Windows Security Alert & Hard drive failure
Hey,I går da jeg sad på nettet, blev min computer lige pludselig syg.
Jeg ved ikke, om jeg har trykket på, eller hentet, noget 'farligt' men mindes det ikke. Lige pludselig åbnede to vinduer på skrivebordet. Det ene var en meddelelse om, at der var en skade på én af mine harddiske. Det andet var et program, der skrev at der var for lidt plads på harddisken og hvilket programmet ville fixe.
Jeg slukkede computeren og ventede til i dag, hvor det desværre var blevet værre.
For det første forsatte de to vinduer at poppe op, og for det andet kunne jeg ikke se nogen af mine filer eller programmer ved mindre "Vis skjulte filer og mapper" valgtes.
Jeg har kørt en scanning med Malwarebytes hvilket har gjort at vinduerne ikke åbner. Dog kan jeg stadig ikke se mine filer og mapper.
Her er loggen fra Malwarebytes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6615
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
19-05-2011 15:04:50
mbam-log-2011-05-19 (15-04-50).txt
Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 434328
Tid gået: 3 time(e), 16 minut(ter), 26 sekund(er)
Hukommelses Processorer Inficeret: 2
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 1
Registreringsdatabasedata Objekter Inficeret: 5
Inficerede Mapper: 0
Inficerede Filer: 5
Hukommelses Processorer Inficeret:
c:\documents and settings\all users.windows\application data\dqmiuymnarayqk.exe (Trojan.FakeMS.Gen) -> 244 -> Unloaded process successfully.
c:\documents and settings\all users.windows\application data\15916836.exe (Trojan.Agent) -> 1204 -> Unloaded process successfully.
Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)
Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)
Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DQMiuyMNARayQk (Trojan.FakeMS.Gen) -> Value: DQMiuyMNARayQk -> Quarantined and deleted successfully.
Registreringsdatabasedata Objekter Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Inficerede Mapper:
(Ingen skadelige objekter blev fundet)
Inficerede Filer:
c:\documents and settings\all users.windows\application data\dqmiuymnarayqk.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\anddd.andreas\application data\Sun\Java\deployment\cache\6.0\25\ffde859-77f8dda1 (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\programmer\internet download manager\Keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
c:\programmer\internet download manager\Patch.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
c:\documents and settings\all users.windows\application data\15916836.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Og her fra hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:08, on 19-05-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Documents and Settings\Anddd.ANDREAS\Dokumenter\Hentede filer\utorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Belkin\Bluetooth-Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Fælles filer\Java\Java Update\jucheck.exe
C:\Documents and Settings\Anddd.ANDREAS\Skrivebord\HiJack This\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Anddd.ANDREAS\Dokumenter\Hentede filer\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Anddd.ANDREAS\Dokumenter\Hentede filer\utorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie_ctx.htm
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\Belkin\Bluetooth-Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: Betsafe Casino Danmark - {E2159258-E8D9-4214-869B-641EDB508B4C} - http://www.betsafe.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Betsafe Casino Danmark - {E2159258-E8D9-4214-869B-641EDB508B4C} - http://www.betsafe.com (file missing) (HKCU)
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O15 - Trusted IP range: http://192.168.0.1
O15 - ESC Trusted IP range: http://192.168.0.1
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13947018-0738-41B8-8D20-F78177BD3FE3}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmer\Belkin\Bluetooth-Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STSService - Unknown owner - C:\Programmer\SoundTaxi Media Suite\STSService.exe (file missing)
--
End of file - 7985 bytes
Det kunne være rart, hvis I gad at kigge på det og forhåbentlig finde fejlen(e) :)