TaZ Skrevet 11. august 2009 Skrevet 11. august 2009 (endret) Andre kjøring etter den fjerna 128 ting. klarte å slette den loggen.. Malwarebytes' Anti-Malware 1.40 Database version: 2601 Windows 5.1.2600 Service Pack 2 11.08.2009 18:30:12 mbam-log-2009-08-11 (18-30-12).txt Scan type: Quick Scan Objects scanned: 104370 Time elapsed: 8 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 09-08-10.06 - Geir 11.08.2009 17:43.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.503.300 [GMT 2:00] Kjører fra: c:\documents and settings\Geir \Skrivebord\ComboFix.exe ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Geir \err.log c:\windows\bobsaver.exe c:\windows\bobsaver.scr c:\windows\Downloaded Program Files\dlhelper.dll c:\windows\Installer\11a5cd.msi c:\windows\Installer\193e52b.msi c:\windows\Installer\3f274.msi c:\windows\system32\stera.log . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-11 til 2009-08-11 ))))))))))))))))))))))))))))))))) . 2009-08-11 15:36 . 2009-08-11 15:37 -------- d-----w- c:\programfiler\Tiny Personal Firewall 2009-08-11 15:36 . 2001-10-22 15:54 77312 ----a-w- c:\windows\system32\drivers\fwdrv.sys 2009-08-11 13:52 . 2009-08-11 13:52 -------- d-----w- c:\documents and settings\Geir\Programdata\Malwarebytes 2009-08-11 13:52 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-11 13:52 . 2009-08-11 13:52 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-08-11 13:52 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-11 13:52 . 2009-08-11 13:52 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-08-11 13:22 . 2009-08-11 14:34 -------- d-----w- c:\windows\system32\CatRoot_bak 2009-08-11 13:19 . 2001-10-06 11:36 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-08-11 13:19 . 2001-10-06 11:36 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2009-08-11 13:19 . 2004-08-03 22:57 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-08-11 13:19 . 2004-08-03 22:57 14720 ----a-w- c:\windows\system32\dllcache\kbdhid.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-11 15:36 . 2005-01-12 19:14 -------- d--h--w- c:\programfiler\InstallShield Installation Information 2009-08-11 14:15 . 2006-04-08 23:34 -------- d-----w- c:\programfiler\MSN Messenger 2009-08-11 14:12 . 2006-02-02 14:03 -------- d-----w- c:\programfiler\QuickTime 2009-08-11 14:10 . 2005-04-09 22:51 -------- d-----w- c:\programfiler\Fellesfiler\Real 2009-08-11 13:20 . 2005-01-12 19:06 61158 ----a-w- c:\windows\system32\PERFC014.DAT 2009-08-11 13:20 . 2005-01-12 19:06 386046 ----a-w- c:\windows\system32\PERFH014.DAT 2006-02-18 12:22 . 2006-02-18 12:21 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys 2006-02-01 13:45 . 2006-02-01 13:42 338 --sha-w- c:\windows\SYSTEM32\msjeto1.dat 2006-02-01 13:45 . 2006-02-01 13:42 520 --sha-w- c:\windows\SYSTEM32\msjeto2.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *SsiEfr.estera [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Geir^Start-meny^Programmer^Oppstart^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\documents and settings\Geir\Start-meny\Programmer\Oppstart\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= R1 fwdrv;Tiny Personal Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fwdrv.sys [11.08.2009 17:36 77312] S3 cmuda2;C-Media USB Audio Interface;c:\windows\system32\drivers\cmuda2.sys --> c:\windows\system32\drivers\cmuda2.sys [?] S3 rt2571;Wireless 802.11g USB Adapter Driver;c:\windows\SYSTEM32\DRIVERS\rt2571.sys [12.10.2007 11:41 81920] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-02-17 c:\windows\Tasks\Tegnkart.job - c:\windows\SYSTEM32\charmap.exe [2004-08-04 12:00] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-Magentic - c:\progra~1\Magentic\bin\Magentic.exe HKCU-Run-H/PC Connection Agent - c:\programfiler\Microsoft ActiveSync\WCESCOMM.EXE HKU-Default-Run-Picasa Media Detector - c:\programfiler\Picasa2\PicasaMediaDetector.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://vg.no/ mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR IE: &Google Search - c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC IE: &Translate English Word - c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html IE: Backward Links - c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\programfiler\google\GoogleToolbar2.dll/cmcache.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 IE: Similar Pages - c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate Page into English - c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html IE: {{050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - c:\programfiler\CoralEurobetPoker\coraleurobetpoker.exe . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-11 17:54 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1638582671-4067692757-2746595228-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(3440) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\browselc.dll c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\programfiler\Microsoft Office\OFFICE11\msohev.dll c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\system32\wmvcore.dll c:\windows\system32\WMASF.DLL . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE c:\programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe c:\windows\SYSTEM32\WSCNTFY.EXE . ************************************************************************** . Tidspunkt ferdig: 2009-08-11 18:01 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-08-11 16:01 Pre-Run: 9 168 113 664 byte ledig Post-Run: 10 665 693 184 byte ledig 146 --- E O F --- 2008-09-16 21:08 Fjerne disse 2? c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE Har ingen printer.. Så er det en "mobil enhet" i min datamaskin som skulle hvert fjerna.. Endret 11. august 2009 av taz
snippsat Skrevet 12. august 2009 Skrevet 12. august 2009 Ser bra ut. Fjerne disse 2?c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE Ja men bare lagere dem som(SYSTEM32\LEXPPS.EXE.bak)først kjører pcen greit sletter du dem etter en stund. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Surf trygt.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå