Maskinen er kokko.. hva kan jeg gjøre?

snippsat · 12. mars 2008

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

Hjt slett.

Surf trygt :thumbup:

Endret 12. mars 2008 av SNIPPSAT

theboss22 · 12. mars 2008

ja, da funker alt sammen kjempe bra.. Takk for all hjelp og innsats!.. :dribble:

Godt å ha data experter kun et tastetrykk unna gett

theboss22 · 25. mars 2008

ja, da funker alt sammen kjempe bra.. Takk for all hjelp og innsats!..
Godt å ha data experter kun et tastetrykk unna gett

Fyfaen.. Nå har det kommet igjen!..

Hjelp :dribble: ???????????????????

snippsat · 25. mars 2008

Ja må ha noen logger igjen da. :hm:

theboss22 · 25. mars 2008

Ja må ha noen logger igjen da.

Tar det i morgen;).. Så ser vi på det da hvis det er greit!

Skjønner ikke åssen det skjer jeg altså!...

theboss22 · 27. mars 2008

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:12:48, on 27.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\sysqyzwud.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Yahoo!\Messenger\ymsgr_tray.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: (no name) - {BEEBF973-2D68-4D35-8548-D04AA50E6030} - C:\WINDOWS\system32\atrac.dll (file missing)

O2 - BHO: Media Player Classic - {CE0487CA-8B02-431E-BA63-D38844E020B5} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [{05CD0D77-4947-4a56-94FA-0DF0DC644D7B}] "C:\WINDOWS\sysqyzwud.exe"

O4 - HKCU\..\Run: [ares] "C:\Programfiler\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

--

End of file - 7274 bytes

ComboFix 08-03-26.1 - Compaq_Eier 2008-03-27 15:15:11.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.154 [GMT 1:00]

Running from: C:\Documents and Settings\Compaq_Eier\Lokale innstillinger\Temporary Internet Files\Content.IE5\B3GA3HCE\ComboFix[1].exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\xewuaqj.exe

.

((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))

.

2008-03-25 22:11 . 2008-03-27 15:12 <DIR> dr-h----- C:\Documents and Settings\Compaq_Eier\Siste

2008-03-25 05:42 . 2008-03-25 05:42 81,472 --a------ C:\WINDOWS\sysutrnez.exe

2008-03-25 05:42 . 2008-03-25 05:42 75,840 --a------ C:\WINDOWS\sysqyzwud.exe

2008-03-25 05:42 . 2008-03-25 05:42 64,576 --a------ C:\WINDOWS\sysscpmqn.exe

2008-03-25 05:42 . 2008-03-25 05:43 3,072 --a------ C:\WINDOWS\xcbhwuq.exe

2008-03-25 05:42 . 2008-03-25 05:43 1,855 --a------ C:\WINDOWS\config.ini

2008-03-25 05:42 . 2008-03-25 05:43 1,409 --a------ C:\WINDOWS\xhbxcnv.exe

2008-03-25 05:42 . 2008-03-25 05:43 1,272 --a------ C:\WINDOWS\xfjzrby.dll

2008-03-20 03:20 . 2008-03-25 05:24 51 --a------ C:\xmp.bat

2008-03-18 17:59 . 2008-03-18 19:10 45 --a------ C:\TEST.XML

2008-03-18 16:38 . 2004-08-04 13:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-03-18 16:38 . 2004-08-04 13:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

2008-03-13 17:33 . 2008-03-13 17:33 <DIR> d-------- C:\Programfiler\Fellesfiler\Hewlett-Packard

2008-03-13 17:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-03-13 17:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys

2008-03-13 17:31 . 2008-03-13 17:31 <DIR> d-------- C:\Programfiler\HP

2008-03-13 17:31 . 2008-03-13 17:34 103,509 --a------ C:\WINDOWS\hpoins04.dat

2008-03-13 17:31 . 2004-06-22 07:04 17,176 --------- C:\WINDOWS\hpomdl04.dat

2008-03-13 04:45 . 2008-03-13 04:45 50 --a------ C:\tmp.bat

2008-03-12 19:55 . 2008-03-12 19:55 <DIR> d-------- C:\Programfiler\Avira

2008-03-12 19:55 . 2008-03-12 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avira

2008-03-12 18:53 . 2008-03-12 18:53 <DIR> d-------- C:\Programfiler\CCleaner

2008-03-12 18:07 . 2008-03-12 18:07 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-03-12 18:07 . 2008-03-12 18:07 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\SUPERAntiSpyware.com

2008-03-12 18:07 . 2008-03-12 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-03-12 18:06 . 2008-03-12 18:06 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-03-12 16:06 . 2008-03-12 16:06 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-11 21:33 . 2008-03-11 21:33 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\Printer Info Cache

2008-03-11 21:33 . 2008-03-11 21:40 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\Image Zone Express

2008-03-11 04:13 . 2008-03-13 04:40 50 --a------ C:\amp.bat

2008-03-10 10:43 . 2008-03-10 10:43 <DIR> d-------- C:\WINDOWS\system32\Engines

2008-03-09 09:58 . 2008-03-10 03:01 <DIR> d-------- C:\WINDOWS\system32\nb-no

2008-03-04 15:37 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-03-04 15:37 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys

2008-03-01 20:04 . 2008-03-01 20:04 2,193,024 --a------ C:\WINDOWS\system32\kernel1.exe

2008-03-01 20:04 . 2007-09-06 13:09 212 -rahs---- C:\BOOT.BKK

2008-03-01 20:00 . 2008-03-01 20:00 <DIR> d-------- C:\Programfiler\TGTSoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-25 19:21 1,670 ----a-w C:\Documents and Settings\Compaq_Eier\Programdata\wklnhst.dat

2008-03-12 20:56 --------- d-----w C:\Programfiler\Fellesfiler\MinneSparere

2008-03-10 09:40 252,432 ----a-w C:\Documents and Settings\Compaq_Eier\Programdata\install_no[1].exe

2008-02-11 22:55 19,584 ----a-w C:\WINDOWS\system32\drivers\wedmrcnn.dat

2008-02-09 22:32 --------- d-----w C:\Programfiler\MinneSparere

2008-02-08 17:40 --------- d-----w C:\Programfiler\IObit

2008-02-02 18:16 260,624 ----a-w C:\Documents and Settings\Compaq_Eier\Programdata\setup_no[1].exe

2008-01-31 11:47 --------- d-----w C:\Programfiler\Google

2008-01-30 13:49 --------- d-----w C:\Programfiler\Java

2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-01-01 12:43 1,600,864 ----a-w C:\Documents and Settings\Compaq_Eier\setup.exe

2004-02-04 18:53 24,070,405 ----a-w C:\Documents and Settings\Compaq_Eier\nero6303.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEEBF973-2D68-4D35-8548-D04AA50E6030}]

C:\WINDOWS\system32\atrac.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE0487CA-8B02-431E-BA63-D38844E020B5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ares"="C:\Programfiler\Ares\Ares.exe" [ ]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

"Yahoo! Pager"="C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-30 15:04 171448]

"NBJ"="C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35 1961984]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 04:05 344064]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2005-01-01 15:27 180269]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920]

"avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-12 19:59 249896]

"{05CD0D77-4947-4a56-94FA-0DF0DC644D7B}"="C:\WINDOWS\sysqyzwud.exe" [2008-03-25 05:42 75840]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Icatch(VI) SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [2008-01-06 21:19:52 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Programfiler\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\WebEye\\WebEye.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

R0 yfkutzfn;yfkutzfn;C:\WINDOWS\system32\drivers\wedmrcnn.dat []

.

Contents of the 'Scheduled Tasks' folder

"2008-03-27 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"

- C:\Programfiler\AdwareAlert\AdwareAlert.ex

- C:\Programfiler\AdwareAlert

"2008-03-12 00:27:02 C:\WINDOWS\Tasks\Internett-tjenester.job"

- C:\Programfiler\Hewlett-Packard\SDP\HPSdpApp.exea/remind /LaunchPoint reminder /App C:\Programfiler\Hewlett-Packard\Internet Services\StartIS.aml

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-27 15:16:50

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\yfkutzfn]

"ImagePath"="system32\drivers\wedmrcnn.dat"

.

Completion time: 2008-03-27 15:17:18

ComboFix-quarantined-files.txt 2008-03-27 14:17:09

ComboFix2.txt 2008-03-12 17:34:32

Pre-Run: 174,013,378,560 byte ledig

Post-Run: 174,002,991,104 byte ledig

.

2008-03-12 19:39:01 --- E O F ---

snippsat · 27. mars 2008

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

Post logg c:\combofix

File::

C:\WINDOWS\sysutrnez.exe

C:\WINDOWS\sysqyzwud.exe

C:\WINDOWS\sysscpmqn.exe

C:\WINDOWS\xcbhwuq.exe

C:\WINDOWS\config.ini

C:\WINDOWS\xhbxcnv.exe

C:\WINDOWS\xfjzrby.dll

C:\xmp.bat

C:\tmp.bat

C:\amp.bat

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEEBF973-2D68-4D35-8548-D04AA50E6030}

C:\WINDOWS\system32\atrac]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE0487CA-8B02-431E-BA63-D38844E020B5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ares"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"=-

"ISUSScheduler"=-

"{05CD0D77-4947-4a56-94FA-0DF0DC644D7B}"=-

Driver::

yfkutzfn

Last ned kjør CCleaner

Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser "svar ja til og reparere"

Oppdatere og kjør en runde med SAS som du har.

Restart og en ny HijackThis logg.

Endret 27. mars 2008 av SNIPPSAT

hans A · 28. juni 2008

Tar opp en gammel tråd.

Ser det henvises mye til topsalgantivirus.

Har selv opplevd ved flere anledninger å få opp et popupvindu

der man får advarsel om virus og blir henvist til siden

topsalgantivirus.com......

Er dette en link til et virus?

Endret 28. juni 2008 av hans A

r2d290 · 28. juni 2008

Ville aldri lasta ned antivirusprogram som ikke er fra dets offisielle side. Se her: https://www.diskusjon.no/index.php?showtopic=776083 hvis du lurer på hvor du kan få tak i diverse anbefalte sikkerhetsprogram (under "hva trenger jeg av beskyttelse")

Hvis du lurer på om du har malware på maskinen din, kan du følge denne guiden, og poste loggene i din egen tråd ved å trykke på nytt emne knappen

edit: da jeg ser i tidligere logger at toppsalg antivirus lagres som mappe/fil på maskinen din, kan du nok gå god for at dette er malware-relatert

Endret 28. juni 2008 av r2d290

hans A · 28. juni 2008

Jeg bruker alltid å steng brannmuren hvis jeg får slike

popupmeldinger. Og når man lukker disse vinduene etter

at brannmuren er lukket så får man se hvilken side den prøver å åpne.

Kjøre selv Norman Security Suite.

r2d290 · 29. juni 2008

Får du beskjeder fra noen av sikkerhetsprogrammene dine ang. denne siden, bør du ABSOLUTT følge den guiden...

Logg inn

Maskinen er kokko.. hva kan jeg gjøre?

Anbefalte innlegg

snippsat

Lenke til kommentar

Videoannonse

theboss22

Lenke til kommentar

theboss22

Lenke til kommentar

snippsat

Lenke til kommentar

theboss22

Lenke til kommentar

theboss22

Lenke til kommentar

snippsat

Lenke til kommentar

hans A

Lenke til kommentar

r2d290

Lenke til kommentar

hans A

Lenke til kommentar

r2d290

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Woke i moderne underholdningsindustri 1 2 3 4 506

Russlands invasjon av Ukraina [Ny tråd, les førstepost] 1 2 3 4 3571

Hvem er aktive 0 medlemmer