FlowerEye Skrevet 2. juli 2008 Skrevet 2. juli 2008 (endret) Jeg har fått denne dritten og jeg får ikke fjernet ugresset. Kjører AVG Anti-Spyware, men det går så umenneskelig treit at jeg vet ikke hva jeg skal gjøre, og i mellomtiden popper det opp popups hele tiden, og skrivebordet er jo helt maltraksert. Endret 6. juli 2008 av FlowerEye
norbat Skrevet 2. juli 2008 Skrevet 2. juli 2008 avg anti-spyware er en bra scanner. Burde finne og fjerne det meste av malware. Uansett, du kan gjøre følgende: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt)
FlowerEye Skrevet 3. juli 2008 Forfatter Skrevet 3. juli 2008 Kjørte AVG i hele natt og i dag slettet den visstnok alt av virus, men så fikk jeg beskjed om å restarte dataen, og nå har jeg verken desktop eller startmeny eller noenting. Bare flaks at msn poppet opp sånn at jeg kunne åpne mailen å gå videre inn her.
norbat Skrevet 3. juli 2008 Skrevet 3. juli 2008 Desktopen kan du forsøke å få tilbake ved å åpne oppgavebehandlingen: ctrl + alt + del Velg å starte ny prosess, skriv explorer.exe Problemet skyldes malware, så du må kjøre combofix slik at vi kan få fjernet de infiserte filene. Om det er problemer å få gjort dette i normal modus, kan du starte opp i sikker modus m/nettverk (trykk F8 under oppstart, velg sikker modus med nettverk.)
FlowerEye Skrevet 5. juli 2008 Forfatter Skrevet 5. juli 2008 Prøvde å kjøre combofix da maskinen slettet hele programmet. Jeg laster ned på nytt og prøver. Har kjørt antivirusprogram om og om igjen men blir ikke kvitt det. Skal komme med logg senere i kveld. Tusen takk for hjelp
FlowerEye Skrevet 5. juli 2008 Forfatter Skrevet 5. juli 2008 (endret) Viser ikke innlegget? Hva skjer? Endret 5. juli 2008 av FlowerEye
FlowerEye Skrevet 5. juli 2008 Forfatter Skrevet 5. juli 2008 Prøver med HijackThis da. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:51:51, on 05.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\Programfiler\QuickTime\QTTask.exe C:\WINDOWS\System32\igfxtray.exe C:\Programfiler\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\MagicDisc\MagicDisc.exe C:\Programfiler\HPQ\shared\hpqwmi.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://norwegian.ircfast2.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file) O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file) O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file) O2 - BHO: (no name) - {24E5C61A-5A81-4E68-BFBB-BC340D5FE2EE} - C:\WINDOWS\system32\khfCtqqp.dll (file missing) O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file) O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file) O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file) O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file) O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file) O2 - BHO: (no name) - {7D8F380F-E933-4E5E-8646-CF8CD05AB32D} - C:\WINDOWS\system32\tuvUKDVL.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file) O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file) O2 - BHO: (no name) - {BBEA7B49-9889-479D-9407-A3313E0DE74A} - C:\WINDOWS\system32\vtUooNFY.dll (file missing) O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file) O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file) O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file) O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file) O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179924975546 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179924950593 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\shared\hpqwmi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 7478 bytes
norbat Skrevet 5. juli 2008 Skrevet 5. juli 2008 Lukk nettleseren Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix chekced: O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file) O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file) O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file) O2 - BHO: (no name) - {24E5C61A-5A81-4E68-BFBB-BC340D5FE2EE} - C:\WINDOWS\system32\khfCtqqp.dll (file missing) O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file) O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file) O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file) O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file) O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file) O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file) O2 - BHO: (no name) - {7D8F380F-E933-4E5E-8646-CF8CD05AB32D} - C:\WINDOWS\system32\tuvUKDVL.dll (file missing) O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file) O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file) O2 - BHO: (no name) - {BBEA7B49-9889-479D-9407-A3313E0DE74A} - C:\WINDOWS\system32\vtUooNFY.dll (file missing) O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file) O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file) O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file) O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file) Last ned ny combofix og prøv å kjør programmet (enten fra normal eller sikker modus). Post loggen den lager.
