S_J Skrevet 24. april 2009 Del Skrevet 24. april 2009 I det siste har antivirusprogrammet AVG advart meg om virus nesten hver gang jeg har lastet ned oppdateringer med Windows Update. Advarselen kommer mens Windows Update kjører (mens det lastes ned tror jeg, husker ikke nøyaktig). Jeg får advarselen om at AVG har funnet et virus, men når jeg prøver å gjøre noe med det, går det ikke, ser etterpå at filen er borte. Har skannet hele maskinen med AVG, men finner ikke noe. I det siste har jeg også fått flere blåskjermer enn vanlig Siste virus som ble funnet var "Trojan horse BackDoor.Generic10.XPT", denne ble funnet i C:\Windows\system32\drivers\TDSSwicc.sys. Filen er som sagt nå borte, uten at jeg gjorde noe. Noen som vet hva som kan være feil? Noen forslag til løsning? Lenke til kommentar
raWrz Skrevet 24. april 2009 Del Skrevet 24. april 2009 følg veiledningen som er linket i signaturen min Lenke til kommentar
S_J Skrevet 25. april 2009 Forfatter Del Skrevet 25. april 2009 følg veiledningen som er linket i signaturen min Takk, fikk fjernet noe med begge programmene, her er loggene: ComboFix 09-04-25.03 - Anonym 25.04.2009 2:04.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.1525.794 [GMT 2:00] Kjører fra: c:\users\Anonym\Desktop\ComboFix.exe AV: AVG 7.5.557 *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\TDSSmccb.dat c:\windows\system32\x64 . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-05-25 til 2009-4-25 ))))))))))))))))))))))))))))))))) . 2009-04-24 20:00 . 2009-04-24 20:00 -------- d-----w c:\users\Anonym\AppData\Roaming\Malwarebytes 2009-04-24 20:00 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-24 20:00 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-24 20:00 . 2009-04-24 20:00 -------- d-----w c:\users\All Users\Malwarebytes 2009-04-24 20:00 . 2009-04-24 20:00 -------- d-----w c:\programdata\Malwarebytes 2009-04-24 19:19 . 2009-04-24 19:19 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf 2009-04-24 19:04 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll 2009-04-24 19:04 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-04-24 19:04 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-04-24 19:04 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-04-24 19:04 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-04-24 19:04 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-04-24 19:04 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-04-24 19:04 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll 2009-04-24 19:04 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-04-24 19:04 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe 2009-04-24 19:01 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll 2009-04-24 19:01 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll 2009-04-24 19:01 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll 2009-04-24 19:01 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll 2009-04-24 18:51 . 2009-03-03 04:40 827392 ----a-w c:\windows\system32\wininet.dll 2009-04-24 18:50 . 2009-03-03 03:01 389632 ----a-w c:\windows\system32\html.iec 2009-04-24 18:50 . 2009-03-03 02:28 26624 ----a-w c:\windows\system32\ieUnatt.exe 2009-04-24 18:50 . 2009-03-03 04:37 78336 ----a-w c:\windows\system32\ieencode.dll 2009-04-24 18:50 . 2009-03-03 02:27 1383424 ----a-w c:\windows\system32\mshtml.tlb 2009-04-24 18:50 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll 2009-04-24 18:50 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll 2009-04-24 18:50 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-24 23:55 . 2008-01-19 21:28 -------- d-----w c:\users\Anonym\AppData\Roaming\AVG7 2009-04-24 20:00 . 2009-04-24 20:00 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-24 19:19 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat 2009-04-24 19:19 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat 2009-04-24 19:19 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat 2009-04-24 18:57 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-09 12:42 . 2006-11-21 05:16 523966 ----a-w c:\windows\System32\perfh014.dat 2009-04-09 12:42 . 2006-11-21 05:16 101906 ----a-w c:\windows\System32\perfc014.dat 2009-03-20 05:37 . 2009-03-20 05:37 208688 ----a-w c:\windows\system32\drivers\SynTP.sys 2009-03-20 05:36 . 2007-07-27 04:29 120104 ----a-w c:\windows\System32\SynTPCo4.dll 2009-03-20 05:36 . 2007-07-27 03:46 161064 ----a-w c:\windows\System32\SynTPAPI.dll 2009-03-20 05:36 . 2009-03-20 05:36 206120 ----a-w c:\windows\System32\SynCtrl.dll 2009-03-20 05:36 . 2007-07-27 03:38 169256 ----a-w c:\windows\System32\SynCOM.dll 2009-03-17 03:38 . 2009-04-24 19:01 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-04 15:32 . 2007-11-12 05:56 -------- d-----w c:\program files\Microsoft Silverlight 2009-02-22 00:30 . 2007-12-03 22:16 1356 ----a-w c:\users\Anonym\AppData\Local\d3d9caps.dat 2009-02-09 03:10 . 2009-03-18 15:03 2033152 ----a-w c:\windows\System32\win32k.sys 2008-08-14 02:11 . 2007-08-25 01:40 67072 ----a-w c:\users\Anonym\AppData\Local\GDIPFONTCACHEV1.DAT 2008-07-12 15:08 . 2008-07-12 15:08 65904 ----a-w c:\users\1\AppData\Local\GDIPFONTCACHEV1.DAT 2008-04-21 15:02 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini 2007-10-14 18:56 . 2007-10-14 18:56 65904 ----a-w c:\users\Gjest\AppData\Local\GDIPFONTCACHEV1.DAT 2008-01-01 03:50 . 2007-08-25 17:48 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-01 03:50 . 2007-08-25 17:48 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-01 03:50 . 2007-08-25 17:48 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-02-06 509496] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-20 438272] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-01-18 4349952] "NDSTray.exe"="NDSTray.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-01-19 219136] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-26 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] 2008-01-19 21:25 9216 ----a-w c:\windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{72A70577-FA48-4B9D-8BC9-28E18AA0C4C4}c:\\program files\\netscape\\navigator 9\\navigator.exe"= UDP:c:\program files\netscape\navigator 9\navigator.exe:Navigator "UDP Query User{DBD940D8-0B8B-475B-8DF6-D4011E86D07B}c:\\program files\\netscape\\navigator 9\\navigator.exe"= TCP:c:\program files\netscape\navigator 9\navigator.exe:Navigator "TCP Query User{3D06B825-0233-4BAA-99A9-AB8F13D58EBB}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{BCDC1E66-73D3-4C7C-A4C1-F290939D2724}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{AD706B74-DE8A-4910-B57E-CDF920E4E12C}c:\\program files\\microsoft virtual pc\\virtual pc.exe"= UDP:c:\program files\microsoft virtual pc\virtual pc.exe:Virtual PC 2007 "UDP Query User{466C7886-BEF7-4EC2-950C-FD518C15BB23}c:\\program files\\microsoft virtual pc\\virtual pc.exe"= TCP:c:\program files\microsoft virtual pc\virtual pc.exe:Virtual PC 2007 "TCP Query User{68AB9FFC-29B1-4710-8B21-DAA9B1E70DC8}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:Filoverføringsprogram "UDP Query User{08B4C19B-FFF1-4538-B419-CB6EBAEC5B5F}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:Filoverføringsprogram "TCP Query User{8AA88C46-6DA8-4E78-BA6A-68594ABC3C44}c:\\program files\\microsoft virtual pc\\virtual pc.exe"= UDP:c:\program files\microsoft virtual pc\virtual pc.exe:Virtual PC 2007 "UDP Query User{6AFDE922-3980-450E-B659-2B7F006E4105}c:\\program files\\microsoft virtual pc\\virtual pc.exe"= TCP:c:\program files\microsoft virtual pc\virtual pc.exe:Virtual PC 2007 "TCP Query User{0EF8AF34-16A5-46FF-AC5C-B495F788B231}c:\\program files\\apple\\safari\\safari.exe"= UDP:c:\program files\apple\safari\safari.exe:Safari Web Browser "UDP Query User{1DF95EA0-AB6D-4BE1-AA71-9157BBC8823A}c:\\program files\\apple\\safari\\safari.exe"= TCP:c:\program files\apple\safari\safari.exe:Safari Web Browser "TCP Query User{59DB9942-AD57-4AD5-8760-19B5D3D56007}c:\\program files\\apple\\safari\\safari.exe"= UDP:c:\program files\apple\safari\safari.exe:Safari Web Browser "UDP Query User{B041B821-0789-4502-99C3-05D9762E69B4}c:\\program files\\apple\\safari\\safari.exe"= TCP:c:\program files\apple\safari\safari.exe:Safari Web Browser "{F6D7F330-1D2B-426D-9083-32D58AEC1E6A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{29AFB994-C34A-44CA-9933-DD24B99EADEA}"= Disabled:UDP:c:\program files\Apple\iTunes\iTunes.exe:iTunes "{A045E48B-7E74-453B-A2DD-3DC78C3A0D34}"= Disabled:TCP:c:\program files\Apple\iTunes\iTunes.exe:iTunes "TCP Query User{8DA336EC-CB6D-4F00-88E1-C03F5230A9D3}d:\\programfiler\\chat\\cchat.exe"= Disabled:UDP:d:\programfiler\chat\cchat.exe:Microsoft Chat "UDP Query User{BF0542A6-80E8-4C7C-AC3D-F59659CFBB16}d:\\programfiler\\chat\\cchat.exe"= Disabled:TCP:d:\programfiler\chat\cchat.exe:Microsoft Chat "{24907A87-4527-4E7F-BD36-A56D3D1A4F10}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{0023E7DC-116F-4C29-884F-868719C4B4F6}c:\\spill\\microsoft games\\age of empires\\empires.exe"= UDP:c:\spill\microsoft games\age of empires\empires.exe:Age of Empires "UDP Query User{20D1C697-0DC0-419A-9475-62305B6BD8E6}c:\\spill\\microsoft games\\age of empires\\empires.exe"= TCP:c:\spill\microsoft games\age of empires\empires.exe:Age of Empires "TCP Query User{F8F21E32-EDB9-4184-BE7C-5F476CAB3F6F}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{44DC3A81-2F59-4199-8629-0242D59182F4}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "TCP Query User{AC57AAE5-BDCD-4C42-8FAB-27FAE255891B}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{9E85AC7A-87DD-4116-BBDA-CF38C51AD921}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "TCP Query User{949366FE-BCDC-45B9-9B98-24EC57987764}c:\\spill\\microsoft games\\age of empires\\empires.exe"= UDP:c:\spill\microsoft games\age of empires\empires.exe:Age of Empires "UDP Query User{7E35E1CE-EC98-432B-B3EE-30B4B1F1B1FE}c:\\spill\\microsoft games\\age of empires\\empires.exe"= TCP:c:\spill\microsoft games\age of empires\empires.exe:Age of Empires "{BB5AF340-8C33-4A72-A373-86004DF1CD69}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{D6C3CBAB-6F2B-4F01-8557-9D537C68236E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{BB618786-6F7A-4BDE-912F-5CAF65A97C3B}"= UDP:c:\program files\Apple\iTunes\iTunes.exe:iTunes "{6447A6B9-CF76-4F40-93FA-2DD31CEE919F}"= TCP:c:\program files\Apple\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328] R3 TpChoice;Touch Pad Detection Filter driver; [x] R3 WMSvc;Webbehandlingstjeneste;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264] R4 Criscs;Criscs;c:\windows\system32\drivers\acpi.sys [2008-01-19 266808] S3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\System32\Drivers\avgwfp.sys [2008-03-16 53768] S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02f939b2-52b2-11dc-a0a3-806e6f6e6963}] \shell\AutoRun\command - E:\Launch.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{12C43E05-8869-4DA0-959B-630AD3101777}.job - c:\windows\system32\msfeedssync.exe [2008-04-21 07:33] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-TOSCDSPD - TOSCDSPD.EXE HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = 222.35.73.93:80 IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?NO LSP: c:\windows\system32\wpclsp.dll DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-25 02:14 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(3504) c:\program files\Microsoft Virtual PC\VPCShExH.DLL . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\System32\audiodg.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\System32\inetsrv\inetinfo.exe c:\windows\System32\TCPSVCS.EXE c:\windows\System32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\System32\conime.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\System32\rundll32.exe c:\program files\Synaptics\SynTP\SynToshiba.exe c:\windows\System32\igfxsrvc.exe c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe c:\windows\ehome\ehmsas.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Windows Defender\MpCmdRun.exe . ************************************************************************** . Tidspunkt ferdig: 2009-04-25 2:18 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-04-25 00:17 Pre-Run: 21 260 398 592 byte ledig Post-Run: 25 037 250 560 byte ledig 248 --- E O F --- 2009-04-24 19:19 Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2036 Windows 6.0.6001 Service Pack 1 24.04.2009 22:18:14 mbam-log-2009-04-24 (22-18-14).txt Skanntype: Rask Skann Objekter skannet: 20460 Tid tilbakelagt: 48 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2036 Windows 6.0.6001 Service Pack 1 24.04.2009 22:23:53 mbam-log-2009-04-24 (22-23-53).txt Skanntype: Rask Skann Objekter skannet: 27962 Tid tilbakelagt: 4 minute(s), 25 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 5 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Windows\System32\TDSScrrx.dll (Trojan.TDSS) -> Delete on reboot. C:\Windows\System32\TDSSfgrl.dll (Trojan.TDSS) -> Delete on reboot. C:\Windows\System32\TDSStmei.dll (Trojan.TDSS) -> Delete on reboot. C:\Windows\System32\TDSSwqsc.dll (Trojan.TDSS) -> Delete on reboot. C:\Windows\System32\drivers\TDSSwicc.sys (Trojan.TDSS) -> Delete on reboot. Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2036 Windows 6.0.6001 Service Pack 1 24.04.2009 22:35:15 mbam-log-2009-04-24 (22-35-15).txt Skanntype: Rask Skann Objekter skannet: 86447 Tid tilbakelagt: 8 minute(s), 13 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 2 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 6 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Windows\System32\drivers\TDSSserv.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Anonym\AppData\Local\Temp\TDSScd0f.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Anonym\AppData\Local\Temp\TDSScd4d.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Anonym\AppData\Local\Temp\TDSSf49c.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Anonym\AppData\Local\Temp\TDSSf4da.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\System32\TDSSjgfo.dll (Rootkit.Agent) -> Quarantined and deleted successfully. Tror dere jeg er kvitt problemet nå? Noen som tror de vet hva som kan ha skjedd? Jeg prøver å være forsiktig, oppdaterer antivirusprogramdatabasen og Vista ofte og sjekker alltid en fil som fra internett el. l. med AVG før jeg åpner. Lenke til kommentar
snippsat Skrevet 25. april 2009 Del Skrevet 25. april 2009 Ja ser bra ut. start->kjør->Devmgmt.msc Vis->vis skjulte enheter Se etter. Drivere som ikke er plug play kompatible Se etter "TDSSSERV.SYS" "TDSSserv.sys" Regner med dem er borte. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Tips oppgardere til avg 8.5 Surf trygt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå