Gå til innhold

[LØST] Hjelp: Har fått spyware- fra en kjip nettside

Annie_P

Av Annie_P
i IKT-drift og sikkerhet

Anbefalte innlegg

Annie_P

Annie_P

Skrevet
Skrevet (endret)

Nå er det litt krise her: Jeg har fått inn på et program/virus/trojansk hest(hva er dette??? Vet ikke helt selv....)som "tar over" maskinen min. Den forandre hjemmesiden i Explorer 7.0 til softwarereferral.com. Det popper også masse info om at det er virus på maskinen , jeg må installer programmet det foreslår osv...Jeg har AVG på masinen min(gratisversjon), men det reagerer ikke. Jeg har også SUPERAntiSpy (gratisversjon). Det kommer opp med et varsel om "Home Page Change Detected", men når jeg klikker på "Block Change" går det fem sekunderfør varselet er tilbake.

 

Trøbbelet har ført til at jeg ikke får opp "Min datamaskin" og Oppgavebehandlingen fungerer heller ikke. Jeg kommer inn på windowsporgrammet som sletter/endrer program,men kan ikke finne det nye "virusprogrammet". Vil det være noe å hjelpe å avinstallere Explorer 7.0?

 

Jeg får ikke åpnet nye vindu i Explorer, men det set ut som jeg greier å kjøre Firefox. Jeg prøvde å laste ned et program, det ser ut som jeg får dette til.

 

Tidligere har jeg opplevd problemer etter at ungene har lastet ned ting. Da har jeg fått hjelpe her ellr har formatert harddisken igjen. Det siste vil jeg helst unngå? Håper det er mulig å hjelpe meg med dette, selv om jeg bare er litt over middels datakyndig

Endret av Annie_P
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
Thor.

Thor.

Skrevet
Skrevet

Prøv å starte kjør. Windows+R og skriv cmd

 

I kommandovinduet skriver du tasklist

 

Om du ikke har peiling på prosessene og hva du bør avslutte sender du en tekstfil med med prosesslisten over hit så vi får se.

 

For å få tasklist i tekstfil skriver du "tasklist>>c:\task.txt"

Da finner du filen task rett på c-disken. Vis oss den :)

Lenke til kommentar
Annie_P

Annie_P

Skrevet
  • Forfatter
Skrevet

Jeg kommer meg inn på kjør....mye av de vanlige ikonene er borte. Når jeg klikker "Start" får jeg bare opp iknonene som jeg selv har lagt inn der....kommer for eksempel ikke inn på den vanlige "Programmer". Finnes det annen måte å starte "Kjør" på? Noen hurtigtaster som får opp programmet for eksempel?

Lenke til kommentar
Annie_P

Annie_P

Skrevet
  • Forfatter
Skrevet

I et normalt winows-xp er det et "Kjør"-ikon nederst til høyre om jeg klikker "Start" først. Etter at jeg viruset forsvant nesten alle ikonone her....blant annet "kjør"-ikonet.

 

Er det andre tips til hvordan jeg kan komme meg i gang med "Kjør", evntuelt andre tiltak som nytter?

 

Det er skumle greier dette, viruset har "spist" opp ikoner, i tillegg til at det ber om installasjon og registrerin av anti-virusprogrammer hele tiden.

Lenke til kommentar
CastorFiber

CastorFiber

Skrevet
Skrevet (endret)

Har vært borti de greiene der hos en bekjent. Det er skumle saker.

 

Programmet fjerner alle snarveier som peker til programvare på C:, blant annet. Et tips er at hvis du har en snarvei som peker til noe som ikke ligger på C, kan du endre denne i egenskaper til snarveien, og få snarveien til å peke til programmet du ønsker å kjøre på C: partisjonen. Det finner ikke svineriet ut av, av en eller annen grunn.

 

Svineriet klarer også å stoppe samtlige onlinescannere jeg kjenner til, den infiserer og ubrukeliggjør system restore, og så videre. Det er litt lettere å bruke maskinen i sikkermodus.

Endret av CastorFiber
Lenke til kommentar
Annie_P

Annie_P

Skrevet
  • Forfatter
Skrevet

Beklager, dere som hjelper: Det var jo tips om hvordan jeg skulle starte "Kjør" med hurtigtaster...var så stresset at jeg ikke leste posten over godt nok. Men: Jeg startet maskinen i sikkerhetsmodus, da gikk det å kjøre Combofix. Under poster jeg det som kom i loggen. Men det skjedde noe msytisk...jeg satt ikke ved maskinen hele tiden, virker nesten som den har restartet. Nå kommer jeg ihvertfall inn på internett...trodde ikke det var mulig når maskinen er i sikkerhetsmodus? Og vinduene som poppet opp i ett sett kommer ikke opp lenger. Jeg klikke "Block" da SUPERAntispyware kom med varsling. Kan block-en plutselig begynne å fungere? Ihevrtfall: Under er Combo-loggen:

 

 

ComboFix 08-07-24.3 - Compaq_Eier 2008-07-25 23:38:45.1 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.276 [GMT 2:00]

Running from: C:\Documents and Settings\Compaq_Eier\Skrivebord\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080724203409437.log

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080724210045015.log

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080724223535812.log

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080725091732109.log

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080725095041421.log

C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\LOG\20080725122105968.log

C:\Documents and Settings\Compaq_Eier\Favoritter\Error Cleaner.url

C:\Documents and Settings\Compaq_Eier\Favoritter\Privacy Protector.url

C:\Documents and Settings\Compaq_Eier\Favoritter\Spyware&Malware Protection.url

C:\Documents and Settings\Compaq_Eier\Skrivebord\Error Cleaner.url

C:\Documents and Settings\Compaq_Eier\Skrivebord\Privacy Protector.url

C:\Documents and Settings\Compaq_Eier\Skrivebord\Spyware&Malware Protection.url

C:\WINDOWS\eqvwamkl.dll

C:\WINDOWS\eskx.exe

C:\WINDOWS\fdkowvbp.dll

C:\WINDOWS\nfavxwdbgfw.dll

C:\WINDOWS\system32\aoppvvjg.ini

C:\WINDOWS\system32\JikSrqru.ini

C:\WINDOWS\system32\JikSrqru.ini2

C:\WINDOWS\system32\opnmKEuu.dll

C:\WINDOWS\system32\xvqwdlfx.dll

C:\WINDOWS\wnslvxtf.dll

D:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))

.

 

2008-07-25 23:31 . 2006-01-03 05:40 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS

2008-07-25 23:31 . 2008-06-12 06:34 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2008-07-25 23:31 . 2005-10-20 23:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2008-07-25 23:31 . 2005-10-20 23:51 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2008-07-25 23:31 . 2008-06-12 06:34 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste

2008-07-25 23:31 . 2008-06-12 06:34 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2008-07-25 23:31 . 2008-06-12 06:34 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter

2008-07-25 23:31 . 2005-10-27 04:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2008-07-25 23:31 . 2005-10-27 04:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2008-07-25 23:31 . 2008-06-11 22:48 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter

2008-07-25 23:31 . 2005-10-20 23:51 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2008-07-25 23:31 . 2008-07-25 23:31 <DIR> d-------- C:\Documents and Settings\Administrator

2008-07-25 22:16 . 2008-07-25 22:16 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-07-24 21:02 . 2008-07-24 21:02 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\AVS4YOU

2008-07-24 20:53 . 2008-07-24 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\AVS4YOU

2008-07-24 20:49 . 2008-07-24 20:53 <DIR> d-------- C:\Programfiler\Fellesfiler\AVSMedia

2008-07-24 20:42 . 2008-07-24 20:54 <DIR> d-------- C:\Programfiler\AVS4YOU

2008-07-24 20:32 . 2008-07-25 15:02 <DIR> d--h----- C:\$AVG8.VAULT$

2008-07-24 20:31 . 2008-07-24 19:30 94,208 --a------ C:\WINDOWS\grswptdl.exe

2008-07-24 08:53 . 2008-07-24 21:09 <DIR> dr-h----- C:\Documents and Settings\Compaq_Eier\Siste

2008-07-20 21:34 . 2008-07-20 21:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-20 21:34 . 2008-07-20 21:34 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-18 21:40 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-07-18 21:40 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-07-18 18:20 . 2008-07-18 18:20 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

2008-07-18 18:20 . 2008-07-18 18:20 0 --a------ C:\Documents and Settings\Compaq_Eier\jagex_runescape_preferences.dat

2008-07-18 18:17 . 2005-08-27 02:14 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

2008-07-18 17:49 . 2008-07-18 17:49 <DIR> d-------- C:\Programfiler\Guitar Pro 5

2008-07-18 16:07 . 2008-07-18 16:07 1,409 --a------ C:\WINDOWS\system32\tmpEE08F.FOT

2008-07-14 18:37 . 2008-07-16 22:13 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\U3

2008-07-13 22:02 . 2008-07-18 18:16 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\skypePM

2008-07-13 22:02 . 2008-07-13 22:02 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-07-13 21:51 . 2008-07-13 21:51 <DIR> d-------- C:\Programfiler\Skype

2008-07-13 21:51 . 2008-07-13 21:51 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype

2008-07-13 21:51 . 2008-07-18 21:49 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\Skype

2008-07-13 21:51 . 2008-07-13 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype

2008-07-13 21:44 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-07-13 21:44 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-07-13 21:44 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-07-13 21:44 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

2008-07-13 21:44 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-07-13 21:44 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

2008-07-13 21:04 . 2008-07-13 21:04 268 --ah----- C:\sqmdata00.sqm

2008-07-13 21:04 . 2008-07-13 21:04 244 --ah----- C:\sqmnoopt00.sqm

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-25 21:48 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-07-20 19:34 --------- d-----w C:\Programfiler\QuickTime

2008-07-19 07:44 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-19 07:44 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-19 07:44 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-07-18 20:16 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-07-18 16:18 --------- d-----w C:\Programfiler\Java

2008-07-18 14:09 --------- d-----w C:\Programfiler\PonyGirl2

2008-07-13 19:38 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\HP

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-19 20:58 1,024 ----a-w C:\Documents and Settings\All Users\Programdata\pdfdoc2.dll

2008-06-18 20:44 --------- d-----w C:\Programfiler\CCleaner

2008-06-15 21:13 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 09:17 --------- d-----w C:\Programfiler\MSBuild

2008-06-14 09:17 --------- d-----w C:\Programfiler\Microsoft Works

2008-06-14 09:16 --------- d-----w C:\Programfiler\Microsoft.NET

2008-06-14 05:40 --------- d-----w C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-06-14 05:33 --------- d-----w C:\Programfiler\MSXML 4.0

2008-06-13 12:28 --------- d-----w C:\Documents and Settings\All Users\Programdata\QuickTime

2008-06-12 21:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-06-12 21:17 --------- d-----w C:\Programfiler\SUPERAntiSpyware

2008-06-12 21:17 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-06-12 21:17 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\SUPERAntiSpyware.com

2008-06-12 17:20 --------- d-----w C:\Programfiler\directx

2008-06-12 17:16 --------- d-----w C:\Programfiler\Eidos Interactive

2008-06-12 13:26 --------- d-----w C:\Programfiler\SweetIM

2008-06-12 13:25 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\AVGTOOLBAR

2008-06-12 13:15 --------- d-----w C:\Programfiler\AVG

2008-06-12 13:15 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8

2008-06-12 12:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\SweetIM

2008-06-12 11:28 --------- d-----w C:\Programfiler\Windows Live

2008-06-12 11:27 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-06-11 20:54 --------- d-----w C:\Programfiler\HP

2008-06-11 20:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\HP

2008-06-11 20:51 --------- d-----w C:\Programfiler\Fellesfiler\Hewlett-Packard

2008-06-11 20:49 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\HPQ

2008-06-11 20:46 1,869 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_RF147AA-UUW SR1939SC EL630_YC_0Pres_QCZB630_E63NOheREA1_48_IAMETHYST-M_SMSI_V1.0_B3.48_T060324_WXH2_L414_M447_J160_7AMD_8Athlon 64_92.19_#060918_N10EC8139_Z_G10025954_OHL-DT-ST DVDRRW GSA-H21N_DLCD905A.MRK

2008-06-11 19:52 --------- d-----w C:\Programfiler\Google

2008-06-11 19:44 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-06-11 19:42 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\AdobeUM

2008-06-11 19:10 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-06-11 19:10 --------- d-----w C:\Programfiler\D-Link

2008-06-11 19:10 --------- d-----w C:\Programfiler\Alpha Networks

2008-06-11 19:07 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-06-11 19:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-11 21:18 171448]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

"9c7ce"="C:\Programfiler\Qtvxhhfjwzafh\uehjlvv.exe" [2006-03-15 00:15 1554066]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]

"HPBootOp"="C:\Programfiler\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"D-Link AirPlus Xtreme G"="C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 17:00 2502656]

"ANIWZCSService"="C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12 32768]

"SweetIM"="C:\Programfiler\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-19 09:44 1232152]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"9c7ce"="C:\Programfiler\Qtvxhhfjwzafh\uehjlvv.exe" [2006-03-15 00:15 1554066]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 02:14 36975]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-07-20 21:34 413696]

 

C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\

Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 05:07:26 27136]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-19 09:44]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-19 09:44]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-19 09:44]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-19 09:44]

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2003-10-22 15:27]

.

Contents of the 'Scheduled Tasks' folder

"2008-07-13 19:13:39 C:\WINDOWS\Tasks\Internett-tjenester.job"

- C:\Programfiler\Hewlett-Packard\SDP\HPSdpApp.exea/remind /LaunchPoint reminder /App C:\Programfiler\Hewlett-Packard\Internet Services\StartIS.aml

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{7E156AAE-FA60-44A1-8E69-2E0E0030F1F6} - C:\WINDOWS\system32\urqRLebB.dll

BHO-{caeb9e21-45b8-41e8-8fba-748c4f7091e6} - C:\WINDOWS\system32\fujhdn.dll

BHO-{E38F129D-A59A-4125-BD05-BCADF19ABBCA} - C:\WINDOWS\system32\urqrSkiJ.dll

Toolbar-{4BFE09E6-C0C4-4F43-9972-EF6747259D82} - C:\WINDOWS\fdkowvbp.dll

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

HKCU-Run-s9201 - C:\Documents and Settings\All Users\Programdata\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe

HKLM-Run-84a828a4 - C:\WINDOWS\system32\gjvvppoa.dll

HKLM-Run-PCDrProfiler - (no file)

HKLM-Run-TkBellExe - realsched.exe

ShellExecuteHooks-{7E156AAE-FA60-44A1-8E69-2E0E0030F1F6} - C:\WINDOWS\system32\urqRLebB.dll

SSODL-wnslvxtf-{2EA2B572-B5B5-4575-A752-B6EEE95B1517} - C:\WINDOWS\wnslvxtf.dll

SSODL-eqvwamkl-{EA5E9884-6C1F-41D7-8D30-742B86FC5817} - C:\WINDOWS\eqvwamkl.dll

Notify-urqRLebB - urqRLebB.dll

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=63&bd=PRESARIO&pf=desktop

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=63&bd=PRESARIO&pf=desktop

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=63&bd=PRESARIO&pf=desktop

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-25 23:46:49

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\msrun9er-.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqste08.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Completion time: 2008-07-25 23:54:18 - machine was rebooted [Compaq_Eier]

ComboFix-quarantined-files.txt 2008-07-25 21:53:25

 

Pre-Run: 136,763,883,520 byte ledig

Post-Run: 136,231,501,824 byte ledig

 

263 --- E O F --- 2008-07-22 07:20:29

Lenke til kommentar
snippsat

snippsat

Skrevet
Skrevet (endret)

Får du startet i normal modus.

 

Kjør combofix igjen der.

Og post den nye loggen derfra.

 

Combofix restarter pcen viss du lurte på det.

 

Det meste av grumset er fjernet nå.

Det er greit og ta resten i normal modus,går ikke det ta vi

litt mere i sikkerhetmodus.

Endret av SNIPPSAT
Lenke til kommentar
Annie_P

Annie_P

Skrevet
  • Forfatter
Skrevet
Hva med systemrestore, har du tilgang til det? Og rensing etterpå(gammel restore må vekk)... ;)

 

Tror jeg har tilgang til system restore (hvis det er installsjonen slik den var dajeg kjøpte maskinen? Dette ligger på D). Vil helst prøve å løse problemet slik at jeg slipper å bruke restore.....er så mye drivere og oppdateringer at det blir utrolig tungvint å kjøre restore.

Lenke til kommentar
Annie_P

Annie_P

Skrevet
  • Forfatter
Skrevet
Får du startet i normal modus.

 

Kjør combofix igjen der.

Og post den nye loggen derfra.

 

Combofix restarter pcen viss du lurte på det.

 

Det meste av grumset er fjernet nå.

Det er greit og ta resten i normal modus,går ikke det ta vi

litt mere i sikkerhetmodus.

 

Ja, får startet i normalmodus. Ser ikke noe til viruset heller....pussig........

Har kjørt combofix, under er den siste loggen.

 

 

ComboFix 08-07-24.3 - Compaq_Eier 2008-07-26 0:32:55.2 - NTFSx86

Running from: C:\Documents and Settings\Compaq_Eier\Skrivebord\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))

.

 

2008-07-25 23:31 . 2006-01-03 05:40 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS

2008-07-25 23:31 . 2008-06-12 06:34 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2008-07-25 23:31 . 2005-10-20 23:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2008-07-25 23:31 . 2005-10-20 23:51 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2008-07-25 23:31 . 2008-06-12 06:34 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste

2008-07-25 23:31 . 2008-06-12 06:34 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2008-07-25 23:31 . 2008-06-12 06:34 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter

2008-07-25 23:31 . 2005-10-27 04:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2008-07-25 23:31 . 2008-07-26 00:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2008-07-25 23:31 . 2008-06-11 22:48 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter

2008-07-25 23:31 . 2005-10-20 23:51 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2008-07-25 23:31 . 2008-07-25 23:31 <DIR> d-------- C:\Documents and Settings\Administrator

2008-07-25 22:16 . 2008-07-25 22:16 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-07-24 21:02 . 2008-07-24 21:02 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\AVS4YOU

2008-07-24 20:53 . 2008-07-24 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\AVS4YOU

2008-07-24 20:49 . 2008-07-24 20:53 <DIR> d-------- C:\Programfiler\Fellesfiler\AVSMedia

2008-07-24 20:42 . 2008-07-24 20:54 <DIR> d-------- C:\Programfiler\AVS4YOU

2008-07-24 20:32 . 2008-07-25 15:02 <DIR> d--h----- C:\$AVG8.VAULT$

2008-07-24 20:31 . 2008-07-24 19:30 94,208 --a------ C:\WINDOWS\grswptdl.exe

2008-07-24 08:53 . 2008-07-26 00:07 <DIR> dr-h----- C:\Documents and Settings\Compaq_Eier\Siste

2008-07-20 21:34 . 2008-07-20 21:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-20 21:34 . 2008-07-20 21:34 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-18 21:40 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-07-18 21:40 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-07-18 18:20 . 2008-07-18 18:20 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

2008-07-18 18:20 . 2008-07-18 18:20 0 --a------ C:\Documents and Settings\Compaq_Eier\jagex_runescape_preferences.dat

2008-07-18 18:17 . 2005-08-27 02:14 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

2008-07-18 17:49 . 2008-07-18 17:49 <DIR> d-------- C:\Programfiler\Guitar Pro 5

2008-07-18 16:07 . 2008-07-18 16:07 1,409 --a------ C:\WINDOWS\system32\tmpEE08F.FOT

2008-07-14 18:37 . 2008-07-16 22:13 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\U3

2008-07-13 22:02 . 2008-07-18 18:16 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\skypePM

2008-07-13 22:02 . 2008-07-13 22:02 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-07-13 21:51 . 2008-07-13 21:51 <DIR> d-------- C:\Programfiler\Skype

2008-07-13 21:51 . 2008-07-13 21:51 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype

2008-07-13 21:51 . 2008-07-18 21:49 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\Skype

2008-07-13 21:51 . 2008-07-13 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype

2008-07-13 21:44 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-07-13 21:44 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-07-13 21:44 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-07-13 21:44 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

2008-07-13 21:44 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-07-13 21:44 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

2008-07-13 21:04 . 2008-07-13 21:04 268 --ah----- C:\sqmdata00.sqm

2008-07-13 21:04 . 2008-07-13 21:04 244 --ah----- C:\sqmnoopt00.sqm

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-25 22:27 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-07-20 19:34 --------- d-----w C:\Programfiler\QuickTime

2008-07-19 07:44 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-19 07:44 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-19 07:44 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-07-18 20:16 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-07-18 16:18 --------- d-----w C:\Programfiler\Java

2008-07-18 14:09 --------- d-----w C:\Programfiler\PonyGirl2

2008-07-13 19:38 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\HP

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-19 20:58 1,024 ----a-w C:\Documents and Settings\All Users\Programdata\pdfdoc2.dll

2008-06-18 20:44 --------- d-----w C:\Programfiler\CCleaner

2008-06-15 21:13 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 09:17 --------- d-----w C:\Programfiler\MSBuild

2008-06-14 09:17 --------- d-----w C:\Programfiler\Microsoft Works

2008-06-14 09:16 --------- d-----w C:\Programfiler\Microsoft.NET

2008-06-14 05:40 --------- d-----w C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-06-14 05:33 --------- d-----w C:\Programfiler\MSXML 4.0

2008-06-13 12:28 --------- d-----w C:\Documents and Settings\All Users\Programdata\QuickTime

2008-06-12 21:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-06-12 21:17 --------- d-----w C:\Programfiler\SUPERAntiSpyware

2008-06-12 21:17 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-06-12 21:17 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\SUPERAntiSpyware.com

2008-06-12 17:20 --------- d-----w C:\Programfiler\directx

2008-06-12 17:16 --------- d-----w C:\Programfiler\Eidos Interactive

2008-06-12 13:26 --------- d-----w C:\Programfiler\SweetIM

2008-06-12 13:25 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\AVGTOOLBAR

2008-06-12 13:15 --------- d-----w C:\Programfiler\AVG

2008-06-12 13:15 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8

2008-06-12 12:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\SweetIM

2008-06-12 11:28 --------- d-----w C:\Programfiler\Windows Live

2008-06-12 11:27 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-06-11 20:54 --------- d-----w C:\Programfiler\HP

2008-06-11 20:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\HP

2008-06-11 20:51 --------- d-----w C:\Programfiler\Fellesfiler\Hewlett-Packard

2008-06-11 20:49 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\HPQ

2008-06-11 20:46 1,869 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_RF147AA-UUW SR1939SC EL630_YC_0Pres_QCZB630_E63NOheREA1_48_IAMETHYST-M_SMSI_V1.0_B3.48_T060324_WXH2_L414_M447_J160_7AMD_8Athlon 64_92.19_#060918_N10EC8139_Z_G10025954_OHL-DT-ST DVDRRW GSA-H21N_DLCD905A.MRK

2008-06-11 19:52 --------- d-----w C:\Programfiler\Google

2008-06-11 19:44 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-06-11 19:42 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\AdobeUM

2008-06-11 19:10 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-06-11 19:10 --------- d-----w C:\Programfiler\D-Link

2008-06-11 19:10 --------- d-----w C:\Programfiler\Alpha Networks

2008-06-11 19:07 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-06-11 19:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-25_23.52.34.20 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-25 19:33:26 122,880 ----a-w C:\WINDOWS\system32\msrun9er-.dll

+ 2006-10-28 22:27:38 122,880 ----a-w C:\WINDOWS\system32\msrun9er-.dll

- 2007-01-30 20:32:01 9,844 ----a-w C:\WINDOWS\system32\mswmnnove.dll

+ 2006-03-18 22:21:38 9,844 ----a-w C:\WINDOWS\system32\mswmnnove.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-11 21:18 171448]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

"9c7ce"="C:\Programfiler\Qtvxhhfjwzafh\uehjlvv.exe" [2006-03-15 00:15 1554066]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]

"HPBootOp"="C:\Programfiler\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"D-Link AirPlus Xtreme G"="C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 17:00 2502656]

"ANIWZCSService"="C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12 32768]

"SweetIM"="C:\Programfiler\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-19 09:44 1232152]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"9c7ce"="C:\Programfiler\Qtvxhhfjwzafh\uehjlvv.exe" [2006-03-15 00:15 1554066]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 02:14 36975]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-07-20 21:34 413696]

"TkBellExe"="realsched.exe" [bU]

 

C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\

Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 05:07:26 27136]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-19 09:44]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-19 09:44]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-19 09:44]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-19 09:44]

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2003-10-22 15:27]

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-07-13 19:13:39 C:\WINDOWS\Tasks\Internett-tjenester.job"

- C:\Programfiler\Hewlett-Packard\SDP\HPSdpApp.exea/remind /LaunchPoint reminder /App C:\Programfiler\Hewlett-Packard\Internet Services\StartIS.aml

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=63&bd=PRESARIO&pf=desktop

R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=63&bd=PRESARIO&pf=desktop

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=63&bd=PRESARIO&pf=desktop

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=63&bd=PRESARIO&pf=desktop

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-26 00:35:57

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\msrun9er-.dll

.

Completion time: 2008-07-26 0:37:02

ComboFix-quarantined-files.txt 2008-07-25 22:36:52

ComboFix2.txt 2008-07-25 21:54:21

 

Pre-Run: 136,233,975,808 byte ledig

Post-Run: 136,227,389,440 byte ledig

 

218 --- E O F --- 2008-07-22 07:20:29

Lenke til kommentar
snippsat

snippsat

Skrevet
Skrevet (endret)

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

cfscriptyt1.gif

 

File::

C:\WINDOWS\grswptdl.exe

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"9c7ce"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"9c7ce"=-

 

---

Scann disse filene her Virustotal

C:\WINDOWS\system32\msrun9er-.dll

C:\WINDOWS\system32\msrun9er-.dll

C:\WINDOWS\system32\mswmnnove.dll

C:\WINDOWS\system32\mswmnnove.dll

---

Kjør CCleaner som du har som dette.

 

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

---

Last ned MBAM til skrivebordet.

Velg Norsk språkdrakt-->kjør hurtig systemskann.

Når MBAM er ferdig åpner den en logg,den poster du.

---

Restart

---

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log"

Post HijackThis.txt

Endret av SNIPPSAT
Lenke til kommentar
Jarmo

Jarmo

Skrevet
Skrevet
Hva med systemrestore, har du tilgang til det? Og rensing etterpå(gammel restore må vekk)... ;)

 

Tror jeg har tilgang til system restore (hvis det er installsjonen slik den var dajeg kjøpte maskinen? Dette ligger på D). Vil helst prøve å løse problemet slik at jeg slipper å bruke restore.....er så mye drivere og oppdateringer at det blir utrolig tungvint å kjøre restore.

 

Nå tenkte jeg på systemgjenoppretting, ikke nyinstall. av OS.. ;)

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...