FlowerEye Skrevet 5. juli 2008 Forfatter Skrevet 5. juli 2008 Ny logg Klikk for å se/fjerne innholdet nedenfor ComboFix 08-07-04.6 - Daniel lindter 2008-07-05 23:28:24.3 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.202 [GMT 2:00] Running from: C:\Documents and Settings\Daniel lindter\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 ))))))))))))))))))))))))))))))) . 2008-07-05 22:51 . 2008-07-05 22:51 <DIR> d-------- C:\Programfiler\Trend Micro 2008-07-05 15:37 . 2008-07-05 17:21 <DIR> dr-h----- C:\Documents and Settings\Daniel lindter\Siste 2008-07-03 21:47 . 2008-07-03 21:47 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-02 22:38 . 2008-07-02 22:38 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-07-02 22:34 . 2008-07-03 07:54 <DIR> d--hs---- C:\WINDOWS\ZGFuaWVs 2008-07-02 22:34 . 2008-07-03 07:38 <DIR> d-------- C:\WINDOWS\system32\yrt 2008-07-02 22:34 . 2008-07-02 22:34 <DIR> d-------- C:\WINDOWS\system32\pRI 2008-07-02 22:34 . 2008-07-02 22:34 <DIR> d-------- C:\WINDOWS\system32\modtrux18 2008-07-02 22:34 . 2008-07-02 22:34 <DIR> d-------- C:\Temp\syschk3 2008-07-02 22:34 . 2008-07-05 22:19 <DIR> d-------- C:\Temp 2008-06-20 16:22 . 2008-06-30 14:37 <DIR> d-------- C:\Programfiler\PhotomatixPro3 2008-06-20 05:40 . 2008-06-20 05:40 90,073 --a------ C:\WINDOWS\system32\iftuyszv.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-05 20:28 --------- d-----w C:\Documents and Settings\Daniel lindter\Programdata\WTablet 2008-07-05 20:25 --------- d-----w C:\Documents and Settings\LocalService\Programdata\WTablet 2008-07-03 19:47 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-07-02 22:11 --------- d-----w C:\Programfiler\LimeWire 2008-07-02 20:38 --------- d-----w C:\Documents and Settings\Daniel lindter\Programdata\LimeWire 2008-06-30 10:06 --------- d-----w C:\Programfiler\Macromedia 2008-06-30 10:00 --------- d-----w C:\Documents and Settings\Daniel lindter\Programdata\dvdcss 2008-06-25 12:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\SmartSound Software Inc 2008-06-25 12:06 --------- d-----w C:\Programfiler\Fellesfiler\Macromedia 2008-06-25 12:01 --------- d-----w C:\Programfiler\BitLord 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-01-22 20:36 155648] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-01-22 20:31 126976] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-11-05 13:52 233534] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] C:\Documents and Settings\Daniel lindter\Start-meny\Programmer\Oppstart\ MagicDisc.lnk - C:\Programfiler\MagicDisc\MagicDisc.exe [2008-04-03 22:55:05 546816] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^Daniel lindter^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk] path=C:\Documents and Settings\Daniel lindter\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-09-18 16:16 171464 C:\Programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\WINDOWS\\Installer\\{C169D3BB-9A27-43F5-9979-09A0D65FE95C}\\Icon_SmartFTP.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"= R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30] . Contents of the 'Scheduled Tasks' folder "2008-04-28 05:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{7D8F380F-E933-4E5E-8646-CF8CD05AB32D} - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-05 23:30:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????2?7?2?4??????? ?,?B?????????????hLC???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-05 23:31:57 ComboFix-quarantined-files.txt 2008-07-05 21:31:22 ComboFix2.txt 2008-07-05 20:33:10 ComboFix3.txt 2008-03-31 10:47:16 Pre-Run: 63,446,872,064 byte ledig Post-Run: 63,435,034,624 byte ledig 107 --- E O F --- 2008-06-22 08:35:33
norbat Skrevet 5. juli 2008 Skrevet 5. juli 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\system32\iftuyszv.exe Folder:: C:\WINDOWS\ZGFuaWVs C:\WINDOWS\system32\yrt C:\WINDOWS\system32\pRI C:\WINDOWS\system32\modtrux18 C:\Temp
FlowerEye Skrevet 5. juli 2008 Forfatter Skrevet 5. juli 2008 Du er bare så flink da Ny logg. Klikk for å se/fjerne innholdet nedenfor ComboFix 08-07-04.6 - Daniel lindter 2008-07-06 0:31:48.4 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.136 [GMT 2:00] Running from: C:\Documents and Settings\Daniel lindter\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Daniel lindter\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\iftuyszv.exe C:\WINDOWS\system32\vbzip10.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp C:\Temp\syschk3\tdirp5.log C:\WINDOWS\system32\iftuyszv.exe C:\WINDOWS\system32\modtrux18 C:\WINDOWS\system32\modtrux18\modtrux182328.exe C:\WINDOWS\system32\pRI C:\WINDOWS\system32\pRI\kscomdll3.exe C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\system32\yrt C:\WINDOWS\ZGFuaWVs . ((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 ))))))))))))))))))))))))))))))) . 2008-07-06 00:13 . 2008-07-06 00:30 <DIR> dr-h----- C:\Documents and Settings\Daniel lindter\Siste 2008-07-05 22:51 . 2008-07-05 22:51 <DIR> d-------- C:\Programfiler\Trend Micro 2008-07-03 21:47 . 2008-07-03 21:47 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-20 16:22 . 2008-06-30 14:37 <DIR> d-------- C:\Programfiler\PhotomatixPro3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-05 20:28 --------- d-----w C:\Documents and Settings\Daniel lindter\Programdata\WTablet 2008-07-05 20:25 --------- d-----w C:\Documents and Settings\LocalService\Programdata\WTablet 2008-07-03 19:47 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-07-02 22:11 --------- d-----w C:\Programfiler\LimeWire 2008-07-02 20:38 --------- d-----w C:\Documents and Settings\Daniel lindter\Programdata\LimeWire 2008-06-30 10:06 --------- d-----w C:\Programfiler\Macromedia 2008-06-30 10:00 --------- d-----w C:\Documents and Settings\Daniel lindter\Programdata\dvdcss 2008-06-25 12:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\SmartSound Software Inc 2008-06-25 12:06 --------- d-----w C:\Programfiler\Fellesfiler\Macromedia 2008-06-25 12:01 --------- d-----w C:\Programfiler\BitLord 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-01-22 20:36 155648] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-01-22 20:31 126976] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-11-05 13:52 233534] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] C:\Documents and Settings\Daniel lindter\Start-meny\Programmer\Oppstart\ MagicDisc.lnk - C:\Programfiler\MagicDisc\MagicDisc.exe [2008-04-03 22:55:05 546816] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^Daniel lindter^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk] path=C:\Documents and Settings\Daniel lindter\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-09-18 16:16 171464 C:\Programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\WINDOWS\\Installer\\{C169D3BB-9A27-43F5-9979-09A0D65FE95C}\\Icon_SmartFTP.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"= R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30] . Contents of the 'Scheduled Tasks' folder "2008-04-28 05:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{7D8F380F-E933-4E5E-8646-CF8CD05AB32D} - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-06 00:33:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????2?7?2?4??????? ?,?B?????????????hLC???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-06 0:35:14 ComboFix-quarantined-files.txt 2008-07-05 22:34:35 ComboFix2.txt 2008-07-05 21:31:59 ComboFix3.txt 2008-07-05 20:33:10 ComboFix4.txt 2008-03-31 10:47:16 Pre-Run: 63,428,263,936 byte ledig Post-Run: 63,415,013,376 byte ledig 118 --- E O F --- 2008-06-22 08:35:33
norbat Skrevet 5. juli 2008 Skrevet 5. juli 2008 Loggen ser fin ut. Du kan avslutte med følgende: Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "Bare slett midlertidige filer som er eldre enn 48 timer" Klikk på 'Renser' og deretter 'Kjør CCleaner'. Fjern combofix ved å skrive combofix /u i kjør-feltet.
FlowerEye Skrevet 6. juli 2008 Forfatter Skrevet 6. juli 2008 Tusen takk for all hjelp. CCleaner er allerede kjørt
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå