Just nu i M3-nätverket
Jump to content

Ta bort viruset Generic.dx!tap


yoakeem

Recommended Posts

Hej jag hjälper en kompis med att ta bort ett virus som heter "Generic.dx!tap".

 

Jag har hittar 2 möjliga lösningar och nu undrar jag om dem är trovärdiga.

 

1.

Tech Guy

 

2.

Experts Exchange

 

Sist undrar jag om Jottis är bra ?Jotti's malware scan och om SDFix tar bort ovanstående virus?

 

Hoppas någon kan hjälpa mig.

 

Mvh / Joakim

Link to comment
Share on other sites

Det går inte att svara på det. Båda trådarna är från 2008 och det behöver inte alls vara samma infektion som du har, dessutom verkar trådarna handla om olika typer av infektioner. SDFix brukar inte användas längre eftersom det inte uppdateras något mer. Du behöver råd som gäller just vad som finns i din dator.

 

I vilken fil och mapp anser antivirusprogrammet att "Generic.dx!tap" finns?

 

Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Link to comment
Share on other sites

Det går inte att svara på det. Båda trådarna är från 2008 och det behöver inte alls vara samma infektion som du har, dessutom verkar trådarna handla om olika typer av infektioner. SDFix brukar inte användas längre eftersom det inte uppdateras något mer. Du behöver råd som gäller just vad som finns i din dator.

 

I vilken fil och mapp anser antivirusprogrammet att "Generic.dx!tap" finns?

 

Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

Ok gjorde som du sa och bifogar här filerna.

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Daniel at 8:45:35,67 on 2010-06-30

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.3070.2491 [GMT 2:00]

 

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\Program\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\a-squared Free\a2service.exe

C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\McAfee\McSvcHost\McSvHost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program\Delade filer\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\stsystra.exe

C:\Program\McAfee.com\Agent\mcagent.exe

C:\Program\BOINC\boincmgr.exe

C:\Program\BOINC\boinctray.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\Windows Live\Messenger\MsnMsgr .exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Delade filer\McAfee\SystemCore\mfefire.exe

C:\Program\BOINC\boinc.exe

C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.08_windows_intelx86

C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.08_windows_intelx86

C:\Program\editpad.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Documents and Settings\Daniel\Skrivbord\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = about:blank

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\program\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program\delade filer\mcafee\systemcore\ScriptSn.20100513172115.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: CAB Class: {c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} - c:\windows\system32\UW60CwTv.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program\daemon tools toolbar\DTToolbar.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

uRun: [MsnMsgr] "c:\program\windows live\messenger\MsnMsgr .exe" /background

uRun: [Philips Intelligent Agent] "c:\program\philips\intelligent agent\Philips Intelligent Agent.exe" /SILENT

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iSUSPM Startup] c:\program\delade~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [mcui_exe] "c:\program\mcafee.com\agent\mcagent.exe" /runkey

mRun: [boincmgr] "c:\program\boinc\boincmgr.exe" /a /s

mRun: [boinctray] "c:\program\boinc\boinctray.exe"

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobeg~1.lnk - c:\program\delade filer\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adober~1.lnk - c:\program\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office\OSA9.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~3\office11\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujidirekt.se/aurigma/ImageUploader5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,20/mcgdmgr.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.fujidirekt.se/aurigma2/ImageUploader4.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 c:\windows\system32\cbXRLFut

LSA: Notification Packages = scecli scecli scecli

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\daniel\applic~1\mozilla\firefox\profiles\zxl32e17.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - component: c:\documents and settings\daniel\application data\mozilla\firefox\profiles\zxl32e17.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\program\mozilla firefox\components\Scriptff.dll

FF - plugin: c:\program\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program\java\jre1.5.0_11\bin\NPJava11.dll

FF - plugin: c:\program\java\jre1.5.0_11\bin\NPJava12.dll

FF - plugin: c:\program\java\jre1.5.0_11\bin\NPJava13.dll

FF - plugin: c:\program\java\jre1.5.0_11\bin\NPJava14.dll

FF - plugin: c:\program\java\jre1.5.0_11\bin\NPJava32.dll

FF - plugin: c:\program\java\jre1.5.0_11\bin\NPJPI150_11.dll

FF - plugin: c:\program\java\jre1.5.0_11\bin\NPOJI610.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-28 64160]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-16 385880]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-6-27 28552]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-16 82952]

R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\SASDIFSV.SYS [2008-5-28 12872]

R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2008-5-28 67656]

R2 a2free;a-squared Free Service;c:\program\a-squared free\a2service.exe [2008-6-10 380016]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]

R2 McMPFSvc;McAfee Personal Firewall;"c:\program\delade filer\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-16 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program\delade filer\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-16 271480]

R2 McProxy;McAfee Proxy Service;"c:\program\delade filer\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-16 271480]

R2 McShield;McShield;c:\program\delade filer\mcafee\systemcore\mcshield.exe [2010-4-16 170144]

R2 mfefire;McAfee Firewall Core Service;c:\program\delade filer\mcafee\systemcore\mfefire.exe [2010-4-16 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program\delade filer\mcafee\systemcore\mfevtps.exe [2010-4-16 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-16 55456]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-16 152320]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-16 51688]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-16 312616]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-16 88480]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2010-3-1 49904]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-16 88480]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-16 83496]

S3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2008-5-28 12872]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2009-7-23 42368]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]

 

=============== Created Last 30 ================

 

2010-06-29 19:45:40 0 d-----w- c:\documents and settings\daniel\SecurityScans

2010-06-29 19:45:22 0 d-----w- c:\program\Microsoft Baseline Security Analyzer 2

2010-06-29 18:13:43 54156 ---ha-w- c:\windows\QTFont.qfn

2010-06-29 18:13:43 1409 ----a-w- c:\windows\QTFont.for

2010-06-28 19:52:12 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-06-28 19:04:34 94404480 ----a-w- C:\fseasyclean.exe

2010-06-27 19:41:16 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-06-27 19:41:02 0 d-----w- c:\program\Panda Security

2010-06-27 19:19:13 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure

2010-06-27 19:06:21 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-06-27 19:06:21 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-20 20:16:45 0 d-----w- C:\Klickdata

2010-06-20 09:22:13 45056 ----a-w- c:\windows\system32\UW60CwTv.dll

2010-06-20 09:22:12 112 ----a-w- c:\docume~1\alluse~1\applic~1\si7jb74.dat

2010-06-17 22:09:37 0 d-----w- c:\docume~1\daniel\applic~1\Malwarebytes

2010-06-17 22:09:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-06-17 21:55:31 0 d-----w- c:\docume~1\daniel\applic~1\2559D2463FF50E9F024430A61F6350B0

2010-06-17 20:24:22 0 d-----w- C:\Eos5

 

==================== Find3M ====================

 

2010-06-13 11:34:14 238280 ----a-w- c:\windows\fonts\ecofont_vera_sans_regular.ttf

2010-06-12 09:40:17 84580 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-12 09:40:17 447514 ----a-w- c:\windows\system32\perfh01D.dat

2010-05-14 13:10:00 815872 ----a-w- c:\windows\boinc.scr

2010-05-04 12:40:36 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-04 12:40:36 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2010-05-02 08:10:15 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 08:10:15 1851264 ------w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:34:53 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-20 05:34:53 285696 ------w- c:\windows\system32\dllcache\atmfd.dll

2010-04-16 11:43:25 634656 ------w- c:\windows\system32\dllcache\iexplore.exe

2010-04-16 11:43:23 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

2010-04-08 12:03:50 2113536 ----a-w- c:\windows\system32\dllcache\WMVCore.dll

2009-04-20 19:24:57 16540030 ----a-w- c:\program\filemaker.zip

2005-11-03 11:42:21 292987 ----a-w- c:\program\editpad.exe

 

============= FINISH: 8:47:32,92 ===============

Attach.zip

Link to comment
Share on other sites

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

c:\program\editpad.exe

c:\windows\system32\UW60CwTv.dll

c:\docume~1\alluse~1\applic~1\si7jb74.dat

c:\windows\system32\cbXRLFut

 

Vad finns i dessa mappar?

2010-06-17 21:55:31 0 d-----w- c:\docume~1\daniel\applic~1\2559D2463FF50E9F024430A61F6350B0

2010-06-17 20:24:22 0 d-----w- C:\Eos5

2010-06-20 20:16:45 0 d-----w- C:\Klickdata

 

Sedan när datorn är ren behöver du fixa följande:

Uppgradera:

a-squared Free 3.5 till senaste versionen som är 4.5 för bästa skydd

VLC, gammal version med säkerhetshål

 

Avinstallera (olämplig toolbar resp. gamla versioner med säkerhetshål):

DAEMON Tools Toolbar

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 9

Java 2 Runtime Environment, SE v1.4.2_03

Link to comment
Share on other sites

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

c:\program\editpad.exe

c:\windows\system32\UW60CwTv.dll

c:\docume~1\alluse~1\applic~1\si7jb74.dat

c:\windows\system32\cbXRLFut

 

Vad finns i dessa mappar?

2010-06-17 21:55:31 0 d-----w- c:\docume~1\daniel\applic~1\2559D2463FF50E9F024430A61F6350B0

2010-06-17 20:24:22 0 d-----w- C:\Eos5

2010-06-20 20:16:45 0 d-----w- C:\Klickdata

 

Sedan när datorn är ren behöver du fixa följande:

Uppgradera:

a-squared Free 3.5 till senaste versionen som är 4.5 för bästa skydd

VLC, gammal version med säkerhetshål

 

Avinstallera (olämplig toolbar resp. gamla versioner med säkerhetshål):

DAEMON Tools Toolbar

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 9

Java 2 Runtime Environment, SE v1.4.2_03

 

c:\program\editpad.exe

http://www.virustotal.com/sv/analisis/f4d3686b5dbdd246802ff8d5ad46a60735e60861c32a80cc153bee6e83949422-1277922224

c:\windows\system32\UW60CwTv.dll

http://www.virustotal.com/sv/analisis/94091cc87666741fb51538cce054c7fb7c277ecb8c4ebd894a1d93ccec5fbb90-1277765710

c:\docume~1\alluse~1\applic~1\si7jb74.dat

http://www.virustotal.com/sv/analisis/6e573d2094ddd0c21f9716b2bfa45d443676710560f73090d37c47b8764aab20-1277922934

c:\windows\system32\cbXRLFut

Kan inte hittas

 

Vad finns i dessa mappar?

2010-06-17 21:55:31 0 d-----w- c:\docume~1\daniel\applic~1\2559D2463FF50E9F024430A61F6350B0

Ingen aning, deletad

2010-06-17 20:24:22 0 d-----w- C:\Eos5

Mapp med bilder från kameran Canon EOS 5D

2010-06-20 20:16:45 0 d-----w- C:\Klickdata

Mapp med filer för datakurser på CD-ROM, deletad.

 

Sedan när datorn är ren behöver du fixa följande:

Uppgradera:

a-squared Free 3.5 till senaste versionen som är 4.5 för bästa skydd

Avinstallerad istället

VLC, gammal version med säkerhetshål

Avinstallerad istället

 

Avinstallera (olämplig toolbar resp. gamla versioner med säkerhetshål):

DAEMON Tools Toolbar

Avinstallerad

J2SE Runtime Environment 5.0 Update 10

Avinstallerad

J2SE Runtime Environment 5.0 Update 11

Avinstallerad

J2SE Runtime Environment 5.0 Update 6

Avinstallerad

J2SE Runtime Environment 5.0 Update 9

Avinstallerad

Java 2 Runtime Environment, SE v1.4.2_03

Avinstallerad

Link to comment
Share on other sites

I vilken fil och mapp anser antivirusprogrammet att "Generic.dx!tap" finns?

 

Han vet tyvärr inte vilken mapp & fil viruset finns.

Han tror att det kan ha "hoppat" vidare på hårddisken och kanske bytt namn.

 

Ska han köra en ny antivirusundersökning och i så fall vilket program bör han använda, han har Mcafee just nu.

Link to comment
Share on other sites

Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Link to comment
Share on other sites

Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Hej Cecilia!

här kommer loggen från min väns dator.

[log]ComboFix 10-06-30.03 - Daniel 2010-07-08 19:49:01.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.3070.2507 [GMT 2:00]

Körs från: c:\documents and settings\Daniel\Skrivbord\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

 

.

- REDUCERAD FUNKTIONALITETSMOD -

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\Ijl11.dll

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-06-08 till 2010-07-08 ))))))))))))))))))))))))))))))

.

 

2010-07-07 21:21 . 2010-07-07 21:24 -------- d-----w- c:\documents and settings\Daniel\Application Data\vlc

2010-07-07 21:21 . 2010-07-07 21:23 -------- d-----w- c:\documents and settings\Daniel\Application Data\dvdcss

2010-07-07 19:50 . 2010-07-07 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-07 18:37 . 2010-07-07 18:37 655360 ----a-w- c:\documents and settings\Daniel\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll

2010-07-07 18:37 . 2010-07-07 18:37 282624 ----a-w- c:\documents and settings\Daniel\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll

2010-07-07 18:37 . 2010-07-07 18:37 208896 ----a-w- c:\documents and settings\Daniel\Application Data\Spotify\Gracenote\gnsdk_dsp.dll

2010-07-07 18:37 . 2010-07-07 20:27 -------- d-----w- c:\documents and settings\Daniel\Application Data\Spotify

2010-07-07 18:37 . 2010-07-07 18:37 -------- d-----w- c:\program\Spotify

2010-06-29 19:45 . 2010-06-29 19:45 -------- d-----w- c:\documents and settings\Daniel\SecurityScans

2010-06-29 19:45 . 2010-06-29 19:45 -------- d-----w- c:\program\Microsoft Baseline Security Analyzer 2

2010-06-28 19:04 . 2010-06-28 19:04 94404480 ----a-w- C:\fseasyclean.exe

2010-06-27 19:41 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-06-27 19:41 . 2010-06-27 19:41 -------- d-----w- c:\program\Panda Security

2010-06-27 19:19 . 2010-06-27 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-06-27 19:06 . 2010-06-27 19:06 503808 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-630e95ab-n\msvcp71.dll

2010-06-27 19:06 . 2010-06-27 19:06 499712 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-630e95ab-n\jmc.dll

2010-06-27 19:06 . 2010-06-27 19:06 348160 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-630e95ab-n\msvcr71.dll

2010-06-27 19:06 . 2010-06-27 19:06 61440 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-58202d06-n\decora-sse.dll

2010-06-27 19:06 . 2010-06-27 19:06 12800 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-58202d06-n\decora-d3d.dll

2010-06-27 19:06 . 2010-06-27 19:05 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-17 22:09 . 2010-06-17 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-17 20:24 . 2010-06-19 18:40 -------- d-----w- C:\Eos5

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-08 17:20 . 2008-12-28 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\BOINC

2010-07-07 21:24 . 2010-07-07 21:21 -------- d-----w- c:\documents and settings\Daniel\Application Data\vlc

2010-07-07 21:20 . 2007-10-13 12:24 -------- d-----w- c:\program\VideoLAN

2010-07-07 19:49 . 2007-08-27 16:53 -------- d-----w- c:\documents and settings\Daniel\Application Data\U3

2010-06-30 18:51 . 2005-10-26 03:22 -------- d-----w- c:\program\Jasc Software Inc

2010-06-30 18:29 . 2005-10-26 03:13 -------- d-----w- c:\program\Java

2010-06-30 18:29 . 2005-10-26 03:13 -------- d-----w- c:\program\Delade filer\Java

2010-06-30 18:22 . 2009-08-12 18:08 -------- d-----w- c:\program\DAEMON Tools Toolbar

2010-06-30 18:22 . 2008-06-10 20:29 -------- d-----w- c:\program\a-squared Free

2010-06-28 19:02 . 2010-04-29 16:22 -------- d-----w- c:\documents and settings\Daniel\Application Data\Dropbox

2010-06-28 18:35 . 2008-06-11 09:52 -------- d-----w- c:\program\SUPERAntiSpyware

2010-06-28 17:08 . 2005-10-26 03:18 -------- d-----w- c:\program\Delade filer\Sonic Shared

2010-06-28 17:08 . 2005-10-26 03:19 -------- d-----w- c:\program\Sonic

2010-06-28 17:06 . 2010-05-17 18:29 -------- d-----w- c:\program\Quark

2010-06-27 21:24 . 2008-06-10 20:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-27 19:02 . 2010-06-20 09:22 112 ----a-w- c:\documents and settings\All Users\Application Data\si7jb74.dat

2010-06-19 18:17 . 2010-05-31 19:00 284646 ----a-r- c:\documents and settings\Daniel\Application Data\Microsoft\Installer\{BD55C983-7989-4F2F-8D24-2D892C621D9D}\BOINCMGRLink_B65C4A4D2B2A46CCA2D918164C6297B8.exe

2010-06-19 18:17 . 2010-05-31 19:00 284646 ----a-r- c:\documents and settings\Daniel\Application Data\Microsoft\Installer\{BD55C983-7989-4F2F-8D24-2D892C621D9D}\ARPPRODUCTICON.exe

2010-06-19 18:17 . 2008-12-28 14:30 -------- d-----w- c:\program\BOINC

2010-06-15 17:15 . 2005-11-03 11:00 -------- d-----w- c:\program\Streamline 4.0

2010-06-15 17:13 . 2008-05-25 14:12 -------- d-----w- c:\documents and settings\Daniel\Application Data\Canon

2010-06-12 09:40 . 2004-09-16 08:43 84580 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-12 09:40 . 2004-09-16 08:43 447514 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-08 15:50 . 2008-04-11 20:12 -------- d-----w- c:\documents and settings\Daniel\Application Data\uTorrent

2010-06-06 09:16 . 2009-03-12 14:27 -------- d-----w- c:\program\Microsoft Silverlight

2010-05-29 20:35 . 2010-05-29 20:35 -------- d-----w- c:\documents and settings\Daniel\Application Data\ATI

2010-05-29 20:35 . 2010-05-29 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI

2010-05-29 20:34 . 2010-05-29 20:34 0 ----a-w- c:\windows\ativpsrm.bin

2010-05-29 20:33 . 2005-10-26 03:16 -------- d-----w- c:\program\ATI Technologies

2010-05-29 20:31 . 2005-10-26 03:16 -------- d--h--w- c:\program\InstallShield Installation Information

2010-05-23 19:08 . 2010-05-10 16:24 63488 ----a-w- c:\documents and settings\Daniel\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-05-23 19:08 . 2009-08-03 11:03 117760 ----a-w- c:\documents and settings\Daniel\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-05-20 18:34 . 2005-11-02 10:29 -------- d-----w- c:\program\Canon

2010-05-20 18:33 . 2010-05-20 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser

2010-05-20 18:29 . 2010-05-20 18:29 -------- d-----w- c:\program\Delade filer\Canon

2010-05-17 18:39 . 2010-05-17 18:39 -------- d-----w- c:\documents and settings\Daniel\Application Data\Quark

2010-05-14 13:10 . 2010-05-14 13:10 815872 ----a-w- c:\windows\boinc.scr

2010-05-04 17:20 . 2004-09-16 08:42 832512 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 17:20 . 2004-09-16 08:42 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-04 17:20 . 2004-09-16 08:42 17408 ----a-w- c:\windows\system32\corpol.dll

2010-05-02 08:10 . 2008-10-07 17:32 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 16:22 . 2010-04-29 16:22 89831 ----a-w- c:\documents and settings\Daniel\Application Data\Dropbox\bin\Uninstall.exe

2010-04-27 15:16 . 2010-04-16 06:37 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2010-04-27 15:16 . 2010-04-16 06:37 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2010-04-27 15:16 . 2010-04-16 06:37 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2010-04-27 15:16 . 2010-04-16 06:37 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-04-27 15:16 . 2010-04-16 06:37 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2010-04-27 15:16 . 2010-04-16 06:37 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys

2010-04-27 15:16 . 2010-04-16 06:37 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-04-27 15:16 . 2010-04-16 06:37 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-04-27 15:16 . 2010-04-16 06:37 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2010-04-27 15:16 . 2010-04-16 06:37 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2010-04-20 05:34 . 2004-09-16 08:42 285696 ----a-w- c:\windows\system32\atmfd.dll

2009-04-20 19:24 . 2009-04-20 19:24 16540030 ----a-w- c:\program\filemaker.zip

2005-11-03 11:42 . 2005-11-03 11:42 292987 ----a-w- c:\program\editpad.exe

2010-04-27 15:16 . 2010-04-16 06:37 24376 ----a-w- c:\program\mozilla firefox\components\Scriptff.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Daniel\Application Data\Dropbox\bin\DropboxExt.13.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Daniel\Application Data\Dropbox\bin\DropboxExt.13.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Daniel\Application Data\Dropbox\bin\DropboxExt.13.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program\Windows Live\Messenger\MsnMsgr .exe" [2009-07-26 3883840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

"mcui_exe"="c:\program\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]

"boincmgr"="c:\program\BOINC\boincmgr.exe" [2010-05-14 4825856]

"boinctray"="c:\program\BOINC\boinctray.exe" [2010-05-14 58112]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

Adobe Gamma Loader.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-3 110592]

Adobe Reader Speed Launch.lnk - c:\program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2010-3-7 939920]

Microsoft Office.lnk - c:\program\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-05 10:04 548352 ----a-w- c:\program\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Skype"="c:\program\Skype\Phone\Skype.exe" /nosplash /minimized

"swg"=c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"DVDLauncher"="c:\program\CyberLink\PowerDVD\DVDLauncher.exe"

"SunJavaUpdateSched"="c:\program\Java\jre1.5.0_11\bin\jusched.exe"

"HP Software Update"=c:\program\HP\HP Software Update\HPWuSchd2.exe

"DMXLauncher"=c:\program\Dell\Media Experience\DMXLauncher.exe

"D-Link AirPlus G"=c:\program\D-Link\AirPlus G\AirGCFG.exe

"ATIPTA"="c:\program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

"ANIWZCS2Service"=c:\program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

"NeroCheck"=c:\windows\system32\NeroCheck.exe

"McAfee Backup"=c:\program\McAfee\MBK\McAfeeDataBackup.exe

"dla"=c:\windows\system32\dla\tfswctrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program\\uTorrent\\uTorrent.exe"=

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\WS_FTP\\WS_FTP95.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\Program\\Delade filer\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Documents and Settings\\Daniel\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"50770:TCP"= 50770:TCP:*:Disabled:Mytorrent

"26214:TCP"= 26214:TCP:Mytorrent igen

"26214:UDP"= 26214:UDP:Mytorrent igen 2

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-28 64160]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-06-27 28552]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-04-16 82952]

R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 12872]

R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 67656]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1029456]

R2 McMPFSvc;McAfee Personal Firewall;"c:\program\Delade filer\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-04-16 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program\Delade filer\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-04-16 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program\Delade filer\McAfee\SystemCore\mfefire.exe [2010-04-16 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program\Delade filer\McAfee\SystemCore\mfevtps.exe [2010-04-16 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-16 55456]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-16 312616]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-04-16 88480]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2010-03-01 49904]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-04-16 88480]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-16 83496]

S3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 12872]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2009-07-23 42368]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-03-11 25088]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-12 721904]

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*Deregistered* - mfeavfk01

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0088b170-54be-11dc-bf1c-00123f782a92}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{867a5d82-0657-11de-a2d6-00123f782a92}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:52]

.

.

------- Extra genomsökning -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

FF - ProfilePath - c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\zxl32e17.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - component: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\zxl32e17.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\program\Mozilla Firefox\components\Scriptff.dll

FF - plugin: c:\program\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: c:\program\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program\Personal\bin\np_prsnl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKCU-Run-Philips Intelligent Agent - c:\program\Philips\Intelligent Agent\Philips Intelligent Agent.exe

HKLM-Run-ISUSPM Startup - c:\program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

HKLM-Run-SunJavaUpdateSched - c:\program\Java\jre6\bin\jusched.exe

AddRemove-McAfee Uninstall Utility - c:\program\McAfee.com\Shared\mcappins.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-07-08 19:56

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A6C2EC5]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f37852

\Driver\iaStor -> iastor.sys @ 0xb9e6eb10

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

NDIS: Intel® PRO/1000 PL Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d23bb0

PacketIndicateHandler -> NDIS.sys @ 0xb9d30a21

SendHandler -> NDIS.sys @ 0xb9d0e87b

user & kernel MBR OK

 

**************************************************************************

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(1028)

c:\program\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

.

Sluttid: 2010-07-08 20:02:40

ComboFix-quarantined-files.txt 2010-07-08 18:02

 

Före genomsökningen: 4 814 708 736 byte ledigt

Efter genomsökningen: 6 099 501 056 byte ledigt

 

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

- - End Of File - - 48B22B6A767B8CED2EC87E7ED4D3BDA3[/log]

Link to comment
Share on other sites

Hej,

kan du ta bort allt som har med Combofix att göra.

Ladda ned på nytt och följ instruktionerna, se Cecilias inlägg #8 i denna tråd.

OBS, var noga med att ansluta återställningskonsolen och att inga antivirusprogram och antispionprogram är igång. (* Resident AV is active * - REDUCERAD FUNKTIONALITETSMOD -)

Det ger ej önskat resultat då.

Mvh

Mats H

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...