bruker9842 Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 Da har jeg som kanskje "mange" andre klart og fått virus. Et som heter " Trojan.Vundo.B " risikoen er høy, men den er vell blokkert. Så lurer jeg på om noen her kan hjelpe meg med og få fjernet denne? Har prøvd og trykke på fjern, men det går ikke. Risikotype: Komprimert Fil. Jeg prøvde og gå på mappa der den skulle ligge, men fant ikke mappa. ( fikk det ved en photoshop cs3 nedlastning, viruset lå i keygen, og jeg tror at problemet for at jeg ikke finner mappa er at den er slettet ) Lenke til kommentar
Syar-2003 Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 Vundofix - scan for vundo http://vundofix.atribune.org/ Lenke til kommentar
bruker9842 Skrevet 5. juli 2008 Forfatter Del Skrevet 5. juli 2008 Vundofix - scan for vundohttp://vundofix.atribune.org/ er det ikke virus med i den nedlastningen? Lenke til kommentar
Gjest Slettet+6132 Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 Da har jeg som kanskje "mange" andre klart og fått virus. Et som heter " Trojan.Vundo.B " risikoen er høy, men den er vell blokkert. Så lurer jeg på om noen her kan hjelpe meg med og få fjernet denne? Har prøvd og trykke på fjern, men det går ikke. Risikotype: Komprimert Fil. Jeg prøvde og gå på mappa der den skulle ligge, men fant ikke mappa. ( fikk det ved en photoshop cs3 nedlastning, viruset lå i keygen, og jeg tror at problemet for at jeg ikke finner mappa er at den er slettet ) Selv om du ikke kan se mappen kan det godt hende den enda er der, virus og lignende har vist seg og ha en forkjærlighet for og legge seg i skjulte mapper/filer, for og vise skjulte mapper kan du gjøre dette: 1, Åpne mappen der mappen/filen skal ligge 2, Trykk på verktøv i verktøylinjen helt øverst i vinduet (rett under mappetittel) 3, På menyen som kommer opp nå klikker du på mappealternativer 4, I det nye vinduet som kommer opp klikker du på fanen "vis" og blar deg litt ned i menyen til du ser "vis skjult filer og mapper" og huker av for dette. 5, Klikk så OK-knappen og se om du ser filen der viruset ligger For og skjule mappene igjen følger du bare samme oppskriften, bortsett fra at du i trinn 4 huker av for "ikke vis skjulte filer og mapper" Lenke til kommentar
Syar-2003 Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 Vundofix - scan for vundohttp://vundofix.atribune.org/ er det ikke virus med i den nedlastningen? Nei det er ikke det ... Lenke til kommentar
snippsat Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 (endret) Du kan godt bruke vundofix. Da skal vi loggen. C:\vundofix.txt Du får kjøre combofix og så vi får fjernet alt grums. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Endret 5. juli 2008 av SNIPPSAT Lenke til kommentar
AllFather Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 (endret) sikker på at mappen ikke er skjult? Endret 5. juli 2008 av Jarmo Lenke til kommentar
kloningen Skrevet 7. juli 2008 Del Skrevet 7. juli 2008 OHOHO! Takk for nevnte Vundofix! Drivi å strevi med detta virues dritlenge nå. Lenke til kommentar
snippsat Skrevet 7. juli 2008 Del Skrevet 7. juli 2008 (endret) SLI kjør gjerne combofix og. Da poster du loggen,så ser vi om det er noe mere som må gjøres. Det er viktig og få fjernet alt maleware. Post gjerne loggen fra vundofix og. Endret 7. juli 2008 av SNIPPSAT Lenke til kommentar
kloningen Skrevet 7. juli 2008 Del Skrevet 7. juli 2008 Den er fjernet nå da ...? Lenke til kommentar
snippsat Skrevet 7. juli 2008 Del Skrevet 7. juli 2008 (endret) Den er fjernet nå da ...? Ja vundo infeksjon er nok fjernet,det kan ligge igjen noe grums. Og det er vel greit og få sjekket for alle infeksjoner når du først har hatt noe. Men det er opp til deg Endret 7. juli 2008 av SNIPPSAT Lenke til kommentar
kloningen Skrevet 7. juli 2008 Del Skrevet 7. juli 2008 Aha... Skal kjøre Combofix nå da Hvor er loggen til Vundofix? Lenke til kommentar
kloningen Skrevet 7. juli 2008 Del Skrevet 7. juli 2008 ComboFix 08-07-05.1 - Thomas 2008-07-07 13:23:29.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1044.18.1172 [GMT 2:00] Running from: C:\Users\Thomas\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\afytunnn.ini C:\Windows\system32\aGhkkUtv.ini C:\Windows\System32\aGhkkUtv.ini2 C:\Windows\system32\epdkdgvt.ini C:\Windows\system32\frqwqfnj.ini C:\Windows\system32\hjugavdq.ini C:\Windows\system32\kgpqisoc.ini C:\Windows\System32\ksqbwejj.ini C:\Windows\system32\mcrh.tmp C:\Windows\system32\nearllxu.ini C:\Windows\system32\rqrYIkkj.ini C:\Windows\System32\rqrYIkkj.ini2 C:\Windows\system32\rsqaddnj.ini C:\Windows\system32\rwnlacjo.ini C:\Windows\system32\vostjydo.ini C:\Windows\system32\yrxuvchc.ini . ((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))) . 2008-07-07 12:23 . 2008-07-07 12:47 <DIR> d-------- C:\VundoFix Backups 2008-07-07 11:10 . 2008-07-07 11:29 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-07 10:51 . 2008-07-07 11:43 <DIR> d-------- C:\Windows\System32\drivers\Avg 2008-07-07 10:51 . 2008-07-07 10:51 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys 2008-07-07 10:51 . 2008-07-07 10:51 10,520 --a------ C:\Windows\System32\avgrsstx.dll 2008-07-07 10:50 . 2008-07-07 10:50 <DIR> d-------- C:\Users\All Users\avg8 2008-07-07 10:50 . 2008-07-07 10:50 <DIR> d-------- C:\ProgramData\avg8 2008-07-07 10:50 . 2008-07-07 10:50 <DIR> d-------- C:\Program Files\AVG 2008-07-06 04:29 . 2008-07-06 04:29 <DIR> d-------- C:\Windows\System32\Adobe 2008-07-06 04:29 . 2008-06-17 15:14 499,712 --a------ C:\Windows\System32\msvcp71.dll 2008-07-06 04:29 . 2008-06-17 15:17 348,160 --a------ C:\Windows\System32\msvcr71.dll 2008-07-06 02:44 . 2008-07-06 02:44 <DIR> d-------- C:\Program Files\SceneCaster 2008-07-06 01:30 . 2008-07-06 01:27 233,472 --a------ C:\Windows\System32\BtwRSupport.dll 2008-07-06 01:30 . 2008-07-06 01:27 80,936 --a------ C:\Windows\System32\drivers\btwavdt.sys 2008-07-06 01:30 . 2008-07-06 01:27 80,424 --a------ C:\Windows\System32\drivers\btwaudio.sys 2008-07-06 01:30 . 2008-07-06 01:27 16,168 --a------ C:\Windows\System32\drivers\btwrchid.sys 2008-07-06 01:29 . 2008-07-06 01:29 <DIR> d-------- C:\Windows\System32\es-MX 2008-07-06 01:29 . 2008-07-06 01:29 <DIR> d-------- C:\Windows\System32\es-AR 2008-07-06 01:29 . 2008-07-06 01:29 <DIR> d-------- C:\Program Files\WIDCOMM 2008-07-06 01:27 . 2008-07-07 13:27 12 --a------ C:\Windows\bthservsdp.dat 2008-07-04 21:46 . 2008-07-04 21:46 <DIR> d-------- C:\Program Files\twhirl 2008-07-03 20:05 . 2008-07-03 20:05 129 --a------ C:\Windows\System32\MRT.INI 2008-07-03 05:44 . 2008-07-03 05:47 <DIR> d-------- C:\Program Files\UltraVNC 2008-07-03 01:46 . 2008-07-03 01:48 <DIR> d-------- C:\Program Files\Hotspot Shield 2008-06-30 13:06 . 2008-06-30 13:06 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\DivX 2008-06-29 18:12 . 2008-06-29 18:12 54,156 --ah----- C:\Windows\QTFont.qfn 2008-06-29 18:12 . 2008-06-29 18:12 1,409 --a------ C:\Windows\QTFont.for 2008-06-28 23:13 . 2008-06-28 23:13 <DIR> d-------- C:\Program Files\OpenAL 2008-06-28 23:13 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll 2008-06-28 23:13 . 2008-06-28 23:13 413,696 --a------ C:\Windows\System32\wrap_oal.dll 2008-06-28 23:13 . 2008-06-28 23:13 110,592 --a------ C:\Windows\System32\OpenAL32.dll 2008-06-28 23:13 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll 2008-06-28 23:12 . 2008-06-28 23:20 <DIR> d-------- C:\Program Files\Trials 2 Second Edition 2008-06-28 20:02 . 2008-06-28 20:02 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\com.pogopixels.youtubewidget.87E5CAE3D92C22273CA5349DA800745C311CA4D3.1 2008-06-28 20:01 . 2008-06-28 20:01 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\AnyFlickr.0E1844F57D14F46E0565E75063E68EA3091C5408.1 2008-06-28 19:56 . 2008-06-28 19:56 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\iPhone.7CCB4030DFE6D86D4B1855092C3371D97ACC5FBC.1 2008-06-28 19:39 . 2008-06-28 19:39 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1 2008-06-28 19:39 . 2008-06-28 19:39 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-06-28 12:49 . 2008-06-28 17:46 <DIR> d-------- C:\Users\All Users\TrackMania 2008-06-28 12:49 . 2008-06-28 17:46 <DIR> d-------- C:\ProgramData\TrackMania 2008-06-28 04:59 . 2008-06-28 05:01 <DIR> d-------- C:\Program Files\TmNationsForever 2008-06-28 04:40 . 2008-06-28 04:40 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\Logitech 2008-06-28 04:35 . 2008-05-02 02:38 301,656 --a------ C:\Windows\System32\BtCoreIf.dll 2008-06-28 04:35 . 2008-05-02 02:39 170,512 --a------ C:\Windows\System32\kemutb.dll 2008-06-28 04:35 . 2008-05-02 02:39 145,936 --a------ C:\Windows\System32\KemUtil.dll 2008-06-28 04:35 . 2008-05-02 02:40 117,264 --a------ C:\Windows\System32\KemWnd.dll 2008-06-28 04:35 . 2008-05-02 02:40 84,496 --a------ C:\Windows\System32\KemXML.dll 2008-06-28 04:34 . 2008-06-28 04:40 <DIR> d-------- C:\Users\All Users\Logitech 2008-06-28 04:34 . 2008-06-28 04:40 <DIR> d-------- C:\ProgramData\Logitech 2008-06-28 04:34 . 2008-06-28 04:34 <DIR> d-------- C:\Program Files\Logitech 2008-06-27 23:53 . 2008-06-27 23:53 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-27 23:20 . 2008-06-27 23:20 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine 2008-06-27 23:19 . 2008-06-27 23:20 <DIR> d-------- C:\Program Files\DivX 2008-06-27 19:06 . 2008-06-27 19:06 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\vlc 2008-06-27 19:06 . 2008-06-27 19:06 <DIR> d-------- C:\Program Files\VideoLAN 2008-06-27 01:25 . 2008-06-27 01:25 <DIR> d-------- C:\Program Files\Veoh Networks 2008-06-27 01:19 . 2008-06-27 01:19 <DIR> d-------- C:\Windows\Downloaded Installations 2008-06-20 03:58 . 2008-06-20 03:58 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\InstallShield 2008-06-07 08:57 . 2008-06-07 08:57 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-04 13:00 --------- d-----w C:\Program Files\Windows Mail 2008-07-03 01:33 --------- d-----w C:\Users\Thomas\AppData\Roaming\uTorrent 2008-06-29 13:39 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-28 02:35 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-06-28 02:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-19 20:26 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-19 19:57 --------- d-----w C:\Program Files\RocketDock 2008-05-19 17:41 319,984 ----a-w C:\Windows\DIFxAPI.dll 2008-05-19 17:41 --------- d-----w C:\Program Files\Realtek 2008-05-19 17:41 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-19 16:43 --------- d-----w C:\Program Files\Winamp 2008-05-19 15:14 --------- d-----w C:\Program Files\Java 2008-05-19 15:13 --------- d-----w C:\Program Files\Common Files\Java 2008-05-19 15:08 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-05-18 22:58 --------- d-----w C:\Users\Thomas\AppData\Roaming\CodeGazer 2008-05-18 22:32 --------- d-----w C:\Program Files\MSBuild 2008-05-18 22:32 --------- d-----w C:\Program Files\Microsoft Works 2008-05-18 22:29 --------- d-----w C:\Program Files\Microsoft.NET 2008-05-18 22:26 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-05-18 22:16 --------- d-----w C:\ProgramData\Adobe Systems 2008-05-18 22:11 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2008-05-18 21:24 --------- d-----w C:\Program Files\CodeGazer 2008-05-18 21:21 174 --sha-w C:\Program Files\desktop.ini 2008-05-18 21:15 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-18 21:15 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-18 21:15 --------- d-----w C:\Program Files\Windows Defender 2008-05-18 21:15 --------- d-----w C:\Program Files\Windows Calendar 2008-05-18 17:25 --------- d-----w C:\Program Files\PowerISO 2008-05-18 17:21 --------- d-----w C:\Program Files\MagicDisc 2008-05-18 15:23 --------- d-----w C:\Program Files\Linksys 2008-05-18 15:15 --------- d-----w C:\Users\Thomas\AppData\Roaming\Apple Computer 2008-05-18 15:10 --------- d-----w C:\Program Files\WinSCP 2008-05-18 15:06 --------- d-----w C:\Program Files\Windows Live 2008-05-18 14:55 --------- d-----w C:\ProgramData\WLInstaller 2008-05-18 13:58 --------- d-----w C:\Program Files\Apple Software Update 2008-05-18 13:14 --------- d-----w C:\Program Files\iTunes 2008-05-18 13:14 --------- d-----w C:\Program Files\iPod 2008-05-18 13:13 --------- d-----w C:\ProgramData\Apple Computer 2008-05-18 13:11 --------- d-----w C:\Users\Thomas\AppData\Roaming\cmw 2008-05-18 13:09 --------- d-----w C:\Program Files\Common Files\Apple 2008-05-18 13:04 --------- d-----w C:\Program Files\winpwn 2008-05-18 12:51 --------- d-----w C:\Users\Thomas\AppData\Roaming\ATI 2008-05-18 12:51 --------- d-----w C:\ProgramData\ATI 2008-05-18 12:51 --------- d-----w C:\Program Files\ATI 2008-05-18 12:48 --------- d-----w C:\ProgramData\LogiShrd 2008-05-18 12:47 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-05-18 12:47 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-05-18 12:44 --------- d-----w C:\Program Files\MediaMonkey 2008-05-18 12:43 --------- d-----w C:\Program Files\Launch Manager 2008-05-18 12:41 --------- d-----w C:\ProgramData\Apple 2008-05-18 12:41 --------- d-----w C:\Program Files\QuickTime 2008-05-18 12:41 --------- d-----w C:\Program Files\Bonjour 2008-05-18 12:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-18 12:29 --------- d-----w C:\Program Files\uTorrent 2008-05-18 12:22 --------- d-----w C:\Program Files\MagicISO 2008-05-18 12:22 --------- d-----w C:\Program Files\ATI Technologies 2008-05-18 11:51 --------- d-sh--w C:\ProgramData\Start-meny 2008-05-18 11:51 --------- d-sh--w C:\ProgramData\Skrivebord 2008-05-18 11:51 --------- d-sh--w C:\ProgramData\Programdata 2008-05-18 11:51 --------- d-sh--w C:\ProgramData\Maler 2008-05-18 11:51 --------- d-sh--w C:\ProgramData\Favoritter 2008-05-18 11:51 --------- d-sh--w C:\ProgramData\Dokumenter 2008-05-18 11:51 --------- d-sh--w C:\Program Files\Fellesfiler 2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-01-02 01:18 483328] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-07 10:50 1177368] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-30 21:37 4186112 C:\Windows\RtHDVCpl.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\Windows\KHALMNPR.Exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-16 17:56:50 727592] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-28 04:35:17 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\Windows\pss\Adobe Gamma.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=C:\Windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-06-19 15:15 3664944 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{3B886BFF-41DD-4A91-A0F1-3D0F8E745BF7}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{58501A3C-4A2D-410D-946E-B01BD7812C0F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{3C2947C2-6889-4E8B-A6E3-BB8577EDC521}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{049C487E-1561-455A-950C-220F582D5EB4}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{3007EBA4-955E-4735-8D9B-454DD5CFBD59}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{69E73178-758D-4C18-A1A7-EDC02C49C39F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{78C5C1D7-B362-4CD3-92C6-D370FE47EB9A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{FFABB797-76C9-4C5F-BE18-FEB2D70FE493}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D6B4BF9E-439B-42DA-B641-88AD570BBA6F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{CBF5CF25-0C58-4723-A53A-D4BA5CF4F3BD}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{A842F261-CBF8-4789-B427-DE14FD286E47}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C4EF5ADE-BBEF-40F6-B5E5-6B76C38ED7A6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9E0C2BC8-D5B3-4116-B124-9D9816C3685A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{08899A60-55AF-4500-AAB0-6B34311B524B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{0D9A5B2B-ABEC-44D3-8BC4-090A84D454E9}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{EF9AF83C-3C75-414D-BDCE-337E982D3E14}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{B7A7E58D-F04E-48C6-88B5-452BC0AE908E}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{66BFC415-FA55-4F4B-9C02-FEA5DCBC4CD8}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{8871857B-71EC-45ED-B2AD-6D3D09BC0DE6}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{699FF228-9837-406D-A43F-DB0D34E69194}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever "TCP Query User{C194C0B5-996D-4DFB-A7C8-9518D2588ED5}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player "UDP Query User{F4EDDBB6-42C6-4576-8A61-85EDDDCABF78}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player "{A6D90DBE-09DA-4C33-B9D7-57EFA64B1B42}"= UDP:5900:vnc5900 "{93E07329-E36B-49D6-B8B5-8A10A6A6A28D}"= UDP:5800:vnc5800 "{9F3984E9-300D-47D7-9FAD-A401879C530C}"= UDP:C:\Program Files\UltraVNC\vncviewer.exe:vncviewer.exe "{D098864E-3E51-4D5F-9B9D-31228FEC190C}"= TCP:C:\Program Files\UltraVNC\vncviewer.exe:vncviewer.exe "TCP Query User{771B11BA-A44B-4E8D-8524-B3A0D2B54012}C:\\program files\\touchpad pro\\touchpad media server trial\\touchpadmediaserver.exe"= UDP:C:\program files\touchpad pro\touchpad media server trial\touchpadmediaserver.exe:TouchpadMediaServer "UDP Query User{D21A63FD-46BD-4B21-935C-6A757E7D12F4}C:\\program files\\touchpad pro\\touchpad media server trial\\touchpadmediaserver.exe"= TCP:C:\program files\touchpad pro\touchpad media server trial\touchpadmediaserver.exe:TouchpadMediaServer "TCP Query User{45570029-29C3-4274-84DF-E551438A3B68}C:\\users\\thomas\\desktop\\touchpad+media+server+trial[crack+by+rottenqpple]\\touchpadmediaserver.patched.exe"= UDP:C:\users\thomas\desktop\touchpad+media+server+trial[crack+by+rottenqpple]\touchpadmediaserver.patched.exe:touchpadmediaserver.patched.exe "UDP Query User{BB53BDCC-39FC-402B-BFDE-B73E7761B609}C:\\users\\thomas\\desktop\\touchpad+media+server+trial[crack+by+rottenqpple]\\touchpadmediaserver.patched.exe"= TCP:C:\users\thomas\desktop\touchpad+media+server+trial[crack+by+rottenqpple]\touchpadmediaserver.patched.exe:touchpadmediaserver.patched.exe "TCP Query User{7C302662-ACF8-4BF8-BEC0-7AEB339F4879}C:\\users\\thomas\\desktop\\touch stuff\\touchpad+media+server+trial[crack+by+rottenqpple]\\touchpadmediaserver.patched.exe"= UDP:C:\users\thomas\desktop\touch stuff\touchpad+media+server+trial[crack+by+rottenqpple]\touchpadmediaserver.patched.exe:touchpadmediaserver.patched.exe "UDP Query User{6B7F5087-0C6D-4972-A3DB-69716C980C02}C:\\users\\thomas\\desktop\\touch stuff\\touchpad+media+server+trial[crack+by+rottenqpple]\\touchpadmediaserver.patched.exe"= TCP:C:\users\thomas\desktop\touch stuff\touchpad+media+server+trial[crack+by+rottenqpple]\touchpadmediaserver.patched.exe:touchpadmediaserver.patched.exe "{5DB51312-F838-4974-B823-F28AFC9C9468}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:22] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-07 