TaZ Skrevet 11. august 2009 Del Skrevet 11. august 2009 (endret) Andre kjøring etter den fjerna 128 ting. klarte å slette den loggen.. Malwarebytes' Anti-Malware 1.40 Database version: 2601 Windows 5.1.2600 Service Pack 2 11.08.2009 18:30:12 mbam-log-2009-08-11 (18-30-12).txt Scan type: Quick Scan Objects scanned: 104370 Time elapsed: 8 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 09-08-10.06 - Geir 11.08.2009 17:43.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.503.300 [GMT 2:00] Kjører fra: c:\documents and settings\Geir \Skrivebord\ComboFix.exe ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Geir \err.log c:\windows\bobsaver.exe c:\windows\bobsaver.scr c:\windows\Downloaded Program Files\dlhelper.dll c:\windows\Installer\11a5cd.msi c:\windows\Installer\193e52b.msi c:\windows\Installer\3f274.msi c:\windows\system32\stera.log . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-11 til 2009-08-11 ))))))))))))))))))))))))))))))))) . 2009-08-11 15:36 . 2009-08-11 15:37 -------- d-----w- c:\programfiler\Tiny Personal Firewall 2009-08-11 15:36 . 2001-10-22 15:54 77312 ----a-w- c:\windows\system32\drivers\fwdrv.sys 2009-08-11 13:52 . 2009-08-11 13:52 -------- d-----w- c:\documents and settings\Geir\Programdata\Malwarebytes 2009-08-11 13:52 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-11 13:52 . 2009-08-11 13:52 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-08-11 13:52 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-11 13:52 . 2009-08-11 13:52 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-08-11 13:22 . 2009-08-11 14:34 -------- d-----w- c:\windows\system32\CatRoot_bak 2009-08-11 13:19 . 2001-10-06 11:36 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-08-11 13:19 . 2001-10-06 11:36 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2009-08-11 13:19 . 2004-08-03 22:57 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-08-11 13:19 . 2004-08-03 22:57 14720 ----a-w- c:\windows\system32\dllcache\kbdhid.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-11 15:36 . 2005-01-12 19:14 -------- d--h--w- c:\programfiler\InstallShield Installation Information 2009-08-11 14:15 . 2006-04-08 23:34 -------- d-----w- c:\programfiler\MSN Messenger 2009-08-11 14:12 . 2006-02-02 14:03 -------- d-----w- c:\programfiler\QuickTime 2009-08-11 14:10 . 2005-04-09 22:51 -------- d-----w- c:\programfiler\Fellesfiler\Real 2009-08-11 13:20 . 2005-01-12 19:06 61158 ----a-w- c:\windows\system32\PERFC014.DAT 2009-08-11 13:20 . 2005-01-12 19:06 386046 ----a-w- c:\windows\system32\PERFH014.DAT 2006-02-18 12:22 . 2006-02-18 12:21 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys 2006-02-01 13:45 . 2006-02-01 13:42 338 --sha-w- c:\windows\SYSTEM32\msjeto1.dat 2006-02-01 13:45 . 2006-02-01 13:42 520 --sha-w- c:\windows\SYSTEM32\msjeto2.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *SsiEfr.estera [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Geir^Start-meny^Programmer^Oppstart^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\documents and settings\Geir\Start-meny\Programmer\Oppstart\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= R1 fwdrv;Tiny Personal Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fwdrv.sys [11.08.2009 17:36 77312] S3 cmuda2;C-Media USB Audio Interface;c:\windows\system32\drivers\cmuda2.sys --> c:\windows\system32\drivers\cmuda2.sys [?] S3 rt2571;Wireless 802.11g USB Adapter Driver;c:\windows\SYSTEM32\DRIVERS\rt2571.sys [12.10.2007 11:41 81920] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-02-17 c:\windows\Tasks\Tegnkart.job - c:\windows\SYSTEM32\charmap.exe [2004-08-04 12:00] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-Magentic - c:\progra~1\Magentic\bin\Magentic.exe HKCU-Run-H/PC Connection Agent - c:\programfiler\Microsoft ActiveSync\WCESCOMM.EXE HKU-Default-Run-Picasa Media Detector - c:\programfiler\Picasa2\PicasaMediaDetector.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://vg.no/ mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR IE: &Google Search - c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC IE: &Translate English Word - c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html IE: Backward Links - c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\programfiler\google\GoogleToolbar2.dll/cmcache.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 IE: Similar Pages - c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate Page into English - c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html IE: {{050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - c:\programfiler\CoralEurobetPoker\coraleurobetpoker.exe . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-11 17:54 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1638582671-4067692757-2746595228-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(3440) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\browselc.dll c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\programfiler\Microsoft Office\OFFICE11\msohev.dll c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\system32\wmvcore.dll c:\windows\system32\WMASF.DLL . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE c:\programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe c:\windows\SYSTEM32\WSCNTFY.EXE . ************************************************************************** . Tidspunkt ferdig: 2009-08-11 18:01 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-08-11 16:01 Pre-Run: 9 168 113 664 byte ledig Post-Run: 10 665 693 184 byte ledig 146 --- E O F --- 2008-09-16 21:08 Fjerne disse 2? c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE Har ingen printer.. Så er det en "mobil enhet" i min datamaskin som skulle hvert fjerna.. Endret 11. august 2009 av taz Lenke til kommentar
snippsat Skrevet 12. august 2009 Del Skrevet 12. august 2009 Ser bra ut. Fjerne disse 2?c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE Ja men bare lagere dem som(SYSTEM32\LEXPPS.EXE.bak)først kjører pcen greit sletter du dem etter en stund. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå