Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Virus; ansluter sig till internet etc... (digeste.dll)

Colandus

Startad av Colandus,
i Virus, skadliga program & botemedel

Rekommendera Poster

Colandus

Colandus

Postad
  • Trådskapare
Postad

Jag har märkt att när jag stoppar usb minnet i den andra datorn så får jag meddelandet om en fil som heter minibax.exe, w32/horst.gen33

 

[log]Malwarebytes' Anti-Malware 1.33

Databasversion: 1712

Windows 5.1.2600 Service Pack 3

 

2009-01-31 21:12:02

mbam-log-2009-01-31 (21-11-44).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 54333

Förfluten tid: 4 minute(s), 27 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 2

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

Länk till kommentar
Dela på andra webbplatser
Zipp.

Zipp.

Postad
Postad

[log]Ladda ner Flash Disinfector by sUBs till Skrivbordet:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

 

Dubbelklicka på den nedladdade filen för att starta programmet.

Följ de anvisningar som kommer upp.

 

Starta om datorn efter det och kör en ny Combofix log [/log]

 

[inlägget ändrat 2009-01-31 21:24:02 av Zipp.]

Länk till kommentar
Dela på andra webbplatser
Colandus

Colandus

Postad
  • Trådskapare
Postad

[log]Malwarebytes' Anti-Malware 1.33

Databasversion: 1654

Windows 5.1.2600 Service Pack 3

 

2009-01-31 17:44:18

mbam-log-2009-01-31 (17-43-51).txt

 

Skanningstyp: Fullständig skanning (C:\|)

Antal skannade objekt: 141438

Förfluten tid: 50 minute(s), 22 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 4

Infekterade registervärden: 0

Infekterade registerdataposter: 2

Infekterade mappar: 0

Infekterade filer: 2

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati1wcxx (Rootkit.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati1wcxx (Rootkit.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati1wcxx (Rootkit.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati1wcxx (Rootkit.Agent) -> No action taken.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\System Volume Information\_restore{E01B9117-E993-4959-9F11-D1C94BD63691}\RP540\A0153086.sys (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\drivers\ati1wcxx.sys (Rootkit.Agent) -> No action taken.

[/log]

 

Länk till kommentar
Dela på andra webbplatser
Colandus

Colandus

Postad
  • Trådskapare
Postad

När jag kör combofix så sägen den att datorn inte har "windows recovery console" installerad. den laddar den från internet och sedan får jag meddelande att Boot-patritionen kunde inte utläsas korrekt

 

Länk till kommentar
Dela på andra webbplatser
Colandus

Colandus

Postad
  • Trådskapare
Postad

Sista försöket jag hoppas att du har en lösning, jag tror att jag blir tvungen att installera om datorn.[log]ComboFix 09-01-31.01 - MY 2009-01-31 22:16:08.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1023.551 [GMT 1:00]

Körs från: c:\documents and settings\MY\Desktop\ComboFix.exe

 

VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

E:\autorun.inf

E:\xfgxa.pif

 

.

(((((((((((((((((((((((( Filer Skapade från 2008-12-28 till 2009-01-31 ))))))))))))))))))))))))))))))

.

 

2009-01-31 21:48 . 2009-01-31 21:48 <DIR> d-------- c:\program files\Fighters

2009-01-31 21:48 . 2009-01-31 21:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters

2009-01-31 18:28 . 2009-01-31 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

2009-01-31 15:35 . 2009-01-31 15:35 <DIR> d-------- c:\documents and settings\MY\Application Data\Malwarebytes

2009-01-31 15:34 . 2009-01-31 15:34 <DIR> d-------- c:\program files\kalle

2009-01-31 15:32 . 2009-01-31 15:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-31 15:32 . 2009-01-31 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-31 15:32 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-31 15:32 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-31 14:53 . 2009-01-31 14:53 <DIR> d-------- c:\program files\Trend Micro

2009-01-31 14:37 . 2009-01-31 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-01-31 11:58 . 2009-01-31 12:35 5 --a------ c:\windows\_id.dat

2009-01-31 11:57 . 2009-01-31 15:23 124 --a------ c:\windows\adobe.bat

2009-01-23 22:50 . 2009-01-23 22:50 <DIR> d-------- c:\program files\MohadaraDownloader

2008-12-23 23:07 . 2008-12-23 23:07 7,680 --ahs---- c:\windows\Thumbs.db

2008-12-18 16:26 . 2008-12-18 16:26 <DIR> d-------- c:\windows\system32\Nordea

2008-12-05 21:32 . 2008-12-05 21:32 410,984 --a------ c:\windows\system32\deploytk.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-31 21:08 --------- d-----w c:\program files\Windows Live

2009-01-31 14:25 --------- d-----w c:\program files\Norton Security Scan

2009-01-31 14:21 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-31 14:21 --------- d-----w c:\program files\Common Files\Panda Software

2009-01-31 14:11 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-01-31 11:45 --------- d-----w c:\documents and settings\MY\Application Data\Free Download Manager

2009-01-14 09:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-01-09 17:45 --------- d-----w c:\documents and settings\MY\Application Data\uTorrent

2008-12-23 22:08 --------- d-----w c:\program files\Windows Media Connect 2

2008-12-23 22:08 --------- d-----w c:\program files\Jak lånekalkyl 1.5

2008-12-23 22:08 --------- d-----w c:\program files\Free Download Manager

2008-12-23 22:08 --------- d-----w c:\program files\Consumer Update Firmware

2008-12-23 22:08 --------- d-----w c:\program files\????? ???????

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-05 20:32 --------- d-----w c:\program files\Java

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-31_18.49.54.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\ARPPRODUCTICON.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut10_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut11_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut12_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut13_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut14_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut7_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut8_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut9_A73DE485409A4B7DA76AD137CB04FD6D.exe

- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe

+ 2000-08-31 07:00:00 286,720 ----a-w c:\windows\SWREG.exe

+ 2008-11-18 10:01:46 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys

+ 2009-01-31 21:23:07 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2dc.dat

+ 2009-01-31 21:25:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_810.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1764864]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-07 5918720]

"00THotkey"="c:\windows\system32\00THotkey.exe" [2005-05-11 13:46 356352]

"SmoothView"="c:\program files\TOSHIBA\Toshibas zoomningsfunktion\SmoothView.exe" [2005-05-13 118784]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]

"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 102400]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077329]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 172032]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]

"000StTHK"="000StTHK.exe" [2001-06-23 04:28 94208 c:\windows\system32\000StTHK.exe]

"TFNF5"="TFNF5.exe" [2004-12-15 c:\windows\system32\TFNF5.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 c:\windows\agrsmmsg.exe]

"TPSMain"="TPSMain.exe" [2005-03-21 c:\windows\system32\TPSMain.exe]

"TPSODDCtl"="TPSODDCtl.exe" [bU]

"TFncKy"="TFncKy.exe" [bU]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [bU]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

"NDSTray.exe"="NDSTray.exe" [bU]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start Menu\Programs\StartupLogitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-25 753664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

Registernyckeln SafeBoot behöver repareras. Den här datorn kan inte startas i felsäkert läge.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"= c:\\Program Files\\Messenger\\MSMSGS.EXE

"c:\\windows\\system32\\TFNF5.exe"=

"c:\\windows\\system32\\000StTHK.exe"=

"c:\\WINDOWS\\system32\\00THotkey.exe"=

"c:\\Program Files\\TOSHIBA\\Tvs\\TvsTray.exe"=

"c:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"=

"c:\\Program Files\\Common Files\\Logitech\\khalshared\\KHALMNPR.EXE"=

"c:\\windows\\system32\\netsh.exe"=

"c:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"=

"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=

"c:\\Program Files\\kalle\\mbam.exe"=

"c:\\Program Files\\Apoint2K\\Apoint.exe"=

"c:\\ComboFix\\NirCmd.cfexe"=

"c:\\windows\\AGRSMMSG.exe"=

"c:\\Program Files\\TOSHIBA\\TOSHIBAs kontroller\\TFncKy.exe"=

"c:\\WINDOWS\\VM_STI.EXE"=

"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=

"c:\\windows\\system32\\TPSMain.exe"=

"c:\\windows\\system32\\CF8149.exe"=

"c:\\DOCUME~1\\MY\\LOCALS~1\\Temp\\ncyf.exe"=

"c:\\DOCUME~1\\MY\\LOCALS~1\\Temp\\winylvax.exe"=

"c:\\DOCUME~1\\MY\\LOCALS~1\\Temp\\irwcyr.exe"=

 

R1 NTGDT;NTGDT;c:\windows\system32\drivers\NTGDT.SYS [2005-10-28 18144]

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\jgphin.sys --> c:\windows\system32\drivers\jgphin.sys [?]

R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;c:\windows\system32\drivers\ttv400x.sys [2005-10-25 173568]

R3 Vfscan;Vfscan;c:\windows\system32\drivers\vffilter.sys [2008-11-18 15496]

R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-12-25 3712]

R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272]

R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848]

R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944]

R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912]

R4 TOS_SPS;TOSHIBA SPS Driver;c:\program files\Toshiba\TMP2VDec\tos_sps.sys [2005-07-11 163712]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-02-02 476416]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2007-10-30 23040]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901281eb-9748-11dc-b7e0-0012f0c5b020}]

\Shell\AutoRun\command - e:\qiraat\Run.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1144a52-deba-11da-b18e-0012f0c5b020}]

\shell\AUtOPLAy\command - E:\xdno.cmd

\shell\AutoRun\command - E:\xdno.cmd

\shell\expLore\CoMMAnd - E:\xdno.cmd

\shell\oPen\coMmAnd - E:\xdno.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba942386-5249-11dd-bb6b-0012f0c5b020}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec3479c8-8e39-11dd-bc9a-0012f0c5b020}]

\Shell\AutoRun\command - E:\setupSNK.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-01-28 c:\windows\Tasks\Norton Security Scan for MY.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

 

2006-04-24 c:\windows\Tasks\Registration reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 01:12]

 

2006-05-01 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 01:12]

 

2009-01-31 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDetect.exe []

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

 

 

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html

IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Ladda ner allt med Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Ladda ner markerat med Free Download Mananger - file://c:\program files\Free Download Manager\dlselected.htm

IE: Ladda ner med Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html

DPF: {E505599B-F37A-4849-A7B0-E0AAB5CB054C} - hxxps://gfs.nb.se/privat/bank/scripts/eid/NordeaSmartCard.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-31 22:24:44

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Andra processer som körs ------------------------

.

c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe

c:\windows\system32\scardsvr.exe

c:\program files\Toshiba\ConfigFree\CFSvcs.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\ehome\ehRec.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Apoint2K\ApntEx.exe

c:\windows\system32\TPSBattM.exe

c:\windows\system32\rundll32.exe

c:\program files\Toshiba\ConfigFree\NDSTray.exe

c:\program files\Fighters\Spywarefighter\SpywarefighterTray.exe

c:\docume~1\MY\LOCALS~1\temp\ncyf.exe

c:\docume~1\MY\LOCALS~1\temp\winylvax.exe

.

**************************************************************************

.

Sluttid: 2009-01-31 22:30:27 - datorn startades om.

ComboFix-quarantined-files.txt 2009-01-31 21:30:18

ComboFix2.txt 2009-01-31 20:43:29

ComboFix3.txt 2009-01-31 19:38:49

ComboFix4.txt 2009-01-31 18:26:52

 

Före genomsökningen: 17 291 104 256 bytes free

Efter genomsökningen: 17,266,954,240 byte ledigt

 

267 --- E O F --- 2009-01-14 09:04:27

[/log]

 

Länk till kommentar
Dela på andra webbplatser
Zipp.

Zipp.

Postad
Postad

 

jag tror att jag blir tvungen att installera om datorn

 

Det är ju säkrast att formatera och installera om men jag tror att det går att fixa men du får bestämma själv

 

Länk till kommentar
Dela på andra webbplatser
Zipp.

Zipp.

Postad
Postad

 

[log]Ladda ner Atf-Cleaner på Skrivbordet

 

http://www.atribune.org/ccount/click.php?id=1

 

bocka i allt och rensa bort dom.

 

Släng den CFScript.txt du har och ladda en ny här på Skrivbordet

 

http://www.skickafilen.se/download.jsp?fileid=pLWZTaC9dQyDegTqfMLA

 

sen dra den med musen i Combofix och kör den och skicka loggen som kommer ut[/log]

 

Länk till kommentar
Dela på andra webbplatser
Colandus

Colandus

Postad
  • Trådskapare
Postad

När ComboFix meddelar om att Windows ska startas om fick jag felmeddelandet "Det gick inte att starta programmet eftersom Windows håller på att avslutas.", med titeln "catchme.cfexe" och något mer med att en DLL-fil saknas...

 

Länk till kommentar
Dela på andra webbplatser
Colandus

Colandus

Postad
  • Trådskapare
Postad

[log]ComboFix 09-01-31.01 - MY 2009-01-31 23:05:22.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.634 [GMT 1:00]

Körs från: c:\documents and settings\MY\Desktop\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\MY\Desktop\CFScript(3).txt

* Skapade en ny återställningspunkt

 

VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!

 

FILE ::

c:\windows\system32\drivers\jgphin.sys

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

E:\autorun.inf

E:\jscinw.cmd

 

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ABP470N5

-------\Service_abp470n5

 

 

(((((((((((((((((((((((( Filer Skapade från 2008-12-28 till 2009-01-31 ))))))))))))))))))))))))))))))

.

 

2009-01-31 21:48 . 2009-01-31 21:48 <DIR> d-------- c:\program files\Fighters

2009-01-31 21:48 . 2009-01-31 21:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters

2009-01-31 18:28 . 2009-01-31 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

2009-01-31 15:35 . 2009-01-31 15:35 <DIR> d-------- c:\documents and settings\MY\Application Data\Malwarebytes

2009-01-31 15:34 . 2009-01-31 15:34 <DIR> d-------- c:\program files\kalle

2009-01-31 15:32 . 2009-01-31 15:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-31 15:32 . 2009-01-31 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-31 15:32 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-31 15:32 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-31 14:53 . 2009-01-31 14:53 <DIR> d-------- c:\program files\Trend Micro

2009-01-31 14:37 . 2009-01-31 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-01-31 11:58 . 2009-01-31 12:35 5 --a------ c:\windows\_id.dat

2009-01-31 11:57 . 2009-01-31 15:23 124 --a------ c:\windows\adobe.bat

2009-01-23 22:50 . 2009-01-23 22:50 <DIR> d-------- c:\program files\MohadaraDownloader

2008-12-23 23:07 . 2008-12-23 23:07 7,680 --ahs---- c:\windows\Thumbs.db

2008-12-18 16:26 . 2008-12-18 16:26 <DIR> d-------- c:\windows\system32\Nordea

2008-12-05 21:32 . 2008-12-05 21:32 410,984 --a------ c:\windows\system32\deploytk.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-31 21:08 --------- d-----w c:\program files\Windows Live

2009-01-31 14:25 --------- d-----w c:\program files\Norton Security Scan

2009-01-31 14:21 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-31 14:21 --------- d-----w c:\program files\Common Files\Panda Software

2009-01-31 14:11 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-01-31 11:45 --------- d-----w c:\documents and settings\MY\Application Data\Free Download Manager

2009-01-14 09:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-01-09 17:45 --------- d-----w c:\documents and settings\MY\Application Data\uTorrent

2008-12-23 22:08 --------- d-----w c:\program files\Windows Media Connect 2

2008-12-23 22:08 --------- d-----w c:\program files\Jak lånekalkyl 1.5

2008-12-23 22:08 --------- d-----w c:\program files\Free Download Manager

2008-12-23 22:08 --------- d-----w c:\program files\Consumer Update Firmware

2008-12-23 22:08 --------- d-----w c:\program files\????? ???????

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-05 20:32 --------- d-----w c:\program files\Java

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-31_18.49.54.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\ARPPRODUCTICON.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut10_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut11_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut12_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut13_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut14_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut7_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut8_A73DE485409A4B7DA76AD137CB04FD6D.exe

+ 2009-01-31 20:49:05 57,344 ----a-r c:\windows\Installer\{B940005A-1212-4E87-885B-1FF80B40D6F4}\NewShortcut9_A73DE485409A4B7DA76AD137CB04FD6D.exe

- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe

+ 2000-08-31 07:00:00 286,720 ----a-w c:\windows\SWREG.exe

+ 2008-11-18 10:01:46 15,496 ----a-w c:\windows\system32\drivers\vffilter.sys

+ 2009-01-31 22:13:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1d4.dat

+ 2009-01-31 22:15:50 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_850.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1764864]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-07 5918720]

"00THotkey"="c:\windows\system32\00THotkey.exe" [2005-05-11 13:46 356352]

"SmoothView"="c:\program files\TOSHIBA\Toshibas zoomningsfunktion\SmoothView.exe" [2005-05-13 118784]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]

"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 102400]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077329]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 172032]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]

"000StTHK"="000StTHK.exe" [2001-06-23 04:28 94208 c:\windows\system32\000StTHK.exe]

"TFNF5"="TFNF5.exe" [2004-12-15 c:\windows\system32\TFNF5.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 c:\windows\agrsmmsg.exe]

"TPSMain"="TPSMain.exe" [2005-03-21 c:\windows\system32\TPSMain.exe]

"TPSODDCtl"="TPSODDCtl.exe" [bU]

"TFncKy"="TFncKy.exe" [bU]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [bU]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

"NDSTray.exe"="NDSTray.exe" [bU]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start Menu\Programs\StartupLogitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-25 753664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

Registernyckeln SafeBoot behöver repareras. Den här datorn kan inte startas i felsäkert läge.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"= c:\\Program Files\\Messenger\\MSMSGS.EXE

"c:\\windows\\system32\\TFNF5.exe"=

"c:\\windows\\system32\\000StTHK.exe"=

"c:\\WINDOWS\\system32\\00THotkey.exe"=

"c:\\Program Files\\TOSHIBA\\Tvs\\TvsTray.exe"=

"c:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"=

"c:\\Program Files\\Common Files\\Logitech\\khalshared\\KHALMNPR.EXE"=

"c:\\windows\\system32\\netsh.exe"=

"c:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"=

"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=

"c:\\Program Files\\kalle\\mbam.exe"=

"c:\\Program Files\\Apoint2K\\Apoint.exe"=

"c:\\ComboFix\\NirCmd.cfexe"=

"c:\\windows\\AGRSMMSG.exe"=

"c:\\Program Files\\TOSHIBA\\TOSHIBAs kontroller\\TFncKy.exe"=

"c:\\WINDOWS\\VM_STI.EXE"=

"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=

"c:\\windows\\system32\\TPSMain.exe"=

"c:\\windows\\Explorer.EXE"=

 

R1 NTGDT;NTGDT;c:\windows\system32\drivers\NTGDT.SYS [2005-10-28 18144]

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\jgphin.sys --> c:\windows\system32\drivers\jgphin.sys [?]

R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;c:\windows\system32\drivers\ttv400x.sys [2005-10-25 173568]

R3 Vfscan;Vfscan;c:\windows\system32\drivers\vffilter.sys [2008-11-18 15496]

R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-12-25 3712]

R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272]

R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848]

R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944]

R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912]

R4 TOS_SPS;TOSHIBA SPS Driver;c:\program files\Toshiba\TMP2VDec\tos_sps.sys [2005-07-11 163712]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-02-02 476416]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2007-10-30 23040]

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*NewlyCreated* - ABP470N5

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba942386-5249-11dd-bb6b-0012f0c5b020}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec3479c8-8e39-11dd-bc9a-0012f0c5b020}]

\Shell\AutoRun\command - E:\setupSNK.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-01-28 c:\windows\Tasks\Norton Security Scan for MY.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

 

2006-04-24 c:\windows\Tasks\Registration reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 01:12]

 

2006-05-01 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 01:12]

 

2009-01-31 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDetect.exe []

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html

IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Ladda ner allt med Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Ladda ner markerat med Free Download Mananger - file://c:\program files\Free Download Manager\dlselected.htm

IE: Ladda ner med Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html

DPF: {E505599B-F37A-4849-A7B0-E0AAB5CB054C} - hxxps://gfs.nb.se/privat/bank/scripts/eid/NordeaSmartCard.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-31 23:15:16

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'explorer.exe'(2904)

c:\program files\Logitech\SetPoint\lgscroll.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe

c:\windows\system32\scardsvr.exe

c:\program files\Toshiba\ConfigFree\CFSvcs.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Toshiba\TOSHIBAs kontroller\TFncKy.exe

c:\windows\system32\rundll32.exe

c:\program files\Apoint2K\ApntEx.exe

c:\program files\Toshiba\ConfigFree\NDSTray.exe

c:\windows\system32\TPSBattM.exe

c:\program files\Fighters\Spywarefighter\SpywarefighterTray.exe

.

**************************************************************************

.

Sluttid: 2009-01-31 23:20:25 - datorn startades om.

ComboFix-quarantined-files.txt 2009-01-31 22:20:18

ComboFix2.txt 2009-01-31 21:30:29

ComboFix3.txt 2009-01-31 20:43:29

ComboFix4.txt 2009-01-31 19:38:49

ComboFix5.txt 2009-01-31 22:04:05

 

Före genomsökningen: 17 263 333 376 bytes free

Efter genomsökningen: 17,212,862,464 byte ledigt

 

268 --- E O F --- 2009-01-14 09:04:27

[/log]

 

Länk till kommentar
Dela på andra webbplatser
Colandus

Colandus

Postad
  • Trådskapare
Postad
känner du inte igen denna mapp så ta bort den

 

c:\program files\????? ???????

 

Förstod inte direkt vad du menade med det.

 

Länk till kommentar
Dela på andra webbplatser
Colandus

Colandus

Postad
  • Trådskapare
Postad

Verkar dock inte hitta filen heller... Men jag har kopierat den en gång innan fast jag har inte kvar kopian längre...

 

Länk till kommentar
Dela på andra webbplatser
Zipp.

Zipp.

Postad
Postad

 

Verkar dock inte hitta filen heller

 

Kopiera raden och klistra in i Bläddra fältet och skicka iväg

 

c:\windows\system32\drivers\jgphin.sys

 

 

Länk till kommentar
Dela på andra webbplatser
Colandus

Colandus

Postad
  • Trådskapare
Postad

Såg den efter att jag skicka, testade men funkade inte. Den säger bara att filen inte existerar eller är tom.

 

Ska jag köra ComboFix igen för en ny scan eller?

 

Länk till kommentar
Dela på andra webbplatser
Zipp.

Zipp.

Postad
Postad

 

[log]

Ska jag köra ComboFix igen för en ny scan eller?

 

Nej

 

Ladda ner på Skrivbordet

 

http://www.spywareinfo.dk/download/mwav.exe

 

 

Dubbelklicka på mwav.exe sen klicka Unzip och den skapar automatiskt en ny mapp C:\Kapersky

Sen öppna Kapersky mappen och dubbelklicka på kavupd.exe och leta uppdateringar.

När den är klar så tryck på nån tangent och det blir automatiskt 2 nya mappar på C:\

 

C:\Bases

C:\Downloads

 

Öppna Downloads mappen och måla alla filer och Klipp ut

Klicka på Kapersky mappen och klistra in och svara ja till alla.

Sen öppna Kapersky mappen och dubbelklicka på mwavscan.com

Bocka i Drive och Scan All Files.

Sen klicka på Scan och låt den scanna klart.

Kopiera det som blir i nedre fönster.

Först måla svart sen Ctrl+C (kopiera)

Sen Ctrl+V (klista in)

 

tittar till imorn[/log]

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...