Gå til innhold

Har et stort problem med dataen! Kjør, søk, min datamskin osv er borte når jeg trykker på start

monalisaa

Av monalisaa
i IKT-drift og sikkerhet

Anbefalte innlegg

monalisaa

monalisaa

Skrevet
Skrevet

Jeg har fått et virus på dataen min. Jeg vet ikke hvordan jeg skal fjerne dette. Skrivebord bakgrunnen min byttet plutselig bakgrunn til en rødbrun farge, og det sto "your privacy is in danger", Nå er bakgrunnen blitt helt hvit. Ved siden av klokken nede i høyre hjørne står det " VIRUS ALERT! ". Når jeg trykker på start knappen, mangler det masse. Det mangler mine dokumenter, min datamaskin, søk, kjør, og ikke minst alle programmene. Det hadde vært kjempe flott om noen kunne hjulpet meg med å fjerne dette eller fortelle hva jeg skal gjøre!

 

På forhånd takk !

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
kterjesen

kterjesen

Skrevet
Skrevet
Jeg har fått et virus på dataen min. Jeg vet ikke hvordan jeg skal fjerne dette. Skrivebord bakgrunnen min byttet plutselig bakgrunn til en rødbrun farge, og det sto "your privacy is in danger", Nå er bakgrunnen blitt helt hvit. Ved siden av klokken nede i høyre hjørne står det " VIRUS ALERT! ". Når jeg trykker på start knappen, mangler det masse. Det mangler mine dokumenter, min datamaskin, søk, kjør, og ikke minst alle programmene. Det hadde vært kjempe flott om noen kunne hjulpet meg med å fjerne dette eller fortelle hva jeg skal gjøre!

 

På forhånd takk !

 

Har hatt samme problem som deg.

 

Jeg måtte reinstalere windows, eller dvs nå bruker jeg linux.... men uanz u got the point.....

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Post loggfilen fra combofix (c:\combofix.txt)

 

Det er mulig du må starte pc'n i sikker modus /m nettverk og laste og kjøre programmet derfra om du ikke får startet nettleseren i vanlig modus. Alt. så kan du forsøke å laste ned programmet på en annen pc og bruk minnepen etc. for å laste den over til den infiserte pc'n.

Lenke til kommentar
monalisaa

monalisaa

Skrevet
  • Forfatter
Skrevet

tusen takk !

 

her er loggen.

 

 

 

 

ComboFix 08-07-22.4 - Mona Lisa 2008-07-23 22:32:30.2 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.142 [GMT 2:00]

Running from: C:\Documents and Settings\Mona Lisa\Skrivebord\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\BM0c0a2ece.xml

 

.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))

.

 

2008-07-23 21:00 . 2008-07-23 21:00 <DIR> d-------- C:\Programfiler\iPod

2008-07-23 21:00 . 2008-07-23 21:00 <DIR> d-------- C:\Programfiler\Bonjour

2008-07-23 21:00 . 2008-07-23 21:00 <DIR> d-------- C:\Documents and Settings\Mona Lisa\Programdata\Apple Computer

2008-07-23 20:59 . 2008-07-23 20:59 <DIR> d-------- C:\Programfiler\QuickTime

2008-07-23 20:58 . 2008-07-23 20:58 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-07-23 20:58 . 2008-07-23 20:58 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-07-23 20:58 . 2008-07-23 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-07-23 19:31 . 2008-07-23 19:31 <DIR> d-------- C:\Programfiler\Trend Micro

2008-07-23 16:59 . 2008-07-23 16:59 <DIR> d-------- C:\Documents and Settings\Eier\Contacts

2008-07-22 19:17 . 2008-07-23 22:27 44,421 ---hs---- C:\WINDOWS\system32\viofpwbh.ini

2008-07-22 19:16 . 2008-07-22 19:16 94,848 --a------ C:\WINDOWS\system32\hbwpfoiv.dll

2008-07-22 16:48 . 2008-07-22 16:48 <DIR> d---s---- C:\Documents and Settings\Mona Lisa\UserData

2008-07-22 16:28 . 2008-07-22 16:28 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com

2008-07-22 16:19 . 2008-07-22 16:19 268 --ah----- C:\sqmdata01.sqm

2008-07-22 16:19 . 2008-07-22 16:19 244 --ah----- C:\sqmnoopt01.sqm

2008-07-22 15:46 . 2008-07-22 15:46 <DIR> d-------- C:\Documents and Settings\Mona Lisa\Programdata\Malwarebytes

2008-07-22 15:45 . 2008-07-22 15:45 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-07-22 15:45 . 2008-07-22 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-07-22 15:45 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-07-22 15:45 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-22 15:27 . 2008-07-22 15:28 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-07-22 15:27 . 2008-07-22 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-07-22 15:24 . 2008-07-22 15:24 <DIR> d-------- C:\Documents and Settings\Mona Lisa\Contacts

2008-07-22 15:16 . 2008-07-22 15:16 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy

2008-07-22 15:14 . 2008-07-22 15:14 <DIR> d-------- C:\Programfiler\Hitman Pro

2008-07-22 15:12 . 2008-07-22 15:12 <DIR> d-------- C:\Documents and Settings\Mona Lisa\Programdata\Teleca

2008-07-22 15:09 . 2008-07-22 15:09 <DIR> d-------- C:\Documents and Settings\Mona Lisa\Programdata\Sony Ericsson

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> dr------- C:\Documents and Settings\Mona Lisa\Start-meny

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> d--h----- C:\Documents and Settings\Mona Lisa\Skrivere

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> d-------- C:\Documents and Settings\Mona Lisa\Skrivebord

2008-07-22 15:08 . 2008-07-22 15:09 <DIR> dr-h----- C:\Documents and Settings\Mona Lisa\Siste

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> dr-h----- C:\Documents and Settings\Mona Lisa\Programdata

2008-07-22 15:08 . 2008-07-22 15:09 <DIR> dr------- C:\Documents and Settings\Mona Lisa\Mine dokumenter

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> d--h----- C:\Documents and Settings\Mona Lisa\Maler

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> d--h----- C:\Documents and Settings\Mona Lisa\Lokale innstillinger

2008-07-22 15:08 . 2008-07-22 15:09 <DIR> dr------- C:\Documents and Settings\Mona Lisa\Favoritter

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> d--h----- C:\Documents and Settings\Mona Lisa\AndrMask

2008-07-22 15:08 . 2008-07-22 15:08 <DIR> d-------- C:\Documents and Settings\Mona Lisa

2008-07-22 14:13 . 2008-07-22 14:13 <DIR> d--hs---- C:\FOUND.017

2008-07-22 13:09 . 2008-07-22 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-07-22 13:02 . 2008-07-22 13:02 <DIR> d--hs---- C:\FOUND.016

2008-07-22 12:41 . 2008-07-22 12:41 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-07-22 12:24 . 2008-07-22 12:24 <DIR> d-------- C:\Programfiler\Crawler

2008-07-22 12:23 . 2008-07-22 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spyware Terminator

2008-07-22 12:21 . 2008-07-22 12:21 <DIR> d-------- C:\Programfiler\Spyware Terminator

2008-07-22 12:13 . 2008-07-22 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-07-22 12:12 . 2008-07-22 12:12 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-07-21 20:30 . 2008-07-21 20:30 1,152 --a------ C:\WINDOWS\system32\windrv.sys

2008-07-21 20:29 . 2008-07-21 20:29 <DIR> d-------- C:\Programfiler\SpyNoMore

2008-07-21 19:48 . 2008-07-21 19:48 <DIR> d-------- C:\Programfiler\PC Tools AntiVirus

2008-07-21 19:48 . 2008-07-21 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Tools

2008-07-21 19:48 . 2007-12-06 15:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys

2008-07-21 19:48 . 2007-12-06 15:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys

2008-07-21 19:48 . 2008-02-12 10:44 21,904 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys

2008-07-21 19:17 . 2008-07-21 19:21 43,581 ---hs---- C:\WINDOWS\system32\yqdhnnpx.ini

2008-07-21 19:07 . 2008-07-21 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL

2008-07-21 19:07 . 2008-07-18 06:56 438,272 --a------ C:\WINDOWS\kgxmotaptbp.dll

2008-07-21 19:07 . 2008-07-18 06:56 102,400 --a------ C:\WINDOWS\agpqlrfm.exe

2008-07-21 18:39 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb

2008-07-21 18:39 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb

2008-07-21 18:39 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb

2008-07-21 18:37 . 2008-07-21 18:37 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-07-21 18:31 . 2008-07-21 18:31 <DIR> d-------- C:\Programfiler\MSECache

2008-07-21 18:30 . 2008-07-21 18:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-07-21 18:30 . 2008-07-21 18:30 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-07-21 18:20 . 2008-07-21 18:20 <DIR> d-------- C:\Programfiler\Windows Defender

2008-07-21 17:58 . 2008-07-21 17:58 <DIR> d--hs---- C:\FOUND.015

2008-07-21 17:42 . 2008-07-21 17:42 <DIR> d-------- C:\Programfiler\uTorrent

2008-07-21 15:54 . 2008-07-21 15:54 <DIR> d--hs---- C:\FOUND.014

2008-07-19 15:00 . 2008-07-19 15:00 <DIR> d-------- C:\Programfiler\MSXML 4.0

2008-07-19 00:24 . 2008-07-19 00:24 <DIR> d--hs---- C:\FOUND.013

2008-07-19 00:10 . 2008-07-19 00:10 <DIR> d--hs---- C:\FOUND.012

2008-07-19 00:00 . 2008-07-19 00:00 <DIR> d--hs---- C:\FOUND.011

2008-07-18 17:13 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-18 12:50 . 2008-07-21 18:33 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2008-07-18 11:59 . 2004-08-04 09:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-07-18 11:57 . 2008-07-18 11:57 <DIR> d-------- C:\WINDOWS\provisioning

2008-07-18 11:57 . 2008-07-18 11:57 <DIR> d-------- C:\WINDOWS\peernet

2008-07-18 11:51 . 2008-07-18 11:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-07-18 11:44 . 2008-07-18 11:44 <DIR> d-------- C:\WINDOWS\EHome

2008-07-14 14:49 . 2008-07-14 14:49 <DIR> d-------- C:\Programfiler\Fellesfiler\PC Tools

2008-07-14 14:49 . 2008-07-14 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TEMP

2008-07-08 12:25 . 2008-07-08 12:25 <DIR> d-------- C:\Programfiler\Power Tab Software

2008-06-29 14:30 . 2008-06-29 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Last.fm

2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Programfiler\Last.fm

2008-06-28 00:05 . 2008-06-28 00:05 <DIR> d--hs---- C:\FOUND.010

2008-06-25 12:05 . 2008-06-25 12:05 <DIR> d--hs---- C:\FOUND.009

2008-06-24 20:48 . 2008-06-24 20:48 <DIR> d--hs---- C:\FOUND.008

2008-06-24 20:10 . 2008-06-24 20:10 91,136 --a------ C:\WINDOWS\system32\INOADMBQ.0LL

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-21 15:55 32,768 ------w C:\Programfiler\AVG

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:43 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-19 21:37 --------- d-----w C:\Programfiler\Fellesfiler\DVDVideoSoft

2008-06-19 21:37 --------- d-----w C:\Programfiler\DVDVideoSoft

2008-06-18 20:09 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 15:44 10,509 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-06-14 06:00 --------- d-----w C:\Programfiler\Intuwave Ltd

2008-06-13 16:40 --------- d-----w C:\Documents and Settings\All Users\Programdata\F-Secure

2008-06-13 16:39 --------- d-----w C:\Programfiler\F-Secure Internet Security

2008-06-13 16:37 --------- d-----w C:\Documents and Settings\All Users\Programdata\fssg

2008-06-12 21:25 --------- d-----w C:\Programfiler\Google

2008-06-12 21:24 --------- d-----w C:\Programfiler\Java

2008-06-12 21:24 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-06-12 21:22 --------- d-----w C:\Programfiler\LimeWire

2008-06-12 20:29 --------- d-----w C:\Programfiler\Windows Live Toolbar

2008-06-12 20:29 --------- d-----w C:\Programfiler\MSN Messenger

2008-06-12 20:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\Windows Live Toolbar

2008-06-12 19:57 --------- d-----w C:\Programfiler\IEEE 802.11g Wireless LAN Utility

2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:16 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-23_16.51.44.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-23 18:58:54 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe

+ 2008-07-23 19:00:10 86,016 ----a-r C:\WINDOWS\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe

+ 2008-07-23 19:01:14 102,400 ----a-r C:\WINDOWS\Installer\{EF6C4600-306D-4F6A-A119-C2A877D25B4A}\iTunesIco.exe

+ 2007-07-24 13:17:08 81,920 ----a-w C:\WINDOWS\system32\dns-sd.exe

+ 2007-07-24 13:17:08 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll

- 2006-09-19 13:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

+ 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

+ 2008-07-10 07:35:22 32,000 ----a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_97B931EF204A3188AFFD15A9A5337268E8B6F312\usbaapl.sys

- 2006-09-19 13:43:58 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll

+ 2008-01-29 10:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"0f391d52"="C:\WINDOWS\system32\hbwpfoiv.dll" [2008-07-22 19:16 94848]

"AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=

"C:\\Programfiler\\MSN Messenger\\MsnMsgr.Exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

 

R3 WlanUIG;IEEE 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2003-11-05 11:08]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys []

S2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe []

S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []

S2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys []

S3 ATE_PROCMON;ATE_PROCMON;C:\Programfiler\Anti Trojan Elite\ATEPMon.sys []

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]

 

*Newly Created Service* - CATCHME

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]

C:\Documents and Settings\All Users\Start-meny\Programmer\Administrative verktøy\Recycle Bin\kdja.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-07-23 19:22:12 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

"2008-07-23 15:57:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

"2008-07-23 18:58:54 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = about:blank

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O8 -: &Windows Live Search - C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 -: Åpne i ny bakgrunnsflik - C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?c2ce7ab235da4e3fa2d4de5b14aa973b

O8 -: Åpne i ny forgrunnsflik - C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?c2ce7ab235da4e3fa2d4de5b14aa973b

 

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab

C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

 

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-23 22:34:45

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\Ati2evxx.dll

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\Ati2evxx.dll

.

Completion time: 2008-07-23 22:35:25

ComboFix-quarantined-files.txt 2008-07-23 20:35:20

ComboFix2.txt 2008-07-23 14:52:14

 

Pre-Run: 10,521,509,888 byte ledig

Post-Run: 10,527,113,216 byte ledig

 

232 --- E O F --- 2008-07-21 16:40:11

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Avinstalle fra legg til/fjern programmer:

Hitman Pro (evt. de sikkerhetsprogrammene som ble installert fra denne pakken)

 

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

 

File::

C:\WINDOWS\system32\viofpwbh.ini

C:\WINDOWS\system32\hbwpfoiv.dll

C:\WINDOWS\system32\yqdhnnpx.ini

C:\WINDOWS\kgxmotaptbp.dll

C:\WINDOWS\agpqlrfm.exe

C:\Documents and Settings\All Users\Start-meny\Programmer\Administrative verktøy\Recycle Bin\kdja.exe

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"0f391d52"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]

 

Har du nylig kjørt en rask scan med Superantispyware/Malwarebytes Anti-Malware? Hvis ikke ,gjør du det. Oppdater programmet før du kjører scannen.

 

Post den ny combofix-loggen + loggen fra SAS el. MBAM hvis den/de fant noe.

 

Hvordan kjører pc'n?

Lenke til kommentar
Wubbable

Wubbable

Skrevet
Skrevet (endret)
C:\WINDOWS\system32\viofpwbh.ini

C:\WINDOWS\system32\hbwpfoiv.dll

C:\WINDOWS\system32\yqdhnnpx.ini

C:\WINDOWS\kgxmotaptbp.dll

C:\WINDOWS\agpqlrfm.exe

C:\Documents and Settings\All Users\Start-meny\Programmer\Administrative verktøy\Recycle Bin\kdja.exe

Jeg vet ikke hvordan combofix har tenkt å fjerne de filene, men mulig den har sin metode...

Uansett, jeg fikset et lignendes problem hos en venn, og der var DLL filene (lignendes disse, muligens samme) en del av winlogon, altså AppInit_DLLs, noe som ikke kan slettes uten videre siden winlogon.exe låser dem.

 

Måten jeg gjorde det på var i boote i safemode, fjerne alle NTFS rettigheter (ser nå at "mona lisa" bruker FAT32, noe som er idiotisk), restarte og slette dem...

 

Sitter å lurer på hvorfor jeg ikke slettet dem fra safemode :p

Det hadde vil sin grunn ^^

 

 

Andre programmer jeg brukte var Spybox S&D, smitfraudfix, hijackthis, msconfig :)

Ser ikke vitsen med å installere mye annet vas som hitman pro, SAS og MBAM...

Endret av Wubbable
Lenke til kommentar
monalisaa

monalisaa

Skrevet
  • Forfatter
Skrevet

her er den nye combo fix loggen

 

ComboFix 08-07-22.4 - Mona Lisa 2008-07-23 23:31:12.4 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.269 [GMT 2:00]

Running from: C:\Documents and Settings\Mona Lisa\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Mona Lisa\Skrivebord\CFScript.txt

* Created a new restore point

 

FILE ::

C:\Documents and Settings\All Users\Start-meny\Programmer\Administrative verktøy\Recycle Bin\kdja.exe

C:\WINDOWS\agpqlrfm.exe

C:\WINDOWS\kgxmotaptbp.dll

C:\WINDOWS\system32\hbwpfoiv.dll

C:\WINDOWS\system32\viofpwbh.ini

C:\WINDOWS\system32\yqdhnnpx.ini

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Documents and Settings\Mona Lisa\Favoritter\Error Cleaner.url

C:\Documents and Settings\Mona Lisa\Favoritter\Privacy Protector.url

C:\Documents and Settings\Mona Lisa\Favoritter\Spyware&Malware Protection.url

C:\WINDOWS\agpqlrfm.exe

C:\WINDOWS\kgxmotaptbp.dll

C:\WINDOWS\system32\hbwpfoiv.dll

C:\WINDOWS\system32\viofpwbh.ini

C:\WINDOWS\system32\yqdhnnpx.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))

.

 

2008-07-23 21:00 . 2008-07-23 21:00 <DIR> d-------- C:\Programfiler\iPod

2008-07-23 21:00 . 2008-07-23 21:00 <DIR> d-------- C:\Programfiler\Bonjour

2008-07-23 21:00 . 2008-07-23 21:00 <DIR> d-------- C:\Documents and Settings\Mona Lisa\Programdata\Apple Computer

2008-07-23 20:59 . 2008-07-23 20:59 <DIR> d-------- C:\Programfiler\QuickTime

2008-07-23 20:58 . 2008-07-23 20:58 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-07-23 20:58 . 2008-07-23 20:58 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-07-23 20:58 . 2008-07-23 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-07-23 19:31 . 2008-07-23 19:31 <DIR> d-------- C:\Programfiler\Trend Micro

2008-07-23 16:59 . 2008-07-23 16:59 <DIR> d-------- C:\Documents and Settings\Eier\Contacts

2008-07-22 16:48 . 2008-07-22 16:48 <DIR> d---s---- C:\Documents and Settings\Mona Lisa\UserData

2008-07-22 16:28 . 2008-07-22 16:28 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com

2008-07-22 16:19 . 2008-07-22 16:19 268 --ah----- C:\sqmdata01.sqm

2008-07-22 16:19 . 2008-07-22 16:19 244 --ah----- C:\sqmnoopt01.sqm

2008-07-22 15:46 . 2008-07-22 15:46 <DIR> d-------- C:\Documents and Settings\Mona Lisa\Programdata\Malwarebytes

2008-07-22 15:45 . 2008-07-22 15:45 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-07-22 15:45 . 2008-07-22 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-07-22 15:45 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-07-22 15:45 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-22 15:27 . 2008-07-22 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-07-22 15:24 . 2008-07-22 15:24 <DIR> d-------- C:\Documents and Settings\Mona Lisa\Contacts

2008-07-22 15:16 . 2008-07-22 15:16 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy

2008-07-22 15:14 . 2008-07-22 15:14 <DIR> d-------- C:\Programfiler\Hitman Pro

2008-07-22 15:12 . 2008-07-22 15:12 <DIR> d-------- C:\Documents and Settings\Mona Lisa\Programdata\Teleca

2008-07-22 15:09 . 2008-07-22 15:09 <DIR> d-------- C:\Documents and Settings\Mona Lisa\Programdata\Sony Ericsson

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> dr------- C:\Documents and Settings\Mona Lisa\Start-meny

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> d--h----- C:\Documents and Settings\Mona Lisa\Skrivere

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> d-------- C:\Documents and Settings\Mona Lisa\Skrivebord

2008-07-22 15:08 . 2008-07-22 15:09 <DIR> dr-h----- C:\Documents and Settings\Mona Lisa\Siste

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> dr-h----- C:\Documents and Settings\Mona Lisa\Programdata

2008-07-22 15:08 . 2008-07-22 15:09 <DIR> dr------- C:\Documents and Settings\Mona Lisa\Mine dokumenter

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> d--h----- C:\Documents and Settings\Mona Lisa\Maler

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> d--h----- C:\Documents and Settings\Mona Lisa\Lokale innstillinger

2008-07-22 15:08 . 2008-07-22 15:09 <DIR> dr------- C:\Documents and Settings\Mona Lisa\Favoritter

2008-07-22 15:08 . 2004-12-25 10:15 <DIR> d--h----- C:\Documents and Settings\Mona Lisa\AndrMask

2008-07-22 15:08 . 2008-07-22 15:08 <DIR> d-------- C:\Documents and Settings\Mona Lisa

2008-07-22 14:13 . 2008-07-22 14:13 <DIR> d--hs---- C:\FOUND.017

2008-07-22 13:09 . 2008-07-22 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-07-22 13:02 . 2008-07-22 13:02 <DIR> d--hs---- C:\FOUND.016

2008-07-22 12:41 . 2008-07-22 12:41 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-07-22 12:24 . 2008-07-22 12:24 <DIR> d-------- C:\Programfiler\Crawler

2008-07-22 12:23 . 2008-07-22 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spyware Terminator

2008-07-22 12:21 . 2008-07-22 12:21 <DIR> d-------- C:\Programfiler\Spyware Terminator

2008-07-22 12:13 . 2008-07-22 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-07-22 12:12 . 2008-07-22 12:12 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-07-21 20:30 . 2008-07-21 20:30 1,152 --a------ C:\WINDOWS\system32\windrv.sys

2008-07-21 20:29 . 2008-07-21 20:29 <DIR> d-------- C:\Programfiler\SpyNoMore

2008-07-21 19:48 . 2008-07-21 19:48 <DIR> d-------- C:\Programfiler\PC Tools AntiVirus

2008-07-21 19:48 . 2008-07-21 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Tools

2008-07-21 19:48 . 2007-12-06 15:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys

2008-07-21 19:48 . 2007-12-06 15:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys

2008-07-21 19:48 . 2008-02-12 10:44 21,904 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys

2008-07-21 19:07 . 2008-07-21 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL

2008-07-21 18:39 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb

2008-07-21 18:39 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb

2008-07-21 18:39 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb

2008-07-21 18:37 . 2008-07-21 18:37 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-07-21 18:31 . 2008-07-21 18:31 <DIR> d-------- C:\Programfiler\MSECache

2008-07-21 18:30 . 2008-07-21 18:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-07-21 18:30 . 2008-07-21 18:30 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-07-21 18:20 . 2008-07-21 18:20 <DIR> d-------- C:\Programfiler\Windows Defender

2008-07-21 17:58 . 2008-07-21 17:58 <DIR> d--hs---- C:\FOUND.015

2008-07-21 17:42 . 2008-07-21 17:42 <DIR> d-------- C:\Programfiler\uTorrent

2008-07-21 15:54 . 2008-07-21 15:54 <DIR> d--hs---- C:\FOUND.014

2008-07-19 15:00 . 2008-07-19 15:00 <DIR> d-------- C:\Programfiler\MSXML 4.0

2008-07-19 00:24 . 2008-07-19 00:24 <DIR> d--hs---- C:\FOUND.013

2008-07-19 00:10 . 2008-07-19 00:10 <DIR> d--hs---- C:\FOUND.012

2008-07-19 00:00 . 2008-07-19 00:00 <DIR> d--hs---- C:\FOUND.011

2008-07-18 17:13 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-18 12:50 . 2008-07-21 18:33 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2008-07-18 11:59 . 2004-08-04 09:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-07-18 11:57 . 2008-07-18 11:57 <DIR> d-------- C:\WINDOWS\provisioning

2008-07-18 11:57 . 2008-07-18 11:57 <DIR> d-------- C:\WINDOWS\peernet

2008-07-18 11:51 . 2008-07-18 11:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-07-18 11:44 . 2008-07-18 11:44 <DIR> d-------- C:\WINDOWS\EHome

2008-07-14 14:49 . 2008-07-14 14:49 <DIR> d-------- C:\Programfiler\Fellesfiler\PC Tools

2008-07-14 14:49 . 2008-07-14 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TEMP

2008-07-08 12:25 . 2008-07-08 12:25 <DIR> d-------- C:\Programfiler\Power Tab Software

2008-06-29 14:30 . 2008-06-29 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Last.fm

2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Programfiler\Last.fm

2008-06-28 00:05 . 2008-06-28 00:05 <DIR> d--hs---- C:\FOUND.010

2008-06-25 12:05 . 2008-06-25 12:05 <DIR> d--hs---- C:\FOUND.009

2008-06-24 20:48 . 2008-06-24 20:48 <DIR> d--hs---- C:\FOUND.008

2008-06-24 20:10 . 2008-06-24 20:10 91,136 --a------ C:\WINDOWS\system32\INOADMBQ.0LL

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-21 15:55 32,768 ------w C:\Programfiler\AVG

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:43 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-19 21:37 --------- d-----w C:\Programfiler\Fellesfiler\DVDVideoSoft

2008-06-19 21:37 --------- d-----w C:\Programfiler\DVDVideoSoft

2008-06-18 20:09 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 15:44 10,509 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-06-14 06:00 --------- d-----w C:\Programfiler\Intuwave Ltd

2008-06-13 16:40 --------- d-----w C:\Documents and Settings\All Users\Programdata\F-Secure

2008-06-13 16:39 --------- d-----w C:\Programfiler\F-Secure Internet Security

2008-06-13 16:37 --------- d-----w C:\Documents and Settings\All Users\Programdata\fssg

2008-06-12 21:25 --------- d-----w C:\Programfiler\Google

2008-06-12 21:24 --------- d-----w C:\Programfiler\Java

2008-06-12 21:24 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-06-12 21:22 --------- d-----w C:\Programfiler\LimeWire

2008-06-12 20:29 --------- d-----w C:\Programfiler\Windows Live Toolbar

2008-06-12 20:29 --------- d-----w C:\Programfiler\MSN Messenger

2008-06-12 20:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\Windows Live Toolbar

2008-06-12 19:57 --------- d-----w C:\Programfiler\IEEE 802.11g Wireless LAN Utility

2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:16 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-23_16.51.44.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-23 18:58:54 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe

+ 2008-07-23 19:00:10 86,016 ----a-r C:\WINDOWS\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe

+ 2008-07-23 19:01:14 102,400 ----a-r C:\WINDOWS\Installer\{EF6C4600-306D-4F6A-A119-C2A877D25B4A}\iTunesIco.exe

+ 2007-07-24 13:17:08 81,920 ----a-w C:\WINDOWS\system32\dns-sd.exe

+ 2007-07-24 13:17:08 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll

- 2006-09-19 13:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

+ 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

+ 2008-07-10 07:35:22 32,000 ----a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_97B931EF204A3188AFFD15A9A5337268E8B6F312\usbaapl.sys

- 2006-09-19 13:43:58 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll

+ 2008-01-29 10:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=

"C:\\Programfiler\\MSN Messenger\\MsnMsgr.Exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

 

R3 WlanUIG;IEEE 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2003-11-05 11:08]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys []

S2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe []

S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []

S2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys []

S3 ATE_PROCMON;ATE_PROCMON;C:\Programfiler\Anti Trojan Elite\ATEPMon.sys []

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]

.

Contents of the 'Scheduled Tasks' folder

"2008-07-23 21:22:06 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

"2008-07-23 15:57:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

"2008-07-23 18:58:54 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-23 23:32:39

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\Ati2evxx.dll

.

Completion time: 2008-07-23 23:33:10

ComboFix-quarantined-files.txt 2008-07-23 21:33:08

ComboFix3.txt 2008-07-23 14:52:14

ComboFix2.txt 2008-07-23 20:35:28

 

Pre-Run: 10,501,193,728 byte ledig

Post-Run: 10,487,791,616 byte ledig

 

230 --- E O F --- 2008-07-21 16:40:11

 

 

 

 

 

 

 

 

her er anti malware loggen

 

 

Malwarebytes' Anti-Malware 1.22

Database versjon: 984

Windows 5.1.2600 Service Pack 2

 

23:37:57 23.07.2008

mbam-log-7-23-2008 (23-37-52).txt

 

Skanntype: Rask Skann

Objekter skannet: 46278

Tid tilbakelagt: 2 minute(s), 40 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 6

Filer infisert: 13

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\qndsfmao.bawr (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> No action taken.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL (Rogue.WinSpywareProtect) -> No action taken.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> No action taken.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> No action taken.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> No action taken.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> No action taken.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> No action taken.

 

Filer infisert:

C:\WINDOWS\system32\NXAQMRLA.0LL (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\NAPRTQVV.0LL (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\iogshtic.0ll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\ABVCJOOJ.0LL (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\VTULJBYA.0LL (Trojan.Vundo) -> No action taken.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.WinSpywareProtect) -> No action taken.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080721190921296.log (Rogue.WinSpywareProtect) -> No action taken.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080721192900031.log (Rogue.WinSpywareProtect) -> No action taken.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080722120349281.log (Rogue.WinSpywareProtect) -> No action taken.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080722125433843.log (Rogue.WinSpywareProtect) -> No action taken.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080722130842968.log (Rogue.WinSpywareProtect) -> No action taken.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080722142123265.log (Rogue.WinSpywareProtect) -> No action taken.

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.

 

 

 

 

min vanlige bakgrunn på skrivebordet har kommet tilbake, VIRUS ALERT! ved siden av klokken er borte, og npr jeg trykker på start vises alt som var borte :) er viruset borte da? Takk!

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Du må la MBAM fjerne det den finner:

 

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

 

Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

 

Det vil deretter åpnes en logg i notisblokk. Kopier den.

 

De infiserte filene er fjernet, ja (dvs. når du har fått kjørt mbam og fjernet filene :) )

 

Ut over dette, kan det være greit å rydde litt da du har en del 'sikkerhetsprogram' som du ikke behøver. Det kan vi evt. ta etterpå.

Lenke til kommentar
monalisaa

monalisaa

Skrevet
  • Forfatter
Skrevet

nå trykket jeg på fjern:) her er loggen

 

 

 

Malwarebytes' Anti-Malware 1.22

Database versjon: 984

Windows 5.1.2600 Service Pack 2

 

00:18:05 24.07.2008

mbam-log-7-24-2008 (00-18-05).txt

 

Skanntype: Rask Skann

Objekter skannet: 46222

Tid tilbakelagt: 2 minute(s), 45 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 6

Filer infisert: 13

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\qndsfmao.bawr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\WINDOWS\system32\NXAQMRLA.0LL (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\NAPRTQVV.0LL (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iogshtic.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ABVCJOOJ.0LL (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\VTULJBYA.0LL (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080721190921296.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080721192900031.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080722120349281.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080722125433843.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080722130842968.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080722142123265.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...