009 (endret) hei hei hvilke program foreslår du at jeg skal bruke....nå kjører jeg AVG 8, SuperAnti Free Edition, Malwarebytes Antimalware og Advanced Systen Cleaner. Er dette safe nok?......eller er dette for mange synes du? forresten. det viruset jeg hadde på maskinen (backdoor)...er dette trygt fjernet nå?...er det dette viruset som gjorde at musemarkøren min gikk helt amokk? takk takk Jon Endret 29. januar 2009 av kijons Lenke til kommentar
norbat Skrevet 29. januar 2009 Del Skrevet 29. januar 2009 Avg, SAS og MBAM er en fin kombinasjon. Antar at SAS og MBAM er gratisversjonene - som betyr at du selv må oppdatere og kjøre en skann i ny og ne. Advanced Systen Cleaner kjenner jeg ikke til. Alt. er CCleaner Hvis ting og tang fungerer greit nå, kan avinstallere combofix. Skrive combofix /u i kjør-feltet (start->kjør) Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows. Surt trygt. Lenke til kommentar
kijons Skrevet 30. januar 2009 Forfatter Del Skrevet 30. januar 2009 (endret) hei hei norbat jeg takker og bukker...nikker og neier jammen godt at jeg ble kvitt disse uhyrene. en ting som undrer meg er at...programmet Advanced System Optimizer var infisert med et backdoor virus? når jeg innstallerte programmet.....er ikke dette programmet safe da??...jeg lastet jo ned det fra en ordentlig side jo linken er her http://www.pcworld.com/downloads/file/fid,...,1/reviews.html mvh Jon Endret 30. januar 2009 av kijons Lenke til kommentar
norbat Skrevet 30. januar 2009 Del Skrevet 30. januar 2009 Mulig det er et program som lover mer enn det klarer. I ditt tilfelle så førte det vel til at du formaterte pc'n noen ganger pga. at den sa du hadde et rootkit? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå