Horg Skrevet 25. august 2009 Rapporter Del Skrevet 25. august 2009 (endret) Kunne noen med peiling se over disse loggene? Lurer på om jeg ble kvitt alt, eller om jeg enda har noen problemer liggende. ComboFix Klikk for å se/fjerne innholdet nedenfor ComboFix 09-08-24.06 - Admin 25.08.2009 12:20.1.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1033.18.2046.1500 [GMT 2:00] Kjører fra: c:\documents and settings\Admin\Desktop\ComboFixer.exe AV: avast! antivirus 4.8.1201 [VPS 090824-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Antivirus.lnk c:\documents and settings\All Users\Start Menu\Programs\Windows Live Messenger .lnk . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-25 til 2009-08-25 ))))))))))))))))))))))))))))))))) . 2009-08-25 09:53 . 2009-08-25 09:53 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2009-08-25 09:53 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-25 09:53 . 2009-08-25 09:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-25 09:53 . 2009-08-25 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-25 09:53 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-24 18:04 . 2009-08-24 18:04 6944624 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe 2009-08-22 16:00 . 2009-08-23 16:27 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc 2009-08-21 21:31 . 2009-08-21 21:31 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-21 21:31 . 2009-08-21 21:31 -------- d-----w- c:\program files\MSBuild 2009-08-21 21:31 . 2009-08-21 21:31 -------- d-----w- c:\program files\Reference Assemblies 2009-08-21 21:30 . 2009-08-21 21:31 -------- d-----w- C:\5669075041f0331ffb1af01032fd09 2009-08-21 21:30 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-21 21:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-21 21:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-21 21:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-21 21:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-21 21:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-21 21:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-13 15:15 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-25 10:08 . 2007-09-18 10:50 -------- d-----w- c:\documents and settings\Admin\Application Data\StarOffice8 2009-08-25 10:07 . 2007-09-12 18:56 12959 ----a-w- c:\windows\system32\tablet.dat 2009-08-25 08:51 . 2007-09-12 18:47 -------- d-----w- c:\documents and settings\Admin\Application Data\Wave Systems Corp 2009-08-24 18:07 . 2008-03-17 14:05 -------- d-----w- c:\program files\Lavasoft 2009-08-24 18:06 . 2007-09-18 10:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-24 18:04 . 2008-03-17 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-24 13:31 . 2007-09-02 15:13 39111 ----a-w- c:\windows\system32\nvModes.dat 2009-08-23 20:15 . 2007-10-05 20:29 -------- d-----w- c:\program files\Warcraft III 2009-08-22 16:27 . 2007-09-30 00:21 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent 2009-08-05 09:01 . 2004-08-10 11:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 18:24 . 2009-06-09 13:23 76442 ----a-w- c:\windows\War3Unin.dat 2009-08-02 21:15 . 2008-01-19 14:33 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype 2009-08-02 17:04 . 2008-01-19 14:34 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM 2009-07-17 19:01 . 2004-08-10 11:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 10:21 . 2004-08-10 11:51 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-26 16:50 . 2004-08-10 11:51 666624 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:50 . 2004-08-10 11:51 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-25 08:25 . 2004-08-10 11:51 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-10 11:51 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-10 11:51 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-10 11:51 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2004-08-10 11:51 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-10 11:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-10 11:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2004-08-10 11:51 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2004-08-10 11:51 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 12:31 . 2004-08-10 11:51 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-10 11:50 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:19 . 2004-08-10 12:01 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2004-08-10 11:51 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-09 13:29 . 2009-06-09 13:23 2829 ----a-w- c:\windows\War3Unin.pif 2009-06-09 13:29 . 2009-06-09 13:23 139264 ----a-w- c:\windows\War3Unin.exe 2009-06-03 19:09 . 2004-08-10 11:51 1291264 ----a-w- c:\windows\system32\quartz.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-15 159744] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936] "Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 102400] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 212992] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-05-31 1626112] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-05-31 67584] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-02-18 303104] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Admin\Start Menu\Programs\Startup\ StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2005-6-21 122880] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-2 50688] TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2007-9-12 114688] VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-10-24 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wxvault.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre1.5.0_06\\bin\\java.exe"= "c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"= "c:\\Program Files\\Opera\\Opera.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Warcraft III\\War3.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Documents and Settings\\Admin\\My Documents\\Fag\\Java\\eclipse\\eclipse.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "53:UDP"= 53:UDP:Promo R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [02.05.2008 13:53 78416] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [19.12.2006 15:21 79432] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02.05.2008 13:53 20560] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [10.08.2004 13:50 5120] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [09.06.2009 15:35 22784] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [02.11.2006 13:32 97536] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02.08.2005 23:10 32512] S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [12.09.2007 21:36 19020] S3 Tomcat6;Apache Tomcat;c:\tomcat 6.0\bin\tomcat6.exe [20.07.2007 04:20 57344] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [13.11.2007 17:14 30464] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - AVAST!_MAIL_SCANNER . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57] . . ------- Tilleggsskanning ------- . uStart Page = www.google.no/ig/dell?hl=en&client=dell-row-rel&channel=no&ibd=6070902 mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=no&l=no&s=gen uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local LSP: c:\windows\system32\biolsp.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-25 12:23 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1424) c:\windows\system32\wxvault.dll c:\windows\system32\detoured.dll - - - - - - - > 'lsass.exe'(1480) c:\windows\system32\wxvault.dll c:\windows\system32\detoured.dll c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . Tidspunkt ferdig: 2009-08-25 12:25 ComboFix-quarantined-files.txt 2009-08-25 10:25 Pre-Run: 60 407 132 160 bytes free Post-Run: 60 488 007 680 bytes free 202 --- E O F --- 2009-08-22 23:33 MBAM Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.40Databaseversjon: 2693 Windows 5.1.2600 Service Pack 3 25.08.2009 12:06:01 mbam-log-2009-08-25 (12-06-01).txt Skanntype: Rask Skann Objekter skannet: 88915 Tid tilbakelagt: 4 minute(s), 28 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 8 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts (Trojan.Downloader) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\17580784 (Rogue.Multiple.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowshive (Spyware.Passwords) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Documents and Settings\All Users\Application Data\17580784 (Rogue.Multiple.H) -> Quarantined and deleted successfully. Filer infisert: C:\Documents and Settings\All Users\Application Data\17580784\17580784 (Rogue.Multiple.H) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\17580784\17580784.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\17580784\pc17580784ins (Rogue.Multiple.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Admin\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rpcc.exe (Spyware.Passwords) -> Delete on reboot. C:\WINDOWS\Temp\wpv481251053173.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv971250826839.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ikowin32.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Endret 25. august 2009 av Horg Lenke til kommentar
geir__hk Skrevet 25. august 2009 Rapporter Del Skrevet 25. august 2009 Hvorfor ikke bare installere windows på nytt igjen eller evt sette maskinen tilbake til fabrikk-innstillinger? Og oppdatere nettleser, og ikke tro alt du leser på nett av typen "du har virus, trykk her for å installere program som kan fjærne viruset". Lenke til kommentar
raWrz Skrevet 25. august 2009 Rapporter Del Skrevet 25. august 2009 Hvorfor ikke bare installere windows på nytt igjen eller evt sette maskinen tilbake til fabrikk-innstillinger? Og oppdatere nettleser, og ikke tro alt du leser på nett av typen "du har virus, trykk her for å installere program som kan fjærne viruset". hvorfor skal folk gidde det? MYE lettere at vi fjerner det for dem :-/ da hvet de at vi kan hjelpe de med at de ikke mister bilde serien om ferien som de lagde igår. Dessuten så må du kansje tenke på at ikke alle har så god data kunnskap at de greier og reinstalere windows. og hvis du anbefaler det så tror jeg du må hjelpe de litt mer enn at du bare sier at de skal gjøre det.. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå