Trenger hjelp til å fjerne trojanere

[vacko]

Hei.

 

Har fulgt oppskriften for å fjerne malware. Håper noen kan hjelpe meg med å få det bort fra maskinen.

 

Poster de to loggene under.

 

På forhånd tusen takk.

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databaseversjon: 4466

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

 

23.08.2010 21:12:35

mbam-log-2010-08-23 (21-12-35).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 132700

Tid tilbakelagt: 7 minutt(er), 1 sekund(er)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 3

 

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

(Ingen skadelige objekter funnet)

 

Registerverdier infisert:

(Ingen skadelige objekter funnet)

 

Registerfiler infisert:

(Ingen skadelige objekter funnet)

 

Mapper infisert:

(Ingen skadelige objekter funnet)

 

Filer infisert

C:\Users\Oddbjørn\AppData\Local\Temp\fiu2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Oddbjørn\AppData\Local\Temp\fiu1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Oddbjørn\AppData\Local\Temp\fiuD7A8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

ComboFix 10-08-22.07 - Oddbjørn 23.08.2010 21:29:11.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3070.1863 [GMT 2:00]

Kjører fra: c:\users\Oddbjørn\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-07-23 til 2010-08-23 )))))))))))))))))))))))))))))))))

.

 

2010-08-23 19:33 . 2010-08-23 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-23 19:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-23 19:01 . 2010-08-23 19:01 -------- d-----w- c:\programdata\Malwarebytes

2010-08-23 19:01 . 2010-08-23 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-23 19:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-23 19:24 . 2008-01-21 06:14 76272 ----a-w- c:\windows\system32\perfc014.dat

2010-08-23 19:24 . 2008-01-21 06:14 452088 ----a-w- c:\windows\system32\perfh014.dat

2010-08-23 18:31 . 2009-01-27 04:30 -------- d-----w- c:\program files\Microsoft Works

2010-07-20 16:47 . 2009-04-02 19:10 -------- d-----w- c:\program files\HP

2010-07-19 09:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-06-23 18:54 . 2010-06-23 18:54 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb38BD.tmp.exe

2010-05-26 17:06 . 2010-06-08 17:52 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47 . 2010-06-08 17:52 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-01-27 11:57 . 2009-01-27 11:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6246400]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-08-23 2048352]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-01-27 04:34 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):85,a8,2c,80,89,59,ca,01

 

R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-30 335240]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-10 108552]

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-30 908056]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-30 297752]

S2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 537520]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-07-21 27648]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 00:53]

 

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 00:53]

 

2010-08-23 c:\windows\Tasks\RtlNICDiagVistaStart.job

- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-01-27 11:18]

.

.

------- Tilleggsskanning -------

.

IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-hpqSRMon - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-23 21:33

Windows 6.0.6002 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2010-08-23 21:35:41

ComboFix-quarantined-files.txt 2010-08-23 19:35

 

Pre-Run: 142 798 147 584 byte ledig

Post-Run: 143 819 194 368 byte ledig

 

- - End Of File - - 7270D023574ABFFD0D8BC82A03BA5CC7

Endret 23. august 2010 av vacko

[Svenni212000]

Du har ikke postet loggene i denne tråden.

Antar det er denne guiden du har fulgt? http://to.ly/65oI

[vacko]

Hei. Brukte den oppskriften du linker til ja.

Ble det feil å lime inn det som stod i loggene som kom etter å ha kjørt de to programmene?

 

Det skal være to forksjellige logger i den første posten min. Prøvde å få de i forskjellige poster, men gjorde det vel litt for raskt.

 

Er det noe annet jeg skulle ha gjort? Postet dokumentene som vedlegg?

[norbat]

Loggen ser ok ut. Fortsatt problemer?

[vacko]

Det vet jeg ærlig talt ikke. Maskinen er ikke min, og jeg dro hjem rett etter at jeg postet det første innlegget.

Trodde ikke jeg skulle få svar så raskt

 

Så du tror at programmene jeg har kjørt har tatt knekken på trojanerne?