10:51] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-07 10:50] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 08:24] R3 b57nd60x;%SvcDispName%;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-18 20:25] R3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25] S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2008-07-06 01:27] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2008-07-06 01:27] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2008-07-06 01:27] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - F:\Setup.exe -auto . - - - - ORPHANS REMOVED - - - - BHO-{85EE2411-0022-4FD4-9430-D4D49B15AA63} - C:\Windows\system32\jkkIYrqr.dll BHO-{F53BAFE5-CE7A-4E95-95AC-A3912EFD3739} - C:\Windows\system32\hgGvwtsr.dll MSConfigStartUp-5769d778 - C:\Windows\system32\nnnutyfa.dll MSConfigStartUp-BM545ae4e4 - C:\Windows\system32\tdcpotiw.dll MSConfigStartUp-Monitor - C:\Program Files\Linksys\Linksys Surveillance Utility\Monitor.exe MSConfigStartUp-MSServer - C:\Windows\system32\hgGvwtsr.dll MSConfigStartUp-Recorder - C:\Program Files\Linksys\Linksys Surveillance Utility\Recorder.exe MSConfigStartUp-Vidalia - C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-07 13:30:34 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\RocketDock\RocketDock.dll -> C:\Program Files\MediaMonkey\DeskPlayer.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\Ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Windows\System32\conime.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\ehome\ehmsas.exe C:\Users\Thomas\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\wbem\WMIADAP.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-07-07 13:37:27 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-07 11:37:21 Pre-Run: 115,757,092,864 byte ledig Post-Run: 115,346,587,648 byte ledig 295 --- E O F --- 2008-07-07 06:59:57 Combofix loggen ^^ Lenke til kommentar
r2d290 Skrevet 7. juli 2008 Del Skrevet 7. juli 2008 (endret) Hvor er loggen til Vundofix?Du kan godt bruke vundofix.Da skal vi loggen. C:\vundofix.txt Endret 7. juli 2008 av r2d290 Lenke til kommentar
snippsat Skrevet 7. juli 2008 Del Skrevet 7. juli 2008 SLI. Status combofix slettet 24 filer. Loggen ser fin ut. Du kan søke på vundofix.txt Finner du den ikke gjør det ikke noe. --- Slett mappe. C:\VundoFix Backups --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Last ned MBAM til skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt La programmet oppdatere seg og velg å kjør en hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies --- Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt Lenke til kommentar
kloningen Skrevet 7. juli 2008 Del Skrevet 7. juli 2008 Var da voldsomt x] Det får vente til i morgen. Orker ikke nå. Men datan ble jammen brukbar igjen etter en full scan med AVG igjen Lenke til kommentar
snippsat Skrevet 7. juli 2008 Del Skrevet 7. juli 2008 (endret) Den er grei. De programm tar ikke lang tid kjører igjennom på 15min tenker jeg. Greit og være sikker på at du er ren for maleware. Endret 7. juli 2008 av SNIPPSAT Lenke til kommentar
kloningen Skrevet 7. juli 2008 Del Skrevet 7. juli 2008 Neh gjorde det nå fordet jeg Hijackthis logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:42:14, on 07.07.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\RocketDock\RocketDock.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Users\Thomas\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Explorer.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- End of file - 5900 bytes Lenke til kommentar
snippsat Skrevet 7. juli 2008 Del Skrevet 7. juli 2008 Ja ser bra ut dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå